cc5b0cac...ad2c | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification: Riskware, Trojan, Ransomware

cc5b0cacfc5ea0f21068870e5ee9d9f573a1ba443fa66807cb7cf445798ead2c (SHA256)

rufus-3.3.exe

Windows Exe (x86-32)

Created at 2019-01-30 12:49:00

...

Notifications (2/4)

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

The operating system was rebooted during the analysis.

Remarks

Some extracted files may be missing in the report since the total file extraction size limit was reached during the analysis. You can increase the limit in the configuration settings.

Some extracted files may be missing in the report since the maximum number of extracted files was reached during the analysis. You can increase the limit in the configuration settings.

The maximum number of reputation file hash requests (20 per analysis) was exceeded. As a result, the reputation status could not be queried for all file hashes. In order to get the reputation status for all file hashes, please increase the 'Max File Hash Requests' setting in the system configurations.

Master Boot Record Changes
»
Sector Number Sector Size Actions
2063 512 bytes
...
Filters:
Filename Category Type Severity Actions
C:\Users\5p5NrGJn0jS HALPmcxz\Desktop\rufus-3.3.exe Sample File Binary
Suspicious
...
»
Mime Type application/x-dosexec
File Size 46.50 KB
MD5 7b16fbd06e3442bc9055208abd8f1ef3 Copy to Clipboard
SHA1 0f73cbd952f8a4488a111b4e047d8f82b666f095 Copy to Clipboard
SHA256 cc5b0cacfc5ea0f21068870e5ee9d9f573a1ba443fa66807cb7cf445798ead2c Copy to Clipboard
SSDeep 384:8IkHBrOUZLXBvWoeUxFATElfMPzD4Zyry2sKbvY31HJOGRvxXi:8IMnLROo9ATEyv4Erj3Y31HrRv9 Copy to Clipboard
ImpHash 6149a9554a09f32e9bf4562b369a81f7 Copy to Clipboard
Parser Error Remark Static analyzer was unable to completely parse the analyzed file
File Reputation Information
»
Severity
Suspicious
First Seen 2019-01-25 19:55 (UTC+1)
Last Seen 2019-01-28 16:12 (UTC+1)
Names Win32.Trojan.Krap
Families Krap
Classification Trojan
PE Information
»
Image Base 0x400000
Entry Point 0x412e30
Size Of Code 0x2000
Size Of Initialized Data 0xa000
Size Of Uninitialized Data 0x10000
File Type executable
Subsystem windows_gui
Machine Type i386
Compile Timestamp 2019-01-16 19:21:05+00:00
Packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Version Information (10)
»
LegalCopyright © 2011-2018 Pete Batard (GPL v3)
InternalName Rufus
FileVersion 3.3.1400
CompanyName Akeo Consulting
LegalTrademarks https://www.gnu.org/copyleft/gpl.html
Comments https://akeo.ie
ProductName Rufus
ProductVersion 3.3.1400
FileDescription Rufus
OriginalFilename rufus-3.3.exe
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
UPX0 0x401000 0x10000 0x0 0x400 cnt_uninitialized_data, mem_execute, mem_read, mem_write 0.0
UPX1 0x411000 0x2000 0x2000 0x400 cnt_initialized_data, mem_execute, mem_read, mem_write 7.83
.rsrc 0x413000 0xa000 0x9600 0x2400 cnt_initialized_data, mem_read, mem_write 3.97
Imports (5)
»
ADVAPI32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
CryptGenKey 0x0 0x41c410 0x1c410 0xb810 0x0
KERNEL32.DLL (4)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
LoadLibraryA 0x0 0x41c418 0x1c418 0xb818 0x0
ExitProcess 0x0 0x41c41c 0x1c41c 0xb81c 0x0
GetProcAddress 0x0 0x41c420 0x1c420 0xb820 0x0
VirtualProtect 0x0 0x41c424 0x1c424 0xb824 0x0
MPR.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
WNetOpenEnumW 0x0 0x41c42c 0x1c42c 0xb82c 0x0
SHELL32.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
ShellExecuteW 0x0 0x41c434 0x1c434 0xb834 0x0
SHLWAPI.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
StrStrW 0x0 0x41c43c 0x1c43c 0xb83c 0x0
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.85 KB
MD5 d92fca562c42106c0a0d4d444e1d81a6 Copy to Clipboard
SHA1 42002a21ab9c86206baf5f43b7a5ba95dccd0d72 Copy to Clipboard
SHA256 59fd3fb588ab070a6e85d1027297e28537d118f4231f702181835fbc24d23001 Copy to Clipboard
SSDeep 12:wj+dDJ+U+LeA4db6ijlSelgf2bBeBP8alBpeCuAL8DgkzW/DVbugJZEVx3vY62y2:wKRJ+BD4oijgf2lXFRD6pJsvYI9s Copy to Clipboard
\\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\User Account Pictures\user.bmp.cosanostra (Created File)
Mime Type application/octet-stream
File Size 48.11 KB
MD5 27493424a764b68640ceaf173a329299 Copy to Clipboard
SHA1 ccbc99af1c45356114af6c5fbfdb5f96e7eef108 Copy to Clipboard
SHA256 c476a988866f5f8f6dde53c3dd2a701169d4c983cf84b51336bbb22faae3ef3a Copy to Clipboard
SSDeep 768:FVyrrwr5obSJa2mPP93hvqs+Rcb+SBMdK4tztHDyecRa6Xs9X/jPlu6tKvUfsQsP:FgHlRPhhisKZdltWeks9Ru6nsQscE Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 8.57 KB
MD5 68d8a946df95ce49806af978dd1f0a9c Copy to Clipboard
SHA1 e16e71bd933f939bca381251259864cc5d0e0529 Copy to Clipboard
SHA256 04b1e54703cedc9ce9f4d53a72b15e65b12e9bad3eb3c874726756392ffb72c6 Copy to Clipboard
SSDeep 192:wM//OP00jrxtnLK91seKqdC19OxM+oTZngz3wojZT1AIP:pOP00jrxtLK9PK4C1gE6d1r Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjPrrWW.cab.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 fc43e4ba9fd4ba19739642ae1d23a419 Copy to Clipboard
SHA1 682766c1fb5365b3cfa8e0c94f424727a0e7df6c Copy to Clipboard
SHA256 c9c5e614f90b3afabead8c55f9c86aa5811da09c6a399fed59c190136f743df7 Copy to Clipboard
SSDeep 196608:YsILwohZMFfAzx8AmSU/QNvipmSN1wJsdzALQ9slS30:DwhZMpffSjNEN13zALQK Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 2.40 MB
MD5 d34eb249c9bc94b8a09fe42a30c729b9 Copy to Clipboard
SHA1 125b5dc4d93826df7a81f7c908837a732fb14f25 Copy to Clipboard
SHA256 2610bf43577a8675d79465788de28589c213c9d95954d81b8b5e27543bca6964 Copy to Clipboard
SSDeep 49152:9HYLL/WoGWeLjN5HRYnSt20yeJji34mElfat:9qLVVHqA4o Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\History.Log.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.05 KB
MD5 0d1ddb59fb79daba7366487c3f71958c Copy to Clipboard
SHA1 e505bbc457a4c205db02b02134fa01d96e514222 Copy to Clipboard
SHA256 e373d8b9240a01f25b2c533a6cdb8be1421a469d28c5595e5822aca948e50861 Copy to Clipboard
SSDeep 3:trIGVRQT9UKROZx7o:tsh9yVo Copy to Clipboard
\\?\C:\ProgramData\Microsoft\MF\Pending.GRL Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\MF\Pending.GRL.cosanostra (Created File)
Mime Type application/octet-stream
File Size 14.67 KB
MD5 065d1b252d533514c6dfd2c275e91c34 Copy to Clipboard
SHA1 ba10970d1740167c66ad838bacdce0cf70a4be23 Copy to Clipboard
SHA256 ff28296525915c1be8fa76f4185eacad2b08a38948a71bcb4c0ef46be1aaaae4 Copy to Clipboard
SSDeep 384:iMWmoBTRZQ9wqmSqUGdEWBJgEpMAzwUh2RAUh7M:ilmO4eqmXXbVp/yRE Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeLR.cab.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 f3d66be0a065a0d87ace54ca7d8dde55 Copy to Clipboard
SHA1 3f384cd53d5bb800c2fc664526f93c450dd0aa86 Copy to Clipboard
SHA256 455f195c6e255e1930f682accfd0f01eed8f1145bc150d6792ae1392894c7a7f Copy to Clipboard
SSDeep 196608:hmQPX5JnY8khJczLZKt2m/6rGzudE8DHGgr34qnaO6UHxO9nx:cQf5H4JMLZKt27rGqhLroqnabUHx0 Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat.cosanostra (Created File)
Mime Type application/octet-stream
File Size 4.00 MB
MD5 43c514c5f5f68f957198420c3a2fb930 Copy to Clipboard
SHA1 0fa6357788a85268ba55f0ba98f68493d15c998d Copy to Clipboard
SHA256 e35da4a1ab43e92cd24d9c7fcef10dd2ee9b485248ae06a01972848dd215fd22 Copy to Clipboard
SSDeep 192:RskEfXgSWJ6+CfDmr5HtDbDoHNkiApq37JUZiY6KSVW4/9zN00:RskE97+CfDmrYNr9UIY6KSx/E0 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\branding.xml Modified File Stream
Unknown
...
»
Mime Type application/octet-stream
File Size 582.42 KB
MD5 51c9afe95b2650a06448a1f3eda0869e Copy to Clipboard
SHA1 63298c638c89fe43cd9a411d4da4773a4b0dd25d Copy to Clipboard
SHA256 44e0d19b924fc9088db24df6af4ee14719ddbec96db3eb563091f6de57d368a1 Copy to Clipboard
SSDeep 12288:hmfCAijFvYFpjKW4MgJZZ/CAi02uCAi0IoiyEfCAijFvYFpjKW4MgJG:K Copy to Clipboard
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\directories.acrodata.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.52 KB
MD5 6967edce6531607bfa2d08547a848545 Copy to Clipboard
SHA1 4aca978d947869af27793a3a656ab169c4887be5 Copy to Clipboard
SHA256 3122ba62977047eff231cf179be3a43c299bd0c490de06156b74fdc50cc566d4 Copy to Clipboard
SSDeep 12:PYr6qHlwndI95g8NGyrHzlSE5HsaCR/6yh+nsuTmQp/Y:PYr8ndGyIjrH5SE7yhqEA/Y Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjectMUI.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.47 KB
MD5 8a9fe51484495bcb3c6c67f400969a54 Copy to Clipboard
SHA1 67905402ca952c432f0d67bd1a3c0b5399d180f3 Copy to Clipboard
SHA256 aca2b636a4fa34a0d8c3c5a906093e8e90103e272acb076dad0124b746b9deda Copy to Clipboard
SSDeep 24:QLd+w0TInb0gF2q8RJSCZ07OhJ4Cr8bxnrIgBcz1rjBhiaizAVubUpCC/Q/XyQzK:Q5+/2pFuLj3lGIgBe14GuYpCC/AXyWw7 Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\PrjProrWW.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 6.32 KB
MD5 811ff91053a4bd7801c08f72ed74e6b7 Copy to Clipboard
SHA1 73ac5f0f27d62489e8cf96b6f80a32e811463191 Copy to Clipboard
SHA256 e8e8dd0a4c25abd75294c64b52c5d918feb3b561536ed7309b0a58c7b590632a Copy to Clipboard
SSDeep 192:OAqDPwQl6AZV4kcyw/BGpf5MyGA2KF18Ln:OLwQNXHhwAXGA2K/8Ln Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 c0ca8ccaca61ea1e9c7f12df707c41ef Copy to Clipboard
SHA1 f4765041cc049f7d90f4037761dc0b87c3ee0147 Copy to Clipboard
SHA256 f217c4dc1e16ed215932e941ef1322072e1cfe3be80a379d18d23a0da688f208 Copy to Clipboard
SSDeep 98304:T0hJZchjWpUXDTvfIDrxPgmzlW82Lj0+qTIIIIIy:T0hvchvTvfcobYTIIIIIy Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.REST.trx_dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.22 MB
MD5 e30c2dc106a50ac8adcaa53298e84992 Copy to Clipboard
SHA1 fa78a0db42f34ee42aac92cbebbbd388ef597c6b Copy to Clipboard
SHA256 4cae201c9433e6fbccc9ae15e91a4660cf69c16945c8f3a10712a815e7746f25 Copy to Clipboard
SSDeep 6144:NV8bq+s6wx5rDaW5be1fT93++hm3z70Xhqwb6Dgzgi:NVchm3z7DN7i Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OFFICE\SharePointTeamSite.ico.cosanostra (Created File)
Mime Type application/octet-stream
File Size 24.67 KB
MD5 63c65ec897660a0c5445930735d1c0d5 Copy to Clipboard
SHA1 83803563be19a07adb56dc65238153720ed8b344 Copy to Clipboard
SHA256 199abc5b875da09ff944adff855d3ca20919389760f2ad6e51ca8449c9d04093 Copy to Clipboard
SSDeep 384:ZlR9WMzJci2Ls0/3QOQcgQjfXt76rIoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAo:TiMV12Ls0/Jrl6rIh+XGP5as Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\setup.exe.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.31 MB
MD5 b9ff1778cda16bd6bf1584a164354135 Copy to Clipboard
SHA1 1441ce93b373202623f1790ef2aecd3d0d204087 Copy to Clipboard
SHA256 b2f15d3e82f331454bb646ab79e8e80cd23a82f6a3dd8146b6bdc661d8ef1b73 Copy to Clipboard
SSDeep 24576:bM0Dfh6HHfKnE+RUi/LHgZJJkbipjZSM0:rfW+RUi/LHkJkOZM Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Unknown
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 16.34 KB
MD5 381af9dc57a7234c7de620d36cb9c9e2 Copy to Clipboard
SHA1 d6910056d77acb1b97b4f2a2b473c007b7c4efc0 Copy to Clipboard
SHA256 7192b0a7bc269e784a2feebe71c0bc472d788ff9fc14ffb2bff375aa2704cdbd Copy to Clipboard
SSDeep 384:SWdJhrSik16Q1Lbw/UYsYGrs04qNf266K3qeBFYBxzhqmAh0pNLb:SWdJhOD1Y/UbYGrsfygneBFYBZhqFh0n Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log Modified File Stream
Unknown
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-07132009-221054.log.cosanostra (Created File)
Mime Type application/octet-stream
File Size 192.88 KB
MD5 025d0eb63e598c36094c7c4e6f5baaf0 Copy to Clipboard
SHA1 c2f7e3709dd9949ac1db9de5779026c4c4cdf9a5 Copy to Clipboard
SHA256 e0c9eb50de1d4d7e8ae8adb5ca17ec763c61fdfdefe86e138961f0b21f2b8229 Copy to Clipboard
SSDeep 768:OaE6egt0rs0cMRw5+jLsFXV+ROBzEZ5pJDKx9XiIKhg:OuVWrpmGsFXNzEZ5pJ29XiIKW Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\setup.chm.cosanostra (Created File)
Mime Type application/octet-stream
File Size 65.67 KB
MD5 8fdaa059431f46486e84b63fc87309b8 Copy to Clipboard
SHA1 a42d04199e6d828232399f1ca7bdbc133b0daca2 Copy to Clipboard
SHA256 29d9cab1cd28ee1fd8f174dc1060577ac8773b61b1116b873b64a349d37151e8 Copy to Clipboard
SSDeep 1536:HNu9gVToNW/HA2amS/mOQlIOz7nIV5aD7U4RgK8C:HNu9gZ4WHS/mOrOz745s7UygKx Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.99 KB
MD5 b838b3bbf8e9c51755e7241e147ab876 Copy to Clipboard
SHA1 cdc3790bf54d54983a74083becbcf7a2a0c1395d Copy to Clipboard
SHA256 a11bb0bcd984724e932ff1cb48dcc2821d91925eef7265159ee83eb557a4d40e Copy to Clipboard
SSDeep 48:TMT29tiOlafwQugrfj1j7a7Px1GUct3X5m3Q3gKg:TMTETlaZbjF7a7PxoUOpgV Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0} Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{1D1DBF3A-752F-47E2-BE70-D848D4A9AFB0}.cosanostra (Created File)
Mime Type application/octet-stream
File Size 6.64 KB
MD5 b8f4a036ed8b6efaeb56a67f9e01d8df Copy to Clipboard
SHA1 89b86bc1e71f4de4b204700e9cbf92aaef5259be Copy to Clipboard
SHA256 fc4d180f297795a3c35f31bb9f11ab7dc679ab81f96af3344ec5a086c78968af Copy to Clipboard
SSDeep 192:ovrBy6hGGVAfL8jAWGL1lHRCBWpG5YE1OqXka9Q:Gwc114lxCBsE1OqXrO Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Microsoft.VC90.CRT.manifest.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.86 KB
MD5 4cbde4bbf1f7002df59bc5418c463b93 Copy to Clipboard
SHA1 b1911ef248ec092982f573cb260d30641286886b Copy to Clipboard
SHA256 764be3a2d53c5c3ce70fe16419154e9e9b297a27ed825076f13b49c082039adc Copy to Clipboard
SSDeep 48:5rdpg8CSE6ozxurGaOSKf6aKHnOuwbW7CFtbk5:9d6mE6oY/K8T70by Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.85 KB
MD5 36f55c4c2a1409642384dd006ebedccb Copy to Clipboard
SHA1 9b46345f3b3ebaed2a442192eeca7b239c40b67b Copy to Clipboard
SHA256 a251c3836d907fefafd4dc1c464b58fd442cc1be63e4ad883c465b3c50ba51e0 Copy to Clipboard
SSDeep 24:aVkbbGhXDMz0a79RTs3HB6oYf7SI3ShGQKXlSDlVNa+G3gr:aVsUXDMz0a79RTs3HB27FQKXqdGwr Copy to Clipboard
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\VisiorWW.cab.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 88fb2a82f065993e3a82d3932d32cfe5 Copy to Clipboard
SHA1 d9c6702b339b62df4002f5a79189c05e36686da9 Copy to Clipboard
SHA256 2868d19879283eafd78fe3853c2e5e9134e7e983fb6345d5520113d3ffa6af3a Copy to Clipboard
SSDeep 196608:AesILwohZMFfAzx8Am1TUXqVu0NhwZOUjmAZF7bPHmUJ71u:CwhZMpff1Qo+5jRZlzHfu Copy to Clipboard
\\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\User Account Pictures\guest.bmp.cosanostra (Created File)
Mime Type application/octet-stream
File Size 48.11 KB
MD5 d73610df8189b13319f2a2c2b3e553af Copy to Clipboard
SHA1 3d16a14b8f805fa50a09e0c99545777056674131 Copy to Clipboard
SHA256 5e42f4bc946f1a6b6bbd2e9395dec8b51645fba2674112fe905a5b08dd475d3a Copy to Clipboard
SSDeep 1536:9G2WbRurKrnB+z9Kqo4HSKvxPTTEQuyJRaU/rorD:Pe4Goz9Lo4n5PTTEQPaUjyD Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\pss10r.chm.cosanostra (Created File)
Mime Type application/octet-stream
File Size 26.61 KB
MD5 ac6b07f4a78476f85b2b87ca2e9ba2ad Copy to Clipboard
SHA1 5ae6b7b31c8ad9245c52660b2f534aee6f7bd509 Copy to Clipboard
SHA256 565d214b72bfafe4e23cd03c34bb3490699ed211f49f41cba036782517b55d5e Copy to Clipboard
SSDeep 768:+vBG0xnLkyiEdPmg0Tf8g2Ox8KuN5Upw/4oSaa6:+vBG0x4yrP878lKYUtoSa1 Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat.cosanostra (Created File)
Mime Type application/octet-stream
File Size 4.00 MB
MD5 080eba7f690424e40692de0ac38ed5cc Copy to Clipboard
SHA1 9e6e6396042e3cfee53ab7cbf1c7c5b601d7ec68 Copy to Clipboard
SHA256 807606ff51a3dc4c19ccfefdaa2dc0093423adc0557abadc175132246acbe2d6 Copy to Clipboard
SSDeep 192:kl8CT+kJ9GennEnxSOhSx/dj7AvKKueSM6UNUz6TWmDPZLmuBQY4j2d8N:klBT+kJ9GK7OuJF1eS3qDPIS4j+8 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUISet.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 848.55 KB
MD5 f22cdfcea3c2f0456571ad75a9de4633 Copy to Clipboard
SHA1 0390312b185cbdb8bd5b99c424a59da47cf78f8b Copy to Clipboard
SHA256 5deab4d1301387e4937c4fa106a6a2069069842a024b63fd49c963bd0451b0b4 Copy to Clipboard
SSDeep 24576:6zn7f83PV4gEux3P6WBWkmf3egDqo8o93lA6p7wbm:4GzgLf7qoQ6p7wC Copy to Clipboard
\\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\User Account Pictures\5p5NrGJn0jS HALPmcxz.dat.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.05 KB
MD5 9923142658298ea810e7ab3ef4a9959d Copy to Clipboard
SHA1 1d530a40385faff344db0c26f21738d6c6e84205 Copy to Clipboard
SHA256 3c6f4ce75147ae82a53035b5924a994c6fdc01f672b02e72baa0f392de4629fe Copy to Clipboard
SSDeep 3:0HV2UZPjH3WHI8aOrcWn:0HV2ajXWi0 Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasbase.vdm.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 1eba89b3d8308288ab549a41221cc77d Copy to Clipboard
SHA1 deccf663e13fb4484248cb75909671aece9ab37b Copy to Clipboard
SHA256 5473c33585054dd64aec4bb12c6fd4fa249b6481ffc7b42505dcf831be774651 Copy to Clipboard
SSDeep 196608:COK06V81X/hlW7kovl24DcuZekLyMPsVZYOd1PhOtoVtw89wO0zuvU:COK0rnz8H4uZzWCsViO7P8t+e89wONvU Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.47 KB
MD5 c7e8a82fa3655b81d43a06611839ef21 Copy to Clipboard
SHA1 b964591d9e9ec92cbe8c30ed8eb975a1bd718cb7 Copy to Clipboard
SHA256 e46e2d86f6f6539db98d7c12c34285d6e363641da5d9473182402c2702b7d3a3 Copy to Clipboard
SSDeep 24:eh4MiQfMgf+fy24Y4qSQaPCjVJzNFNku8BufYfuNYC9p5uFZmZ0sDJ05+eB/Jhn:6vi2j/YosbNFCWfybC9HuFZmZrDy53BD Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\AccessMUISet.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 848.55 KB
MD5 dcd7f2cb00e2dd392c164fc8d415e734 Copy to Clipboard
SHA1 169ead7289c5899f154d8d28b649414642551ee1 Copy to Clipboard
SHA256 fea08b8efd3ce480eb06be36ac010e1ca119a214df9a68335ea9286baa541941 Copy to Clipboard
SSDeep 24576:Kf7f83PV4gEux3P6WBWkmf3egDqo8o93lA6pMoK3:1zgLf7qoQ6pMoc Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 2.67 MB
MD5 a8c5077d86c73485c1ecd865079da6d3 Copy to Clipboard
SHA1 230ebf5649a9f60ee6ebd877dc1033deebc090f2 Copy to Clipboard
SHA256 58011eb3b75cb27cd2594d1a30db9e29086fd892ec57222e0417b1c3f595d5f9 Copy to Clipboard
SSDeep 49152:MDxL8QBoaneCjSTJKpwmR20yNJqbnaEicmfcH:MR89srJzdH Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 9.18 KB
MD5 b38376540b10c72aa7cfb0e5989b73f4 Copy to Clipboard
SHA1 ef9f70646345744c598c83a62f34ee69f9f524c5 Copy to Clipboard
SHA256 3b2a32c8a79a76ee81c24099abe6f4d3a15eee691e85de01641209bec1102933 Copy to Clipboard
SSDeep 192:RgU0LIhAJ9ryRyXH1BEb1f+ZXgefBjl7rk4bPCHg023lCh:z0xyRMVK5gwe5l7rOCVCh Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\osetupui.dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 187.43 KB
MD5 5fc1f2a7bd0029e1ffd3ee427c4e3a98 Copy to Clipboard
SHA1 3ba9583219fd46d44a87f8f072e95e1850fba87d Copy to Clipboard
SHA256 15bd2639b9cf2b80f5e4be133546791b6c4704c2d60df6f7766bc914721f5e7a Copy to Clipboard
SSDeep 3072:QsxVtI2nuI1XBW4dl4Y4/4Z4UZ4Y14z4m4sr4iC4w4+J4P4U414/jb364g4t4U48:7hnuI1JjxQpscjb3X42 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\msvcr90.dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 640.55 KB
MD5 18180ca541fc64efbf6d4194c983f738 Copy to Clipboard
SHA1 bae7ab2e43dc932ad5eed5e6de39a34766baccb1 Copy to Clipboard
SHA256 5412f88e987f2fccdaea5caf89f20be6eef9cd55919ab051cede822019426999 Copy to Clipboard
SSDeep 12288:ghr4UCeeHTA80gIZ4BgmOEGVN9vtI0E5uO9FAOu8axPFmRyy6aE5:Qe2g5gmO791I0E5uO9FAN9mRyyzE5 Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpengine.dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 7.82 MB
MD5 2364d7c21d294d403083c21042f864c7 Copy to Clipboard
SHA1 60504a2d15c60990d8b92606749fb5776ec72274 Copy to Clipboard
SHA256 5c7fc0c5ff0db1d4e43e5622dbb3d70891c49f1cf0b8ebabb774f1dd5ed9a1e7 Copy to Clipboard
SSDeep 98304:VI5jt35DOVLqwhqblUifq2hSpsHL5Y3qzrPqR+BTsAkHWOtS14V:V2WVLd5psHVY3qXPqR+BTtkHWx14V Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioMUI.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 9.33 KB
MD5 be2e476c085ba8e9f855139ec040a736 Copy to Clipboard
SHA1 8cac24d310caf69c36031a03d7b4ea71b4bd1454 Copy to Clipboard
SHA256 bb3edef0292b357dd5f40f295eafbb0ec25daf5fc992272b706157d7b989704f Copy to Clipboard
SSDeep 192:bnGbKFWulpNxycNrzKBPwPdMq7KxVkBMzLXhXA01ZFdoJmZ1MG:LGbKFvl/zmwM/UB4xDT/ Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLSLICER.DLL.trx_dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 15.39 KB
MD5 b202780e6accb13a6b115f4e47c7fcbe Copy to Clipboard
SHA1 a8616f025c39be95022b4251912d7d2412e16445 Copy to Clipboard
SHA256 ae2cbc188f4c2efadbf89e6af16511b5a161966aa5c16eddee979c58388e24d0 Copy to Clipboard
SSDeep 384:12LR8nEAb0cZScGBhFLFJwxWWPvXci2jXHUrWj7:12N8F0qS3BrA7HMi2jXHUrW/ Copy to Clipboard
\\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\RAC\StateData\RacWmiDataBookmarks.dat.cosanostra (Created File)
Mime Type application/octet-stream
File Size 16.08 KB
MD5 2e9806477c3a8a327103cec95f613672 Copy to Clipboard
SHA1 8aded8ea815aaf37dc31fe50d8464dc25e31c91d Copy to Clipboard
SHA256 b592e559b0192a338645fb4800e4a76677af5d82d5598378d1ce035614e837c5 Copy to Clipboard
SSDeep 192:G9InkJqGAxuTIB/Nz8AY28RtTBgjgnCK0azt5Paq7VWIMosRsyw5NQ:G9Inkw4UB/jYp+iCK0kxUos05NQ Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\mpasdlta.vdm.cosanostra (Created File)
Mime Type application/octet-stream
File Size 331.44 KB
MD5 5ef9b20ab63fab9d44ddccdbdf3417de Copy to Clipboard
SHA1 a92344638ea98a6f240d9d72520f234683c16b82 Copy to Clipboard
SHA256 4f822ddd5c88011942797c2732d6e3005bfb7253c5fe8945e8e62df4d536bdee Copy to Clipboard
SSDeep 6144:W9F0UxVo0qfEZ55uZbyG9I2kumjWC2sn5Nm4R6L4fJMrhuWXeZymVtfj/sssZpkU:U00Vo0HjuRyGDmXn5ZoLMJMNsb/sssZB Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\ProjLR.cab.cosanostra (Created File)
Mime Type application/octet-stream
File Size 7.88 MB
MD5 83c73595b8c62bd3b370ec784ad75e1c Copy to Clipboard
SHA1 2112e99025afe8a9808d272c13b2148ae232cf56 Copy to Clipboard
SHA256 25fa8977097e9c1115df97768f61066aa1507e64fab01bc837ef58f8bb0d5866 Copy to Clipboard
SSDeep 196608:dua/qmm4dvbbCaLWiAsaF5jXk2dYYP+cNI:gvqRmaLWhj1XwYP+cNI Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\WWINTL.REST.trx_dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.08 MB
MD5 f4d517955757e84d25693e5de3125aa1 Copy to Clipboard
SHA1 7c7e4f625ddd7318702a2b6b0ef4df76bb046a10 Copy to Clipboard
SHA256 8bfbaa8bf908c3ea181676f617a622871bda27b1e2c92d24403dcec1befc7e6a Copy to Clipboard
SSDeep 6144:cUFj00m77roP9mkvOOZsZgdNEx41/smLs:300m7/EfvOOZsaxLs Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.msi.cosanostra (Created File)
Mime Type application/octet-stream
File Size 3.53 MB
MD5 19e83240e842fe04f873dc4bcb7fcb56 Copy to Clipboard
SHA1 347573c43596f0a208fad854c8560ede30d51049 Copy to Clipboard
SHA256 72fc7926424f4010d424d2b037a3ad1306da8c12bcc3af49c8c1cc612d310bbe Copy to Clipboard
SSDeep 49152:cvlLsUloOZlxyt+BDljNNHk3qS920yrJoDNpqTIIIIIdhh5Ax8y9:cxsluyAwDhpqTIIIIIdK Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\GrooveMUI.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 0.94 KB
MD5 8cf34366bc0195acbfacecadca79ca6a Copy to Clipboard
SHA1 40c6798a506e05cfc2687fd712842364a88e45e7 Copy to Clipboard
SHA256 b8afc6e745f3d3cbf435ec538feca3982750fd956ac591b24865de9232f531d2 Copy to Clipboard
SSDeep 12:Mrfgxt4T0/bnHYduo22r/hpZfZ80NbwSWihSH+2P0MtL7pZhInFE+Ce7JhYkjq/p:sfsaTe02enlbnV2PHneMkj8XNwwpL Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpSfc.bin.cosanostra (Created File)
Mime Type application/octet-stream
File Size 206.89 KB
MD5 d99130c9273c5b807979c2b6ad6dd311 Copy to Clipboard
SHA1 5619447ef6feb11b39a2415a392a5192b99fb8a6 Copy to Clipboard
SHA256 1dcae96d6531d61916adcc44d1ea5399c2b087a7ebeff78f0b38841f5da443de Copy to Clipboard
SSDeep 1536:KX54xSXJXjlpd+6IAy+PBG2nflm/EA4/sMalcpihoJiqjnASGctcOFtdimjGNcz:KXSsXjdZLffaVPcIC3jnASGcBdiKGNA Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\ShellUI.MST.cosanostra (Created File)
Mime Type application/octet-stream
File Size 3.55 KB
MD5 2f6768dbbd1e080962c1bc28f9527342 Copy to Clipboard
SHA1 294393788b41980e0e8266ba094ec4a4e8dc0989 Copy to Clipboard
SHA256 2ce068e0d365043fe2940d8b7c95da35ccce501c2d0eb31d2008e64989fd5186 Copy to Clipboard
SSDeep 96:iKquEg6bsh8il27XGWMPra49u/2R4TfRQVBZY:iBg6wh8ilaYm494ruVDY Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\dwtrig20.exe.cosanostra (Created File)
Mime Type application/octet-stream
File Size 507.46 KB
MD5 9adc3d5d678ce31148b8bbebb8678ccf Copy to Clipboard
SHA1 ac84d671be2bfd3a222aa0a6fa13adf86ed3e338 Copy to Clipboard
SHA256 2cc948eb64b8c7fb4a1e14d9ddf51ffb3ce5e0896bfee49445f71dac1f5a435c Copy to Clipboard
SSDeep 12288:f0wXwNSO5X3IA1iBihI7XHgZQKhJgeCmvz0r:cew0O1IA1UiuLHgZpJEGgr Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\XLINTL32.DLL.trx_dll.cosanostra (Created File)
Mime Type application/octet-stream
File Size 148.89 KB
MD5 030736d47488a9d146bd67a09da25867 Copy to Clipboard
SHA1 e50f9a746c637f92ad71ea8c1caced0f309ebda4 Copy to Clipboard
SHA256 687c9ab9736a4d0dc1d471492c016adbada4ed44097da7153597ba27e4a17baa Copy to Clipboard
SSDeep 1536:iOFn9zV0YBrDhHaHe4q240nIffDllmbG+S8C9rHUm:pFnZBBxweL2lnefDllmbjY9om Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\VisioLR.cab.cosanostra (Created File)
Mime Type application/octet-stream
File Size 10.00 MB
MD5 6a5328700907d8662d1622f364d7c71f Copy to Clipboard
SHA1 f0dbb2cd82e6576cdcbe1c7a80d8dea64294ab79 Copy to Clipboard
SHA256 276b510441df1503ce21a6f90ef644e4a26746761d0a23bd35bcd3570ef8d4fd Copy to Clipboard
SSDeep 196608:mDC0AM59i4hS7Zj1WNf2KvALmtl9ibbbL:m1z7iEYj1WMSALS9UbbL Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\OfficeMUI.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 5.48 KB
MD5 c015ee287dbf35998d609a910b5e4caa Copy to Clipboard
SHA1 c2fdc4ad7466460f8e671ead2294c9ac2599f7ac Copy to Clipboard
SHA256 2b61c7845192a17823ebd29089a05a58aa100d478b8f786fd69a302ef01a11cd Copy to Clipboard
SSDeep 96:7Na94HV9KLyige7/CwnIzseC7wTPNT27/4w16LNchua3c779RLhVON:7E6HVCbge7KLzLJGA9lVI Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 2.61 KB
MD5 ea01f0035bddb8e685c1332b7dd8694c Copy to Clipboard
SHA1 8071eab2706980fb9dba9bda48ae4030467ab183 Copy to Clipboard
SHA256 e9058991ceffb483b9ef4268facefeb81af95668385c86eafe3db498f855dc5d Copy to Clipboard
SSDeep 48:kqBUZkAOGfY/4Irb+9KXd0dk6sJEIo7dZ5Aj89hacFpEQzIoo:gkA1fjyiYXd0abSIGhtmcwQg Copy to Clipboard
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\Unknown.Log.cosanostra (Created File)
Mime Type application/octet-stream
File Size 6.66 KB
MD5 f819a701bab7bc381b9a8e40c9395595 Copy to Clipboard
SHA1 50c10a7a0b03a054fd54dc92e227636799350b96 Copy to Clipboard
SHA256 eaba025025a1560fb258cc0c2a508a4ab57d9443d649ac3fb654d41cd93d4c66 Copy to Clipboard
SSDeep 192:lpZ0kHK9ALvFLDCtLxvhtATT6Eow99QiPrOlyQXqBsXG8S9:lpZnHMUDqQ6EX/fjOLq6XGH9 Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\Setup.xml.cosanostra (Created File)
Mime Type application/octet-stream
File Size 1.88 KB
MD5 8f9a170d71809afc6fac5ea40d5f8c4e Copy to Clipboard
SHA1 0b2ce0c420929a23fd4e7f8ddacf8064c4ff5439 Copy to Clipboard
SHA256 bd68249af15f16959765786b7ddaa9eec28a9ac548be0fd6d46cdbf89f6bb2e3 Copy to Clipboard
SSDeep 48:OjKuaDvH535/QuTqqrSKvZIMKuudlsyLTz:inaDvHfOqlvjK3dlsE Copy to Clipboard
\\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat Modified File Stream
Not Queried
...
»
Also Known As \\?\C:\ProgramData\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat.cosanostra (Created File)
Mime Type application/octet-stream
File Size 4.41 MB
MD5 cdec9afb209a2fa87df6e2fdf7304825 Copy to Clipboard
SHA1 76fae240ab174de136a8b299743166a050713e83 Copy to Clipboard
SHA256 8728e4677d7d09f6e7393216aba38e8fdbd3bdfad6fce0ef638789708ea3608b Copy to Clipboard
SSDeep 12288:h2wggaSboUwhAsYG53xjSB/xbtgLuGBY9+y9FTxf/+HLVDWjB9/6Ge+z2r:7ggrbMjo/xbtpf/+Jsmds2r Copy to Clipboard
\\?\C:\MSOCache\All Users\{90140000-0054-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt Created File Text
Not Queried
...
»
Also Known As \\?\C:\MSOCache\All Users\{90140000-00B4-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{90140000-00A1-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{90140000-00BA-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{90140000-0115-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{90140000-0117-0409-1000-0000000FF1CE}-C\Access.en-us\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{91140000-003B-0000-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Adobe\Acrobat\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Adobe\Acrobat\10.0\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Adobe\Acrobat\10.0\Replicate\Security\#RECOVERY_FILES#.txt (Created File)
\\?\C:\PerfLogs\#RECOVERY_FILES#.txt (Created File)
\\?\C:\PerfLogs\Admin\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\#RECOVERY_FILES#.txt (Created File)
\\?\C:\MSOCache\All Users\{91140000-0057-0000-1000-0000000FF1CE}-C\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Crypto\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Crypto\RSA\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\eHome\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\eHome\logs\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\DRM\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\DRM\Server\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\DeviceSync\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Device Stage\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Device Stage\Task\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\MSDN\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\MSDN\8.0\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\MF\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Network\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Network\Downloader\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\OFFICE\UICaptions\1036\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\User Account Pictures\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\RAC\Temp\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Vault\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\RAC\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\VISIO\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\RAC\StateData\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\User Account Pictures\Default Pictures\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Quarantine\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\LocalCopy\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D2B0B133-42ED-44D3-809A-46EBB62BA863}\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Queue\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Inbox\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\Common Coverpages\en-US\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\ActivityLog\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Support\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\SentItems\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Service\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSScan\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows NT\MSFax\VirtualInbox\en-US\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\WwanSvc\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Search\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Search\Data\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Search\Data\Temp\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Microsoft\Search\Data\Applications\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\#RECOVERY_FILES#.txt (Created File)
\\?\C:\ProgramData\Package Cache\42D5BEC7DDFBD49E76467529CBC2868987BF8460\packages\#RECOVERY_FILES#.txt (Created File)
Mime Type text/plain
File Size 1.10 KB
MD5 08414855bfe714eb36a20cd1c4ee5e77 Copy to Clipboard
SHA1 0e52049c7b4b01c9a8cad5593240c16994f71cc1 Copy to Clipboard
SHA256 bb4ba7a611f8b4b4e7d29a6888b29aa83ef996c7e0dfd73ddb06fa06fa697ad9 Copy to Clipboard
SSDeep 24:+VP01jhs7O/kQEX2Ht5YHfhV9hHHqz5Fni0HYgxXECTU5Kdsw:gMhDHY/hBHHqz7sFdKd Copy to Clipboard
C:\Users\5p5NrGJn0jS HALPmcxz\AppData\Roaming\_uninstalling_.png Created File Stream
Not Queried
...
»
Mime Type application/octet-stream
File Size 0.74 KB
MD5 87989695bbcc658c194c3b9b871fbd2d Copy to Clipboard
SHA1 2e5e4d2b38f39346261ee66cefed2e8fd75341dc Copy to Clipboard
SHA256 005f342436dc1f600b9beedfacf656a652ccec7eb7c876cd5ceb7716c59be425 Copy to Clipboard
SSDeep 12:zf5/2iBP0219hHHnNVqB55FnWnv0HYgx3sTkGH54TU5EZdsfIBx0:zfhV9hHHqz5Fni0HYgxXECTU5Kdsy0 Copy to Clipboard
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image