Malicious doc with Embedded SettingContent-ms | Environment
Logo
Try VMRay Analyzer
VTI SCORE: 91/100
Dynamic Analysis Report
Classification: Trojan

3c6a74d216e10e4ff158716cfa72984230995041c4bbb7596b8c8aaa461d76c5 (SHA256)

ggzn.doc

Word Document

Created at 2018-08-06 13:03:00

...

Virtual Machine Information

Name win10_64
Description Windows 10 (64-bit), MS Office 2016 (64-bit)
Architecture x86 64-bit
Operating System Windows 10 Threshold 2
Kernel Version 10.0.10586.0 (0de6dc23-8e19-4bb7-8608-d54b1e6fa379)

System Information

Computer Name X2VS1CUM
User Domain X2VS1CUM
User Name Nd9E1FYi
User Profile C:\Users\Nd9E1FYi
Temp Directory C:\Users\Nd9E1FYi\AppData\Local\Temp
System Root C:\Windows
Sample Directory C:\Users\Nd9E1FYi\Desktop

Software Information

Adobe Acrobat Reader Version 15.007.20033
Microsoft Office 2016
Microsoft Office Version 16.0.4266.1001
Internet Explorer Version 11.0.10586.0
Chrome Version 60.0.3112.113
Firefox Version 55.0.2
Flash Version 25.0.0.148
Java Version 8.0.1440.1

Randomly Created Artifacts

This section provides information about processes and files that were created before the analysis was started. This is one of many steps designed to make the analysis system look more realistic and prevent evasion by environment aware malware. The number of randomly generated artifacts can be changed in the configuration.

Processes (18)
»
Filename PID GUI
C:\Program Files (x86)\Common Files\iv-rj.exe #2316 False
C:\Program Files (x86)\Common Files\screens.exe #4040 False
C:\Program Files (x86)\Google\cup nyc.exe #3496 False
C:\Program Files (x86)\Internet Explorer\m oct.exe #3948 False
C:\Program Files (x86)\Reference Assemblies\currentlyeditionschart.exe #3580 False
C:\Program Files (x86)\Reference Assemblies\ghana-jungle-ecommerce.exe #2652 False
C:\Program Files (x86)\Windows Photo Viewer\entitled.exe #3880 False
C:\Program Files (x86)\Windows Portable Devices\comparative_blowing.exe #3288 False
C:\Program Files\Common Files\lap.exe #3340 False
C:\Program Files\Common Files\nooncatalystdiploma.exe #2656 False
C:\Program Files\Java\chemistry_marion.exe #1992 False
C:\Program Files\MSBuild\sperm.exe #4016 False
C:\Program Files\Microsoft Office 15\revenuesenatefiji.exe #3788 False
C:\Program Files\Microsoft Office 15\votes viewers.exe #3812 False
C:\Program Files\Mozilla Firefox\ala.exe #4068 False
C:\Program Files\Windows Defender\gossip.exe #3628 False
C:\Program Files\Windows Media Player\designationautomobile.exe #3704 False
C:\Program Files\Windows Photo Viewer\athletes earl.exe #4080 False
Files (339)
»
Filename
C:\Users\Nd9E1FYi\AppData\Local\Temp\0I_7HdF 3.csv
C:\Users\Nd9E1FYi\AppData\Local\Temp\2dKQ5xh4M3B204X.mp3
C:\Users\Nd9E1FYi\AppData\Local\Temp\3c1wtCZBhHgxX7Wp.docx
C:\Users\Nd9E1FYi\AppData\Local\Temp\3lSxki4i41.gif
C:\Users\Nd9E1FYi\AppData\Local\Temp\5jLNBVxGJ.jpg
C:\Users\Nd9E1FYi\AppData\Local\Temp\6cxZ7p.odp
C:\Users\Nd9E1FYi\AppData\Local\Temp\6ghhJb1b5nC-Lk.avi
C:\Users\Nd9E1FYi\AppData\Local\Temp\A_zu6.gif
C:\Users\Nd9E1FYi\AppData\Local\Temp\F5K ONcwt.jpg
C:\Users\Nd9E1FYi\AppData\Local\Temp\FJk817XpYSOlSjQJ.csv
C:\Users\Nd9E1FYi\AppData\Local\Temp\JxiN4a.wav
C:\Users\Nd9E1FYi\AppData\Local\Temp\NlXVpgTJGI.wav
C:\Users\Nd9E1FYi\AppData\Local\Temp\PGL-.pps
C:\Users\Nd9E1FYi\AppData\Local\Temp\S55vwrXU8YuatHH9.mp4
C:\Users\Nd9E1FYi\AppData\Local\Temp\TNnt_5e-ZlI.png
C:\Users\Nd9E1FYi\AppData\Local\Temp\VlTqBEROLbjo_0rd.m4a
C:\Users\Nd9E1FYi\AppData\Local\Temp\Vo26.mp3
C:\Users\Nd9E1FYi\AppData\Local\Temp\W_GzKC_GEbTZVgFTo72X.png
C:\Users\Nd9E1FYi\AppData\Local\Temp\Xfx5sXuN7piF_s.avi
C:\Users\Nd9E1FYi\AppData\Local\Temp\Y-zdxe1LWtv.avi
C:\Users\Nd9E1FYi\AppData\Local\Temp\Z4m7F_vHyH4W8j.m4a
C:\Users\Nd9E1FYi\AppData\Local\Temp\_T6 tId2ill5u0DzpV.doc
C:\Users\Nd9E1FYi\AppData\Local\Temp\c0NlBmJN8-ZNejhSI.avi
C:\Users\Nd9E1FYi\AppData\Local\Temp\dARwRem6XF.bmp
C:\Users\Nd9E1FYi\AppData\Local\Temp\ewo_7dscBz27rbW.ods
C:\Users\Nd9E1FYi\AppData\Local\Temp\gG aN1NqbE.xls
C:\Users\Nd9E1FYi\AppData\Local\Temp\h4pADF9PX25zc21c-anP.ods
C:\Users\Nd9E1FYi\AppData\Local\Temp\hbNK_.m4a
C:\Users\Nd9E1FYi\AppData\Local\Temp\lfu xZIbnnuK2qG-.avi
C:\Users\Nd9E1FYi\AppData\Local\Temp\lnR0IwPe_fB-.m4a
C:\Users\Nd9E1FYi\AppData\Local\Temp\m SWYPDfxxndFU1IZH9.wav
C:\Users\Nd9E1FYi\AppData\Local\Temp\rI4ZewbX8RLYXTleJ.flv
C:\Users\Nd9E1FYi\AppData\Local\Temp\sdkyzV9Kw1.mp4
C:\Users\Nd9E1FYi\AppData\Local\Temp\w1TrI Q2SdVNE5.ots
C:\Users\Nd9E1FYi\AppData\Local\Temp\yJYk5xejxh_tLs.pps
C:\Users\Nd9E1FYi\AppData\Local\Temp\z8AR0Dyyz.mp3
C:\Users\Nd9E1FYi\AppData\Local\Temp\zmJTGAEDmMDjTE.mp3
C:\Users\Nd9E1FYi\AppData\Roaming\1 MkQAsEeDt55yPe.mkv
C:\Users\Nd9E1FYi\AppData\Roaming\1jvc1LM6fKncwYPni.docx
C:\Users\Nd9E1FYi\AppData\Roaming\1tggNqAxo.mkv
C:\Users\Nd9E1FYi\AppData\Roaming\29LNaOTlp f7O2PDAh-5.wav
C:\Users\Nd9E1FYi\AppData\Roaming\3LwMNf iqXjkzE.swf
C:\Users\Nd9E1FYi\AppData\Roaming\BJbkiTto1Q_2lAyHDFyC.jpg
C:\Users\Nd9E1FYi\AppData\Roaming\BW2si8D9h.m4a
C:\Users\Nd9E1FYi\AppData\Roaming\Bdg2OKfDaUeD.gif
C:\Users\Nd9E1FYi\AppData\Roaming\BeH_my0rN.jpg
C:\Users\Nd9E1FYi\AppData\Roaming\D75a5mNrNo60gvR.mp4
C:\Users\Nd9E1FYi\AppData\Roaming\E2oK RTafHIA8OSJk1vA.m4a
C:\Users\Nd9E1FYi\AppData\Roaming\Fc2OBkF2PP-U3Qm_H.gif
C:\Users\Nd9E1FYi\AppData\Roaming\HU58kqqqRJXB2g4_GPgS.bmp
C:\Users\Nd9E1FYi\AppData\Roaming\I2F_OzhCpySJwH.mp4
C:\Users\Nd9E1FYi\AppData\Roaming\L4yuAMSLC-.m4a
C:\Users\Nd9E1FYi\AppData\Roaming\QYcT5mWnG.swf
C:\Users\Nd9E1FYi\AppData\Roaming\Vf_xb4xLYgazFPQN7.mp3
C:\Users\Nd9E1FYi\AppData\Roaming\Y8D5xzwjb.ppt
C:\Users\Nd9E1FYi\AppData\Roaming\aBAd8bY_R4cf5fCBCe.gif
C:\Users\Nd9E1FYi\AppData\Roaming\adbxr A0vZ.mkv
C:\Users\Nd9E1FYi\AppData\Roaming\am8Cquw8c1Iv4sD.bmp
C:\Users\Nd9E1FYi\AppData\Roaming\c1cB8hU3iK4IqzZN.m4a
C:\Users\Nd9E1FYi\AppData\Roaming\cK4KIlb.gif
C:\Users\Nd9E1FYi\AppData\Roaming\cOY1QEK0PsyVttqo8GS8.avi
C:\Users\Nd9E1FYi\AppData\Roaming\huU7x.avi
C:\Users\Nd9E1FYi\AppData\Roaming\j6ESDRFkAWcj6.pdf
C:\Users\Nd9E1FYi\AppData\Roaming\kPxxkvy_hy9YXagXFr.odp
C:\Users\Nd9E1FYi\AppData\Roaming\nYtm y csWqKZm4wt.flv
C:\Users\Nd9E1FYi\AppData\Roaming\qb448to2Liq.avi
C:\Users\Nd9E1FYi\AppData\Roaming\syMgwlOPsQnsyvLrhU.avi
C:\Users\Nd9E1FYi\AppData\Roaming\vYiCT.m4a
C:\Users\Nd9E1FYi\AppData\Roaming\ySFEiS3xbI.wav
C:\Users\Nd9E1FYi\AppData\Roaming\zJuB4si_pvTDYrBAxLAc.swf
C:\Users\Nd9E1FYi\Desktop\10SyVthSeh.rtf
C:\Users\Nd9E1FYi\Desktop\1VKMe.mp3
C:\Users\Nd9E1FYi\Desktop\2Lv7Kv.m4a
C:\Users\Nd9E1FYi\Desktop\720XICc7c.gif
C:\Users\Nd9E1FYi\Desktop\8WhziqLUwX7KwDok.wav
C:\Users\Nd9E1FYi\Desktop\AphtpXTuQVi9e.mp4
C:\Users\Nd9E1FYi\Desktop\CLBLo6c51ngleW6.png
C:\Users\Nd9E1FYi\Desktop\E6EXQuC.png
C:\Users\Nd9E1FYi\Desktop\EzVj
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR\H16d.pptx
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR\SKpGje1i4.wav
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR\hv69tRvIsarQT53f3J92.ppt
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR\mX6hWW3dJxi8anHJ1.flv
C:\Users\Nd9E1FYi\Desktop\EzVj\8wnolsqfQR\s-ix7FO Q2B.mkv
C:\Users\Nd9E1FYi\Desktop\EzVj\OTkfwuYlb-smpUwZaV.flv
C:\Users\Nd9E1FYi\Desktop\EzVj\SfPZYiiuDGOctRnsoBAV.wav
C:\Users\Nd9E1FYi\Desktop\EzVj\y0j86Gc_k-hkllNm.mp3
C:\Users\Nd9E1FYi\Desktop\G6jADbgMPAp-dgH5JeNt.m4a
C:\Users\Nd9E1FYi\Desktop\HOXz.docx
C:\Users\Nd9E1FYi\Desktop\NZTf3-r7SomABk.rtf
C:\Users\Nd9E1FYi\Desktop\QArZu5oZpt.wav
C:\Users\Nd9E1FYi\Desktop\QPWdVnwV6La1.ods
C:\Users\Nd9E1FYi\Desktop\UY5XFQ2ymlotRBExf.doc
C:\Users\Nd9E1FYi\Desktop\V-Hs 0nvvUwZQE.mp4
C:\Users\Nd9E1FYi\Desktop\WuvYKa.bmp
C:\Users\Nd9E1FYi\Desktop\X_ziELWxfIw2VQdDXmT.mp4
C:\Users\Nd9E1FYi\Desktop\Y8H5JE01KOl7CXz-3m.odt
C:\Users\Nd9E1FYi\Desktop\YLU3yY84jernNwL.wav
C:\Users\Nd9E1FYi\Desktop\_oJ1.wav
C:\Users\Nd9E1FYi\Desktop\ayJ2tW9mXkxQ- S.gif
C:\Users\Nd9E1FYi\Desktop\e1wm_-xeu jAPNGZ.mp4
C:\Users\Nd9E1FYi\Desktop\j17Gyq4.wav
C:\Users\Nd9E1FYi\Desktop\ouHP5w_rGDXaJQpYTNgh.wav
C:\Users\Nd9E1FYi\Desktop\sdsU.jpg
C:\Users\Nd9E1FYi\Desktop\tcxcl.mp4
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\-DPQ5w40t4 O_n.swf
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\0qg-v.jpg
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\EtFJtglQ_Tc4l8QL.mkv
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\OShfbvn2MzJwJ R.mp4
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\g1J cG8If7p.swf
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\wFjc40uY0bMd13X30O8z.m4a
C:\Users\Nd9E1FYi\Desktop\uixkkySi0re_5xI\x38l52fTCzWh3Pf.gif
C:\Users\Nd9E1FYi\Desktop\xxbs4RK-f8IpGFvw6gz.avi
C:\Users\Nd9E1FYi\Documents\09DDbs-Pq3k.xlsx
C:\Users\Nd9E1FYi\Documents\0HKfAm434i8pH.xlsx
C:\Users\Nd9E1FYi\Documents\3PzBFV5L G-WgoMTBz.pptx
C:\Users\Nd9E1FYi\Documents\5gxLolaFxJ3a W.xlsx
C:\Users\Nd9E1FYi\Documents\82FOY9eTCvv-enu.csv
C:\Users\Nd9E1FYi\Documents\8iq5jYgtnCd.docx
C:\Users\Nd9E1FYi\Documents\8xJ1BDfLIixv0NPAXR.docx
C:\Users\Nd9E1FYi\Documents\9A56Uadd1C.pptx
C:\Users\Nd9E1FYi\Documents\9aB8vw8UeJdvtEIH.pptx
C:\Users\Nd9E1FYi\Documents\BEi4K4eeNad.pdf
C:\Users\Nd9E1FYi\Documents\Br1 WadsCsj5422.docx
C:\Users\Nd9E1FYi\Documents\BsK qF0y.docx
C:\Users\Nd9E1FYi\Documents\C1IlmKLMH_rt.pptx
C:\Users\Nd9E1FYi\Documents\DOf7VfTI
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\-sDDiVdNEd.odt
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA\-jb6.ppt
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA\7IFz0ezw09.pdf
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA\Njro4c.xls
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA\cdcpXeGxNz5k.ots
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\2hmW57QPSo6hVSpA\r wtiUmBBpI82a.ots
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\PCm7NjjU.xls
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\R_lbhkZ1yavYWGDhsFqG.xlsx
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\SzcJFrYzvHl6BFxsbw.ppt
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\TLlw4XqSn6U.csv
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\dExv9t.ppt
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\ltvl.ods
C:\Users\Nd9E1FYi\Documents\DOf7VfTI\yG-yleMGeVji.ppt
C:\Users\Nd9E1FYi\Documents\G0vmbbkGD6P9.xlsx
C:\Users\Nd9E1FYi\Documents\HA HHLlLMeCmbuf-.docx
C:\Users\Nd9E1FYi\Documents\HQjl2I yOy.pptx
C:\Users\Nd9E1FYi\Documents\Ho_zvAMTGMvmj.docx
C:\Users\Nd9E1FYi\Documents\L37WhCq1OGg6ud.pptx
C:\Users\Nd9E1FYi\Documents\Nmlhx83.pptx
C:\Users\Nd9E1FYi\Documents\Nz4B6w2.xlsx
C:\Users\Nd9E1FYi\Documents\OnCMby95DlFc_2_I.pptx
C:\Users\Nd9E1FYi\Documents\QCJKbi2cPipNwI23.docx
C:\Users\Nd9E1FYi\Documents\QVxOzyo0pHO29-gXhsy.docx
C:\Users\Nd9E1FYi\Documents\R-wiL.pptx
C:\Users\Nd9E1FYi\Documents\SeLvlXTemmRD7gYVvg6i.xlsx
C:\Users\Nd9E1FYi\Documents\T 4N8qriBzgegc5.xlsx
C:\Users\Nd9E1FYi\Documents\Uk0sJ.docx
C:\Users\Nd9E1FYi\Documents\VKSJls.docx
C:\Users\Nd9E1FYi\Documents\WAYDxDqrrp Y1nQ.pptx
C:\Users\Nd9E1FYi\Documents\YHLhpIUXB4rzQ2.pptx
C:\Users\Nd9E1FYi\Documents\YnOrc2.xlsx
C:\Users\Nd9E1FYi\Documents\Yymn3DHhdp9l9p_HSDi.xlsx
C:\Users\Nd9E1FYi\Documents\_ x3k.docx
C:\Users\Nd9E1FYi\Documents\bZXsuUKNhTP85.xlsx
C:\Users\Nd9E1FYi\Documents\b_a6byeFmsnSwd7mhW.pptx
C:\Users\Nd9E1FYi\Documents\cMnk.xlsx
C:\Users\Nd9E1FYi\Documents\dXriUQIGenCA.pptx
C:\Users\Nd9E1FYi\Documents\eOzf8j1rX4t50vFb.xlsx
C:\Users\Nd9E1FYi\Documents\f3cTjqTr5_VM622WOZy.csv
C:\Users\Nd9E1FYi\Documents\fAKIQj25LX4b9mGL4.docx
C:\Users\Nd9E1FYi\Documents\fSJqnfQApAT1m.xlsx
C:\Users\Nd9E1FYi\Documents\iC0N5c
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\52GbFWjE3sGmIUb.doc
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\CSSdFafr3ZY.xls
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\NnX9ot4LnA_pxM5jUm.doc
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\WPId5p9z2Qyqmp8JW.docx
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\4oikLU7RXv.ppt
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\64ipM7v6AGzNXbjp.ods
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\C4_5B0ZqPhJ.pps
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\DTcnb1QbK-u2xo0 NZT.xls
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\GJoxfWjKYB
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\GJoxfWjKYB\57--VwtKZtnRI6Aj78G.odt
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\GJoxfWjKYB\s0NXKg3-MpTY6757P.rtf
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\dj_O6V\RHCX7gtj94ZO8.pdf
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\51ex1Cps W-Ov.odt
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\CoH-.doc
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2\Gvbp2F1Z
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2\Gvbp2F1Z\Bh-0Ij9qN2tG.pps
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2\HGbKZHVmRYxjo.docx
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2\K7mSnqc.ots
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\O2b2\LDE6Prwj3JPEdY.pdf
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\SRArrM38BlJ7EnkLR.docx
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\XwXkaTdaqQQ53bf.odp
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\hgeVua92YF5mKEg7t.odp
C:\Users\Nd9E1FYi\Documents\iC0N5c\-uU8tLu2m\gig4JKDGL-KXvrilMl\l5bIsPTWskE2.odp
C:\Users\Nd9E1FYi\Documents\iC0N5c\0LUdbofukF-dh8.pps
C:\Users\Nd9E1FYi\Documents\iC0N5c\QOkZOudmw.odt
C:\Users\Nd9E1FYi\Documents\iCUX ePnQLmJ.docx
C:\Users\Nd9E1FYi\Documents\iDXGrvk0.pptx
C:\Users\Nd9E1FYi\Documents\kY5SbRAnnUAH6nzH.xlsx
C:\Users\Nd9E1FYi\Documents\keNBo.docx
C:\Users\Nd9E1FYi\Documents\ldxlS.xlsx
C:\Users\Nd9E1FYi\Documents\mBrubXaDVY1W_ Ds.xlsx
C:\Users\Nd9E1FYi\Documents\nF8gnmluBi8s.docx
C:\Users\Nd9E1FYi\Documents\nMg3T-eQmL2khEOakvvU.docx
C:\Users\Nd9E1FYi\Documents\ouAbQL7JMr.pptx
C:\Users\Nd9E1FYi\Documents\pTEj.pptx
C:\Users\Nd9E1FYi\Documents\pdXnNqg0.docx
C:\Users\Nd9E1FYi\Documents\q-YVOZGhpgiG.xlsx
C:\Users\Nd9E1FYi\Documents\qcF1L 9V d7 uq.xlsx
C:\Users\Nd9E1FYi\Documents\t4V6HEsu9Njk.docx
C:\Users\Nd9E1FYi\Documents\tobx.pptx
C:\Users\Nd9E1FYi\Documents\trm9zNQPQ_10Z1n.docx
C:\Users\Nd9E1FYi\Documents\uYG_ Rrn.xlsx
C:\Users\Nd9E1FYi\Documents\vJw9VUCMia4x.docx
C:\Users\Nd9E1FYi\Documents\wK6Hs.pptx
C:\Users\Nd9E1FYi\Documents\wLm13dW8C2arWZe5U.pptx
C:\Users\Nd9E1FYi\Documents\wqBnAn.xlsx
C:\Users\Nd9E1FYi\Documents\wv y.pptx
C:\Users\Nd9E1FYi\Music\GammB8y2Rio.m4a
C:\Users\Nd9E1FYi\Music\SRXblNIVrbl.m4a
C:\Users\Nd9E1FYi\Music\hMy5QwJ6ZUQrZ_B9.wav
C:\Users\Nd9E1FYi\Music\jo6Mc-Mj6HCYm NHj9F.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\35C1jvlv2qVIOJBs.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\N8rU3YVHNc.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\UPAWVb45BwAo79H
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\UPAWVb45BwAo79H\VsNBqOiH8h9.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\UPAWVb45BwAo79H\aSQ23ZN.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\UPAWVb45BwAo79H\ghEUBQHoUpw-W.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\bsEqNMoED
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\bsEqNMoED\E0syrSY V5MwiE4gs.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\bsEqNMoED\EH37BSjGWjs.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\bsEqNMoED\H_7K6_iNMOYUNzrkB_.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\l0p8DreYPtfgIJGQ5UdC.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\v8KxKu3n1bm.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\I7WAN PsoUujWX.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\JvCIn1YyemcmTs9Zbs.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\RjR_UJ.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\7_EQ.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\GNAhJ.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\VFrgnJ0.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\bJGEg_8 EU1uUGTdBGZK.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\F9bKGUDrST.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\Ircvu8t2.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\VZW3dtqCd2yskTrXdw.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\dYjzYAj Tc.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\gzESezpCWe6Y_6.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\iz2u7NXXzysQ.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\4WMu\lcXJq7nLsKj-BPCe9.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\Fho_BcbGyCss4H0B7
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\Fho_BcbGyCss4H0B7\44qK gk98.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\Fho_BcbGyCss4H0B7\qf5PDDH-SpDAEq.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\Fho_BcbGyCss4H0B7\tCrcK9x.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\QK9AsbdG2Gbt.m4a
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\gDWDiR_wmPXRHDPu-\bCet0.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\wEYSwHMiE
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\wEYSwHMiE\IiUpmphzIMBWBkO6-WC.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\wEYSwHMiE\YLuj.wav
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\wEYSwHMiE\Z0x1P.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\kjSy E5yOs8M5QGKqaS\wEYSwHMiE\dSxlHwmk.mp3
C:\Users\Nd9E1FYi\Music\vpAA6DYURUStF7M\y7tbsvxR\n9A7gfhtOZJvh.m4a
C:\Users\Nd9E1FYi\Music\xEQ4kJK.mp3
C:\Users\Nd9E1FYi\Music\yS3fBF4l1HvT-Z.wav
C:\Users\Nd9E1FYi\Pictures\8UugAGAK
C:\Users\Nd9E1FYi\Pictures\8UugAGAK\S wu3VHBGy0ew7E.png
C:\Users\Nd9E1FYi\Pictures\8UugAGAK\z96jI.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT
C:\Users\Nd9E1FYi\Pictures\AyK61eT\1dsHN5pHf6r.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT\H4U2aXb7VW.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT\MZFVO 2QgQYonX_XLu-p.png
C:\Users\Nd9E1FYi\Pictures\AyK61eT\hQ99tQN25aB_f.bmp
C:\Users\Nd9E1FYi\Pictures\AyK61eT\hVanMi0NQ.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\WK iR--MoU awi8Zd.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\_ToDyKR1y2jhd3en8EsJ.jpg
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\lKCvenDAoH0sP
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\lKCvenDAoH0sP\ETaX9qifh.png
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\lKCvenDAoH0sP\b7oSUTdu_C33Y-I8S.png
C:\Users\Nd9E1FYi\Pictures\AyK61eT\pR01oQ6Ki\mXJWxc1QZ.gif
C:\Users\Nd9E1FYi\Pictures\GI_kUZHMVh8yxP.bmp
C:\Users\Nd9E1FYi\Pictures\M4nVBE-Vz4RDqfZy2d.png
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\4Ct52F-s6ZgG_AS.bmp
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\HK7T0Eut
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\HK7T0Eut\C2DRP2.bmp
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\HK7T0Eut\HerWjWo718ql0IQ.png
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\HK7T0Eut\T1TyFj66zOJX-4FX.png
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\HK7T0Eut\XW0S3HKw9W0t9lFWA.bmp
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\K5fRIX6g.png
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\l5NS
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\l5NS\6urcnyX5HI4L0HUcHmHT.png
C:\Users\Nd9E1FYi\Pictures\jU5z fVA49ka_\w9pwVPA.png
C:\Users\Nd9E1FYi\Pictures\pX1xJDiG Qq4B1.png
C:\Users\Nd9E1FYi\Pictures\twXRj
C:\Users\Nd9E1FYi\Pictures\twXRj\8kIEOQDZEhDam3.jpg
C:\Users\Nd9E1FYi\Pictures\twXRj\RmGLrb4Spk4ZUSXkWG-p.gif
C:\Users\Nd9E1FYi\Videos\0Xx-K0tiuUW5.flv
C:\Users\Nd9E1FYi\Videos\8Ac9bO5mLLuI.mkv
C:\Users\Nd9E1FYi\Videos\8Oxq58skshp2h85KY8J.mp4
C:\Users\Nd9E1FYi\Videos\BbIUR5.mp4
C:\Users\Nd9E1FYi\Videos\J2vZI2QeIQIx4wUQ.swf
C:\Users\Nd9E1FYi\Videos\Lf9z.avi
C:\Users\Nd9E1FYi\Videos\Rrq77pjy-VZ5Igs2k.swf
C:\Users\Nd9E1FYi\Videos\Sq5EjbS5IAvhC8lNz.flv
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\-iGxdS.avi
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\InlQozq V4r7.swf
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\gMp5p-.avi
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\8CvtPTVyNj7MS.mp4
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\93GYqNA11n5yF 9.avi
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\9w4a6pXJVp_DTFHRcD.mkv
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\HZXr.mkv
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\LK9iadFkgrysgA.swf
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\i63ilZuPwl9dAeiO\PmYXy.mkv
C:\Users\Nd9E1FYi\Videos\VE-GuUMrc68R\ksKehALrs6V_0.swf
C:\Users\Nd9E1FYi\Videos\fiQtXSblVS.mp4
C:\Users\Nd9E1FYi\Videos\gfcLT
C:\Users\Nd9E1FYi\Videos\gfcLT\-61fQcV5UqK9G3qXgAOd.avi
C:\Users\Nd9E1FYi\Videos\gfcLT\9r3hLNT-uCptG.flv
C:\Users\Nd9E1FYi\Videos\gfcLT\AQVziXEQeACo Us -.mp4
C:\Users\Nd9E1FYi\Videos\gfcLT\HoEOxQ.flv
C:\Users\Nd9E1FYi\Videos\gfcLT\XP2ilDyLe.avi
C:\Users\Nd9E1FYi\Videos\gfcLT\Y3aynrARNB.mkv
C:\Users\Nd9E1FYi\Videos\gfcLT\eLOM3xCLn 7x.avi
C:\Users\Nd9E1FYi\Videos\gfcLT\lwvQIfhiGvW0.flv
C:\Users\Nd9E1FYi\Videos\gfcLT\rS0 cL1qeEUgy.avi
C:\Users\Nd9E1FYi\Videos\jjueyrhEJJC.avi
C:\Users\Nd9E1FYi\Videos\m1LqWhAeqENxwg.mp4
C:\Users\Nd9E1FYi\Videos\mrFB6QDwgM mzyH2i.mkv
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image