Petya Ransomware | Files
Try VMRay Analyzer
File Information
Sample files count 2
Created files count 5
Modified files count 56
c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\start.cmd
-
File Properties
Names c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\start.cmd (Sample File)
Size 0.14 KB (145 bytes)
Hash Values MD5: 8a9942c66cb9ec993b008921a51e1119
SHA1: fb4da9eb6235ec54dbd7fd4d3606969ee96ba42b
SHA256: 79e25757fa0d9086199efe578cfbdd0ff83c1c7d63743b698e208fd262e7dd61
Actions
c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\71b6a493388e7d0b40c83ce903bc6b04.exe.dll
-
File Properties
Names c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\71b6a493388e7d0b40c83ce903bc6b04.exe.dll (Sample File)
Size 353.87 KB (362360 bytes)
Hash Values MD5: 71b6a493388e7d0b40c83ce903bc6b04
SHA1: 34f917aaba5684fbe56d3c57d48ef2a1aa7cf06d
SHA256: 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745
Actions
PE Information
+
File Properties
Image Base 0x10000000
Entry Point 0x10007d39
Size Of Code 0xbe00
Size Of Initialized Data 0x4ae00
Size Of Uninitialized Data 0x0
Format x86
Type Dll
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-06-18 09:14:36
Compiler/Packer Unknown
Sections (5)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x10001000 0xbd63 0xbe00 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.55
.rdata 0x1000d000 0x8546 0x8600 0xc200 CNT_INITIALIZED_DATA, MEM_READ 6.99
.data 0x10016000 0x9b4a 0x5200 0x14800 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 5.43
.rsrc 0x10020000 0x3c738 0x3c800 0x19a00 CNT_INITIALIZED_DATA, MEM_READ 8.0
.reloc 0x1005d000 0xc02 0xe00 0x56200 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 4.77
Imports (165)
+
KERNEL32.dll (82)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ConnectNamedPipe 0x0 0x1000d09c 0x147a4 0x139a4
GetModuleHandleW 0x0 0x1000d0a0 0x147a8 0x139a8
CreateNamedPipeW 0x0 0x1000d0a4 0x147ac 0x139ac
TerminateThread 0x0 0x1000d0a8 0x147b0 0x139b0
DisconnectNamedPipe 0x0 0x1000d0ac 0x147b4 0x139b4
FlushFileBuffers 0x0 0x1000d0b0 0x147b8 0x139b8
GetTempPathW 0x0 0x1000d0b4 0x147bc 0x139bc
GetProcAddress 0x0 0x1000d0b8 0x147c0 0x139c0
DeleteFileW 0x0 0x1000d0bc 0x147c4 0x139c4
FreeLibrary 0x0 0x1000d0c0 0x147c8 0x139c8
GlobalAlloc 0x0 0x1000d0c4 0x147cc 0x139cc
LoadLibraryW 0x0 0x1000d0c8 0x147d0 0x139d0
GetComputerNameExW 0x0 0x1000d0cc 0x147d4 0x139d4
GlobalFree 0x0 0x1000d0d0 0x147d8 0x139d8
ExitProcess 0x0 0x1000d0d4 0x147dc 0x139dc
GetVersionExW 0x0 0x1000d0d8 0x147e0 0x139e0
GetModuleFileNameW 0x0 0x1000d0dc 0x147e4 0x139e4
DisableThreadLibraryCalls 0x0 0x1000d0e0 0x147e8 0x139e8
ResumeThread 0x0 0x1000d0e4 0x147ec 0x139ec
GetEnvironmentVariableW 0x0 0x1000d0e8 0x147f0 0x139f0
GetFileSize 0x0 0x1000d0ec 0x147f4 0x139f4
SetFilePointer 0x0 0x1000d0f0 0x147f8 0x139f8
SetLastError 0x0 0x1000d0f4 0x147fc 0x139fc
LoadResource 0x0 0x1000d0f8 0x14800 0x13a00
GetCurrentThread 0x0 0x1000d0fc 0x14804 0x13a04
OpenProcess 0x0 0x1000d100 0x14808 0x13a08
GetSystemDirectoryW 0x0 0x1000d104 0x1480c 0x13a0c
SizeofResource 0x0 0x1000d108 0x14810 0x13a10
GetLocalTime 0x0 0x1000d10c 0x14814 0x13a14
Process32FirstW 0x0 0x1000d110 0x14818 0x13a18
LockResource 0x0 0x1000d114 0x1481c 0x13a1c
Process32NextW 0x0 0x1000d118 0x14820 0x13a20
GetModuleHandleA 0x0 0x1000d11c 0x14824 0x13a24
lstrcatW 0x0 0x1000d120 0x14828 0x13a28
CreateToolhelp32Snapshot 0x0 0x1000d124 0x1482c 0x13a2c
GetCurrentProcess 0x0 0x1000d128 0x14830 0x13a30
VirtualFree 0x0 0x1000d12c 0x14834 0x13a34
VirtualAlloc 0x0 0x1000d130 0x14838 0x13a38
LoadLibraryA 0x0 0x1000d134 0x1483c 0x13a3c
VirtualProtect 0x0 0x1000d138 0x14840 0x13a40
WideCharToMultiByte 0x0 0x1000d13c 0x14844 0x13a44
GetExitCodeProcess 0x0 0x1000d140 0x14848 0x13a48
WaitForMultipleObjects 0x0 0x1000d144 0x1484c 0x13a4c
CreateProcessW 0x0 0x1000d148 0x14850 0x13a50
PeekNamedPipe 0x0 0x1000d14c 0x14854 0x13a54
GetTempFileNameW 0x0 0x1000d150 0x14858 0x13a58
InterlockedExchange 0x0 0x1000d154 0x1485c 0x13a5c
LeaveCriticalSection 0x0 0x1000d158 0x14860 0x13a60
MultiByteToWideChar 0x0 0x1000d15c 0x14864 0x13a64
CreateFileA 0x0 0x1000d160 0x14868 0x13a68
GetTickCount 0x0 0x1000d164 0x1486c 0x13a6c
CreateThread 0x0 0x1000d168 0x14870 0x13a70
LocalFree 0x0 0x1000d16c 0x14874 0x13a74
FindNextFileW 0x0 0x1000d170 0x14878 0x13a78
CreateFileMappingW 0x0 0x1000d174 0x1487c 0x13a7c
LocalAlloc 0x0 0x1000d178 0x14880 0x13a80
FindClose 0x0 0x1000d17c 0x14884 0x13a84
GetFileSizeEx 0x0 0x1000d180 0x14888 0x13a88
CreateFileW 0x0 0x1000d184 0x1488c 0x13a8c
Sleep 0x0 0x1000d188 0x14890 0x13a90
FlushViewOfFile 0x0 0x1000d18c 0x14894 0x13a94
GetLogicalDrives 0x0 0x1000d190 0x14898 0x13a98
WaitForSingleObject 0x0 0x1000d194 0x1489c 0x13a9c
GetDriveTypeW 0x0 0x1000d198 0x148a0 0x13aa0
UnmapViewOfFile 0x0 0x1000d19c 0x148a4 0x13aa4
MapViewOfFile 0x0 0x1000d1a0 0x148a8 0x13aa8
FindFirstFileW 0x0 0x1000d1a4 0x148ac 0x13aac
CloseHandle 0x0 0x1000d1a8 0x148b0 0x13ab0
DeviceIoControl 0x0 0x1000d1ac 0x148b4 0x13ab4
GetLastError 0x0 0x1000d1b0 0x148b8 0x13ab8
GetSystemDirectoryA 0x0 0x1000d1b4 0x148bc 0x13abc
ReadFile 0x0 0x1000d1b8 0x148c0 0x13ac0
WriteFile 0x0 0x1000d1bc 0x148c4 0x13ac4
GetProcessHeap 0x0 0x1000d1c0 0x148c8 0x13ac8
InitializeCriticalSection 0x0 0x1000d1c4 0x148cc 0x13acc
HeapReAlloc 0x0 0x1000d1c8 0x148d0 0x13ad0
GetWindowsDirectoryW 0x0 0x1000d1cc 0x148d4 0x13ad4
EnterCriticalSection 0x0 0x1000d1d0 0x148d8 0x13ad8
HeapFree 0x0 0x1000d1d4 0x148dc 0x13adc
SetFilePointerEx 0x0 0x1000d1d8 0x148e0 0x13ae0
HeapAlloc 0x0 0x1000d1dc 0x148e4 0x13ae4
FindResourceW 0x0 0x1000d1e0 0x148e8 0x13ae8
USER32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
ExitWindowsEx 0x0 0x1000d250 0x14958 0x13b58
wsprintfA 0x0 0x1000d254 0x1495c 0x13b5c
wsprintfW 0x0 0x1000d258 0x14960 0x13b60
ADVAPI32.dll (26)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptGenRandom 0x0 0x1000d000 0x14708 0x13908
CryptAcquireContextA 0x0 0x1000d004 0x1470c 0x1390c
CryptExportKey 0x0 0x1000d008 0x14710 0x13910
CryptAcquireContextW 0x0 0x1000d00c 0x14714 0x13914
CreateProcessAsUserW 0x0 0x1000d010 0x14718 0x13918
InitiateSystemShutdownExW 0x0 0x1000d014 0x1471c 0x1391c
DuplicateTokenEx 0x0 0x1000d018 0x14720 0x13920
SetTokenInformation 0x0 0x1000d01c 0x14724 0x13924
GetTokenInformation 0x0 0x1000d020 0x14728 0x13928
GetSidSubAuthorityCount 0x0 0x1000d024 0x1472c 0x1392c
OpenThreadToken 0x0 0x1000d028 0x14730 0x13930
GetSidSubAuthority 0x0 0x1000d02c 0x14734 0x13934
AdjustTokenPrivileges 0x0 0x1000d030 0x14738 0x13938
LookupPrivilegeValueW 0x0 0x1000d034 0x1473c 0x1393c
OpenProcessToken 0x0 0x1000d038 0x14740 0x13940
SetThreadToken 0x0 0x1000d03c 0x14744 0x13944
CredEnumerateW 0x0 0x1000d040 0x14748 0x13948
CredFree 0x0 0x1000d044 0x1474c 0x1394c
SetSecurityDescriptorDacl 0x0 0x1000d048 0x14750 0x13950
InitializeSecurityDescriptor 0x0 0x1000d04c 0x14754 0x13954
CryptDestroyKey 0x0 0x1000d050 0x14758 0x13958
CryptGenKey 0x0 0x1000d054 0x1475c 0x1395c
CryptEncrypt 0x0 0x1000d058 0x14760 0x13960
CryptImportKey 0x0 0x1000d05c 0x14764 0x13964
CryptSetKeyParam 0x0 0x1000d060 0x14768 0x13968
CryptReleaseContext 0x0 0x1000d064 0x1476c 0x1396c
SHELL32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CommandLineToArgvW 0x0 0x1000d210 0x14918 0x13b18
SHGetFolderPathW 0x0 0x1000d214 0x1491c 0x13b1c
ole32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CoCreateGuid 0x0 0x1000d2b8 0x149c0 0x13bc0
CoTaskMemFree 0x0 0x1000d2bc 0x149c4 0x13bc4
StringFromCLSID 0x0 0x1000d2c0 0x149c8 0x13bc8
CRYPT32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
CryptStringToBinaryW 0x0 0x1000d06c 0x14774 0x13974
CryptBinaryToStringW 0x0 0x1000d070 0x14778 0x13978
CryptDecodeObjectEx 0x0 0x1000d074 0x1477c 0x1397c
SHLWAPI.dll (12)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PathAppendW 0x0 0x1000d21c 0x14924 0x13b24
StrToIntW 0x0 0x1000d220 0x14928 0x13b28
PathFindFileNameW 0x0 0x1000d224 0x1492c 0x13b2c
PathFileExistsW 0x0 0x1000d228 0x14930 0x13b30
StrCmpW 0x0 0x1000d22c 0x14934 0x13b34
StrCmpIW 0x0 0x1000d230 0x14938 0x13b38
StrChrW 0x0 0x1000d234 0x1493c 0x13b3c
StrCatW 0x0 0x1000d238 0x14940 0x13b40
StrStrW 0x0 0x1000d23c 0x14944 0x13b44
PathFindExtensionW 0x0 0x1000d240 0x14948 0x13b48
PathCombineW 0x0 0x1000d244 0x1494c 0x13b4c
StrStrIW 0x0 0x1000d248 0x14950 0x13b50
IPHLPAPI.DLL (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetIpNetTable 0x0 0x1000d090 0x14798 0x13998
GetAdaptersInfo 0x0 0x1000d094 0x1479c 0x1399c
WS2_32.dll (14)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
inet_ntoa 0xc 0x1000d260 0x14968 0x13b68
gethostbyname 0x34 0x1000d264 0x1496c 0x13b6c
__WSAFDIsSet 0x97 0x1000d268 0x14970 0x13b70
ntohl 0xe 0x1000d26c 0x14974 0x13b74
ioctlsocket 0xa 0x1000d270 0x14978 0x13b78
connect 0x4 0x1000d274 0x1497c 0x13b7c
inet_addr 0xb 0x1000d278 0x14980 0x13b80
select 0x12 0x1000d27c 0x14984 0x13b84
recv 0x10 0x1000d280 0x14988 0x13b88
send 0x13 0x1000d284 0x1498c 0x13b8c
htons 0x9 0x1000d288 0x14990 0x13b90
closesocket 0x3 0x1000d28c 0x14994 0x13b94
socket 0x17 0x1000d290 0x14998 0x13b98
WSAStartup 0x73 0x1000d294 0x1499c 0x13b9c
MPR.dll (5)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetOpenEnumW 0x0 0x1000d1e8 0x148f0 0x13af0
WNetEnumResourceW 0x0 0x1000d1ec 0x148f4 0x13af4
WNetCancelConnection2W 0x0 0x1000d1f0 0x148f8 0x13af8
WNetAddConnection2W 0x0 0x1000d1f4 0x148fc 0x13afc
WNetCloseEnum 0x0 0x1000d1f8 0x14900 0x13b00
NETAPI32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NetServerEnum 0x0 0x1000d200 0x14908 0x13b08
NetApiBufferFree 0x0 0x1000d204 0x1490c 0x13b0c
NetServerGetInfo 0x0 0x1000d208 0x14910 0x13b10
DHCPSAPI.DLL (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
DhcpEnumSubnetClients 0x0 0x1000d07c 0x14784 0x13984
DhcpRpcFreeMemory 0x0 0x1000d080 0x14788 0x13988
DhcpGetSubnetInfo 0x0 0x1000d084 0x1478c 0x1398c
DhcpEnumSubnets 0x0 0x1000d088 0x14790 0x13990
msvcrt.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
malloc 0x0 0x1000d29c 0x149a4 0x13ba4
_itoa 0x0 0x1000d2a0 0x149a8 0x13ba8
free 0x0 0x1000d2a4 0x149ac 0x13bac
memset 0x0 0x1000d2a8 0x149b0 0x13bb0
rand 0x0 0x1000d2ac 0x149b4 0x13bb4
memcpy 0x0 0x1000d2b0 0x149b8 0x13bb8
Digital Signatures (1)
+
Signature Properties
Signature verification True
Certificate: Microsoft Corporation
+
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2009-12-07 22:40
Valid to 2011-03-07 22:40
Algorithm SHA-1 with RSA Encryption
Serial number 61 01 CF 3E 00 00 00 00 00 0F
Issuer Certificate: Microsoft Code Signing PCA
+
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2007-08-22 22:31
Valid to 2012-08-25 07:00
Algorithm 1, 3, 14, 3, 2, 29
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
Digital Countersignatures (1)
+
Signature Properties
Signature verification True
Certificate: Microsoft Time-Stamp Service
+
Certificate Properties
Issued by Microsoft Timestamping PCA
Valid from 2008-07-25 19:01
Valid to 2013-07-25 19:11
Algorithm SHA-1 with RSA Encryption
Serial number 61 05 A2 30 00 00 00 00 00 08
Issuer Certificate: Microsoft Timestamping PCA
+
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2006-09-16 01:04
Valid to 2019-09-15 07:00
Algorithm SHA-1 with RSA Encryption
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\71b6a493388e7d0b40c83ce903bc6b04.exe.dll
-
File Properties
Names c:\users\dssdpmx042\desktop\027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745\71b6a493388e7d0b40c83ce903bc6b04.exe.dll (Modified File)
Size 353.87 KB (362360 bytes)
Hash Values MD5: 9a7ffe65e0912f9379ba6e8e0b079fde
SHA1: 532bea84179e2336caed26e31805ceaa7eec53dd
SHA256: 4b336c3cc9b6c691fe581077e3dd9ea7df3bf48f79e35b05cf87e079ec8e0651
Actions
c:\users\dssdpm~1\appdata\local\temp\20b9.tmp
-
File Properties
Names c:\users\dssdpm~1\appdata\local\temp\20b9.tmp (Created File)
Size 0.00 KB (0 bytes)
Hash Values MD5: d41d8cd98f00b204e9800998ecf8427e
SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
c:\users\dssdpm~1\appdata\local\temp\20b9.tmp
-
File Properties
Names c:\users\dssdpm~1\appdata\local\temp\20b9.tmp (Created File)
Size 46.50 KB (47616 bytes)
Hash Values MD5: 2813d34f6197eb4df42c886ec7f234a1
SHA1: 56c03d8e43f50568741704aee482704a4f5005ad
SHA256: eae9771e2eeb7ea3c6059485da39e77b8c0c369232f01334954fbac1c186c998
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x403b6c
Size Of Code 0x7000
Size Of Initialized Data 0x5600
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2017-06-06 15:31:37
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x6f2a 0x7000 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.54
.rdata 0x408000 0x27a0 0x2800 0x7400 CNT_INITIALIZED_DATA, MEM_READ 4.81
.data 0x40b000 0x1fd8 0x1000 0x9c00 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 2.66
.reloc 0x40d000 0xd7e 0xe00 0xac00 CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ 5.14
Imports (84)
+
ADVAPI32.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InitializeSecurityDescriptor 0x0 0x408000 0x9fcc 0x93cc
SetSecurityDescriptorDacl 0x0 0x408004 0x9fd0 0x93d0
IsTextUnicode 0x0 0x408008 0x9fd4 0x93d4
SHLWAPI.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
StrChrW 0x0 0x40812c 0xa0f8 0x94f8
StrCmpIW 0x0 0x408130 0xa0fc 0x94fc
USER32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
IsCharAlphaNumericW 0x0 0x408138 0xa104 0x9504
wsprintfW 0x0 0x40813c 0xa108 0x9508
ntdll.dll (7)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NtQuerySystemInformation 0x0 0x408144 0xa110 0x9510
RtlEqualUnicodeString 0x0 0x408148 0xa114 0x9514
RtlGetNtVersionNumbers 0x0 0x40814c 0xa118 0x9518
RtlGetCurrentPeb 0x0 0x408150 0xa11c 0x951c
NtQueryInformationProcess 0x0 0x408154 0xa120 0x9520
RtlAdjustPrivilege 0x0 0x408158 0xa124 0x9524
RtlInitUnicodeString 0x0 0x40815c 0xa128 0x9528
KERNEL32.dll (70)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
HeapSize 0x0 0x408010 0x9fdc 0x93dc
HeapReAlloc 0x0 0x408014 0x9fe0 0x93e0
IsProcessorFeaturePresent 0x0 0x408018 0x9fe4 0x93e4
RtlUnwind 0x0 0x40801c 0x9fe8 0x93e8
LoadLibraryW 0x0 0x408020 0x9fec 0x93ec
HeapFree 0x0 0x408024 0x9ff0 0x93f0
EnterCriticalSection 0x0 0x408028 0x9ff4 0x93f4
GetModuleHandleW 0x0 0x40802c 0x9ff8 0x93f8
GetProcAddress 0x0 0x408030 0x9ffc 0x93fc
DeviceIoControl 0x0 0x408034 0xa000 0x9400
LocalFree 0x0 0x408038 0xa004 0x9404
SetFilePointer 0x0 0x40803c 0xa008 0x9408
ReadProcessMemory 0x0 0x408040 0xa00c 0x940c
WriteProcessMemory 0x0 0x408044 0xa010 0x9410
MapViewOfFile 0x0 0x408048 0xa014 0x9414
UnmapViewOfFile 0x0 0x40804c 0xa018 0x9418
CreateFileMappingW 0x0 0x408050 0xa01c 0x941c
CloseHandle 0x0 0x408054 0xa020 0x9420
GetCurrentProcess 0x0 0x408058 0xa024 0x9424
HeapAlloc 0x0 0x40805c 0xa028 0x9428
GetProcessHeap 0x0 0x408060 0xa02c 0x942c
WaitNamedPipeW 0x0 0x408064 0xa030 0x9430
Sleep 0x0 0x408068 0xa034 0x9434
CreateFileW 0x0 0x40806c 0xa038 0x9438
FreeLibrary 0x0 0x408070 0xa03c 0x943c
GetComputerNameW 0x0 0x408074 0xa040 0x9440
OpenProcess 0x0 0x408078 0xa044 0x9444
IsWow64Process 0x0 0x40807c 0xa048 0x9448
GetCommandLineW 0x0 0x408080 0xa04c 0x944c
HeapSetInformation 0x0 0x408084 0xa050 0x9450
GetCPInfo 0x0 0x408088 0xa054 0x9454
InterlockedIncrement 0x0 0x40808c 0xa058 0x9458
InterlockedDecrement 0x0 0x408090 0xa05c 0x945c
GetACP 0x0 0x408094 0xa060 0x9460
GetOEMCP 0x0 0x408098 0xa064 0x9464
IsValidCodePage 0x0 0x40809c 0xa068 0x9468
EncodePointer 0x0 0x4080a0 0xa06c 0x946c
TlsAlloc 0x0 0x4080a4 0xa070 0x9470
TlsGetValue 0x0 0x4080a8 0xa074 0x9474
TlsSetValue 0x0 0x4080ac 0xa078 0x9478
DecodePointer 0x0 0x4080b0 0xa07c 0x947c
TlsFree 0x0 0x4080b4 0xa080 0x9480
SetLastError 0x0 0x4080b8 0xa084 0x9484
GetCurrentThreadId 0x0 0x4080bc 0xa088 0x9488
GetLastError 0x0 0x4080c0 0xa08c 0x948c
UnhandledExceptionFilter 0x0 0x4080c4 0xa090 0x9490
SetUnhandledExceptionFilter 0x0 0x4080c8 0xa094 0x9494
IsDebuggerPresent 0x0 0x4080cc 0xa098 0x9498
TerminateProcess 0x0 0x4080d0 0xa09c 0x949c
ExitProcess 0x0 0x4080d4 0xa0a0 0x94a0
WriteFile 0x0 0x4080d8 0xa0a4 0x94a4
GetStdHandle 0x0 0x4080dc 0xa0a8 0x94a8
GetModuleFileNameW 0x0 0x4080e0 0xa0ac 0x94ac
FreeEnvironmentStringsW 0x0 0x4080e4 0xa0b0 0x94b0
GetEnvironmentStringsW 0x0 0x4080e8 0xa0b4 0x94b4
SetHandleCount 0x0 0x4080ec 0xa0b8 0x94b8
InitializeCriticalSectionAndSpinCount 0x0 0x4080f0 0xa0bc 0x94bc
GetFileType 0x0 0x4080f4 0xa0c0 0x94c0
GetStartupInfoW 0x0 0x4080f8 0xa0c4 0x94c4
DeleteCriticalSection 0x0 0x4080fc 0xa0c8 0x94c8
HeapCreate 0x0 0x408100 0xa0cc 0x94cc
QueryPerformanceCounter 0x0 0x408104 0xa0d0 0x94d0
GetTickCount 0x0 0x408108 0xa0d4 0x94d4
GetCurrentProcessId 0x0 0x40810c 0xa0d8 0x94d8
GetSystemTimeAsFileTime 0x0 0x408110 0xa0dc 0x94dc
WideCharToMultiByte 0x0 0x408114 0xa0e0 0x94e0
LCMapStringW 0x0 0x408118 0xa0e4 0x94e4
MultiByteToWideChar 0x0 0x40811c 0xa0e8 0x94e8
GetStringTypeW 0x0 0x408120 0xa0ec 0x94ec
LeaveCriticalSection 0x0 0x408124 0xa0f0 0x94f0
c:\users\dssdpm~1\appdata\local\temp\20b9.tmp
-
File Properties
Names c:\users\dssdpm~1\appdata\local\temp\20b9.tmp (Created File)
Size 46.50 KB (47616 bytes)
Hash Values MD5: 5733d78651a308b8dfacb41a7ec2b99a
SHA1: 98f9ade6d75c887d06b0343b506aebd948a61818
SHA256: 41cb22109da26a6ff5464d6915db81c1c60f9e0808d8dbd63df1550b86372165
Actions
c:\windows\dllhost.dat
-
File Properties
Names c:\windows\dllhost.dat (Created File)
Size 372.87 KB (381816 bytes)
Hash Values MD5: aeee996fd3484f28e5cd85fe26b6bdcd
SHA1: cd23b7c9e0edef184930bc8e0ca2264f0608bcb3
SHA256: f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5
Actions
PE Information
+
File Properties
Image Base 0x400000
Entry Point 0x408a55
Size Of Code 0x24800
Size Of Initialized Data 0x37000
Size Of Uninitialized Data 0x0
Format x86
Type Executable
Subsystem IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type IMAGE_FILE_MACHINE_I386
Compile Timestamp 2010-04-27 02:23:59
Compiler/Packer Unknown
Sections (4)
+
Name Virtual Address Virtual Size Raw Data Size Raw Data Offset Flags Entropy
.text 0x401000 0x2477a 0x24800 0x400 CNT_CODE, MEM_EXECUTE, MEM_READ 6.57
.rdata 0x426000 0x85de 0x8600 0x24c00 CNT_INITIALIZED_DATA, MEM_READ 5.32
.data 0x42f000 0x2d6e4 0x2000 0x2d200 CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE 1.5
.rsrc 0x45d000 0x2c8d8 0x2ca00 0x2f200 CNT_INITIALIZED_DATA, MEM_READ 6.59
Imports (190)
+
VERSION.dll (3)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetFileVersionInfoW 0x0 0x4262f8 0x2d804 0x2c404
GetFileVersionInfoSizeW 0x0 0x4262fc 0x2d808 0x2c408
VerQueryValueW 0x0 0x426300 0x2d80c 0x2c40c
NETAPI32.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
NetApiBufferFree 0x0 0x4262c4 0x2d7d0 0x2c3d0
NetServerEnum 0x0 0x4262c8 0x2d7d4 0x2c3d4
WS2_32.dll (4)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WSAStartup 0x73 0x426308 0x2d814 0x2c414
gethostname 0x39 0x42630c 0x2d818 0x2c418
inet_ntoa 0xc 0x426310 0x2d81c 0x2c41c
gethostbyname 0x34 0x426314 0x2d820 0x2c420
MPR.dll (2)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
WNetAddConnection2W 0x0 0x4262b8 0x2d7c4 0x2c3c4
WNetCancelConnection2W 0x0 0x4262bc 0x2d7c8 0x2c3c8
KERNEL32.dll (128)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetModuleFileNameW 0x0 0x4260b4 0x2d5c0 0x2c1c0
SetEvent 0x0 0x4260b8 0x2d5c4 0x2c1c4
ConnectNamedPipe 0x0 0x4260bc 0x2d5c8 0x2c1c8
GetFileAttributesW 0x0 0x4260c0 0x2d5cc 0x2c1cc
DisconnectNamedPipe 0x0 0x4260c4 0x2d5d0 0x2c1d0
ReadConsoleW 0x0 0x4260c8 0x2d5d4 0x2c1d4
ReadFile 0x0 0x4260cc 0x2d5d8 0x2c1d8
GetFileTime 0x0 0x4260d0 0x2d5dc 0x2c1dc
WaitNamedPipeW 0x0 0x4260d4 0x2d5e0 0x2c1e0
SetFileAttributesW 0x0 0x4260d8 0x2d5e4 0x2c1e4
CopyFileW 0x0 0x4260dc 0x2d5e8 0x2c1e8
WaitForMultipleObjects 0x0 0x4260e0 0x2d5ec 0x2c1ec
SetConsoleTitleW 0x0 0x4260e4 0x2d5f0 0x2c1f0
DuplicateHandle 0x0 0x4260e8 0x2d5f4 0x2c1f4
GetCurrentProcessId 0x0 0x4260ec 0x2d5f8 0x2c1f8
TransactNamedPipe 0x0 0x4260f0 0x2d5fc 0x2c1fc
SetNamedPipeHandleState 0x0 0x4260f4 0x2d600 0x2c200
GetVersion 0x0 0x4260f8 0x2d604 0x2c204
CreateEventW 0x0 0x4260fc 0x2d608 0x2c208
GetExitCodeProcess 0x0 0x426100 0x2d60c 0x2c20c
ResumeThread 0x0 0x426104 0x2d610 0x2c210
SetProcessAffinityMask 0x0 0x426108 0x2d614 0x2c214
GetEnvironmentVariableW 0x0 0x42610c 0x2d618 0x2c218
GetFullPathNameW 0x0 0x426110 0x2d61c 0x2c21c
GetUserDefaultLCID 0x0 0x426114 0x2d620 0x2c220
GetDateFormatA 0x0 0x426118 0x2d624 0x2c224
GetTimeFormatA 0x0 0x42611c 0x2d628 0x2c228
GetStringTypeA 0x0 0x426120 0x2d62c 0x2c22c
SetFilePointer 0x0 0x426124 0x2d630 0x2c230
GetSystemTimeAsFileTime 0x0 0x426128 0x2d634 0x2c234
QueryPerformanceCounter 0x0 0x42612c 0x2d638 0x2c238
GetEnvironmentStringsW 0x0 0x426130 0x2d63c 0x2c23c
FreeEnvironmentStringsW 0x0 0x426134 0x2d640 0x2c240
LCMapStringW 0x0 0x426138 0x2d644 0x2c244
LoadResource 0x0 0x42613c 0x2d648 0x2c248
GetCurrentProcess 0x0 0x426140 0x2d64c 0x2c24c
MultiByteToWideChar 0x0 0x426144 0x2d650 0x2c250
WaitForSingleObject 0x0 0x426148 0x2d654 0x2c254
GetComputerNameW 0x0 0x42614c 0x2d658 0x2c258
GetSystemDirectoryW 0x0 0x426150 0x2d65c 0x2c25c
DeleteFileW 0x0 0x426154 0x2d660 0x2c260
FindResourceW 0x0 0x426158 0x2d664 0x2c264
SizeofResource 0x0 0x42615c 0x2d668 0x2c268
LockResource 0x0 0x426160 0x2d66c 0x2c26c
GetConsoleScreenBufferInfo 0x0 0x426164 0x2d670 0x2c270
LoadLibraryExW 0x0 0x426168 0x2d674 0x2c274
FormatMessageA 0x0 0x42616c 0x2d678 0x2c278
GetStdHandle 0x0 0x426170 0x2d67c 0x2c27c
WriteFile 0x0 0x426174 0x2d680 0x2c280
FreeLibrary 0x0 0x426178 0x2d684 0x2c284
CreateFileW 0x0 0x42617c 0x2d688 0x2c288
CloseHandle 0x0 0x426180 0x2d68c 0x2c28c
GetTickCount 0x0 0x426184 0x2d690 0x2c290
SetEnvironmentVariableA 0x0 0x426188 0x2d694 0x2c294
Sleep 0x0 0x42618c 0x2d698 0x2c298
SetLastError 0x0 0x426190 0x2d69c 0x2c29c
GetLastError 0x0 0x426194 0x2d6a0 0x2c2a0
GetCommandLineW 0x0 0x426198 0x2d6a4 0x2c2a4
LocalAlloc 0x0 0x42619c 0x2d6a8 0x2c2a8
GetModuleHandleW 0x0 0x4261a0 0x2d6ac 0x2c2ac
LocalFree 0x0 0x4261a4 0x2d6b0 0x2c2b0
SetPriorityClass 0x0 0x4261a8 0x2d6b4 0x2c2b4
LoadLibraryW 0x0 0x4261ac 0x2d6b8 0x2c2b8
GetProcAddress 0x0 0x4261b0 0x2d6bc 0x2c2bc
GetLocaleInfoA 0x0 0x4261b4 0x2d6c0 0x2c2c0
EnumSystemLocalesA 0x0 0x4261b8 0x2d6c4 0x2c2c4
IsValidLocale 0x0 0x4261bc 0x2d6c8 0x2c2c8
SetStdHandle 0x0 0x4261c0 0x2d6cc 0x2c2cc
WriteConsoleA 0x0 0x4261c4 0x2d6d0 0x2c2d0
GetConsoleOutputCP 0x0 0x4261c8 0x2d6d4 0x2c2d4
WriteConsoleW 0x0 0x4261cc 0x2d6d8 0x2c2d8
HeapSize 0x0 0x4261d0 0x2d6dc 0x2c2dc
GetLocaleInfoW 0x0 0x4261d4 0x2d6e0 0x2c2e0
GetTimeZoneInformation 0x0 0x4261d8 0x2d6e4 0x2c2e4
SetEndOfFile 0x0 0x4261dc 0x2d6e8 0x2c2e8
GetProcessHeap 0x0 0x4261e0 0x2d6ec 0x2c2ec
CompareStringA 0x0 0x4261e4 0x2d6f0 0x2c2f0
CompareStringW 0x0 0x4261e8 0x2d6f4 0x2c2f4
SetConsoleCtrlHandler 0x0 0x4261ec 0x2d6f8 0x2c2f8
HeapAlloc 0x0 0x4261f0 0x2d6fc 0x2c2fc
HeapFree 0x0 0x4261f4 0x2d700 0x2c300
EnterCriticalSection 0x0 0x4261f8 0x2d704 0x2c304
LeaveCriticalSection 0x0 0x4261fc 0x2d708 0x2c308
ExitThread 0x0 0x426200 0x2d70c 0x2c30c
GetCurrentThreadId 0x0 0x426204 0x2d710 0x2c310
CreateThread 0x0 0x426208 0x2d714 0x2c314
ReadConsoleInputA 0x0 0x42620c 0x2d718 0x2c318
SetConsoleMode 0x0 0x426210 0x2d71c 0x2c31c
GetConsoleMode 0x0 0x426214 0x2d720 0x2c320
PeekConsoleInputA 0x0 0x426218 0x2d724 0x2c324
GetNumberOfConsoleInputEvents 0x0 0x42621c 0x2d728 0x2c328
ExitProcess 0x0 0x426220 0x2d72c 0x2c32c
DeleteCriticalSection 0x0 0x426224 0x2d730 0x2c330
FatalAppExitA 0x0 0x426228 0x2d734 0x2c334
VirtualFree 0x0 0x42622c 0x2d738 0x2c338
VirtualAlloc 0x0 0x426230 0x2d73c 0x2c33c
HeapReAlloc 0x0 0x426234 0x2d740 0x2c340
HeapCreate 0x0 0x426238 0x2d744 0x2c344
HeapDestroy 0x0 0x42623c 0x2d748 0x2c348
GetModuleFileNameA 0x0 0x426240 0x2d74c 0x2c34c
TerminateProcess 0x0 0x426244 0x2d750 0x2c350
UnhandledExceptionFilter 0x0 0x426248 0x2d754 0x2c354
SetUnhandledExceptionFilter 0x0 0x42624c 0x2d758 0x2c358
IsDebuggerPresent 0x0 0x426250 0x2d75c 0x2c35c
GetCPInfo 0x0 0x426254 0x2d760 0x2c360
InterlockedIncrement 0x0 0x426258 0x2d764 0x2c364
InterlockedDecrement 0x0 0x42625c 0x2d768 0x2c368
GetACP 0x0 0x426260 0x2d76c 0x2c36c
GetOEMCP 0x0 0x426264 0x2d770 0x2c370
IsValidCodePage 0x0 0x426268 0x2d774 0x2c374
TlsGetValue 0x0 0x42626c 0x2d778 0x2c378
TlsAlloc 0x0 0x426270 0x2d77c 0x2c37c
TlsSetValue 0x0 0x426274 0x2d780 0x2c380
TlsFree 0x0 0x426278 0x2d784 0x2c384
GetCurrentThread 0x0 0x42627c 0x2d788 0x2c388
SetHandleCount 0x0 0x426280 0x2d78c 0x2c38c
GetFileType 0x0 0x426284 0x2d790 0x2c390
GetStartupInfoA 0x0 0x426288 0x2d794 0x2c394
WideCharToMultiByte 0x0 0x42628c 0x2d798 0x2c398
GetConsoleCP 0x0 0x426290 0x2d79c 0x2c39c
RtlUnwind 0x0 0x426294 0x2d7a0 0x2c3a0
CreateFileA 0x0 0x426298 0x2d7a4 0x2c3a4
FlushFileBuffers 0x0 0x42629c 0x2d7a8 0x2c3a8
InterlockedExchange 0x0 0x4262a0 0x2d7ac 0x2c3ac
LoadLibraryA 0x0 0x4262a4 0x2d7b0 0x2c3b0
InitializeCriticalSectionAndSpinCount 0x0 0x4262a8 0x2d7b4 0x2c3b4
GetStringTypeW 0x0 0x4262ac 0x2d7b8 0x2c3b8
LCMapStringA 0x0 0x4262b0 0x2d7bc 0x2c3bc
USER32.dll (9)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
LoadCursorW 0x0 0x4262d0 0x2d7dc 0x2c3dc
SetCursor 0x0 0x4262d4 0x2d7e0 0x2c3e0
SetWindowTextW 0x0 0x4262d8 0x2d7e4 0x2c3e4
SendMessageW 0x0 0x4262dc 0x2d7e8 0x2c3e8
EndDialog 0x0 0x4262e0 0x2d7ec 0x2c3ec
GetSysColorBrush 0x0 0x4262e4 0x2d7f0 0x2c3f0
GetDlgItem 0x0 0x4262e8 0x2d7f4 0x2c3f4
DialogBoxIndirectParamW 0x0 0x4262ec 0x2d7f8 0x2c3f8
InflateRect 0x0 0x4262f0 0x2d7fc 0x2c3fc
GDI32.dll (6)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
GetDeviceCaps 0x0 0x426098 0x2d5a4 0x2c1a4
SetMapMode 0x0 0x42609c 0x2d5a8 0x2c1a8
StartDocW 0x0 0x4260a0 0x2d5ac 0x2c1ac
StartPage 0x0 0x4260a4 0x2d5b0 0x2c1b0
EndPage 0x0 0x4260a8 0x2d5b4 0x2c1b4
EndDoc 0x0 0x4260ac 0x2d5b8 0x2c1b8
COMDLG32.dll (1)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
PrintDlgW 0x0 0x426090 0x2d59c 0x2c19c
ADVAPI32.dll (35)
+
API Name Ordinal IAT Address Thunk RVA Thunk Offset
InitializeAcl 0x0 0x426000 0x2d50c 0x2c10c
CreateProcessAsUserW 0x0 0x426004 0x2d510 0x2c110
OpenProcessToken 0x0 0x426008 0x2d514 0x2c114
AdjustTokenPrivileges 0x0 0x42600c 0x2d518 0x2c118
LogonUserW 0x0 0x426010 0x2d51c 0x2c11c
ImpersonateLoggedOnUser 0x0 0x426014 0x2d520 0x2c120
RegConnectRegistryW 0x0 0x426018 0x2d524 0x2c124
RevertToSelf 0x0 0x42601c 0x2d528 0x2c128
DeleteService 0x0 0x426020 0x2d52c 0x2c12c
ControlService 0x0 0x426024 0x2d530 0x2c130
OpenSCManagerW 0x0 0x426028 0x2d534 0x2c134
OpenServiceW 0x0 0x42602c 0x2d538 0x2c138
StartServiceW 0x0 0x426030 0x2d53c 0x2c13c
QueryServiceStatus 0x0 0x426034 0x2d540 0x2c140
CreateServiceW 0x0 0x426038 0x2d544 0x2c144
CloseServiceHandle 0x0 0x42603c 0x2d548 0x2c148
RegCreateKeyW 0x0 0x426040 0x2d54c 0x2c14c
RegQueryValueExW 0x0 0x426044 0x2d550 0x2c150
RegSetValueExW 0x0 0x426048 0x2d554 0x2c154
RegCloseKey 0x0 0x42604c 0x2d558 0x2c158
AllocateAndInitializeSid 0x0 0x426050 0x2d55c 0x2c15c
GetTokenInformation 0x0 0x426054 0x2d560 0x2c160
GetLengthSid 0x0 0x426058 0x2d564 0x2c164
SetTokenInformation 0x0 0x42605c 0x2d568 0x2c168
GetSecurityInfo 0x0 0x426060 0x2d56c 0x2c16c
GetAce 0x0 0x426064 0x2d570 0x2c170
AddAce 0x0 0x426068 0x2d574 0x2c174
AddAccessAllowedAce 0x0 0x42606c 0x2d578 0x2c178
SetSecurityInfo 0x0 0x426070 0x2d57c 0x2c17c
FreeSid 0x0 0x426074 0x2d580 0x2c180
LsaOpenPolicy 0x0 0x426078 0x2d584 0x2c184
LsaEnumerateAccountRights 0x0 0x42607c 0x2d588 0x2c188
LookupPrivilegeValueW 0x0 0x426080 0x2d58c 0x2c18c
LsaFreeMemory 0x0 0x426084 0x2d590 0x2c190
LsaClose 0x0 0x426088 0x2d594 0x2c194
Digital Signatures (1)
+
Signature Properties
LegalCopyright Copyright (C) 2001-2010 Mark Russinovich
InternalName PsExec
FileVersion 1.98
CompanyName Sysinternals - www.sysinternals.com
ProductName Sysinternals PsExec
ProductVersion 1.98
FileDescription Execute processes remotely
OriginalFilename psexec.c
Signature verification True
Certificate: Microsoft Corporation
+
Certificate Properties
Issued by Microsoft Code Signing PCA
Valid from 2009-12-07 22:40
Valid to 2011-03-07 22:40
Algorithm SHA-1 with RSA Encryption
Serial number 61 01 CF 3E 00 00 00 00 00 0F
Issuer Certificate: Microsoft Code Signing PCA
+
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2007-08-22 22:31
Valid to 2012-08-25 07:00
Algorithm 1, 3, 14, 3, 2, 29
Serial number 2E AB 11 DC 50 FF 5C 9D CB C0
Digital Countersignatures (1)
+
Signature Properties
LegalCopyright Copyright (C) 2001-2010 Mark Russinovich
InternalName PsExec
FileVersion 1.98
CompanyName Sysinternals - www.sysinternals.com
ProductName Sysinternals PsExec
ProductVersion 1.98
FileDescription Execute processes remotely
OriginalFilename psexec.c
Signature verification True
Certificate: Microsoft Time-Stamp Service
+
Certificate Properties
Issued by Microsoft Timestamping PCA
Valid from 2008-07-25 19:01
Valid to 2013-07-25 19:11
Algorithm SHA-1 with RSA Encryption
Serial number 61 05 A2 30 00 00 00 00 00 08
Issuer Certificate: Microsoft Timestamping PCA
+
Certificate Properties
Issued by Microsoft Root Authority
Valid from 2006-09-16 01:04
Valid to 2019-09-15 07:00
Algorithm SHA-1 with RSA Encryption
Serial number 6A 0B 99 4F C0 00 25 AB 11 DB 45 1F 58 7A 67 A2
c:\program files\java\jre1.8.0_111\lib\deploy\ffjcext.zip
-
File Properties
Names c:\program files\java\jre1.8.0_111\lib\deploy\ffjcext.zip (Modified File)
Size 13.83 KB (14160 bytes)
Hash Values MD5: 393778fe9a3abe198e56fd1219017a86
SHA1: 1dc77d52874366505bc4c8eb4db1a8af1d4c89e3
SHA256: 746c861a145cfe7ac0d527e598713a729ef489d11de2afefd37b66c69fb81fee
Actions
c:\program files\java\jre1.8.0_111\lib\i386\jvm.cfg
-
File Properties
Names c:\program files\java\jre1.8.0_111\lib\i386\jvm.cfg (Modified File)
Size 0.61 KB (624 bytes)
Hash Values MD5: e457849211e465be4372ae5debdfdca3
SHA1: c21aa757d3416668f3bf9ab33c04eac07c99dcf7
SHA256: 22413eb56fc63b1bf18efbc3cc5c1650547301a95258b26c5ee8fbe9dbe1aa72
Actions
c:\program files\mozilla firefox\mozilla.cfg
-
File Properties
Names c:\program files\mozilla firefox\mozilla.cfg (Modified File)
Size 0.95 KB (976 bytes)
Hash Values MD5: ee2fc1a9cbb114b6cef18276f858d9e9
SHA1: 9df7a113ae087a5436d29ddff5872f36710d21a9
SHA256: 48db9fb4bd91c18eedd1858b32806f641d5374de13fced6fd61781005134cdad
Actions
c:\users\dssdpmx042\appdata\local\microsoft\internet explorer\brndlog.bak
-
File Properties
Names c:\users\dssdpmx042\appdata\local\microsoft\internet explorer\brndlog.bak (Modified File)
Size 11.91 KB (12192 bytes)
Hash Values MD5: 2c29ba7d86c94fa68a96bd00f0e9531b
SHA1: 1ab11fc29e95d3b8652cdf6ab76f43c005eeeea4
SHA256: 1074a14954fccf1da11d0eeedd517eb7bb01972ebeb691908c41da228410d6e7
Actions
c:\users\dssdpmx042\appdata\local\temp\mih3fi8kwgl0vt.rtf
-
File Properties
Names c:\users\dssdpmx042\appdata\local\temp\mih3fi8kwgl0vt.rtf (Modified File)
Size 6.09 KB (6240 bytes)
Hash Values MD5: 24f45c2df1c14429fada1af8bfdebd5f
SHA1: cdec74387178c5b6aa8b54e21f1faebecfa5f6aa
SHA256: dc4f15484d1c2e5817c721dffecaa28a701c9e23ca8e0b87bb899627e6564888
Actions
c:\users\dssdpmx042\appdata\local\temp\oefnb-28h3ckbczrd8a.pptx
-
File Properties
Names c:\users\dssdpmx042\appdata\local\temp\oefnb-28h3ckbczrd8a.pptx (Modified File)
Size 5.88 KB (6016 bytes)
Hash Values MD5: b51fcad0723f2dc5449a0d1a5e1a25ea
SHA1: b46e5ae3c4b17f76082d05da0cce7748acd41974
SHA256: a99eacb6b0f28b0abebfdfaeda3032c29311bd0ebe81daaba721eb3f06328d03
Actions
c:\users\dssdpmx042\appdata\local\temp\t5lj.xls
-
File Properties
Names c:\users\dssdpmx042\appdata\local\temp\t5lj.xls (Modified File)
Size 40.12 KB (41088 bytes)
Hash Values MD5: 18aecf330dd9daa4d817582027401c61
SHA1: fd5c6fb1eb011a94daa10df3179bfbdb91405223
SHA256: b3b427cb63cdf2312178a825afb5d7cfc9b7caaf46298f2d78d9f62760be98be
Actions
c:\users\dssdpmx042\appdata\local\temp\uqc9022wkj1avyt.xlsx
-
File Properties
Names c:\users\dssdpmx042\appdata\local\temp\uqc9022wkj1avyt.xlsx (Modified File)
Size 44.27 KB (45328 bytes)
Hash Values MD5: 950042e8ae81ee18c6f408c00aa6c674
SHA1: d2cbe351123418a76a8094075520bfcab61d095d
SHA256: 1a7553c6215efbe925f0c448960175194c60dd4e20c6f6c1e060dfe10f602789
Actions
c:\users\dssdpmx042\appdata\local\temp\wcewn3d5owzzvbck.xls
-
File Properties
Names c:\users\dssdpmx042\appdata\local\temp\wcewn3d5owzzvbck.xls (Modified File)
Size 88.75 KB (90880 bytes)
Hash Values MD5: 16153e7f52e8f8dd02bc51464ac623af
SHA1: c5ead2e9069a33a28236d28b1b249e0acef5b715
SHA256: ec95294d929abca09152e31eca6187de3b6467ed8ed07996e91389add9d4ab94
Actions
c:\users\dssdpmx042\appdata\roaming\ap-o3.ppt
-
File Properties
Names c:\users\dssdpmx042\appdata\roaming\ap-o3.ppt (Modified File)
Size 9.44 KB (9664 bytes)
Hash Values MD5: 4f1ea071c0834ed2f81729b715574978
SHA1: 5d628bace14a3f42c80053293a680cca028e782c
SHA256: 07dfac7f416d6f70453fcc432e5d08ec2ca7a66a3cf161554e275bd107f83650
Actions
c:\users\dssdpmx042\appdata\roaming\tw2h80u82z.doc
-
File Properties
Names c:\users\dssdpmx042\appdata\roaming\tw2h80u82z.doc (Modified File)
Size 49.27 KB (50448 bytes)
Hash Values MD5: f7e9de6445c11e8ceed28db14dcaf8de
SHA1: 3f368fd1595f2c3bb3138816a7b1e0d2076fc83e
SHA256: 73eee30e384cac7ede80d5ee5a6e7f31f08eb6bdb298a5b45fa26f7d8145b833
Actions
c:\users\dssdpmx042\desktop\0iesbf qmdgb9h6zcfm.doc
-
File Properties
Names c:\users\dssdpmx042\desktop\0iesbf qmdgb9h6zcfm.doc (Modified File)
Size 70.97 KB (72672 bytes)
Hash Values MD5: e48ccc8a922d5a3c0c02e34cb001b7cc
SHA1: 1f81005e373cd3a46379f1ed7f8d0bb0c2f7509d
SHA256: de667dc72e8d3699ec42db98f75c3d35295d924eff491ef41fc362fc1e75086f
Actions
c:\users\dssdpmx042\desktop\2uhw1gyzoberpsg1isgm.rtf
-
File Properties
Names c:\users\dssdpmx042\desktop\2uhw1gyzoberpsg1isgm.rtf (Modified File)
Size 2.61 KB (2672 bytes)
Hash Values MD5: 2b2d89b4c397d7e04f79f4656393b053
SHA1: 847fc35d2b134aea706cba0b2688f3e5c28e4aed
SHA256: bf15a0bac1dcbe6ec821902bf7c26f730c80ae0ff8480a9a74ce684ed14f5846
Actions
c:\users\dssdpmx042\desktop\d3otobjxqrfr49e.pdf
-
File Properties
Names c:\users\dssdpmx042\desktop\d3otobjxqrfr49e.pdf (Modified File)
Size 74.81 KB (76608 bytes)
Hash Values MD5: ab1dace43235a4222b6f9e7223ee3dad
SHA1: 3e0a6b0829494eef87ffd636bef1b7e3491483d1
SHA256: 0672bac3450d1ea765571707e78552151c2edc8af5144c6c642c3096b33f93ad
Actions
c:\users\dssdpmx042\desktop\o87c6b.ppt
-
File Properties
Names c:\users\dssdpmx042\desktop\o87c6b.ppt (Modified File)
Size 95.84 KB (98144 bytes)
Hash Values MD5: 450af10d23c547d9d072394f1b033a1d
SHA1: 304f8e937f229cceb44e8d383cd232763f643e10
SHA256: 89c684586e1b3dd6d80a6b9534e4f9e00e1fd335a854fe4be5c7dc485e36bb17
Actions
c:\users\dssdpmx042\desktop\u39ifkb\hnzlehavb2\oli560\-ynklty.pdf
-
File Properties
Names c:\users\dssdpmx042\desktop\u39ifkb\hnzlehavb2\oli560\-ynklty.pdf (Modified File)
Size 71.20 KB (72912 bytes)
Hash Values MD5: 88b373f0a8af33d19c806b5b18f8dcb7
SHA1: afff8df47696fe3eebd0ba5533b0c1741c33200b
SHA256: a149bba5b422855b17ad3af74e1878f28b4611baac0a7a2dff6d22d057c1375c
Actions
c:\users\dssdpmx042\desktop\u39ifkb\hnzlehavb2\oli560\oeqaa5j\dpfbcts0x.pdf
-
File Properties
Names c:\users\dssdpmx042\desktop\u39ifkb\hnzlehavb2\oli560\oeqaa5j\dpfbcts0x.pdf (Modified File)
Size 56.58 KB (57936 bytes)
Hash Values MD5: 3b93ba8fb5f04274f29e8d34a08b19f4
SHA1: 2c932c581034d1921b9b394212e6fd8bc6cec361
SHA256: ce48b26248e161f51823250f7b886ba14ae4e2514eeea4ad1a56c44bc9a078f3
Actions
c:\users\dssdpmx042\documents\-b-bxsl-xqnl5aenm.docx
-
File Properties
Names c:\users\dssdpmx042\documents\-b-bxsl-xqnl5aenm.docx (Modified File)
Size 58.91 KB (60320 bytes)
Hash Values MD5: 733ebd421795a216b6eabc9c14311b6c
SHA1: 54c7bd3793075fd914397b58c2d40cb879ac141b
SHA256: 44940a83950a782dab3f15a5c008d3997253e75c0d1e43bd29ea61ca83cf2ca9
Actions
c:\users\dssdpmx042\documents\2bhkcam4t.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\2bhkcam4t.xlsx (Modified File)
Size 52.84 KB (54112 bytes)
Hash Values MD5: 2cb0405131dc1a25fb6352955f272903
SHA1: 8e9efb36cfc52f7d1e3b022eeed1efc41861bb6e
SHA256: 23ebbb6538e9398e4d7ed46b77e1f3ebc101ff2a08712fafd0646aab60e358cd
Actions
c:\users\dssdpmx042\documents\6cwzgnxepmbynja.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\6cwzgnxepmbynja.xlsx (Modified File)
Size 81.44 KB (83392 bytes)
Hash Values MD5: cdc9bb62dba08152493dcff598edec96
SHA1: 09f70c11e4ebd24bf7b849cd3e29a7cf256d4390
SHA256: 2c8bc20f603adcc4be62407107cc9be38a805b169ab48cbbf4404422c95f106a
Actions
c:\users\dssdpmx042\documents\7xmes86vl8ygf.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\7xmes86vl8ygf.xlsx (Modified File)
Size 33.34 KB (34144 bytes)
Hash Values MD5: e76d58bd1090dc6be10c5df7c1fcd269
SHA1: bdf2c6067df7f631eb78cbd709c527f1471b9ba0
SHA256: e454aa66cdfd5d5896b4e427df19c15adb4d98019ce3abaafb39f69759063958
Actions
c:\users\dssdpmx042\documents\7ys1rtn.rtf
-
File Properties
Names c:\users\dssdpmx042\documents\7ys1rtn.rtf (Modified File)
Size 59.31 KB (60736 bytes)
Hash Values MD5: 15e9428b86c2a2d3b5126ac41c286cab
SHA1: 968d8c594a3e74d17f143e48362cbab65f01c5d8
SHA256: 886a5883f981172652963b7273f903fde7b405bc929559084564143970906ed0
Actions
c:\users\dssdpmx042\documents\9tmfdr-fb.docx
-
File Properties
Names c:\users\dssdpmx042\documents\9tmfdr-fb.docx (Modified File)
Size 62.16 KB (63648 bytes)
Hash Values MD5: 0ee0a3600c3c8a604d16f67253371dcc
SHA1: 479a8d2a77a4d0cefbbc252986a7092122f825a1
SHA256: b1b5fb55a534d82c27159eb20ce23cefc3a916ee057a986b953a47c32ea94b44
Actions
c:\users\dssdpmx042\documents\9uoi6tjimffx.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\9uoi6tjimffx.pptx (Modified File)
Size 37.30 KB (38192 bytes)
Hash Values MD5: c8061da74767a50ff59288b05009340b
SHA1: 8c63dc5a5b57b29c7f282db5a23904a68fda772d
SHA256: 5c016d9769e59c6d0a8c204e5d74e1d3bd26c73dacd896cffd52be137f533827
Actions
c:\users\dssdpmx042\documents\cot.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\cot.pptx (Modified File)
Size 57.62 KB (59008 bytes)
Hash Values MD5: 2a23757cb8f16c377ffa2764e8375c39
SHA1: 260d90acb8b2ccf7562ef87f5d9fdf6b424d04ec
SHA256: a0edef05f99c495791d725cb0c3bf27acc515052cf430a9b4e58bef5be0d30dd
Actions
c:\users\dssdpmx042\documents\di94rfr.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\di94rfr.xlsx (Modified File)
Size 7.66 KB (7840 bytes)
Hash Values MD5: ed8fff2a1dabe596297e3724fbf0cecf
SHA1: 3687ec5b30aaf2b13ffefb419ea044cbe25c3a21
SHA256: ca6d2c8b8f94299b1de5ad820670abcf440d6beb6a301f2d24221ac587b2fd6b
Actions
c:\users\dssdpmx042\documents\dscg4u2cpsvys7niq.docx
-
File Properties
Names c:\users\dssdpmx042\documents\dscg4u2cpsvys7niq.docx (Modified File)
Size 74.78 KB (76576 bytes)
Hash Values MD5: f9685558262090a9492cb04038df824f
SHA1: 6bd6d4143a63903331c40dc1ab10206ed1711d77
SHA256: 5e8b2c26fcb75b60edd5878d59244f577ec500a371c3d1a2381a008d6796bd04
Actions
c:\users\dssdpmx042\documents\h1vivyh1shd83utyx47.xls
-
File Properties
Names c:\users\dssdpmx042\documents\h1vivyh1shd83utyx47.xls (Modified File)
Size 33.12 KB (33920 bytes)
Hash Values MD5: f453f4b42f3787d610da97e4028cbde4
SHA1: 9be022f25d884e0ab73503b99c3beae165b320fb
SHA256: 5b4bcd6bb9e600df5405450502b0cb4db4ecea89cfa9b54977fddba089300216
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\0srnqdg2\ci_upb4w.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\0srnqdg2\ci_upb4w.pptx (Modified File)
Size 85.25 KB (87296 bytes)
Hash Values MD5: b55dfc6f4b6b5bbd93c004fa675e2418
SHA1: c4ecff6b4657c1f37cbaf2107b27dc036175a3ef
SHA256: e094e8f93e906068c1adfd62616e31ef31d501480d1b559bcfbb2ae8f2e8038c
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\0srnqdg2\js6n5.doc
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\0srnqdg2\js6n5.doc (Modified File)
Size 43.39 KB (44432 bytes)
Hash Values MD5: cd34b321f2808d6e3c13923a63b88797
SHA1: 59740388ec759a923e5f5e9f3f501f07e4bdad20
SHA256: 78bb1f0a9ea95fd8ebb96550bed34cec42c0a08d4a7c1d05c786c065a196fb3b
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\7f voepv.xls
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\7f voepv.xls (Modified File)
Size 97.11 KB (99440 bytes)
Hash Values MD5: 43b99f705ce32306325d2744098731a6
SHA1: 90d7a9727228720bcd45e6204bd30f63afa34ce8
SHA256: 41c61ff45525a05dd9f68f749605209ae7b0fd19b136521009974b6960a46cd5
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\-ocpq28vx.docx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\-ocpq28vx.docx (Modified File)
Size 34.91 KB (35744 bytes)
Hash Values MD5: a7b52b1065432b37899fb7f0daac874d
SHA1: 6cc45d035e1e9e6a3aed990631f93d93bdf4ddd6
SHA256: e2773396c2b682520353b428eebc3968752843064762e9141b62b0e2723e6c94
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\1vp9.pdf
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\1vp9.pdf (Modified File)
Size 30.97 KB (31712 bytes)
Hash Values MD5: f26f3a9ac4aa5634ddfccfcc854b8c29
SHA1: f8ef26032e111b0e8708325a7d6c0884b419b491
SHA256: 78fe50aed341167558bca867e78a2e341aa1bf70e8d2ffb0897fa4ec5a054e78
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\ahjjp2t _frc5.rtf
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\ahjjp2t _frc5.rtf (Modified File)
Size 47.42 KB (48560 bytes)
Hash Values MD5: bb80d2380a648b22e8d26af756031e4e
SHA1: 176270a72ff85f2e42dd6378a8362d29a9ccb5c5
SHA256: 60fae46ca244419cdd21963f82eb49cd8f19009715cf628deead3c7480cb4083
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\b5fqxrueuasxjno.rtf
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\eqpjbou_vvuw-j0dbjm\b5fqxrueuasxjno.rtf (Modified File)
Size 34.47 KB (35296 bytes)
Hash Values MD5: c69fc4271001d4ef4e1fc959781a34be
SHA1: 0e04423bc5e47d15d8a5879f7036fcf1b6a369ac
SHA256: 28237ce13a8af5f876ba75db4210744a7c381371d59d1f31c17857bc32b1221e
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\shychsk4wxig0-xtjrc9.xls
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\shychsk4wxig0-xtjrc9.xls (Modified File)
Size 39.44 KB (40384 bytes)
Hash Values MD5: 63ff2fa0620299251db02bea580409d1
SHA1: b629c879a64924e517c781668e10cf9bcdfabac3
SHA256: 846315043938e3951aff4d263d9373738a9066718b099f4f2526328cde4a85a3
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\6eh9djvfb.docx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\6eh9djvfb.docx (Modified File)
Size 37.08 KB (37968 bytes)
Hash Values MD5: 7ff15f32b5cd22e7e1b19510cb59c5b6
SHA1: f8cd4c1dbafa7731ee0fba980f73b566ee11076f
SHA256: 7660c467e61c84d50e1beb1ea0957f4f5bb5c6b39968e5e3f2ad22df6973597c
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\igdanbwxdi5i.rtf
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\igdanbwxdi5i.rtf (Modified File)
Size 50.19 KB (51392 bytes)
Hash Values MD5: 5e24736d21ce6112cbc68250eb41b444
SHA1: 9825ca5a8151bf4f2a6d42ee6274114f700fdd40
SHA256: df24a95d17abea19ae87454b7c3912903f85ec8c29fc04407e7282612315dc91
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\m6mzuf4.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\m6mzuf4.xlsx (Modified File)
Size 72.00 KB (73728 bytes)
Hash Values MD5: 4779fc0633ad65bc6539949da4414467
SHA1: 5dc03e2b1b1ae5467ae05eaa16aee2a37c8dac1e
SHA256: 7227a541749449187987d41c12c7bd910a6acb650044af9dccd661e5a88d5308
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\qgob_suc1acwoowuasi.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\qgob_suc1acwoowuasi.xlsx (Modified File)
Size 75.92 KB (77744 bytes)
Hash Values MD5: 9026afce1b48966123d6f2da9ac002a2
SHA1: 9b6d24f5a5042900b56ab39a297c2599fd749bee
SHA256: eeffc39bfffb6c9fad5febc5b4f65b38ed06e34bbae3f5051e5d2cab7508d447
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\slopjgesjyiw.ppt
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\slopjgesjyiw.ppt (Modified File)
Size 41.03 KB (42016 bytes)
Hash Values MD5: 75aaaa1d128d83c17cfbf9fb193d9386
SHA1: 3b3c5a60b37d89af963e8ef0b4f3f0f9ad5b4ea1
SHA256: 1e5c17a5150e1a4a63416df28838daacc6cb7b338284d4d4e9cd572990ee6cf7
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\zzmpa.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\snm-k6b\zzmpa.pptx (Modified File)
Size 51.88 KB (53120 bytes)
Hash Values MD5: ff24eeea94be4b2dd40b8c30f85ea92f
SHA1: b9a70c285a635ba775befbc88d9aef6afa92b338
SHA256: cf60f9f5a45bfa8ffdd309d0e624e66b20627732176e6ed23a516bb51a7ece06
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\srxtfs.ppt
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\srxtfs.ppt (Modified File)
Size 36.94 KB (37824 bytes)
Hash Values MD5: 2f74b9838ca3a985fdb56c9fbb364c42
SHA1: 1fd258e8badcc28c181b8bfdf65e329970ad3431
SHA256: 4b1befb37504ea8d9662ffb33896d75d4f076cca6483e363584d0f7bdf48ca03
Actions
c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\vsg9rbn2ghgesqn.xls
-
File Properties
Names c:\users\dssdpmx042\documents\h8atxfxn_mk0obp6w\vsg9rbn2ghgesqn.xls (Modified File)
Size 16.52 KB (16912 bytes)
Hash Values MD5: f65781cd8cfee8d0e3742ff54b5ee3a8
SHA1: faa5b437fb9d84be7f228e8057207fc5320e4c78
SHA256: 66ae5447e5f77a709d0c10c9085fdbe20419ee0a4fb05a7af33539b38442c477
Actions
c:\users\dssdpmx042\documents\h8d9jvwrmq2 6qk0xbmo.docx
-
File Properties
Names c:\users\dssdpmx042\documents\h8d9jvwrmq2 6qk0xbmo.docx (Modified File)
Size 13.41 KB (13728 bytes)
Hash Values MD5: 67f9d0b926467f7cd2aa1e9a107c3723
SHA1: e3509e5ebc4791d43283a0eb74cb5c40640c95cd
SHA256: f5dfc811d72f9e381618f8cc8f9a27e95668c8b2abdccd482d215b9092f7ef82
Actions
c:\users\dssdpmx042\documents\i8iyy.rtf
-
File Properties
Names c:\users\dssdpmx042\documents\i8iyy.rtf (Modified File)
Size 15.30 KB (15664 bytes)
Hash Values MD5: df8d48f132fe8035ec87c8d06a138c60
SHA1: 3da4999063803a925d50673457daff892723872d
SHA256: 74a8bb0b82cf50d652017e2d883ca03a992600021d8b349d6b82517daf906747
Actions
c:\users\dssdpmx042\documents\l9_-.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\l9_-.xlsx (Modified File)
Size 38.55 KB (39472 bytes)
Hash Values MD5: a27a5201c7dd4fbbbf83d4ccc99a5c98
SHA1: cc3df29a4cc72ec8627406af202ee62454e8cc8f
SHA256: e8791d2c47e313636f01f919d182bba10c95386e5d52f041d650141310fe0516
Actions
c:\users\dssdpmx042\documents\qhgsp-590ogvjftto6n.pdf
-
File Properties
Names c:\users\dssdpmx042\documents\qhgsp-590ogvjftto6n.pdf (Modified File)
Size 93.53 KB (95776 bytes)
Hash Values MD5: f76b082579326abdbb4acdb1e485e42d
SHA1: 13f9ddefaf4a71e59b7c1f6aa346a4173d093302
SHA256: 41ea40a2226e9584909f15685bab6584e58a460d4cafe8aa6e972528adec609a
Actions
c:\users\dssdpmx042\documents\qzgragzpm8czrqudijy.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\qzgragzpm8czrqudijy.pptx (Modified File)
Size 83.45 KB (85456 bytes)
Hash Values MD5: 33440dc2f6c713fa54ba0825692e3bf8
SHA1: a5c2004f99dc57891762bd13e77555ab46a9672b
SHA256: 1bd085ed1bfb7a8eeb5f3017c27c23d3e6464a4efe7771222cc6c9975db05ad0
Actions
c:\users\dssdpmx042\documents\rqcoppapyg.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\rqcoppapyg.xlsx (Modified File)
Size 9.22 KB (9440 bytes)
Hash Values MD5: 3cd1fad9d79b697827621db634b5c2ab
SHA1: 5d2283027274dcfd9045d0df3d3d2a8d2204cc4d
SHA256: 5a5414a9e3df99c902375c3d01ea1e67f90ea164b8cd2580b6b38c6cc5d048ae
Actions
c:\users\dssdpmx042\documents\rrja_tvrj-ftzmntymd.ppt
-
File Properties
Names c:\users\dssdpmx042\documents\rrja_tvrj-ftzmntymd.ppt (Modified File)
Size 24.42 KB (25008 bytes)
Hash Values MD5: e8bff48545ee8bbcdcfba168135cabb0
SHA1: 5738d210c17c1ff2ed09a0fa46850db1fbf64e96
SHA256: fc4b8efcb5739dfc058f51942bc14b7d346c8d867b91dda48e68e86ac4664ec7
Actions
c:\users\dssdpmx042\documents\shcnc.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\shcnc.pptx (Modified File)
Size 22.31 KB (22848 bytes)
Hash Values MD5: 3513b11b36a7067297ea20ee9ed80284
SHA1: dc7be90adaab8591a58279d3c566532f9fc45c83
SHA256: b8d8bac6b313f641a48b267c74a7b97b3cf59425f5a569c09019fdfa1d0f7391
Actions
c:\users\dssdpmx042\documents\wxt_ckv5wo.xlsx
-
File Properties
Names c:\users\dssdpmx042\documents\wxt_ckv5wo.xlsx (Modified File)
Size 72.30 KB (74032 bytes)
Hash Values MD5: 66f5f3cdb47d5477445e05888ad707ef
SHA1: a215c8aadb79d5759e601eb7751ee2d19df8d8c0
SHA256: 448c27d38301b76f184dd2ccf65726887dd94abaf77f86b375df8ee1654229bd
Actions
c:\users\dssdpmx042\documents\ybecdimmscqwumyb7.docx
-
File Properties
Names c:\users\dssdpmx042\documents\ybecdimmscqwumyb7.docx (Modified File)
Size 65.58 KB (67152 bytes)
Hash Values MD5: fbce1c6d8d4d69eab4cab3c864f8a213
SHA1: 2543a5f77d0d34236eb98709f648f88de0fdd6c4
SHA256: 27bde02c90b36e51c2db2745f8d29cc38afb9cf0cae98eda5868a0b61e3b733d
Actions
c:\users\dssdpmx042\documents\zayhps bm-m-l7k.pptx
-
File Properties
Names c:\users\dssdpmx042\documents\zayhps bm-m-l7k.pptx (Modified File)
Size 20.39 KB (20880 bytes)
Hash Values MD5: 5e4e93e37e62054389965a2eaf9dff47
SHA1: e3ede63f85b19eb6ff9fea6e1d1731e387413e5d
SHA256: 70e74a18a7fe2a7b0eeff8073a604115c81bb667986a0d527da5ae39c00da03c
Actions
c:\readme.txt
-
File Properties
Names c:\readme.txt (Created File)
Size 2.11 KB (2164 bytes)
Hash Values MD5: 06c2546beb572b43663c1ae6b778261b
SHA1: 18ee644cddb9bbbb9d39b0d1b3262c4aaa6a69b0
SHA256: 851fc7f83f9eac13186f7c60829101a093aaffc56d8c05b435bfe8ca03a266d8
Actions
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 



    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image