e89b26fb...bbf4 | Files
Logo
Try VMRay Analyzer
VTI SCORE: 100/100
Dynamic Analysis Report
Classification:
Dropper
Backdoor
Spyware
Threat Names:
Quasar
Gen:Heur.Ransom.Imps.3

CardGame.exe

Windows Exe (x86-32)

Created at 2020-09-27T08:48:00

...

Remarks (1/1)

(0x02000004): The operating system was rebooted during the analysis because the sample installed a startup script, task or application for persistence.

Filters:
Filename Category Type Severity Actions
C:\Users\FD1HVy\Desktop\CardGame.exe Sample File Binary
Malicious
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 842.00 KB
MD5 b32abd4f682462ce1be61fdcc4e4f003 Copy to Clipboard
SHA1 3d5c3fe9c8d20c7bec3e7007aaa4a5b2feaa7fff Copy to Clipboard
SHA256 e89b26fb7050742286f6afb1fb9fda588fa16028574d6308214e5732c3b8bbf4 Copy to Clipboard
SSDeep 24576:gFyfHULYe1ZT5bMtvpRePf22AqbkvUb9:wym1p9Mtvp0AgkvW Copy to Clipboard
ImpHash f34d5f2d4577ed6d9ceec516c1f5a744 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x4d3d9e
Size Of Code 0xd1e00
Size Of Initialized Data 0x800
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-09-26 16:58:27+00:00
Version Information (11)
»
Assembly Version 3.5.0.0
Comments -
CompanyName Tencent
FileDescription Gamebuddy
FileVersion 3.1.0.0
InternalName CardGame.exe
LegalCopyright Copyright © Microsoft 2019
LegalTrademarks -
OriginalFilename CardGame.exe
ProductName Gamebuddy
ProductVersion 3.1.0.0
Sections (3)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x402000 0xd1da4 0xd1e00 0x200 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 8.0
.rsrc 0x4d4000 0x590 0x600 0xd2000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 3.99
.reloc 0x4d6000 0xc 0x200 0xd2600 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 0.1
Imports (1)
»
mscoree.dll (1)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
_CorExeMain 0x0 0x402000 0xd3d6c 0xd1f6c 0x0
Memory Dumps (2)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
cardgame.exe 1 0x001E0000 0x002B7FFF Relevant Image True 32-bit - False False
...
cardgame.exe 1 0x001E0000 0x002B7FFF Process Termination True 32-bit - False False
...
C:\Users\FD1HVy\AppData\Local\Temp\gpustats.bx Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 48 Bytes
MD5 b973398d24c8b6dff441219d0ad6b9bc Copy to Clipboard
SHA1 9894c4f5768b95947fd626b13c908440a3749230 Copy to Clipboard
SHA256 a4fe5b3857587f0a1f7b9ece71fdf964c57a9005f0a75b6de7f3ef04bc1a28a3 Copy to Clipboard
SSDeep 3:mVSJNO/QCYXRJuLiJn:mEwQzXRJuGn Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Roaming\Microsoft\_CL_02f3a8c9sy Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 56 Bytes
MD5 789bb1c9b05fbef136c520ca42240a48 Copy to Clipboard
SHA1 2bac9abba1e861a7506e44ccfb5c4bd7fd6530b7 Copy to Clipboard
SHA256 9fdea586a11ba94e3f423743653a4e3a7b1fae2fad040eb3ec4e55b6e8be93b6 Copy to Clipboard
SSDeep 3:r0UJ8Qxv0IecAN7uQTZz0p:wUJDvd2uaap Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Roaming\Microsoft\ctfmom.exe Dropped File Binary
Unknown
...
»
Mime Type application/vnd.microsoft.portable-executable
File Size 238.00 KB
MD5 21f6685dd6b90f73bf9586acbc41f408 Copy to Clipboard
SHA1 33fcfb9cb7c7e698c1c7da27174ded1e00cfdf0a Copy to Clipboard
SHA256 6b50dffc03fa2eb27a7cfb43c0e9fc31c95411e2193a564eb6b6578e28155839 Copy to Clipboard
SSDeep 6144:omalc+otpWqr4JqAkfyaSZuIGaAOwXuq5:oNc+otp5FiuIGaKf5 Copy to Clipboard
ImpHash d48076f4fb0c05cb055b77fb24f0a143 Copy to Clipboard
PE Information
»
Image Base 0x400000
Entry Point 0x40dc87
Size Of Code 0x28400
Size Of Initialized Data 0x13e00
File Type FileType.executable
Subsystem Subsystem.windows_gui
Machine Type MachineType.i386
Compile Timestamp 2020-09-26 12:52:07+00:00
Sections (5)
»
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x282d4 0x28400 0x400 IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ 6.65
.rdata 0x42a000 0xf384 0xf400 0x28800 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 5.38
.data 0x43a000 0x1f78 0x1200 0x37c00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE 3.22
.rsrc 0x43c000 0x1e0 0x200 0x38e00 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ 4.72
.reloc 0x43d000 0x2618 0x2800 0x39000 IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ 6.45
Imports (3)
»
KERNEL32.dll (89)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
GetModuleHandleW 0x0 0x42a018 0x38a98 0x37298 0x278
GlobalUnlock 0x0 0x42a01c 0x38a9c 0x3729c 0x33f
WriteConsoleW 0x0 0x42a020 0x38aa0 0x372a0 0x611
HeapSize 0x0 0x42a024 0x38aa4 0x372a4 0x34e
GlobalLock 0x0 0x42a028 0x38aa8 0x372a8 0x338
GetProcessHeap 0x0 0x42a02c 0x38aac 0x372ac 0x2b4
SetEnvironmentVariableW 0x0 0x42a030 0x38ab0 0x372b0 0x514
FreeEnvironmentStringsW 0x0 0x42a034 0x38ab4 0x372b4 0x1aa
GetEnvironmentStringsW 0x0 0x42a038 0x38ab8 0x372b8 0x237
GetCommandLineW 0x0 0x42a03c 0x38abc 0x372bc 0x1d7
GlobalAlloc 0x0 0x42a040 0x38ac0 0x372c0 0x32d
CopyFileA 0x0 0x42a044 0x38ac4 0x372c4 0xa8
Sleep 0x0 0x42a048 0x38ac8 0x372c8 0x57d
MultiByteToWideChar 0x0 0x42a04c 0x38acc 0x372cc 0x3ef
GetModuleFileNameA 0x0 0x42a050 0x38ad0 0x372d0 0x273
GetLastError 0x0 0x42a054 0x38ad4 0x372d4 0x261
WideCharToMultiByte 0x0 0x42a058 0x38ad8 0x372d8 0x5fe
EnterCriticalSection 0x0 0x42a05c 0x38adc 0x372dc 0x131
LeaveCriticalSection 0x0 0x42a060 0x38ae0 0x372e0 0x3bd
DeleteCriticalSection 0x0 0x42a064 0x38ae4 0x372e4 0x110
SetLastError 0x0 0x42a068 0x38ae8 0x372e8 0x532
InitializeCriticalSectionAndSpinCount 0x0 0x42a06c 0x38aec 0x372ec 0x35f
SwitchToThread 0x0 0x42a070 0x38af0 0x372f0 0x587
TlsAlloc 0x0 0x42a074 0x38af4 0x372f4 0x59e
TlsGetValue 0x0 0x42a078 0x38af8 0x372f8 0x5a0
TlsSetValue 0x0 0x42a07c 0x38afc 0x372fc 0x5a1
TlsFree 0x0 0x42a080 0x38b00 0x37300 0x59f
GetSystemTimeAsFileTime 0x0 0x42a084 0x38b04 0x37304 0x2e9
GetProcAddress 0x0 0x42a088 0x38b08 0x37308 0x2ae
EncodePointer 0x0 0x42a08c 0x38b0c 0x3730c 0x12d
DecodePointer 0x0 0x42a090 0x38b10 0x37310 0x109
GetCPInfo 0x0 0x42a094 0x38b14 0x37314 0x1c1
CompareStringW 0x0 0x42a098 0x38b18 0x37318 0x9b
LCMapStringW 0x0 0x42a09c 0x38b1c 0x3731c 0x3b1
GetLocaleInfoW 0x0 0x42a0a0 0x38b20 0x37320 0x265
GetStringTypeW 0x0 0x42a0a4 0x38b24 0x37324 0x2d7
UnhandledExceptionFilter 0x0 0x42a0a8 0x38b28 0x37328 0x5ad
SetUnhandledExceptionFilter 0x0 0x42a0ac 0x38b2c 0x3732c 0x56d
GetCurrentProcess 0x0 0x42a0b0 0x38b30 0x37330 0x217
TerminateProcess 0x0 0x42a0b4 0x38b34 0x37334 0x58c
IsProcessorFeaturePresent 0x0 0x42a0b8 0x38b38 0x37338 0x386
IsDebuggerPresent 0x0 0x42a0bc 0x38b3c 0x3733c 0x37f
GetStartupInfoW 0x0 0x42a0c0 0x38b40 0x37340 0x2d0
QueryPerformanceCounter 0x0 0x42a0c4 0x38b44 0x37344 0x44d
GetCurrentProcessId 0x0 0x42a0c8 0x38b48 0x37348 0x218
GetCurrentThreadId 0x0 0x42a0cc 0x38b4c 0x3734c 0x21c
InitializeSListHead 0x0 0x42a0d0 0x38b50 0x37350 0x363
RtlUnwind 0x0 0x42a0d4 0x38b54 0x37354 0x4d3
RaiseException 0x0 0x42a0d8 0x38b58 0x37358 0x462
FreeLibrary 0x0 0x42a0dc 0x38b5c 0x3735c 0x1ab
LoadLibraryExW 0x0 0x42a0e0 0x38b60 0x37360 0x3c3
ExitProcess 0x0 0x42a0e4 0x38b64 0x37364 0x15e
GetModuleHandleExW 0x0 0x42a0e8 0x38b68 0x37368 0x277
CreateFileW 0x0 0x42a0ec 0x38b6c 0x3736c 0xcb
GetDriveTypeW 0x0 0x42a0f0 0x38b70 0x37370 0x22f
GetFileInformationByHandle 0x0 0x42a0f4 0x38b74 0x37374 0x247
GetFileType 0x0 0x42a0f8 0x38b78 0x37378 0x24e
CloseHandle 0x0 0x42a0fc 0x38b7c 0x3737c 0x86
PeekNamedPipe 0x0 0x42a100 0x38b80 0x37380 0x422
SystemTimeToTzSpecificLocalTime 0x0 0x42a104 0x38b84 0x37384 0x589
FileTimeToSystemTime 0x0 0x42a108 0x38b88 0x37388 0x16a
GetModuleFileNameW 0x0 0x42a10c 0x38b8c 0x3738c 0x274
GetStdHandle 0x0 0x42a110 0x38b90 0x37390 0x2d2
WriteFile 0x0 0x42a114 0x38b94 0x37394 0x612
GetFileSizeEx 0x0 0x42a118 0x38b98 0x37398 0x24c
SetFilePointerEx 0x0 0x42a11c 0x38b9c 0x3739c 0x523
HeapAlloc 0x0 0x42a120 0x38ba0 0x373a0 0x345
FlushFileBuffers 0x0 0x42a124 0x38ba4 0x373a4 0x19f
GetConsoleCP 0x0 0x42a128 0x38ba8 0x373a8 0x1ea
GetConsoleMode 0x0 0x42a12c 0x38bac 0x373ac 0x1fc
HeapFree 0x0 0x42a130 0x38bb0 0x373b0 0x349
HeapReAlloc 0x0 0x42a134 0x38bb4 0x373b4 0x34c
GetCurrentDirectoryW 0x0 0x42a138 0x38bb8 0x373b8 0x211
GetFullPathNameW 0x0 0x42a13c 0x38bbc 0x373bc 0x259
IsValidLocale 0x0 0x42a140 0x38bc0 0x373c0 0x38d
GetUserDefaultLCID 0x0 0x42a144 0x38bc4 0x373c4 0x312
EnumSystemLocalesW 0x0 0x42a148 0x38bc8 0x373c8 0x154
SetStdHandle 0x0 0x42a14c 0x38bcc 0x373cc 0x54a
ReadFile 0x0 0x42a150 0x38bd0 0x373d0 0x473
ReadConsoleW 0x0 0x42a154 0x38bd4 0x373d4 0x470
GetTimeZoneInformation 0x0 0x42a158 0x38bd8 0x373d8 0x30e
FindClose 0x0 0x42a15c 0x38bdc 0x373dc 0x175
FindFirstFileExW 0x0 0x42a160 0x38be0 0x373e0 0x17b
FindNextFileW 0x0 0x42a164 0x38be4 0x373e4 0x18c
IsValidCodePage 0x0 0x42a168 0x38be8 0x373e8 0x38b
GetACP 0x0 0x42a16c 0x38bec 0x373ec 0x1b2
GetOEMCP 0x0 0x42a170 0x38bf0 0x373f0 0x297
GetCommandLineA 0x0 0x42a174 0x38bf4 0x373f4 0x1d6
SetEndOfFile 0x0 0x42a178 0x38bf8 0x373f8 0x510
USER32.dll (6)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
EmptyClipboard 0x0 0x42a180 0x38c00 0x37400 0xe8
GetClipboardData 0x0 0x42a184 0x38c04 0x37404 0x134
SetClipboardData 0x0 0x42a188 0x38c08 0x37408 0x31b
IsClipboardFormatAvailable 0x0 0x42a18c 0x38c0c 0x3740c 0x228
CloseClipboard 0x0 0x42a190 0x38c10 0x37410 0x4f
OpenClipboard 0x0 0x42a194 0x38c14 0x37414 0x297
ADVAPI32.dll (5)
»
API Name Ordinal IAT Address Thunk RVA Thunk Offset Hint
RegOpenKeyA 0x0 0x42a000 0x38a80 0x37280 0x28a
RegQueryValueExA 0x0 0x42a004 0x38a84 0x37284 0x298
RegSetValueExA 0x0 0x42a008 0x38a88 0x37288 0x2a8
RegOpenKeyExA 0x0 0x42a00c 0x38a8c 0x3728c 0x28b
RegCloseKey 0x0 0x42a010 0x38a90 0x37290 0x25b
Memory Dumps (3)
»
Name Process ID Start VA End VA Dump Reason PE Rebuild Bitness Entry Point AV YARA Actions
ctfmom.exe 13 0x00CB0000 0x00CEFFFF Relevant Image True 32-bit 0x00CC07EA False False
...
ctfmom.exe 13 0x00CB0000 0x00CEFFFF Process Termination True 32-bit - False False
...
ctfmom.exe 13 0x00CB0000 0x00CEFFFF Final Dump True 32-bit - False False
...
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Desktop.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.00 KB
MD5 f42cb7730e7f696df05c61ce0b2b8759 Copy to Clipboard
SHA1 81e6ae87d8d976fe248c14d5042525106e3312df Copy to Clipboard
SHA256 bcf15c058dcce909a6901d20825674bc7b6c7c62dece529aa547b2a4d2891315 Copy to Clipboard
SSDeep 24:rm0NRuPNoLQV4FP9ciTixIvacn2cE1sbya4Lf07Ok:rLsPNoLQViFbMIva2Eib7Ok Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Documents.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.28 KB
MD5 794a347bc2ccd2c5887922730d53ce53 Copy to Clipboard
SHA1 40ead3f21bff3316ac4641c8db1cd80d8675bc9f Copy to Clipboard
SHA256 db72257bb6332cf1fd0ecd317b126dd6c9c9424292eb093d5971fa854afad41e Copy to Clipboard
SSDeep 24:N/6EgOks08S/5jqzD4D/MDIlkVIOGJX8sAuWdZevw7tfHCacd2/Q3xqUS2SAcW/R:YEgOkQDqy2ZJXhAuWdZevUEd2/Qhqh2N Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Pictures.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 718 Bytes
MD5 aa7fedae43f31f37e274c02642aa77ea Copy to Clipboard
SHA1 802d1a9c8501c1cdb26ba12343217a697594871c Copy to Clipboard
SHA256 c6c88314a2b4793a202fb282d32d3599abc0c53b2c2430a69a4d34bb966d9c50 Copy to Clipboard
SSDeep 12:qyLKdi9uwZSgKiZ5OoGhLKdpgKIpcwLK4msXZQwsrtgD17StGhBVQrYC55lFo:idfwAgH5dCzpcnrIZMODAtEQ3k Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Videos.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 893 Bytes
MD5 795ddcd970f75a045e803625949e53a8 Copy to Clipboard
SHA1 e0639626ebf39b5260359541aace9fed99b26336 Copy to Clipboard
SHA256 f24b25ea9eff3e7830f99c5add067b72c4e22267a100d92562346b9a1913cf85 Copy to Clipboard
SSDeep 24:kUK5izo24hSXsFjEMM7j9A9T6t8iiGroA:nK5izP4hZjELj9A9xMoA Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Startup.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 24 Bytes
MD5 68c93da4981d591704cea7b71cebfb97 Copy to Clipboard
SHA1 fd0f8d97463cd33892cc828b4ad04e03fc014fa6 Copy to Clipboard
SHA256 889ed51f9c16a4b989bda57957d3e132b1a9c117ee84e208207f2fa208a59483 Copy to Clipboard
SSDeep 3:jgBLKB:j4LKB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Downloads.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 26 Bytes
MD5 df43f7da877de3ab3774aa024d5b929c Copy to Clipboard
SHA1 e39dfffb4c9b627b68ff92f9f0ba026551b1e662 Copy to Clipboard
SHA256 582a0a96d76d3688fff52d48079910cba2b4fb53af678aa3bbfd872dd6c7466b Copy to Clipboard
SSDeep 3:jLtgrLKB:3tSLKB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\OneDrive.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 25 Bytes
MD5 966247eb3ee749e21597d73c4176bd52 Copy to Clipboard
SHA1 1e9e63c2872cef8f015d4b888eb9f81b00a35c79 Copy to Clipboard
SHA256 8ddfc481b1b6ae30815ecce8a73755862f24b3bb7fdebdbf099e037d53eb082e Copy to Clipboard
SSDeep 3:1hiR8LKB:14R8LKB Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Dirs\Temp.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 1.22 KB
MD5 8823e34369b0b3b561c09c21934839c2 Copy to Clipboard
SHA1 7a00ec71393c40f87f6335a352cfd321ea8553dc Copy to Clipboard
SHA256 b1c02711caf8b093df250b9b242b6baa12ed4ad741d947f032b27064c8da54b8 Copy to Clipboard
SSDeep 24:8PfGxSK26b2WiYGcsYJdDqZeaYsTzW1nAtxwXG2MFjX2sgxfZhG/:OekK2Q1B7sYJx+unYoG2MFray Copy to Clipboard
ImpHash -
c:\users\fd1hvy\appdata\local\temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\screen.jpeg Dropped File Image
Unknown
...
»
Mime Type image/jpeg
File Size 100.31 KB
MD5 be85992ac6b5b1a2acd0241e8e61c871 Copy to Clipboard
SHA1 d530c27fc7524c8d30f0bb9091fd796eed81bcf2 Copy to Clipboard
SHA256 f067ba5da694a6ba7df011a8bf6682997ba797f286e5ea168f3ba60cea5f1456 Copy to Clipboard
SSDeep 1536:bZQ5hcAWhZOZKD0Fk1y+swbPVINOwShaVMPoJyQAOzlyQnI7MBHT+NcY5tgr2dET:6/C+oZhbOgQJyQZlyQneNcY5OaGuk Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\tempDataBase2020-09-27T10_51_13.8143122+02_0088 Dropped File Stream
Unknown
...
»
Also Known As C:\Users\FD1HVy\AppData\Roaming\Mozilla\Firefox\Profiles\w7cr0hor.default\key3.db (Dropped File)
Mime Type application/octet-stream
File Size 16.00 KB
MD5 a83139a45da20d73ad7042914723ebd9 Copy to Clipboard
SHA1 df5aae1505079877373f2c9270f26e307df47577 Copy to Clipboard
SHA256 09f3b9123334947128656097e64017e2fa3de9169c36295f0ea2f090ae17f182 Copy to Clipboard
SSDeep 3:Lt/hV/plfltt/lE9lllnldlHGltdl/l8/V0V6IynnbbgqgRzf0uvslcSubRMwy49:5X9cvVmXy/VnIBRpNSoy4GVMH0cLD Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Cookies.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 79 Bytes
MD5 4a0a55adea0b2cc53da1899c2742dcf6 Copy to Clipboard
SHA1 f26c233ddefbe77908113e2050d2e1738ce576a4 Copy to Clipboard
SHA256 85dc7cc9dcfeece6bbf4114a71a1a4dc9da658fcca0b601e806bbcb46a9c6102 Copy to Clipboard
SSDeep 3:vGWJ3uGF3AEmtVNof4iCLHK0FZ7I:F+Gh+f6QrLHK8Z7I Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\Others.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 65 Bytes
MD5 453ed00e745d62ada101e31fafda1368 Copy to Clipboard
SHA1 c29b4a26c28db4f8558d5ccefc8062ed7bbd897b Copy to Clipboard
SHA256 55976554a387450f259de4e17b2be647bc875010180a7dc58fa482f0463efbeb Copy to Clipboard
SSDeep 3:zROfVnQCzOw1RePtWmeJGn/vf:zROBiPFHeJG/H Copy to Clipboard
ImpHash -
C:\Users\FD1HVy\AppData\Local\Temp\3574ab5307973278a085288fd98393ab\a374bfdbdd1bc28c24c1762625e80fd0\processes.txt Dropped File Text
Unknown
...
»
Mime Type text/plain
File Size 78 Bytes
MD5 b8ff7520540be784f6bf33e7dcb43e5a Copy to Clipboard
SHA1 47b195ee01b509e5650595678a657c17b4188455 Copy to Clipboard
SHA256 f975660c5fbd18e8001c05935981ef67362cbf4efdf74181afa2769462bf9e5d Copy to Clipboard
SSDeep 3:/5DiIA/FF0qKL0FFhMKLffAn:/xiIA//jQ0/hMQwn Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Exit-Icon
WHOIS Domain Information
Domain Name
WHOIS Response 

       		
      

     

    

   

  

  

  

  

   

    
    

     Function Logfile
    

    

     

      Download-Icon
     

    

    

     Exit-Icon
    

   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image