Cerber Ransomware | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 32
Modified files count 4
c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6.exe (Sample File)
Size 262.37 KB (268666 bytes)
Hash Values MD5: 037a8be0c33ab5f34c150de153402048
SHA1: 494d86520bd7c1c4553fa4ad0e1c2f06232ec889
SHA256: 199a4a2585c9fc855c5a694df318d153cd74e47fe4b8c667f25a822bfbb22bc6
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x403217
Size Of Code 0x5c00
Size Of Initialized Data 0x1cc00
Size Of Uninitialized Data 0x400
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2014-10-07 06:40:17
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x5bf4 0x5c00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.48
.rdata 0x407000 0x11ce 0x1200 0x6000 CNT_INITIALIZED_DATA, MEM_READ 5.24
.data 0x409000 0x1a7f8 0x400 0x7200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.03
.ndata 0x424000 0x9000 0x0 0x0 CNT_UNINITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.rsrc 0x42d000 0xbf8 0xc00 0x7600 CNT_INITIALIZED_DATA, MEM_READ 4.68
Imports (158)
+
KERNEL32.dll (61)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetTickCount 0x0 0x407060 0x74b8 0x64b8
GetFullPathNameA 0x0 0x407064 0x74bc 0x64bc
MoveFileA 0x0 0x407068 0x74c0 0x64c0
SetCurrentDirectoryA 0x0 0x40706c 0x74c4 0x64c4
GetFileAttributesA 0x0 0x407070 0x74c8 0x64c8
GetLastError 0x0 0x407074 0x74cc 0x64cc
CreateDirectoryA 0x0 0x407078 0x74d0 0x64d0
SetFileAttributesA 0x0 0x40707c 0x74d4 0x64d4
SearchPathA 0x0 0x407080 0x74d8 0x64d8
GetShortPathNameA 0x0 0x407084 0x74dc 0x64dc
CreateFileA 0x0 0x407088 0x74e0 0x64e0
GetFileSize 0x0 0x40708c 0x74e4 0x64e4
GetModuleFileNameA 0x0 0x407090 0x74e8 0x64e8
ReadFile 0x0 0x407094 0x74ec 0x64ec
GetCurrentProcess 0x0 0x407098 0x74f0 0x64f0
CopyFileA 0x0 0x40709c 0x74f4 0x64f4
ExitProcess 0x0 0x4070a0 0x74f8 0x64f8
SetEnvironmentVariableA 0x0 0x4070a4 0x74fc 0x64fc
Sleep 0x0 0x4070a8 0x7500 0x6500
CloseHandle 0x0 0x4070ac 0x7504 0x6504
GetCommandLineA 0x0 0x4070b0 0x7508 0x6508
SetErrorMode 0x0 0x4070b4 0x750c 0x650c
LoadLibraryA 0x0 0x4070b8 0x7510 0x6510
lstrlenA 0x0 0x4070bc 0x7514 0x6514
lstrcpynA 0x0 0x4070c0 0x7518 0x6518
GetDiskFreeSpaceA 0x0 0x4070c4 0x751c 0x651c
GlobalUnlock 0x0 0x4070c8 0x7520 0x6520
GlobalLock 0x0 0x4070cc 0x7524 0x6524
CreateThread 0x0 0x4070d0 0x7528 0x6528
CreateProcessA 0x0 0x4070d4 0x752c 0x652c
RemoveDirectoryA 0x0 0x4070d8 0x7530 0x6530
GetTempFileNameA 0x0 0x4070dc 0x7534 0x6534
lstrcpyA 0x0 0x4070e0 0x7538 0x6538
lstrcatA 0x0 0x4070e4 0x753c 0x653c
GetSystemDirectoryA 0x0 0x4070e8 0x7540 0x6540
GetVersion 0x0 0x4070ec 0x7544 0x6544
GetProcAddress 0x0 0x4070f0 0x7548 0x6548
GlobalAlloc 0x0 0x4070f4 0x754c 0x654c
CompareFileTime 0x0 0x4070f8 0x7550 0x6550
SetFileTime 0x0 0x4070fc 0x7554 0x6554
ExpandEnvironmentStringsA 0x0 0x407100 0x7558 0x6558
lstrcmpiA 0x0 0x407104 0x755c 0x655c
lstrcmpA 0x0 0x407108 0x7560 0x6560
WaitForSingleObject 0x0 0x40710c 0x7564 0x6564
GlobalFree 0x0 0x407110 0x7568 0x6568
GetExitCodeProcess 0x0 0x407114 0x756c 0x656c
GetModuleHandleA 0x0 0x407118 0x7570 0x6570
GetTempPathA 0x0 0x40711c 0x7574 0x6574
GetWindowsDirectoryA 0x0 0x407120 0x7578 0x6578
LoadLibraryExA 0x0 0x407124 0x757c 0x657c
FindFirstFileA 0x0 0x407128 0x7580 0x6580
FindNextFileA 0x0 0x40712c 0x7584 0x6584
DeleteFileA 0x0 0x407130 0x7588 0x6588
SetFilePointer 0x0 0x407134 0x758c 0x658c
WriteFile 0x0 0x407138 0x7590 0x6590
FindClose 0x0 0x40713c 0x7594 0x6594
WritePrivateProfileStringA 0x0 0x407140 0x7598 0x6598
MultiByteToWideChar 0x0 0x407144 0x759c 0x659c
MulDiv 0x0 0x407148 0x75a0 0x65a0
GetPrivateProfileStringA 0x0 0x40714c 0x75a4 0x65a4
FreeLibrary 0x0 0x407150 0x75a8 0x65a8
USER32.dll (63)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CreateWindowExA 0x0 0x407174 0x75cc 0x65cc
EndDialog 0x0 0x407178 0x75d0 0x65d0
ScreenToClient 0x0 0x40717c 0x75d4 0x65d4
GetWindowRect 0x0 0x407180 0x75d8 0x65d8
EnableMenuItem 0x0 0x407184 0x75dc 0x65dc
GetSystemMenu 0x0 0x407188 0x75e0 0x65e0
SetClassLongA 0x0 0x40718c 0x75e4 0x65e4
IsWindowEnabled 0x0 0x407190 0x75e8 0x65e8
SetWindowPos 0x0 0x407194 0x75ec 0x65ec
GetSysColor 0x0 0x407198 0x75f0 0x65f0
GetWindowLongA 0x0 0x40719c 0x75f4 0x65f4
SetCursor 0x0 0x4071a0 0x75f8 0x65f8
LoadCursorA 0x0 0x4071a4 0x75fc 0x65fc
CheckDlgButton 0x0 0x4071a8 0x7600 0x6600
GetMessagePos 0x0 0x4071ac 0x7604 0x6604
LoadBitmapA 0x0 0x4071b0 0x7608 0x6608
CallWindowProcA 0x0 0x4071b4 0x760c 0x660c
IsWindowVisible 0x0 0x4071b8 0x7610 0x6610
CloseClipboard 0x0 0x4071bc 0x7614 0x6614
GetDC 0x0 0x4071c0 0x7618 0x6618
SystemParametersInfoA 0x0 0x4071c4 0x761c 0x661c
RegisterClassA 0x0 0x4071c8 0x7620 0x6620
TrackPopupMenu 0x0 0x4071cc 0x7624 0x6624
AppendMenuA 0x0 0x4071d0 0x7628 0x6628
CreatePopupMenu 0x0 0x4071d4 0x762c 0x662c
GetSystemMetrics 0x0 0x4071d8 0x7630 0x6630
SetDlgItemTextA 0x0 0x4071dc 0x7634 0x6634
GetDlgItemTextA 0x0 0x4071e0 0x7638 0x6638
MessageBoxIndirectA 0x0 0x4071e4 0x763c 0x663c
CharPrevA 0x0 0x4071e8 0x7640 0x6640
DispatchMessageA 0x0 0x4071ec 0x7644 0x6644
PeekMessageA 0x0 0x4071f0 0x7648 0x6648
ReleaseDC 0x0 0x4071f4 0x764c 0x664c
EnableWindow 0x0 0x4071f8 0x7650 0x6650
InvalidateRect 0x0 0x4071fc 0x7654 0x6654
SendMessageA 0x0 0x407200 0x7658 0x6658
DefWindowProcA 0x0 0x407204 0x765c 0x665c
BeginPaint 0x0 0x407208 0x7660 0x6660
GetClientRect 0x0 0x40720c 0x7664 0x6664
FillRect 0x0 0x407210 0x7668 0x6668
DrawTextA 0x0 0x407214 0x766c 0x666c
GetClassInfoA 0x0 0x407218 0x7670 0x6670
DialogBoxParamA 0x0 0x40721c 0x7674 0x6674
CharNextA 0x0 0x407220 0x7678 0x6678
ExitWindowsEx 0x0 0x407224 0x767c 0x667c
DestroyWindow 0x0 0x407228 0x7680 0x6680
CreateDialogParamA 0x0 0x40722c 0x7684 0x6684
SetTimer 0x0 0x407230 0x7688 0x6688
GetDlgItem 0x0 0x407234 0x768c 0x668c
wsprintfA 0x0 0x407238 0x7690 0x6690
SetForegroundWindow 0x0 0x40723c 0x7694 0x6694
ShowWindow 0x0 0x407240 0x7698 0x6698
IsWindow 0x0 0x407244 0x769c 0x669c
LoadImageA 0x0 0x407248 0x76a0 0x66a0
SetWindowLongA 0x0 0x40724c 0x76a4 0x66a4
SetClipboardData 0x0 0x407250 0x76a8 0x66a8
EmptyClipboard 0x0 0x407254 0x76ac 0x66ac
OpenClipboard 0x0 0x407258 0x76b0 0x66b0
EndPaint 0x0 0x40725c 0x76b4 0x66b4
PostQuitMessage 0x0 0x407260 0x76b8 0x66b8
FindWindowExA 0x0 0x407264 0x76bc 0x66bc
SendMessageTimeoutA 0x0 0x407268 0x76c0 0x66c0
SetWindowTextA 0x0 0x40726c 0x76c4 0x66c4
GDI32.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SelectObject 0x0 0x40703c 0x7494 0x6494
SetBkMode 0x0 0x407040 0x7498 0x6498
CreateFontIndirectA 0x0 0x407044 0x749c 0x649c
SetTextColor 0x0 0x407048 0x74a0 0x64a0
DeleteObject 0x0 0x40704c 0x74a4 0x64a4
GetDeviceCaps 0x0 0x407050 0x74a8 0x64a8
CreateBrushIndirect 0x0 0x407054 0x74ac 0x64ac
SetBkColor 0x0 0x407058 0x74b0 0x64b0
SHELL32.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
SHGetSpecialFolderLocation 0x0 0x407158 0x75b0 0x65b0
SHGetPathFromIDListA 0x0 0x40715c 0x75b4 0x65b4
SHBrowseForFolderA 0x0 0x407160 0x75b8 0x65b8
SHGetFileInfoA 0x0 0x407164 0x75bc 0x65bc
ShellExecuteA 0x0 0x407168 0x75c0 0x65c0
SHFileOperationA 0x0 0x40716c 0x75c4 0x65c4
ADVAPI32.dll (9)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegCloseKey 0x0 0x407000 0x7458 0x6458
RegOpenKeyExA 0x0 0x407004 0x745c 0x645c
RegDeleteKeyA 0x0 0x407008 0x7460 0x6460
RegDeleteValueA 0x0 0x40700c 0x7464 0x6464
RegEnumValueA 0x0 0x407010 0x7468 0x6468
RegCreateKeyExA 0x0 0x407014 0x746c 0x646c
RegSetValueExA 0x0 0x407018 0x7470 0x6470
RegQueryValueExA 0x0 0x40701c 0x7474 0x6474
RegEnumKeyA 0x0 0x407020 0x7478 0x6478
COMCTL32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ImageList_Create 0x0 0x407028 0x7480 0x6480
ImageList_AddMasked 0x0 0x40702c 0x7484 0x6484
ImageList_Destroy 0x0 0x407030 0x7488 0x6488
(by ordinal) 0x11 0x407034 0x748c 0x648c
ole32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateInstance 0x0 0x407284 0x76dc 0x66dc
CoTaskMemFree 0x0 0x407288 0x76e0 0x66e0
OleInitialize 0x0 0x40728c 0x76e4 0x66e4
OleUninitialize 0x0 0x407290 0x76e8 0x66e8
VERSION.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetFileVersionInfoSizeA 0x0 0x407274 0x76cc 0x66cc
GetFileVersionInfoA 0x0 0x407278 0x76d0 0x66d0
VerQueryValueA 0x0 0x40727c 0x76d4 0x66d4
Icons (1)
+
c:\users\hjrd1k~1\appdata\local\temp\nsc1ab0.tmp, ...
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\nsc1ab0.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\nss1ac1.tmp (Created File)
c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp (Created File)
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\speech\files\userlexicons\sp_8886b512a0c8413698af6a90c3ce8910.dat (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\nsx1ae1.tmp\system.dll (Created File)
Size 11.00 KB (11264 bytes)
Hash Values MD5: b8992e497d57001ddf100f9c397fcef5
SHA1: e26ddf101a2ec5027975d2909306457c6f61cfbd
SHA256: 98bcd1dd88642f4dd36a300c76ebb1ddfbbbc5bfc7e3b6d7435dc6d6e030c13b
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x1000270b
Size Of Code 0x1e00
Size Of Initialized Data 0xa00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2016-04-03 22:18:23
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x1d4f 0x1e00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.41
.rdata 0x10003000 0x353 0x400 0x2200 CNT_INITIALIZED_DATA, MEM_READ 3.88
.data 0x10004000 0x68 0x200 0x2600 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.35
.reloc 0x10005000 0x260 0x400 0x2800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 3.72
Imports (19)
+
KERNEL32.dll (16)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MultiByteToWideChar 0x0 0x10003000 0x30ec 0x22ec
GlobalFree 0x0 0x10003004 0x30f0 0x22f0
GlobalSize 0x0 0x10003008 0x30f4 0x22f4
lstrcpynA 0x0 0x1000300c 0x30f8 0x22f8
lstrcpyA 0x0 0x10003010 0x30fc 0x22fc
GetProcAddress 0x0 0x10003014 0x3100 0x2300
VirtualFree 0x0 0x10003018 0x3104 0x2304
FreeLibrary 0x0 0x1000301c 0x3108 0x2308
lstrlenA 0x0 0x10003020 0x310c 0x230c
LoadLibraryA 0x0 0x10003024 0x3110 0x2310
GetModuleHandleA 0x0 0x10003028 0x3114 0x2314
GlobalAlloc 0x0 0x1000302c 0x3118 0x2318
WideCharToMultiByte 0x0 0x10003030 0x311c 0x231c
VirtualAlloc 0x0 0x10003034 0x3120 0x2320
VirtualProtect 0x0 0x10003038 0x3124 0x2324
GetLastError 0x0 0x1000303c 0x3128 0x2328
USER32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
wsprintfA 0x0 0x10003044 0x3130 0x2330
ole32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StringFromGUID2 0x0 0x1000304c 0x3138 0x2338
CLSIDFromString 0x0 0x10003050 0x313c 0x233c
Exports (8)
+
Api name EAT Address Ordinal
Alloc 0x10001000 0x1
Call 0x100016bd 0x2
Copy 0x10001058 0x3
Free 0x100015b3 0x4
Get 0x1000161a 0x5
Int64Op 0x1000180d 0x6
Store 0x100010e0 0x7
StrAlloc 0x1000103d 0x8
c:\users\hjrd1k~1\appdata\local\temp\weltprostatectomy
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\weltprostatectomy (Created File)
Size 194.13 KB (198787 bytes)
Hash Values MD5: 3ea29ee46b72c64cc3c76754a857f76b
SHA1: e4cdc788eb40ee773908427e4a0d7c0be7aaf3ea
SHA256: d541518a91d01e36975affe36768723b47e566567c9f067343551e48c52e66fd
Actions
c:\users\hjrd1k~1\appdata\local\temp\underglaze.dll
-
File Properties
Names c:\users\hjrd1k~1\appdata\local\temp\underglaze.dll (Created File)
Size 46.50 KB (47616 bytes)
Hash Values MD5: c28cf21b99b9df891a73ac7f066b9258
SHA1: 77d569d08a04ede2e0501538ccaeedf3bb54116e
SHA256: 1c48c706b99f5985c608df7e1d347536758436500d81ac928cc8443020ee9f6b
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x10002277
Size Of Code 0x7200
Size Of Initialized Data 0x4e00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-03-23 23:59:46
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0x7164 0x7200 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.59
.rdata 0x10009000 0x1c1a 0x1e00 0x7600 CNT_INITIALIZED_DATA, MEM_READ 5.27
.data 0x1000b000 0x19c0 0x1000 0x9400 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.41
.rsrc 0x1000d000 0x418 0x600 0xa400 CNT_INITIALIZED_DATA, MEM_READ 2.43
.reloc 0x1000e000 0xe62 0x1000 0xaa00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.62
Imports (64)
+
USER32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
wsprintfA 0x0 0x10009100 0xa74c 0x8d4c
FindWindowExA 0x0 0x10009104 0xa750 0x8d50
ADVAPI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetAce 0x0 0x10009000 0xa64c 0x8c4c
ObjectDeleteAuditAlarmA 0x0 0x10009004 0xa650 0x8c50
KERNEL32.dll (60)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetEnvironmentStringsW 0x0 0x1000900c 0xa658 0x8c58
GetCurrentProcessId 0x0 0x10009010 0xa65c 0x8c5c
ReadDirectoryChangesW 0x0 0x10009014 0xa660 0x8c60
GetExitCodeThread 0x0 0x10009018 0xa664 0x8c64
GetCurrentThreadId 0x0 0x1000901c 0xa668 0x8c68
GetCommandLineA 0x0 0x10009020 0xa66c 0x8c6c
TerminateProcess 0x0 0x10009024 0xa670 0x8c70
GetCurrentProcess 0x0 0x10009028 0xa674 0x8c74
UnhandledExceptionFilter 0x0 0x1000902c 0xa678 0x8c78
SetUnhandledExceptionFilter 0x0 0x10009030 0xa67c 0x8c7c
IsDebuggerPresent 0x0 0x10009034 0xa680 0x8c80
RtlUnwind 0x0 0x10009038 0xa684 0x8c84
GetModuleHandleW 0x0 0x1000903c 0xa688 0x8c88
GetProcAddress 0x0 0x10009040 0xa68c 0x8c8c
TlsGetValue 0x0 0x10009044 0xa690 0x8c90
TlsAlloc 0x0 0x10009048 0xa694 0x8c94
TlsSetValue 0x0 0x1000904c 0xa698 0x8c98
TlsFree 0x0 0x10009050 0xa69c 0x8c9c
InterlockedIncrement 0x0 0x10009054 0xa6a0 0x8ca0
SetLastError 0x0 0x10009058 0xa6a4 0x8ca4
GetLastError 0x0 0x1000905c 0xa6a8 0x8ca8
InterlockedDecrement 0x0 0x10009060 0xa6ac 0x8cac
HeapFree 0x0 0x10009064 0xa6b0 0x8cb0
Sleep 0x0 0x10009068 0xa6b4 0x8cb4
ExitProcess 0x0 0x1000906c 0xa6b8 0x8cb8
SetHandleCount 0x0 0x10009070 0xa6bc 0x8cbc
GetStdHandle 0x0 0x10009074 0xa6c0 0x8cc0
GetFileType 0x0 0x10009078 0xa6c4 0x8cc4
GetStartupInfoA 0x0 0x1000907c 0xa6c8 0x8cc8
DeleteCriticalSection 0x0 0x10009080 0xa6cc 0x8ccc
GetModuleFileNameA 0x0 0x10009084 0xa6d0 0x8cd0
FreeEnvironmentStringsA 0x0 0x10009088 0xa6d4 0x8cd4
GetEnvironmentStrings 0x0 0x1000908c 0xa6d8 0x8cd8
FreeEnvironmentStringsW 0x0 0x10009090 0xa6dc 0x8cdc
WideCharToMultiByte 0x0 0x10009094 0xa6e0 0x8ce0
HeapCreate 0x0 0x10009098 0xa6e4 0x8ce4
HeapDestroy 0x0 0x1000909c 0xa6e8 0x8ce8
VirtualFree 0x0 0x100090a0 0xa6ec 0x8cec
QueryPerformanceCounter 0x0 0x100090a4 0xa6f0 0x8cf0
GetTickCount 0x0 0x100090a8 0xa6f4 0x8cf4
GetSystemTimeAsFileTime 0x0 0x100090ac 0xa6f8 0x8cf8
GetCPInfo 0x0 0x100090b0 0xa6fc 0x8cfc
GetACP 0x0 0x100090b4 0xa700 0x8d00
GetOEMCP 0x0 0x100090b8 0xa704 0x8d04
IsValidCodePage 0x0 0x100090bc 0xa708 0x8d08
LeaveCriticalSection 0x0 0x100090c0 0xa70c 0x8d0c
EnterCriticalSection 0x0 0x100090c4 0xa710 0x8d10
HeapAlloc 0x0 0x100090c8 0xa714 0x8d14
VirtualAlloc 0x0 0x100090cc 0xa718 0x8d18
HeapReAlloc 0x0 0x100090d0 0xa71c 0x8d1c
WriteFile 0x0 0x100090d4 0xa720 0x8d20
LoadLibraryA 0x0 0x100090d8 0xa724 0x8d24
InitializeCriticalSectionAndSpinCount 0x0 0x100090dc 0xa728 0x8d28
LCMapStringA 0x0 0x100090e0 0xa72c 0x8d2c
MultiByteToWideChar 0x0 0x100090e4 0xa730 0x8d30
LCMapStringW 0x0 0x100090e8 0xa734 0x8d34
GetStringTypeA 0x0 0x100090ec 0xa738 0x8d38
GetStringTypeW 0x0 0x100090f0 0xa73c 0x8d3c
GetLocaleInfoA 0x0 0x100090f4 0xa740 0x8d40
HeapSize 0x0 0x100090f8 0xa744 0x8d44
c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx, ...
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\0ym30ah1p2 o.pptx (Modified File)
c:\users\hjrd1koky ds8lujv\documents\mk1qeyh-ob.87b1 (Created File)
Size 73.28 KB (75035 bytes)
Hash Values MD5: 4c10f0168f3b02e9141d59de4e1d0e15
SHA1: 5a444a6894ef56f9563e3d003aea3462f40d3704
SHA256: acf797de243ab8d35839fa040da4cd725d1e5cca7e9f6f7263dce57be0e94954
Actions
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\_read_this_file_oy87az4_.hta (Created File)
Size 74.96 KB (76756 bytes)
Hash Values MD5: f7f337f3990f508f408de7d1eb406c25
SHA1: bc8fb21fc8e99a025ff5257be717e9cd9e099ab2
SHA256: 3b5db7edeae403f4cb3e0d4500ef6c6f17a2da01411cbedd584b1fc2794df342
Actions
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\_read_this_file_sna5m_.txt (Created File)
Size 1.31 KB (1337 bytes)
Hash Values MD5: 2833e6543ea2ea5b81f63a1b6d6a832a
SHA1: 9130c4ab860fcda421cf56372491ab3f1901dccd
SHA256: a44098297ee6f900f25696ef91ada5e19c3a3e3f00276a0e239b36fb20850341
Actions
c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\_read_this_file_gwjrx_.jpeg (Created File)
Size 212.32 KB (217414 bytes)
Hash Values MD5: d9c206a13f332e13b83c6da60f44b2c3
SHA1: 5d68e9e078073f0b5ca8d19613e301c1b3a8287b
SHA256: b48ca40156c2c9424d270cbeae0b5efd72eb5125bec85088b785afb12d320c4b
Actions
c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx, ...
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\2dffhfqbe.xlsx (Modified File)
c:\users\hjrd1koky ds8lujv\documents\mcjgdc9uzh.87b1 (Created File)
Size 55.62 KB (56953 bytes)
Hash Values MD5: 4b8adffa3a05089e860070930df0bbb4
SHA1: 49503f85337dc8a95723801f4593eccfe89ec503
SHA256: cdacb76afcb791e7aaa3678af9ef79d7954e959f98b9c90231b03ba8def0780f
Actions
c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx, ...
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\4sbwm903uzhcnxlzbwa.xlsx (Modified File)
c:\users\hjrd1koky ds8lujv\documents\wzrlp-viqf.87b1 (Created File)
Size 68.60 KB (70250 bytes)
Hash Values MD5: 8cd6d2be6322010cbaf49993b3fcc83c
SHA1: b58109eea23dd22e630795c4a4e8924d1911e240
SHA256: 7ff6030be999e27d22bb21ddf66f4567676f9d05c10e97e390a4866e719d194a
Actions
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\speech\files\userlexicons\sp_8886b512a0c8413698af6a90c3ce8910.dat
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\speech\files\userlexicons\sp_8886b512a0c8413698af6a90c3ce8910.dat (Created File)
Size 0.92 KB (940 bytes)
Hash Values MD5: 9ed60b54a6e0241b17b7374ccd806cf2
SHA1: 304d806ce0a579520566c7f20da3e87c63141ee8
SHA256: 6fa15f84277575a6479466590ffa4c9d7e3a537e18cebb28c8bf908416d86a29
Actions
c:\users\hjrd1koky ds8lujv\documents\5t950ijtgp.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\5t950ijtgp.87b1 (Created File)
Size 87.83 KB (89936 bytes)
Hash Values MD5: c776b1e64d090bf233740c86d4593d04
SHA1: 4af7687c4e0542ce59e04b1e5033a9b31b30d65a
SHA256: 308c86b083470945364e9a305b4f41cf1bb9cb024711394a0af9c46735d08313
Actions
c:\users\hjrd1koky ds8lujv\documents\3-rxwcu45h.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\3-rxwcu45h.87b1 (Created File)
Size 52.85 KB (54114 bytes)
Hash Values MD5: 01a056c15cb169473e14633714c6b417
SHA1: 116c47a9d48821490ca66ad9fb398e643f7b3c6c
SHA256: a837725cd9d36c974d0d97bf4a07dc504ac0f98709caa5daca544b891d051f87
Actions
c:\users\hjrd1koky ds8lujv\documents\6ruskhssp7.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\6ruskhssp7.87b1 (Created File)
Size 8.26 KB (8457 bytes)
Hash Values MD5: aa8125924efe88742156fa6259dee81c
SHA1: 6e89849a684cd7ad434e812cb465d7e42e77d5e2
SHA256: f938728aec5f0df975bf9e48d563c5350f21662e7549d782262ddf027f147094
Actions
c:\users\hjrd1koky ds8lujv\documents\o-syix25yo.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\o-syix25yo.87b1 (Created File)
Size 86.99 KB (89073 bytes)
Hash Values MD5: be07a1ed3e9fd566763194e0aa4d7beb
SHA1: 21b2746e03236e599718217024f7676ee2071bc3
SHA256: 3daf3968b4a3237b6de88af84ab2bae79feb3c6126340dec306c3b393f0e9947
Actions
c:\users\hjrd1koky ds8lujv\documents\feqr8sill4.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\feqr8sill4.87b1 (Created File)
Size 68.31 KB (69948 bytes)
Hash Values MD5: a8734a5f1b95185aa76a4790692f3e0c
SHA1: e17b03b664d559efe912b9722224c34370396837
SHA256: 7caa186363cff7d613e379d47656c7bd4780d8344b6642bd1544966add1a49dd
Actions
c:\users\hjrd1koky ds8lujv\documents\kfgfxkxkom.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\kfgfxkxkom.87b1 (Created File)
Size 25.54 KB (26155 bytes)
Hash Values MD5: 86f18f04b4afccb136f9a77ea94b83a8
SHA1: bfb36bfa1792142d767eaf847157f8aafcd0564a
SHA256: 7e663508034a7737a19c98921f2f6c4f8b735fb400d5bb51ad4f8ad9ce3c710f
Actions
c:\users\hjrd1koky ds8lujv\documents\bc32lqwvc8.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\bc32lqwvc8.87b1 (Created File)
Size 4.86 KB (4977 bytes)
Hash Values MD5: d8c53d657b5738fdc4bfee84846bb49d
SHA1: ac912237dc6f37b10a78f44899265146716de631
SHA256: 28dd3ba9c48f73de72b64d2f529ae3e0591a77455d91e5e47170cb9b82895710
Actions
c:\users\hjrd1koky ds8lujv\documents\4lllybc7sv.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\4lllybc7sv.87b1 (Created File)
Size 25.20 KB (25804 bytes)
Hash Values MD5: 9bc9ca7a29c0a029cd892ad5238a751e
SHA1: 710ac7bdca207d25f9e19c680f3b8c84544e4fc1
SHA256: 1c066455c8526a83c02c95c66b1e3e809476102752f87a7226cb931f598b53cb
Actions
c:\users\hjrd1koky ds8lujv\documents\53btro0x1v.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\documents\53btro0x1v.87b1 (Created File)
Size 13.97 KB (14306 bytes)
Hash Values MD5: 14e28e545cae88ba3254622636e0f3fc
SHA1: 6a48daa2b71835cd1b918b2ef1b7130e7246ba3f
SHA256: a058d96d0fc0bcf0b2f0567a476217584b605b004bd17e67698b1d52df50cea3
Actions
c:\users\hjrd1koky ds8lujv\desktop\rfhurs7sso.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\rfhurs7sso.87b1 (Created File)
Size 91.52 KB (93713 bytes)
Hash Values MD5: 242b80450958cc21a66cd95664ca7a56
SHA1: dcf7394d752938154e2735da66346ef87b5d04e2
SHA256: 8f8675069075df930da51c4dda4f4b42b4a936e2c02967723e9ed3ec000630d8
Actions
c:\users\hjrd1koky ds8lujv\desktop\9lvsdwjl5r.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\9lvsdwjl5r.87b1 (Created File)
Size 64.62 KB (66166 bytes)
Hash Values MD5: 190bf22610881f88218e688a14e23848
SHA1: 170072a838eacd7f55b70b835841c39f792d2c38
SHA256: c295e1eebf59820562d02be3df1968d8c6dd1aea7168f96cc750098e3d302a77
Actions
c:\users\hjrd1koky ds8lujv\desktop\lhnlle1mra.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\lhnlle1mra.87b1 (Created File)
Size 63.65 KB (65182 bytes)
Hash Values MD5: 3736eee89088291efa1a57af1ea59219
SHA1: 3cac4833b2aee81a58a53048efc5d395e5baab3d
SHA256: 4c79b89e89efcb8df933a6b1a9269a0f0818f1e9cb05b5c57ec0a576e77a3fe1
Actions
c:\users\hjrd1koky ds8lujv\desktop\chbopzauxb.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\chbopzauxb.87b1 (Created File)
Size 54.06 KB (55354 bytes)
Hash Values MD5: ef3b01980aac5f6a6bc7187e90e16d48
SHA1: e62f9de41953bf56e59cd40c2b4374316b9ffb71
SHA256: cd5878c1e802fc4a287739cae20e3995de14716afce7b4b1db30abb848f689ba
Actions
c:\users\hjrd1koky ds8lujv\desktop\72wdecdose.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\72wdecdose.87b1 (Created File)
Size 12.09 KB (12380 bytes)
Hash Values MD5: a9c8bc62358ecdd09b3bb9f7af658d86
SHA1: b6f74fe681bb0f279fe3bc8897bebdcfeede768d
SHA256: ac520174432f4e91f38089eeadad5c9995912857c114693099963268b9b9201b
Actions
c:\users\hjrd1koky ds8lujv\desktop\0ly1wwj-os.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\0ly1wwj-os.87b1 (Created File)
Size 70.74 KB (72441 bytes)
Hash Values MD5: f1a0aa1e145408cbb71f8b346bde5953
SHA1: f3793ce77dc6d6a032ff74f60ecada19d346dab9
SHA256: f675c824db2daf04c4ae46004e329d3402db172e3f438d317d27d09cae8c9675
Actions
c:\users\hjrd1koky ds8lujv\desktop\c2tneqkoop.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\c2tneqkoop.87b1 (Created File)
Size 32.54 KB (33318 bytes)
Hash Values MD5: 81dc47ec8da44dfe5eaab125b8fb73c9
SHA1: 9faac82646de31f9bbff121c1e4321faab092780
SHA256: 966114724db95d8dae5ff03f14732559f32349e5b3596f2ab985d9dbeefb0991
Actions
c:\users\hjrd1koky ds8lujv\desktop\-pnznezwur.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\-pnznezwur.87b1 (Created File)
Size 8.37 KB (8575 bytes)
Hash Values MD5: 9c71f9fc0b2702e53abe6b1af542e3b1
SHA1: 60a3aefdcc45d541c49b37b0a06ed8fdb50cc73d
SHA256: 8654976d3d92b92b13cfb3c63b5f7907b23bb79a03c280b4da5feb34ce5ba092
Actions
c:\users\hjrd1koky ds8lujv\desktop\pwebptr7kd.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\pwebptr7kd.87b1 (Created File)
Size 46.79 KB (47908 bytes)
Hash Values MD5: 75953340e30b4b8cf2e6aae1f83d6e7a
SHA1: bb8a98393eac07de567781e96ae18f97bc888962
SHA256: 17e6cb049d9193351c4976a7a99ca6f581a705a5c6aecdd29628ae27d41b65d2
Actions
c:\users\hjrd1koky ds8lujv\desktop\0giaekeqpv.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\0giaekeqpv.87b1 (Created File)
Size 35.55 KB (36399 bytes)
Hash Values MD5: 2f6154d1d89ba330fd6dc62a846efeef
SHA1: 19972f5d7a3c10d60202c297eb7f7d80de66db62
SHA256: 0895d3920b2fa9f46eb6e5e749b4b1ee25ad426aeb493ed1aa3f6d41748218a6
Actions
c:\users\hjrd1koky ds8lujv\desktop\-pnrexrevr.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\-pnrexrevr.87b1 (Created File)
Size 63.06 KB (64571 bytes)
Hash Values MD5: 59b1f0939875ff081e368dd9374b5f74
SHA1: b6b91940caa81756e0f3b67d1cc320e7c69b2670
SHA256: a9bcc755b5e8a1b2e556f6405408b4152e0cf795bc038bd6976707ab89d5e214
Actions
c:\users\hjrd1koky ds8lujv\desktop\iqit9zczod.87b1
-
File Properties
Names c:\users\hjrd1koky ds8lujv\desktop\iqit9zczod.87b1 (Created File)
Size 68.56 KB (70204 bytes)
Hash Values MD5: 2ad357a4bbf046cc8db0ec99d5914e10
SHA1: f8f34bd7644df09688618461312c5c76c02e2426
SHA256: 0c926ce1ef061e38aac15aaad4addd6826063774c6e2a2b9b537aa2fca44ee1d
Actions
c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\ietldcache\index.dat
-
File Properties
Names c:\users\hjrd1koky ds8lujv\appdata\roaming\microsoft\windows\ietldcache\index.dat (Modified File)
Size 256.00 KB (262144 bytes)
Hash Values MD5: 523c9c2f0803c81fb5baf9ae734c5313
SHA1: 2bdb52c4b4920a39084818ab848a39bde4e6fe19
SHA256: 8f32b74a611bdcf55195007d815d1028c287d4068c1feea68061aeec9626455f
Actions
Function Logfile
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy".



    
Screenshot
Expand-Icon
Exit-Icon
icon_left
icon_left
image