Bad Rabbit Ransomware | Files
Try VMRay Analyzer
File Information
Sample files count 1
Created files count 7
Modified files count 31
Remarks The file extraction total size limit was reached during the analysis. Some files may be missing in the reports. You can increase the limit in the configuration.
c:\users\5p5nrgjn0js halpmcxz\desktop\ifzkkpwij.exe
-
File Properties
Names c:\users\5p5nrgjn0js halpmcxz\desktop\ifzkkpwij.exe (Sample File)
Size 431.54 KB (441899 bytes)
Hash Values MD5: fbbdc39af1139aebba4da004475e8839
SHA1: de5c8d858e6e41da715dca1c019df0bfb92d32c0
SHA256: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x4012c0
Size Of Code 0x3000
Size Of Initialized Data 0xaa00
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-10-22 04:33:58
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2ed3 0x3000 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.58
.rdata 0x404000 0x302a 0x3200 0x3400 CNT_INITIALIZED_DATA, MEM_READ 7.18
.data 0x408000 0x33c 0x200 0x6600 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 0.18
.rsrc 0x409000 0x7088 0x7200 0x6800 CNT_INITIALIZED_DATA, MEM_READ 4.2
.reloc 0x411000 0x24e 0x400 0xda00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 3.29
Imports (25)
+
KERNEL32.dll (19)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ExitProcess 0x0 0x404000 0x6df0 0x61f0
GetCommandLineW 0x0 0x404004 0x6df4 0x61f4
GetFileSize 0x0 0x404008 0x6df8 0x61f8
CreateProcessW 0x0 0x40400c 0x6dfc 0x61fc
HeapAlloc 0x0 0x404010 0x6e00 0x6200
HeapFree 0x0 0x404014 0x6e04 0x6204
GetModuleHandleW 0x0 0x404018 0x6e08 0x6208
GetProcessHeap 0x0 0x40401c 0x6e0c 0x620c
WriteFile 0x0 0x404020 0x6e10 0x6210
GetSystemDirectoryW 0x0 0x404024 0x6e14 0x6214
ReadFile 0x0 0x404028 0x6e18 0x6218
GetModuleFileNameW 0x0 0x40402c 0x6e1c 0x621c
CreateFileW 0x0 0x404030 0x6e20 0x6220
lstrcatW 0x0 0x404034 0x6e24 0x6224
CloseHandle 0x0 0x404038 0x6e28 0x6228
UnhandledExceptionFilter 0x0 0x40403c 0x6e2c 0x622c
GetCurrentProcess 0x0 0x404040 0x6e30 0x6230
TerminateProcess 0x0 0x404044 0x6e34 0x6234
SetUnhandledExceptionFilter 0x0 0x404048 0x6e38 0x6238
USER32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
wsprintfW 0x0 0x404058 0x6e48 0x6248
SHELL32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CommandLineToArgvW 0x0 0x404050 0x6e40 0x6240
msvcrt.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
wcsstr 0x0 0x404060 0x6e50 0x6250
memcpy 0x0 0x404064 0x6e54 0x6254
free 0x0 0x404068 0x6e58 0x6258
malloc 0x0 0x40406c 0x6e5c 0x625c
Digital Signatures (4)
+
Signature Properties
LegalCopyright Copyright © 1996-2017 Adobe Systems Incorporated
InternalName Adobe® Flash® Player Installer/Uninstaller 27.0
FileVersion 27,0,0,170
CompanyName Adobe Systems Incorporated
LegalTrademarks Adobe® Flash® Player
ProductName Adobe® Flash® Player Installer/Uninstaller
ProductVersion 27,0,0,170
FileDescription Adobe® Flash® Player Installer/Uninstaller 27.0 r0
OriginalFilename FlashUtil.exe
Signature verification True
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
c:\windows\infpub.dat
-
File Properties
Names c:\windows\infpub.dat (Created File)
Size 401.13 KB (410760 bytes)
Hash Values MD5: 1d724f95c61f1055f0d02c2154bbccd3
SHA1: 79116fe99f2b421c52ef64097f0f39b815b20907
SHA256: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x10007938
Size Of Code 0xc000
Size Of Initialized Data 0x54c00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-10-22 04:33:41
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xbfd3 0xc000 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.57
.rdata 0x1000d000 0x5cfb 0x5e00 0xc400 CNT_INITIALIZED_DATA, MEM_READ 6.34
.data 0x10013000 0x5370 0xa00 0x12200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 6.3
.rsrc 0x10019000 0x4d600 0x4d600 0x12c00 CNT_INITIALIZED_DATA, MEM_READ 7.99
.reloc 0x10067000 0xd90 0xe00 0x60200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.77
Imports (199)
+
KERNEL32.dll (89)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InterlockedExchange 0x0 0x1000d0f8 0x11cbc 0x110bc
GetTempFileNameW 0x0 0x1000d0fc 0x11cc0 0x110c0
PeekNamedPipe 0x0 0x1000d100 0x11cc4 0x110c4
CreateProcessW 0x0 0x1000d104 0x11cc8 0x110c8
ConnectNamedPipe 0x0 0x1000d108 0x11ccc 0x110cc
GetModuleHandleW 0x0 0x1000d10c 0x11cd0 0x110d0
CreateNamedPipeW 0x0 0x1000d110 0x11cd4 0x110d4
TerminateThread 0x0 0x1000d114 0x11cd8 0x110d8
DisconnectNamedPipe 0x0 0x1000d118 0x11cdc 0x110dc
DeleteFileW 0x0 0x1000d11c 0x11ce0 0x110e0
GlobalAlloc 0x0 0x1000d120 0x11ce4 0x110e4
GetComputerNameExW 0x0 0x1000d124 0x11ce8 0x110e8
GlobalFree 0x0 0x1000d128 0x11cec 0x110ec
ExitProcess 0x0 0x1000d12c 0x11cf0 0x110f0
GetModuleFileNameW 0x0 0x1000d130 0x11cf4 0x110f4
DisableThreadLibraryCalls 0x0 0x1000d134 0x11cf8 0x110f8
ResumeThread 0x0 0x1000d138 0x11cfc 0x110fc
CreateMutexW 0x0 0x1000d13c 0x11d00 0x11100
FindResourceW 0x0 0x1000d140 0x11d04 0x11104
FindNextFileW 0x0 0x1000d144 0x11d08 0x11108
GetComputerNameW 0x0 0x1000d148 0x11d0c 0x1110c
GetCurrentThread 0x0 0x1000d14c 0x11d10 0x11110
OpenProcess 0x0 0x1000d150 0x11d14 0x11114
SizeofResource 0x0 0x1000d154 0x11d18 0x11118
TerminateProcess 0x0 0x1000d158 0x11d1c 0x1111c
GetLocalTime 0x0 0x1000d15c 0x11d20 0x11120
Process32FirstW 0x0 0x1000d160 0x11d24 0x11124
LockResource 0x0 0x1000d164 0x11d28 0x11128
Process32NextW 0x0 0x1000d168 0x11d2c 0x1112c
CreateToolhelp32Snapshot 0x0 0x1000d16c 0x11d30 0x11130
GetCurrentProcessId 0x0 0x1000d170 0x11d34 0x11134
LoadLibraryA 0x0 0x1000d174 0x11d38 0x11138
VirtualProtect 0x0 0x1000d178 0x11d3c 0x1113c
GetSystemTimeAsFileTime 0x0 0x1000d17c 0x11d40 0x11140
WideCharToMultiByte 0x0 0x1000d180 0x11d44 0x11144
GetExitCodeProcess 0x0 0x1000d184 0x11d48 0x11148
GetModuleHandleA 0x0 0x1000d188 0x11d4c 0x1114c
InitializeCriticalSection 0x0 0x1000d18c 0x11d50 0x11150
HeapReAlloc 0x0 0x1000d190 0x11d54 0x11154
EnterCriticalSection 0x0 0x1000d194 0x11d58 0x11158
SetLastError 0x0 0x1000d198 0x11d5c 0x1115c
LeaveCriticalSection 0x0 0x1000d19c 0x11d60 0x11160
GetTickCount 0x0 0x1000d1a0 0x11d64 0x11164
MultiByteToWideChar 0x0 0x1000d1a4 0x11d68 0x11168
GetSystemInfo 0x0 0x1000d1a8 0x11d6c 0x1116c
CreateEventW 0x0 0x1000d1ac 0x11d70 0x11170
CreateFileMappingW 0x0 0x1000d1b0 0x11d74 0x11174
FindClose 0x0 0x1000d1b4 0x11d78 0x11178
GetFileSizeEx 0x0 0x1000d1b8 0x11d7c 0x1117c
GetEnvironmentVariableW 0x0 0x1000d1bc 0x11d80 0x11180
FlushFileBuffers 0x0 0x1000d1c0 0x11d84 0x11184
FlushViewOfFile 0x0 0x1000d1c4 0x11d88 0x11188
GetLogicalDrives 0x0 0x1000d1c8 0x11d8c 0x1118c
SetEvent 0x0 0x1000d1cc 0x11d90 0x11190
WaitForSingleObject 0x0 0x1000d1d0 0x11d94 0x11194
SetFilePointerEx 0x0 0x1000d1d4 0x11d98 0x11198
SetEndOfFile 0x0 0x1000d1d8 0x11d9c 0x1119c
GetDriveTypeW 0x0 0x1000d1dc 0x11da0 0x111a0
UnmapViewOfFile 0x0 0x1000d1e0 0x11da4 0x111a4
MapViewOfFile 0x0 0x1000d1e4 0x11da8 0x111a8
FindFirstFileW 0x0 0x1000d1e8 0x11dac 0x111ac
LocalFree 0x0 0x1000d1ec 0x11db0 0x111b0
LocalAlloc 0x0 0x1000d1f0 0x11db4 0x111b4
GetTimeZoneInformation 0x0 0x1000d1f4 0x11db8 0x111b8
GetSystemDefaultLCID 0x0 0x1000d1f8 0x11dbc 0x111bc
HeapAlloc 0x0 0x1000d1fc 0x11dc0 0x111c0
VirtualAlloc 0x0 0x1000d200 0x11dc4 0x111c4
GetProcAddress 0x0 0x1000d204 0x11dc8 0x111c8
ReadFile 0x0 0x1000d208 0x11dcc 0x111cc
GetVersionExW 0x0 0x1000d20c 0x11dd0 0x111d0
LoadLibraryW 0x0 0x1000d210 0x11dd4 0x111d4
WriteFile 0x0 0x1000d214 0x11dd8 0x111d8
VirtualFree 0x0 0x1000d218 0x11ddc 0x111dc
GetCurrentProcess 0x0 0x1000d21c 0x11de0 0x111e0
FreeLibrary 0x0 0x1000d220 0x11de4 0x111e4
GetFileSize 0x0 0x1000d224 0x11de8 0x111e8
CloseHandle 0x0 0x1000d228 0x11dec 0x111ec
CreateFileW 0x0 0x1000d22c 0x11df0 0x111f0
GetVersion 0x0 0x1000d230 0x11df4 0x111f4
GetLastError 0x0 0x1000d234 0x11df8 0x111f8
ExpandEnvironmentStringsW 0x0 0x1000d238 0x11dfc 0x111fc
lstrcatW 0x0 0x1000d23c 0x11e00 0x11200
WaitForMultipleObjects 0x0 0x1000d240 0x11e04 0x11204
CreateThread 0x0 0x1000d244 0x11e08 0x11208
Sleep 0x0 0x1000d248 0x11e0c 0x1120c
GetSystemDirectoryW 0x0 0x1000d24c 0x11e10 0x11210
GetProcessHeap 0x0 0x1000d250 0x11e14 0x11214
HeapFree 0x0 0x1000d254 0x11e18 0x11218
LoadResource 0x0 0x1000d258 0x11e1c 0x1121c
USER32.dll (5)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ExitWindowsEx 0x0 0x1000d2c8 0x11e8c 0x1128c
GetSystemMetrics 0x0 0x1000d2cc 0x11e90 0x11290
CharUpperW 0x0 0x1000d2d0 0x11e94 0x11294
wsprintfW 0x0 0x1000d2d4 0x11e98 0x11298
wsprintfA 0x0 0x1000d2d8 0x11e9c 0x1129c
ADVAPI32.dll (48)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RegFlushKey 0x0 0x1000d000 0x11bc4 0x10fc4
CloseServiceHandle 0x0 0x1000d004 0x11bc8 0x10fc8
OpenSCManagerW 0x0 0x1000d008 0x11bcc 0x10fcc
RegQueryValueExW 0x0 0x1000d00c 0x11bd0 0x10fd0
RegOpenKeyW 0x0 0x1000d010 0x11bd4 0x10fd4
QueryServiceStatus 0x0 0x1000d014 0x11bd8 0x10fd8
StartServiceW 0x0 0x1000d018 0x11bdc 0x10fdc
CreateProcessAsUserW 0x0 0x1000d01c 0x11be0 0x10fe0
DeleteService 0x0 0x1000d020 0x11be4 0x10fe4
InitiateSystemShutdownExW 0x0 0x1000d024 0x11be8 0x10fe8
DuplicateTokenEx 0x0 0x1000d028 0x11bec 0x10fec
SetTokenInformation 0x0 0x1000d02c 0x11bf0 0x10ff0
DuplicateToken 0x0 0x1000d030 0x11bf4 0x10ff4
GetTokenInformation 0x0 0x1000d034 0x11bf8 0x10ff8
GetSidSubAuthorityCount 0x0 0x1000d038 0x11bfc 0x10ffc
OpenThreadToken 0x0 0x1000d03c 0x11c00 0x11000
GetSidSubAuthority 0x0 0x1000d040 0x11c04 0x11004
SetThreadToken 0x0 0x1000d044 0x11c08 0x11008
CredEnumerateW 0x0 0x1000d048 0x11c0c 0x1100c
CredFree 0x0 0x1000d04c 0x11c10 0x11010
SetSecurityDescriptorDacl 0x0 0x1000d050 0x11c14 0x11014
InitializeSecurityDescriptor 0x0 0x1000d054 0x11c18 0x11018
CryptDuplicateKey 0x0 0x1000d058 0x11c1c 0x1101c
CryptDuplicateHash 0x0 0x1000d05c 0x11c20 0x11020
CryptEncrypt 0x0 0x1000d060 0x11c24 0x11024
CryptGenRandom 0x0 0x1000d064 0x11c28 0x11028
CryptGetKeyParam 0x0 0x1000d068 0x11c2c 0x1102c
CryptSetKeyParam 0x0 0x1000d06c 0x11c30 0x11030
CryptDeriveKey 0x0 0x1000d070 0x11c34 0x11034
CryptHashData 0x0 0x1000d074 0x11c38 0x11038
CryptDestroyHash 0x0 0x1000d078 0x11c3c 0x1103c
CryptDestroyKey 0x0 0x1000d07c 0x11c40 0x11040
CryptCreateHash 0x0 0x1000d080 0x11c44 0x11044
CryptImportKey 0x0 0x1000d084 0x11c48 0x11048
CryptReleaseContext 0x0 0x1000d088 0x11c4c 0x1104c
CryptAcquireContextW 0x0 0x1000d08c 0x11c50 0x11050
CryptGetHashParam 0x0 0x1000d090 0x11c54 0x11054
CryptSetHashParam 0x0 0x1000d094 0x11c58 0x11058
AdjustTokenPrivileges 0x0 0x1000d098 0x11c5c 0x1105c
CheckTokenMembership 0x0 0x1000d09c 0x11c60 0x11060
FreeSid 0x0 0x1000d0a0 0x11c64 0x11064
AllocateAndInitializeSid 0x0 0x1000d0a4 0x11c68 0x11068
LookupPrivilegeValueW 0x0 0x1000d0a8 0x11c6c 0x1106c
OpenProcessToken 0x0 0x1000d0ac 0x11c70 0x11070
RegSetValueExW 0x0 0x1000d0b0 0x11c74 0x11074
RegCloseKey 0x0 0x1000d0b4 0x11c78 0x11078
RegOpenKeyExW 0x0 0x1000d0b8 0x11c7c 0x1107c
CreateServiceW 0x0 0x1000d0bc 0x11c80 0x11080
SHELL32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CommandLineToArgvW 0x0 0x1000d28c 0x11e50 0x11250
ole32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateGuid 0x0 0x1000d340 0x11f04 0x11304
CoTaskMemFree 0x0 0x1000d344 0x11f08 0x11308
StringFromCLSID 0x0 0x1000d348 0x11f0c 0x1130c
CRYPT32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptStringToBinaryW 0x0 0x1000d0c4 0x11c88 0x11088
CryptImportPublicKeyInfo 0x0 0x1000d0c8 0x11c8c 0x1108c
CryptBinaryToStringW 0x0 0x1000d0cc 0x11c90 0x11090
CryptDecodeObjectEx 0x0 0x1000d0d0 0x11c94 0x11094
SHLWAPI.dll (12)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PathFindFileNameW 0x0 0x1000d294 0x11e58 0x11258
StrChrW 0x0 0x1000d298 0x11e5c 0x1125c
StrCmpW 0x0 0x1000d29c 0x11e60 0x11260
StrCmpIW 0x0 0x1000d2a0 0x11e64 0x11264
StrToIntW 0x0 0x1000d2a4 0x11e68 0x11268
PathAppendW 0x0 0x1000d2a8 0x11e6c 0x1126c
StrStrW 0x0 0x1000d2ac 0x11e70 0x11270
PathCombineW 0x0 0x1000d2b0 0x11e74 0x11274
StrStrIW 0x0 0x1000d2b4 0x11e78 0x11278
PathFindExtensionW 0x0 0x1000d2b8 0x11e7c 0x1127c
StrCatW 0x0 0x1000d2bc 0x11e80 0x11280
PathFileExistsW 0x0 0x1000d2c0 0x11e84 0x11284
IPHLPAPI.DLL (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetAdaptersInfo 0x0 0x1000d0ec 0x11cb0 0x110b0
GetIpNetTable 0x0 0x1000d0f0 0x11cb4 0x110b4
WS2_32.dll (14)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
select 0x12 0x1000d2e0 0x11ea4 0x112a4
ioctlsocket 0xa 0x1000d2e4 0x11ea8 0x112a8
gethostbyname 0x34 0x1000d2e8 0x11eac 0x112ac
inet_ntoa 0xc 0x1000d2ec 0x11eb0 0x112b0
ntohl 0xe 0x1000d2f0 0x11eb4 0x112b4
WSAStartup 0x73 0x1000d2f4 0x11eb8 0x112b8
connect 0x4 0x1000d2f8 0x11ebc 0x112bc
inet_addr 0xb 0x1000d2fc 0x11ec0 0x112c0
htons 0x9 0x1000d300 0x11ec4 0x112c4
socket 0x17 0x1000d304 0x11ec8 0x112c8
closesocket 0x3 0x1000d308 0x11ecc 0x112cc
send 0x13 0x1000d30c 0x11ed0 0x112d0
recv 0x10 0x1000d310 0x11ed4 0x112d4
__WSAFDIsSet 0x97 0x1000d314 0x11ed8 0x112d8
MPR.dll (5)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetOpenEnumW 0x0 0x1000d260 0x11e24 0x11224
WNetEnumResourceW 0x0 0x1000d264 0x11e28 0x11228
WNetCancelConnection2W 0x0 0x1000d268 0x11e2c 0x1122c
WNetAddConnection2W 0x0 0x1000d26c 0x11e30 0x11230
WNetCloseEnum 0x0 0x1000d270 0x11e34 0x11234
NETAPI32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NetApiBufferFree 0x0 0x1000d278 0x11e3c 0x1123c
NetWkstaGetInfo 0x0 0x1000d27c 0x11e40 0x11240
NetServerEnum 0x0 0x1000d280 0x11e44 0x11244
NetServerGetInfo 0x0 0x1000d284 0x11e48 0x11248
DHCPSAPI.DLL (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DhcpEnumSubnetClients 0x0 0x1000d0d8 0x11c9c 0x1109c
DhcpEnumSubnets 0x0 0x1000d0dc 0x11ca0 0x110a0
DhcpRpcFreeMemory 0x0 0x1000d0e0 0x11ca4 0x110a4
DhcpGetSubnetInfo 0x0 0x1000d0e4 0x11ca8 0x110a8
msvcrt.dll (8)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
memcpy 0x0 0x1000d31c 0x11ee0 0x112e0
srand 0x0 0x1000d320 0x11ee4 0x112e4
memset 0x0 0x1000d324 0x11ee8 0x112e8
memmove 0x0 0x1000d328 0x11eec 0x112ec
free 0x0 0x1000d32c 0x11ef0 0x112f0
malloc 0x0 0x1000d330 0x11ef4 0x112f4
sprintf 0x0 0x1000d334 0x11ef8 0x112f8
rand 0x0 0x1000d338 0x11efc 0x112fc
Exports (2)
+
Api name EAT Address Ordinal
None 0x100079d7 0x1
None 0x10007bf7 0x2
Digital Signatures (4)
+
Signature Properties
Signature verification True
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
c:\windows\infpub.dat
-
File Properties
Names c:\windows\infpub.dat (Created File)
Size 401.13 KB (410760 bytes)
Hash Values MD5: c4f26ed277b51ef45fa180be597d96e8
SHA1: e9efc622924fb965d4a14bdb6223834d9a9007e7
SHA256: 14d82a676b63ab046ae94fa5e41f9f69a65dc7946826cb3d74cea6c030c2f958
Actions
c:\windows\cscc.dat
-
File Properties
Names c:\windows\cscc.dat (Created File)
Size 205.70 KB (210632 bytes)
Hash Values MD5: edb72f4a46c39452d1a5414f7d26454a
SHA1: 08f94684e83a27f2414f439975b7f8a6d61fc056
SHA256: 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6
Actions
PE Information
+
File Properties
Image Base 0x10000
Entry Point 0x130b0
Size Of Code 0x25c00
Size Of Initialized Data 0xc800
Size Of Uninitialized Data 0x0
Format x64
Type Executable
Subsystem IMAGE_SUBSYSTEM_NATIVE
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2014-07-09 08:42:01
Compiler/Packer Unknown
Sections (7)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x11000 0x24957 0x24a00 0x400 CNT_CODE, MEM_NOT_PAGED, MEM_EXECUTE, MEM_READ 6.54
.rdata 0x36000 0x7cf4 0x7e00 0x24e00 CNT_INITIALIZED_DATA, MEM_NOT_PAGED, MEM_READ 6.4
.data 0x3e000 0x308c 0x2200 0x2cc00 CNT_INITIALIZED_DATA, MEM_NOT_PAGED, MEM_READ, MEM_WRITE 5.77
.pdata 0x42000 0xf84 0x1000 0x2ee00 CNT_INITIALIZED_DATA, MEM_NOT_PAGED, MEM_READ 4.95
INIT 0x43000 0x100a 0x1200 0x2fe00 CNT_CODE, MEM_DISCARDABLE, MEM_EXECUTE, MEM_READ, MEM_WRITE 4.81
.rsrc 0x45000 0x2c0 0x400 0x31000 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 2.38
.reloc 0x46000 0x24c 0x400 0x31400 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 0.92
Imports (130)
+
ntoskrnl.exe (116)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
RtlInitUnicodeString 0x0 0x36080 0x330d0 0x2fed0
KeInitializeEvent 0x0 0x36088 0x330d8 0x2fed8
ZwCreateFile 0x0 0x36090 0x330e0 0x2fee0
KeWaitForSingleObject 0x0 0x36098 0x330e8 0x2fee8
IofCallDriver 0x0 0x360a0 0x330f0 0x2fef0
IoAcquireRemoveLockEx 0x0 0x360a8 0x330f8 0x2fef8
KeQueryActiveProcessors 0x0 0x360b0 0x33100 0x2ff00
IoRegisterDriverReinitialization 0x0 0x360b8 0x33108 0x2ff08
IoDeleteDevice 0x0 0x360c0 0x33110 0x2ff10
IoGetDeviceObjectPointer 0x0 0x360c8 0x33118 0x2ff18
ZwQueryValueKey 0x0 0x360d0 0x33120 0x2ff20
PsTerminateSystemThread 0x0 0x360d8 0x33128 0x2ff28
PoStartNextPowerIrp 0x0 0x360e0 0x33130 0x2ff30
ZwClose 0x0 0x360e8 0x33138 0x2ff38
PsGetVersion 0x0 0x360f0 0x33140 0x2ff40
IoCreateSymbolicLink 0x0 0x360f8 0x33148 0x2ff48
IoCreateDevice 0x0 0x36100 0x33150 0x2ff50
ZwOpenKey 0x0 0x36108 0x33158 0x2ff58
MmFreeContiguousMemory 0x0 0x36110 0x33160 0x2ff60
MmBuildMdlForNonPagedPool 0x0 0x36118 0x33168 0x2ff68
IoFreeMdl 0x0 0x36120 0x33170 0x2ff70
IoAllocateMdl 0x0 0x36128 0x33178 0x2ff78
MmAllocateContiguousMemory 0x0 0x36130 0x33180 0x2ff80
PsSetLoadImageNotifyRoutine 0x0 0x36138 0x33188 0x2ff88
_wcsnicmp 0x0 0x36140 0x33190 0x2ff90
KeBugCheck 0x0 0x36148 0x33198 0x2ff98
PoSetSystemState 0x0 0x36150 0x331a0 0x2ffa0
KeSetEvent 0x0 0x36158 0x331a8 0x2ffa8
KeReleaseMutex 0x0 0x36160 0x331b0 0x2ffb0
ExInterlockedInsertTailList 0x0 0x36168 0x331b8 0x2ffb8
ExInterlockedRemoveHeadList 0x0 0x36170 0x331c0 0x2ffc0
KeClearEvent 0x0 0x36178 0x331c8 0x2ffc8
ExInitializeNPagedLookasideList 0x0 0x36180 0x331d0 0x2ffd0
InitializeSListHead 0x0 0x36188 0x331d8 0x2ffd8
ExpInterlockedPushEntrySList 0x0 0x36190 0x331e0 0x2ffe0
ExpInterlockedPopEntrySList 0x0 0x36198 0x331e8 0x2ffe8
ZwWaitForSingleObject 0x0 0x361a0 0x331f0 0x2fff0
ExQueryDepthSList 0x0 0x361a8 0x331f8 0x2fff8
ExDeleteNPagedLookasideList 0x0 0x361b0 0x33200 0x30000
IoGetRequestorProcess 0x0 0x361b8 0x33208 0x30008
IoReleaseRemoveLockEx 0x0 0x361c0 0x33210 0x30010
MmMapLockedPagesSpecifyCache 0x0 0x361c8 0x33218 0x30018
PsGetProcessId 0x0 0x361d0 0x33220 0x30020
_vsnwprintf 0x0 0x361d8 0x33228 0x30028
ObReferenceObjectByHandle 0x0 0x361e0 0x33230 0x30030
MmIsAddressValid 0x0 0x361e8 0x33238 0x30038
ZwQuerySymbolicLinkObject 0x0 0x361f0 0x33240 0x30040
ZwOpenSymbolicLinkObject 0x0 0x361f8 0x33248 0x30048
IoVolumeDeviceToDosName 0x0 0x36200 0x33250 0x30050
IoBuildSynchronousFsdRequest 0x0 0x36208 0x33258 0x30058
ObQueryNameString 0x0 0x36210 0x33260 0x30060
PsCreateSystemThread 0x0 0x36218 0x33268 0x30068
ExQueueWorkItem 0x0 0x36220 0x33270 0x30070
SeTokenIsAdmin 0x0 0x36228 0x33278 0x30078
PsReferencePrimaryToken 0x0 0x36230 0x33280 0x30080
IoGetCurrentProcess 0x0 0x36238 0x33288 0x30088
IofCompleteRequest 0x0 0x36240 0x33290 0x30090
PoCallDriver 0x0 0x36248 0x33298 0x30098
PsDereferencePrimaryToken 0x0 0x36250 0x332a0 0x300a0
MmUnmapLockedPages 0x0 0x36258 0x332a8 0x300a8
ExReleaseFastMutex 0x0 0x36260 0x332b0 0x300b0
ExAcquireFastMutex 0x0 0x36268 0x332b8 0x300b8
KeReleaseInStackQueuedSpinLock 0x0 0x36270 0x332c0 0x300c0
KeAcquireInStackQueuedSpinLock 0x0 0x36278 0x332c8 0x300c8
PsSetCreateProcessNotifyRoutine 0x0 0x36280 0x332d0 0x300d0
MmProbeAndLockPages 0x0 0x36288 0x332d8 0x300d8
IoAllocateIrp 0x0 0x36290 0x332e0 0x300e0
MmUnlockPages 0x0 0x36298 0x332e8 0x300e8
PsGetCurrentProcessId 0x0 0x362a0 0x332f0 0x300f0
ZwFsControlFile 0x0 0x362a8 0x332f8 0x300f8
IoGetLowerDeviceObject 0x0 0x362b0 0x33300 0x30100
KeInitializeMutex 0x0 0x362b8 0x33308 0x30108
IoAttachDeviceToDeviceStackSafe 0x0 0x362c0 0x33310 0x30110
IoDetachDevice 0x0 0x362c8 0x33318 0x30118
IoReleaseRemoveLockAndWaitEx 0x0 0x362d0 0x33320 0x30120
IoGetAttachedDeviceReference 0x0 0x362d8 0x33328 0x30128
IoInitializeRemoveLockEx 0x0 0x362e0 0x33330 0x30130
wcsncmp 0x0 0x362e8 0x33338 0x30138
ExUuidCreate 0x0 0x362f0 0x33340 0x30140
IoGetStackLimits 0x0 0x362f8 0x33348 0x30148
ExGetPreviousMode 0x0 0x36300 0x33350 0x30150
IoWriteOperationCount 0x0 0x36308 0x33358 0x30158
MmQuerySystemSize 0x0 0x36310 0x33360 0x30160
IoWriteTransferCount 0x0 0x36318 0x33368 0x30168
RtlRandom 0x0 0x36320 0x33370 0x30170
IoReadOperationCount 0x0 0x36328 0x33378 0x30178
IoGetInitialStack 0x0 0x36330 0x33380 0x30180
IoGetTopLevelIrp 0x0 0x36338 0x33388 0x30188
IoReadTransferCount 0x0 0x36340 0x33390 0x30190
PsGetCurrentThreadId 0x0 0x36348 0x33398 0x30198
PsGetProcessExitTime 0x0 0x36350 0x333a0 0x301a0
KeQueryPriorityThread 0x0 0x36358 0x333a8 0x301a8
IoReuseIrp 0x0 0x36360 0x333b0 0x301b0
IoBuildPartialMdl 0x0 0x36368 0x333b8 0x301b8
IoFreeIrp 0x0 0x36370 0x333c0 0x301c0
ZwSetInformationFile 0x0 0x36378 0x333c8 0x301c8
ZwQueryVolumeInformationFile 0x0 0x36380 0x333d0 0x301d0
ZwReadFile 0x0 0x36388 0x333d8 0x301d8
ZwWriteFile 0x0 0x36390 0x333e0 0x301e0
ExInitializeResourceLite 0x0 0x36398 0x333e8 0x301e8
IoBuildDeviceIoControlRequest 0x0 0x363a0 0x333f0 0x301f0
ObfDereferenceObject 0x0 0x363a8 0x333f8 0x301f8
ObfReferenceObject 0x0 0x363b0 0x33400 0x30200
ExReleaseResourceLite 0x0 0x363b8 0x33408 0x30208
ExAcquireResourceSharedLite 0x0 0x363c0 0x33410 0x30210
KeEnterCriticalRegion 0x0 0x363c8 0x33418 0x30218
KeLeaveCriticalRegion 0x0 0x363d0 0x33420 0x30220
ExAcquireResourceExclusiveLite 0x0 0x363d8 0x33428 0x30228
_wcsicmp 0x0 0x363e0 0x33430 0x30230
KeBugCheckEx 0x0 0x363e8 0x33438 0x30238
MmMapIoSpace 0x0 0x363f0 0x33440 0x30240
MmUnmapIoSpace 0x0 0x363f8 0x33448 0x30248
ExFreePoolWithTag 0x0 0x36400 0x33450 0x30250
KeDelayExecutionThread 0x0 0x36408 0x33458 0x30258
ExAllocatePoolWithTag 0x0 0x36410 0x33460 0x30260
__C_specific_handler 0x0 0x36418 0x33468 0x30268
HAL.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
KeQueryPerformanceCounter 0x0 0x36070 0x330c0 0x2fec0
FLTMGR.SYS (13)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
FltRegisterFilter 0x0 0x36000 0x33050 0x2fe50
FltGetVolumeName 0x0 0x36008 0x33058 0x2fe58
FltUnregisterFilter 0x0 0x36010 0x33060 0x2fe60
FltAllocateContext 0x0 0x36018 0x33068 0x2fe68
FltClose 0x0 0x36020 0x33070 0x2fe70
FltReleaseContext 0x0 0x36028 0x33078 0x2fe78
FltQueryInformationFile 0x0 0x36030 0x33080 0x2fe80
FltReissueSynchronousIo 0x0 0x36038 0x33088 0x2fe88
FltCreateFile 0x0 0x36040 0x33090 0x2fe90
FltSetInstanceContext 0x0 0x36048 0x33098 0x2fe98
FltDeleteInstanceContext 0x0 0x36050 0x330a0 0x2fea0
FltGetInstanceContext 0x0 0x36058 0x330a8 0x2fea8
FltStartFiltering 0x0 0x36060 0x330b0 0x2feb0
Digital Signatures (5)
+
Signature Properties
LegalCopyright http://diskcryptor.net/
FileVersion 1.1.846.118
ProductName DiskCryptor
ProductVersion 1.1
FileDescription DiskCryptor driver
OriginalFilename dcrypt.sys
Signature verification True
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
c:\windows\dispci.exe
-
File Properties
Names c:\windows\dispci.exe (Created File)
Size 139.50 KB (142848 bytes)
Hash Values MD5: b14d8faf7f0cbcfad051cefe5f39645f
SHA1: afeee8b4acff87bc469a6f0364a81ae5d60a2add
SHA256: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x406755
Size Of Code 0x11a00
Size Of Initialized Data 0x11000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-10-22 04:33:09
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x1184a 0x11a00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.58
.rdata 0x413000 0x403c 0x4200 0x11e00 CNT_INITIALIZED_DATA, MEM_READ 4.83
.data 0x418000 0x35d2c 0x1a00 0x16000 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 4.2
.rsrc 0x44e000 0x9b2c 0x9c00 0x17a00 CNT_INITIALIZED_DATA, MEM_READ 6.17
.reloc 0x458000 0x16d6 0x1800 0x21600 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.5
Imports (174)
+
KERNEL32.dll (120)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
TlsSetValue 0x0 0x413054 0x160ac 0x14eac
FindNextVolumeW 0x0 0x413058 0x160b0 0x14eb0
DeviceIoControl 0x0 0x41305c 0x160b4 0x14eb4
FindFirstVolumeW 0x0 0x413060 0x160b8 0x14eb8
GetFileSize 0x0 0x413064 0x160bc 0x14ebc
SetFilePointer 0x0 0x413068 0x160c0 0x14ec0
FindResourceW 0x0 0x41306c 0x160c4 0x14ec4
LoadResource 0x0 0x413070 0x160c8 0x14ec8
WriteFile 0x0 0x413074 0x160cc 0x14ecc
SizeofResource 0x0 0x413078 0x160d0 0x14ed0
LockResource 0x0 0x41307c 0x160d4 0x14ed4
VirtualQuery 0x0 0x413080 0x160d8 0x14ed8
GetCurrentProcess 0x0 0x413084 0x160dc 0x14edc
VirtualFree 0x0 0x413088 0x160e0 0x14ee0
LoadLibraryW 0x0 0x41308c 0x160e4 0x14ee4
VirtualUnlock 0x0 0x413090 0x160e8 0x14ee8
GetProcAddress 0x0 0x413094 0x160ec 0x14eec
VirtualAlloc 0x0 0x413098 0x160f0 0x14ef0
VirtualLock 0x0 0x41309c 0x160f4 0x14ef4
QueryPerformanceCounter 0x0 0x4130a0 0x160f8 0x14ef8
GetTickCount 0x0 0x4130a4 0x160fc 0x14efc
GetCurrentThread 0x0 0x4130a8 0x16100 0x14f00
GetProcessHeap 0x0 0x4130ac 0x16104 0x14f04
GetProcessTimes 0x0 0x4130b0 0x16108 0x14f08
GlobalMemoryStatusEx 0x0 0x4130b4 0x1610c 0x14f0c
GetOEMCP 0x0 0x4130b8 0x16110 0x14f10
GetCurrentThreadId 0x0 0x4130bc 0x16114 0x14f14
GetCurrentProcessId 0x0 0x4130c0 0x16118 0x14f18
GetThreadTimes 0x0 0x4130c4 0x1611c 0x14f1c
GetCommandLineW 0x0 0x4130c8 0x16120 0x14f20
GetCommandLineA 0x0 0x4130cc 0x16124 0x14f24
SetConsoleCursorPosition 0x0 0x4130d0 0x16128 0x14f28
GetStdHandle 0x0 0x4130d4 0x1612c 0x14f2c
FillConsoleOutputCharacterW 0x0 0x4130d8 0x16130 0x14f30
GetConsoleScreenBufferInfo 0x0 0x4130dc 0x16134 0x14f34
HeapAlloc 0x0 0x4130e0 0x16138 0x14f38
HeapFree 0x0 0x4130e4 0x1613c 0x14f3c
WideCharToMultiByte 0x0 0x4130e8 0x16140 0x14f40
Sleep 0x0 0x4130ec 0x16144 0x14f44
TlsGetValue 0x0 0x4130f0 0x16148 0x14f48
MultiByteToWideChar 0x0 0x4130f4 0x1614c 0x14f4c
SetConsoleCtrlHandler 0x0 0x4130f8 0x16150 0x14f50
GetVersion 0x0 0x4130fc 0x16154 0x14f54
ExpandEnvironmentStringsW 0x0 0x413100 0x16158 0x14f58
GetEnvironmentVariableW 0x0 0x413104 0x1615c 0x14f5c
CreateProcessW 0x0 0x413108 0x16160 0x14f60
SystemTimeToFileTime 0x0 0x41310c 0x16164 0x14f64
GetSystemDirectoryW 0x0 0x413110 0x16168 0x14f68
FileTimeToSystemTime 0x0 0x413114 0x1616c 0x14f6c
GetLocalTime 0x0 0x413118 0x16170 0x14f70
lstrcatW 0x0 0x41311c 0x16174 0x14f74
SetStdHandle 0x0 0x413120 0x16178 0x14f78
IsProcessorFeaturePresent 0x0 0x413124 0x1617c 0x14f7c
FlushFileBuffers 0x0 0x413128 0x16180 0x14f80
HeapReAlloc 0x0 0x41312c 0x16184 0x14f84
GetStringTypeW 0x0 0x413130 0x16188 0x14f88
GetConsoleCP 0x0 0x413134 0x1618c 0x14f8c
RtlUnwind 0x0 0x413138 0x16190 0x14f90
GetSystemTimeAsFileTime 0x0 0x41313c 0x16194 0x14f94
GetStartupInfoW 0x0 0x413140 0x16198 0x14f98
GetFileType 0x0 0x413144 0x1619c 0x14f9c
SetHandleCount 0x0 0x413148 0x161a0 0x14fa0
GetEnvironmentStringsW 0x0 0x41314c 0x161a4 0x14fa4
HeapSize 0x0 0x413150 0x161a8 0x14fa8
FreeEnvironmentStringsW 0x0 0x413154 0x161ac 0x14fac
LCMapStringW 0x0 0x413158 0x161b0 0x14fb0
WriteConsoleW 0x0 0x41315c 0x161b4 0x14fb4
SetLastError 0x0 0x413160 0x161b8 0x14fb8
TlsFree 0x0 0x413164 0x161bc 0x14fbc
TlsAlloc 0x0 0x413168 0x161c0 0x14fc0
IsValidCodePage 0x0 0x41316c 0x161c4 0x14fc4
FindVolumeClose 0x0 0x413170 0x161c8 0x14fc8
GetFileAttributesW 0x0 0x413174 0x161cc 0x14fcc
CreateThread 0x0 0x413178 0x161d0 0x14fd0
CloseHandle 0x0 0x41317c 0x161d4 0x14fd4
FindNextFileW 0x0 0x413180 0x161d8 0x14fd8
WaitForMultipleObjects 0x0 0x413184 0x161dc 0x14fdc
CreateEventW 0x0 0x413188 0x161e0 0x14fe0
CreateFileMappingW 0x0 0x41318c 0x161e4 0x14fe4
FindClose 0x0 0x413190 0x161e8 0x14fe8
GetFileSizeEx 0x0 0x413194 0x161ec 0x14fec
CreateFileW 0x0 0x413198 0x161f0 0x14ff0
ReadFile 0x0 0x41319c 0x161f4 0x14ff4
FlushViewOfFile 0x0 0x4131a0 0x161f8 0x14ff8
GetLogicalDrives 0x0 0x4131a4 0x161fc 0x14ffc
SetEvent 0x0 0x4131a8 0x16200 0x15000
WaitForSingleObject 0x0 0x4131ac 0x16204 0x15004
SetFilePointerEx 0x0 0x4131b0 0x16208 0x15008
SetEndOfFile 0x0 0x4131b4 0x1620c 0x1500c
GetDriveTypeW 0x0 0x4131b8 0x16210 0x15010
UnmapViewOfFile 0x0 0x4131bc 0x16214 0x15014
MapViewOfFile 0x0 0x4131c0 0x16218 0x15018
FindFirstFileW 0x0 0x4131c4 0x1621c 0x1501c
LocalFree 0x0 0x4131c8 0x16220 0x15020
GetACP 0x0 0x4131cc 0x16224 0x15024
InterlockedDecrement 0x0 0x4131d0 0x16228 0x15028
InterlockedIncrement 0x0 0x4131d4 0x1622c 0x1502c
GetCPInfo 0x0 0x4131d8 0x16230 0x15030
LocalAlloc 0x0 0x4131dc 0x16234 0x15034
GetLastError 0x0 0x4131e0 0x16238 0x15038
GetTimeZoneInformation 0x0 0x4131e4 0x1623c 0x1503c
GetModuleFileNameW 0x0 0x4131e8 0x16240 0x15040
GetSystemDefaultLCID 0x0 0x4131ec 0x16244 0x15044
DeleteCriticalSection 0x0 0x4131f0 0x16248 0x15048
InitializeCriticalSectionAndSpinCount 0x0 0x4131f4 0x1624c 0x1504c
ExitProcess 0x0 0x4131f8 0x16250 0x15050
GetModuleHandleW 0x0 0x4131fc 0x16254 0x15054
HeapCreate 0x0 0x413200 0x16258 0x15058
EncodePointer 0x0 0x413204 0x1625c 0x1505c
DecodePointer 0x0 0x413208 0x16260 0x15060
LeaveCriticalSection 0x0 0x41320c 0x16264 0x15064
ReadConsoleInputA 0x0 0x413210 0x16268 0x15068
SetConsoleMode 0x0 0x413214 0x1626c 0x1506c
GetConsoleMode 0x0 0x413218 0x16270 0x15070
HeapSetInformation 0x0 0x41321c 0x16274 0x15074
TerminateProcess 0x0 0x413220 0x16278 0x15078
UnhandledExceptionFilter 0x0 0x413224 0x1627c 0x1507c
SetUnhandledExceptionFilter 0x0 0x413228 0x16280 0x15080
IsDebuggerPresent 0x0 0x41322c 0x16284 0x15084
EnterCriticalSection 0x0 0x413230 0x16288 0x15088
USER32.dll (25)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetOpenClipboardWindow 0x0 0x413260 0x162b8 0x150b8
GetShellWindow 0x0 0x413264 0x162bc 0x150bc
GetWindowThreadProcessId 0x0 0x413268 0x162c0 0x150c0
GetMessageTime 0x0 0x41326c 0x162c4 0x150c4
GetWindowRect 0x0 0x413270 0x162c8 0x150c8
GetLastActivePopup 0x0 0x413274 0x162cc 0x150cc
GetFocus 0x0 0x413278 0x162d0 0x150d0
CallNextHookEx 0x0 0x41327c 0x162d4 0x150d4
GetWindowInfo 0x0 0x413280 0x162d8 0x150d8
GetClientRect 0x0 0x413284 0x162dc 0x150dc
GetQueueStatus 0x0 0x413288 0x162e0 0x150e0
GetCapture 0x0 0x41328c 0x162e4 0x150e4
GetKBCodePage 0x0 0x413290 0x162e8 0x150e8
GetForegroundWindow 0x0 0x413294 0x162ec 0x150ec
GetGUIThreadInfo 0x0 0x413298 0x162f0 0x150f0
GetCursorInfo 0x0 0x41329c 0x162f4 0x150f4
GetInputState 0x0 0x4132a0 0x162f8 0x150f8
GetWindowTextW 0x0 0x4132a4 0x162fc 0x150fc
GetDesktopWindow 0x0 0x4132a8 0x16300 0x15100
GetCaretPos 0x0 0x4132ac 0x16304 0x15104
GetActiveWindow 0x0 0x4132b0 0x16308 0x15108
GetCursor 0x0 0x4132b4 0x1630c 0x1510c
SetWindowsHookExW 0x0 0x4132b8 0x16310 0x15110
GetClipboardOwner 0x0 0x4132bc 0x16314 0x15114
EnumWindows 0x0 0x4132c0 0x16318 0x15118
ADVAPI32.dll (15)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptDestroyHash 0x0 0x413000 0x16058 0x14e58
CryptAcquireContextW 0x0 0x413004 0x1605c 0x14e5c
CryptDeriveKey 0x0 0x413008 0x16060 0x14e60
CryptDuplicateKey 0x0 0x41300c 0x16064 0x14e64
CryptDuplicateHash 0x0 0x413010 0x16068 0x14e68
CryptHashData 0x0 0x413014 0x1606c 0x14e6c
CryptGetHashParam 0x0 0x413018 0x16070 0x14e70
CryptDecrypt 0x0 0x41301c 0x16074 0x14e74
CryptDestroyKey 0x0 0x413020 0x16078 0x14e78
CryptCreateHash 0x0 0x413024 0x1607c 0x14e7c
CryptEncrypt 0x0 0x413028 0x16080 0x14e80
CryptGenRandom 0x0 0x41302c 0x16084 0x14e84
CryptReleaseContext 0x0 0x413030 0x16088 0x14e88
CryptGetKeyParam 0x0 0x413034 0x1608c 0x14e8c
CryptSetKeyParam 0x0 0x413038 0x16090 0x14e90
ole32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoInitialize 0x0 0x4132c8 0x16320 0x15120
CoUninitialize 0x0 0x4132cc 0x16324 0x15124
CoCreateInstance 0x0 0x4132d0 0x16328 0x15128
CRYPT32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptImportPublicKeyInfo 0x0 0x413040 0x16098 0x14e98
CryptStringToBinaryW 0x0 0x413044 0x1609c 0x14e9c
CryptDecodeObjectEx 0x0 0x413048 0x160a0 0x14ea0
CryptBinaryToStringW 0x0 0x41304c 0x160a4 0x14ea4
SHLWAPI.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PathAppendW 0x0 0x41324c 0x162a4 0x150a4
PathCombineW 0x0 0x413250 0x162a8 0x150a8
StrStrIW 0x0 0x413254 0x162ac 0x150ac
PathFindExtensionW 0x0 0x413258 0x162b0 0x150b0
PSAPI.DLL (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetProcessMemoryInfo 0x0 0x413244 0x1629c 0x1509c
NETAPI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NetWkstaGetInfo 0x0 0x413238 0x16290 0x15090
NetApiBufferFree 0x0 0x41323c 0x16294 0x15094
c:\windows\41d0.tmp, ...
-
File Properties
Names c:\windows\41d0.tmp (Created File)
c:\windows\system32\wbem\repository\writable.tst (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\windows\41d0.tmp
-
File Properties
Names c:\windows\41d0.tmp (Created File)
Size 60.87 KB (62328 bytes)
Hash Values MD5: 347ac3b6b791054de3e5720a7144a977
SHA1: 413eba3973a15c1a6429d9f170f3e8287f98c21c
SHA256: 301b905eb98d8d6bb559c04bbda26628a942b2c4107c07a02e8f753bdcfe347c
Actions
PE Information
+
File Properties
Image Base 0x140000000
Entry Point 0x14000453c
Size Of Code 0x8400
Size Of Initialized Data 0x6a00
Size Of Uninitialized Data 0x0
Format x64
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_AMD64
Compile Timestamp 2017-10-22 04:31:55
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x140001000 0x82a2 0x8400 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.23
.rdata 0x14000a000 0x30da 0x3200 0x8800 CNT_INITIALIZED_DATA, MEM_READ 4.56
.data 0x14000e000 0x2ad4 0x1600 0xba00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.21
.pdata 0x140011000 0x6d8 0x800 0xd000 CNT_INITIALIZED_DATA, MEM_READ 3.92
.reloc 0x140012000 0x306 0x400 0xd800 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 2.94
Imports (81)
+
ADVAPI32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InitializeSecurityDescriptor 0x0 0x14000a000 0xc7f8 0xaff8
SetSecurityDescriptorDacl 0x0 0x14000a008 0xc800 0xb000
IsTextUnicode 0x0 0x14000a010 0xc808 0xb008
SHLWAPI.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StrChrW 0x0 0x14000a248 0xca40 0xb240
USER32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
IsCharAlphaNumericW 0x0 0x14000a258 0xca50 0xb250
wsprintfW 0x0 0x14000a260 0xca58 0xb258
ntdll.dll (7)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NtQuerySystemInformation 0x0 0x14000a270 0xca68 0xb268
RtlEqualUnicodeString 0x0 0x14000a278 0xca70 0xb270
RtlGetNtVersionNumbers 0x0 0x14000a280 0xca78 0xb278
RtlGetCurrentPeb 0x0 0x14000a288 0xca80 0xb280
NtQueryInformationProcess 0x0 0x14000a290 0xca88 0xb288
RtlAdjustPrivilege 0x0 0x14000a298 0xca90 0xb290
RtlInitUnicodeString 0x0 0x14000a2a0 0xca98 0xb298
KERNEL32.dll (68)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
HeapSize 0x0 0x14000a020 0xc818 0xb018
HeapReAlloc 0x0 0x14000a028 0xc820 0xb020
LoadLibraryW 0x0 0x14000a030 0xc828 0xb028
HeapFree 0x0 0x14000a038 0xc830 0xb030
EnterCriticalSection 0x0 0x14000a040 0xc838 0xb038
LeaveCriticalSection 0x0 0x14000a048 0xc840 0xb040
GetStringTypeW 0x0 0x14000a050 0xc848 0xb048
MultiByteToWideChar 0x0 0x14000a058 0xc850 0xb050
SetFilePointer 0x0 0x14000a060 0xc858 0xb058
GetModuleHandleW 0x0 0x14000a068 0xc860 0xb060
ReadProcessMemory 0x0 0x14000a070 0xc868 0xb068
GetProcAddress 0x0 0x14000a078 0xc870 0xb070
LocalFree 0x0 0x14000a080 0xc878 0xb078
WriteProcessMemory 0x0 0x14000a088 0xc880 0xb080
MapViewOfFile 0x0 0x14000a090 0xc888 0xb088
UnmapViewOfFile 0x0 0x14000a098 0xc890 0xb090
CreateFileMappingW 0x0 0x14000a0a0 0xc898 0xb098
CloseHandle 0x0 0x14000a0a8 0xc8a0 0xb0a0
GetCurrentProcess 0x0 0x14000a0b0 0xc8a8 0xb0a8
HeapAlloc 0x0 0x14000a0b8 0xc8b0 0xb0b0
GetProcessHeap 0x0 0x14000a0c0 0xc8b8 0xb0b8
WaitNamedPipeW 0x0 0x14000a0c8 0xc8c0 0xb0c0
Sleep 0x0 0x14000a0d0 0xc8c8 0xb0c8
CreateFileW 0x0 0x14000a0d8 0xc8d0 0xb0d0
FreeLibrary 0x0 0x14000a0e0 0xc8d8 0xb0d8
OpenProcess 0x0 0x14000a0e8 0xc8e0 0xb0e0
GetCommandLineW 0x0 0x14000a0f0 0xc8e8 0xb0e8
GetCPInfo 0x0 0x14000a0f8 0xc8f0 0xb0f0
GetACP 0x0 0x14000a100 0xc8f8 0xb0f8
GetOEMCP 0x0 0x14000a108 0xc900 0xb100
IsValidCodePage 0x0 0x14000a110 0xc908 0xb108
EncodePointer 0x0 0x14000a118 0xc910 0xb110
FlsGetValue 0x0 0x14000a120 0xc918 0xb118
FlsSetValue 0x0 0x14000a128 0xc920 0xb120
FlsFree 0x0 0x14000a130 0xc928 0xb128
SetLastError 0x0 0x14000a138 0xc930 0xb130
GetCurrentThreadId 0x0 0x14000a140 0xc938 0xb138
GetLastError 0x0 0x14000a148 0xc940 0xb140
FlsAlloc 0x0 0x14000a150 0xc948 0xb148
UnhandledExceptionFilter 0x0 0x14000a158 0xc950 0xb150
SetUnhandledExceptionFilter 0x0 0x14000a160 0xc958 0xb158
IsDebuggerPresent 0x0 0x14000a168 0xc960 0xb160
RtlVirtualUnwind 0x0 0x14000a170 0xc968 0xb168
RtlLookupFunctionEntry 0x0 0x14000a178 0xc970 0xb170
RtlCaptureContext 0x0 0x14000a180 0xc978 0xb178
DecodePointer 0x0 0x14000a188 0xc980 0xb180
TerminateProcess 0x0 0x14000a190 0xc988 0xb188
ExitProcess 0x0 0x14000a198 0xc990 0xb190
WriteFile 0x0 0x14000a1a0 0xc998 0xb198
GetStdHandle 0x0 0x14000a1a8 0xc9a0 0xb1a0
GetModuleFileNameW 0x0 0x14000a1b0 0xc9a8 0xb1a8
RtlUnwindEx 0x0 0x14000a1b8 0xc9b0 0xb1b0
FreeEnvironmentStringsW 0x0 0x14000a1c0 0xc9b8 0xb1b8
GetEnvironmentStringsW 0x0 0x14000a1c8 0xc9c0 0xb1c0
SetHandleCount 0x0 0x14000a1d0 0xc9c8 0xb1c8
InitializeCriticalSectionAndSpinCount 0x0 0x14000a1d8 0xc9d0 0xb1d0
GetFileType 0x0 0x14000a1e0 0xc9d8 0xb1d8
GetStartupInfoW 0x0 0x14000a1e8 0xc9e0 0xb1e0
DeleteCriticalSection 0x0 0x14000a1f0 0xc9e8 0xb1e8
HeapSetInformation 0x0 0x14000a1f8 0xc9f0 0xb1f0
GetVersion 0x0 0x14000a200 0xc9f8 0xb1f8
HeapCreate 0x0 0x14000a208 0xca00 0xb200
QueryPerformanceCounter 0x0 0x14000a210 0xca08 0xb208
GetTickCount 0x0 0x14000a218 0xca10 0xb210
GetCurrentProcessId 0x0 0x14000a220 0xca18 0xb218
GetSystemTimeAsFileTime 0x0 0x14000a228 0xca20 0xb220
WideCharToMultiByte 0x0 0x14000a230 0xca28 0xb228
LCMapStringW 0x0 0x14000a238 0xca30 0xb230
Digital Signatures (4)
+
Signature Properties
Signature verification True
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
Certificate: None
+
Certificate Properties
Issued by -
Valid from -
Valid to -
Algorithm -
Serial number -
c:\windows\41d0.tmp
-
File Properties
Names c:\windows\41d0.tmp (Created File)
Size 60.87 KB (62328 bytes)
Hash Values MD5: c7ca77d847f1802502ef3b9228d388e4
SHA1: 80ab09116d877b924dfec5b6e8eb6d3dde35869e
SHA256: fdef2f6da8c5e8002fa5822e8e4fea278fba66c22df9e13b61c8a95c2f9d585f
Actions
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excellr.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: 87cf3392dfc386ebd494fa4e72b747fc
SHA1: f940f7e3770462a4809bad3e995ae46d522190ef
SHA256: fa125a9e042003f5443f6c8ac5eb108cd7a5483eab39e1b3b5c059d60215d9e7
Actions
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.xml
-
File Properties
Names c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\excelmui.xml (Modified File)
Size 1.56 KB (1602 bytes)
Hash Values MD5: a20a768a81afee200bf6db18a3056541
SHA1: 3592d4d77e481c9b7eaa614deeb36e72a994218e
SHA256: 448403a1b7ca253b91174d36a3881cc183d2ffeaaa3eed0496d802539538c114
Actions
c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0016-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 2.28 KB (2338 bytes)
Hash Values MD5: a5cfdf621750a94cbc0f0719a533eaf4
SHA1: 6e282e3fb7afc487422d73271a729e7e4718a328
SHA256: dfe114759d655205b57f759e89f6da508d36aa1a4a84cee2fc6d743ef2655d40
Actions
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.xml
-
File Properties
Names c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\powerpointmui.xml (Modified File)
Size 1.46 KB (1490 bytes)
Hash Values MD5: 380dcda4098e62f1f5664921cf6cdd6c
SHA1: 0c64f4559ed2f12cf42ee1ff2dd14d806e16ce87
SHA256: 12744847431c8b2fc23c7e47dc6ec275419958ebdbcb39af589eda58dce9ead3
Actions
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\pptlr.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: 43425a50ee06e30dd272c3ff17bb0427
SHA1: 230a74cfbf7ae520dd726174711e0d3533f60fff
SHA256: 752cc8c341f4e4d0a6036607a12df396047a4e9f3a461be21dadea54f5de67a3
Actions
c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0018-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 1.88 KB (1922 bytes)
Hash Values MD5: be16f68fd043d935ad963ea4c3d736bc
SHA1: 3693091b6827d78dd9414a6f485abb53b8edfbca
SHA256: e21fac606118ecf75d5a4d1966574895104dd3024f7122339edbabb634cf5d13
Actions
c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.xml
-
File Properties
Names c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publishermui.xml (Modified File)
Size 1.46 KB (1490 bytes)
Hash Values MD5: cf6fa18c52894350bea091528fc31218
SHA1: 7057c7772d2b3290ddea402ff765e67901afaa63
SHA256: 8f2a61e71446971c5f5010abf0d324222993e7f79e0b3a3a8d6719eb9f3f2546
Actions
c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\publr.cab (Modified File)
Size 9.50 MB (9958434 bytes)
Hash Values MD5: 85a68488be13ebc093b067ea1475ccf4
SHA1: 3fc88da1570badea2c61a9517e06e1a41e51035b
SHA256: 7cda2a6ea0faca19b16802165b3a6add583fe06141ee843e5b8c10f89a9106bb
Actions
c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0019-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 1.61 KB (1650 bytes)
Hash Values MD5: 146cee28b00dbf679ed697b6f33d6fc0
SHA1: 4b22431fa5e445f6f630e7f8a6b668125c4d3ec3
SHA256: a32fc1e86edbf4a24426684c8700693b511c649ddd36e25090018e00f37e7300
Actions
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab
-
File Properties
Names c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlklr.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: ea9b20690debbe698df7bcdee8af861e
SHA1: 383953c3903f3def7f4a8dfc961b632bc747f58a
SHA256: 7a63a991eeae97834d4ee1911ccded08b7f9f47167bb73717551bedd1f3b3071
Actions
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml
-
File Properties
Names c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\outlookmui.xml (Modified File)
Size 3.16 KB (3234 bytes)
Hash Values MD5: 3db069e923ed265020abbe0aeeb20516
SHA1: dde8ecfc4f9d094feb2e9b831193fcc4cddb98da
SHA256: 73c778eb6570c7c49aa0c5fc4b3b246f6bc335819cacd7f68716be0384068d9a
Actions
c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-001a-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 4.14 KB (4242 bytes)
Hash Values MD5: 4bde0423f361b421519b65c28bde6cc2
SHA1: 4e05353ba59608761c42ab503768718fd4ea9d0e
SHA256: 87f2dc684dbabea1b50206f66acef5d1164deb93327b6cb03201e9f0b4e4735a
Actions
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 2.41 KB (2466 bytes)
Hash Values MD5: 2c56ebeae266b0945b278f8cb01732c8
SHA1: b29ffe456e5fb9ed0f8e90effbf30fc96862b153
SHA256: ffe497bab3fb4bd8401b6ded8d9f23d3bd07ac5d3ee0489ffa4f06254a053264
Actions
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordlr.cab
-
File Properties
Names c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordlr.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: 8ab2632c2d433efc3b75df58f9d73dae
SHA1: 2d627a56bd4283688e4c69c4b418010b0c7d1820
SHA256: 0a0c05a8af443700679eef4db9d19a12a22e19342bc56351be4738eb7f17f3d9
Actions
c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.xml
-
File Properties
Names c:\msocache\all users\{90140000-001b-0409-1000-0000000ff1ce}-c\wordmui.xml (Modified File)
Size 1.80 KB (1842 bytes)
Hash Values MD5: 5b5f9cedbc03caf54b38039ff2b1487b
SHA1: fea2f54353593e4d88887393b651fdbb3ba79324
SHA256: 425d33325b790e9ad234441f1a2adc245d397f19f07bbf53c6b53282c443cb8a
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.cab
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: b7ed442d187f7892bc057b6004e83599
SHA1: cf0239dd6407ffb1bfaff75c154e5b6ff261be74
SHA256: e50f152da6840a55a0f185499b2381bac2668aa38a61d70ac191cc8f456025e0
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.xml
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.en\proof.xml (Modified File)
Size 1.36 KB (1394 bytes)
Hash Values MD5: 15153c4f2a05f30d0283700f557c85d2
SHA1: 49e02205a4b52d394ff129472c75f31f24be11bd
SHA256: 5135fa2425ba2cdff867dc297ca432bcaef9bf0c3755c1304e4a661767f36607
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.cab
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: 01522cc818e3cb5c1f88f0af6b71d2a9
SHA1: 89ab8491fb830a0e1f96fa654820c80e3853e31a
SHA256: 72245180f2d45a7ff7fad89fda1cd0bf4aea2bc5f1467c58b56ecb83c86c146f
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.xml
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.es\proof.xml (Modified File)
Size 1.47 KB (1506 bytes)
Hash Values MD5: 3b30045ad6c97ff866342decbf09ab28
SHA1: 4bba2d45d8bca9bc168ca55f74d02c80eaaf6828
SHA256: a44f1691b44e6bd338b74ddaad4a6be3ec62789882a1cf42a53d6a97ba611c09
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.cab
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: 0335234c7c545ba002aeb3df922f7686
SHA1: 04a74035ae437f4fc5aaad4eb15931f65853e82b
SHA256: 669e004f14ac15858414dffdc0d4002a2fc54621f1b1ce33ae0c72ff26edd29a
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.xml
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proof.fr\proof.xml (Modified File)
Size 1.47 KB (1506 bytes)
Hash Values MD5: d4ea0313aa839edf612c9ee1b33b92c5
SHA1: 54de0ac01c3d5567499e29454eedaa473ed79d93
SHA256: 882b5924b55e8ee500f7aff61a11abea43771ea12cc474a714ccfb8255ab2343
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.xml
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\proofing.xml (Modified File)
Size 0.83 KB (850 bytes)
Hash Values MD5: f570a344598fb3126736a6ed636f069d
SHA1: 8333909319182a2e880bb757ec6498650fa81889
SHA256: 1fd1b9d62a4c31ce9bbccc238b5c2968b64a6124a8c6fe1934ea7820326e0614
Actions
c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-002c-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 5.78 KB (5922 bytes)
Hash Values MD5: aad695e82a73aba6565adf1251f3bb6b
SHA1: 0d863f3a8d023547553c16663170df3dc63c2a79
SHA256: fa6379ddcc35d29cd142c0a68bc6fb0289ced7fcea8bd8328a544e7d3d5472c4
Actions
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.xml
-
File Properties
Names c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\office32mui.xml (Modified File)
Size 1.39 KB (1426 bytes)
Hash Values MD5: 5c46b16a535150be984a13005a582bb1
SHA1: ea8a7e2020fe6c3fb672596a0d13c548e6660dae
SHA256: f2f29f4820305a8e6f1d233b87212df1f9deb506b6050090b4a5cca29f7872d9
Actions
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\owow32lr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\owow32lr.cab (Modified File)
Size 2.79 MB (2928994 bytes)
Hash Values MD5: 53dff27d197fac5fec615fd204378274
SHA1: 724edbe96e984e05486c8f051f3f3cd7b4f50252
SHA256: 034a8515267cffff2909d9d2c241aa7b63d1f1b9298f5c97b928830fc4003e4c
Actions
c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0043-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 2.35 KB (2402 bytes)
Hash Values MD5: 938647548a6e4b74ea13e78465570a88
SHA1: 72117b74130db120ea4631d81f05ba317719856f
SHA256: bc8e71a789537b982077972a1d3cf2d5cf548e2c0d584e262198198d53398f23
Actions
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\inflr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\inflr.cab (Modified File)
Size 10.00 MB (10485760 bytes)
Hash Values MD5: b1942518b15f0af4b81329b96a4cd97b
SHA1: cd1bcdf2dcea0c11a73203fb61387fb5b20a33ec
SHA256: eea2e87a37f7f432cb7761a90407d1ec10abb4311e59d8361e55a214cc97e546
Actions
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.xml
-
File Properties
Names c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\infopathmui.xml (Modified File)
Size 1.24 KB (1266 bytes)
Hash Values MD5: 180f8b1fde6c589a1c9e529a8dedfb42
SHA1: 885f800cd0d0904b4dac55a6c9b840ac34ca1b09
SHA256: 614c51f1e9a2760f1f308724e5520d61749aaf8e3e282244bad26a4031e1aa47
Actions
c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0044-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 1.85 KB (1890 bytes)
Hash Values MD5: fe2c346594a0317e1cd552fbb55709fa
SHA1: e2afd9514e47e3708d68d5d7e0cb22cf348cde99
SHA256: 18d690cf2acfd0f7b7cfcd994563e5ed40e2e1fae7466a8a6b8a372205c62195
Actions
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\setup.xml
-
File Properties
Names c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\setup.xml (Modified File)
Size 6.14 KB (6290 bytes)
Hash Values MD5: f11d38f5e08ff6023b55931f8836aee0
SHA1: 728d5d4529be7a2e640df048a134f345c46b20d4
SHA256: 88745aa40fb3f942c8df5b10a58eb80f95f8fdac2afb828962b8de98949dd55c
Actions
c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiolr.cab
-
File Properties
Names c:\msocache\all users\{90140000-0054-0409-1000-0000000ff1ce}-c\visiolr.cab (Modified File)
Size 6.43 MB (6737708 bytes)
Hash Values MD5: 8a0831714fbd219ad2cc0411a7666ae3
SHA1: 3aa7f94dc84e5db74d8a202deb652c5811f18a2d
SHA256: c5ba50319cf18e9e9c71ca4c724a6ea66676c9138efe8cd2b2ce59c920c7c8f7
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image