Analysis Details
| Category | Package | Started | Completed | Duration | Logs |
|---|---|---|---|---|---|
| FILE | generic | 2026-06-29 07:56:11 | 2026-06-29 07:56:52 | 41s |
|
Analysis Log
2026-06-28 14:55:58,243 [root] INFO: Date set to: 20260629T07:56:17, timeout set to: 200 2026-06-29 07:56:18,600 [root] DEBUG: Starting analyzer from: C:\7d7wfxi0 2026-06-29 07:56:18,601 [root] DEBUG: Storing results at: C:\UfGevMwj 2026-06-29 07:56:18,601 [root] DEBUG: Pipe server name: \\.\PIPE\XCYBIPQd 2026-06-29 07:56:18,602 [root] DEBUG: Python path: C:\Users\Rajesh\AppData\Local\Programs\Python\Python314 2026-06-29 07:56:18,602 [root] INFO: analysis running as an admin 2026-06-29 07:56:18,602 [root] DEBUG: no analysis package configured, picking one for you 2026-06-29 07:56:18,605 [root] INFO: analysis package selected: "generic" 2026-06-29 07:56:18,606 [root] DEBUG: importing analysis package module: "modules.packages.generic"... 2026-06-29 07:56:18,614 [root] DEBUG: imported analysis package "generic" 2026-06-29 07:56:18,615 [root] DEBUG: initializing analysis package "generic"... 2026-06-29 07:56:18,615 [lib.common.common] INFO: no wrapping 2026-06-29 07:56:18,615 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation 2026-06-29 07:56:18,616 [root] DEBUG: New location of moved file: C:\Users\Rajesh\AppData\Local\Temp\- 2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll option 2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll_64 option 2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader option 2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader_64 option 2026-06-29 07:56:18,843 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2026-06-29 07:56:18,860 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2026-06-29 07:56:18,956 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2026-06-29 07:56:19,166 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2026-06-29 07:56:19,223 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2026-06-29 07:56:19,224 [lib.api.screenshot] ERROR: No module named 'PIL' 2026-06-29 07:56:19,225 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2026-06-29 07:56:19,230 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2026-06-29 07:56:19,251 [root] DEBUG: Initialized auxiliary module "Browser" 2026-06-29 07:56:19,252 [root] DEBUG: attempting to configure 'Browser' from data 2026-06-29 07:56:19,253 [root] DEBUG: module Browser does not support data configuration, ignoring 2026-06-29 07:56:19,255 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2026-06-28 14:56:01,670 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2026-06-28 14:56:01,671 [root] DEBUG: Initialized auxiliary module "DigiSig" 2026-06-28 14:56:01,671 [root] DEBUG: attempting to configure 'DigiSig' from data 2026-06-28 14:56:01,672 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2026-06-28 14:56:01,672 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2026-06-28 14:56:01,673 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2026-06-28 14:56:02,887 [modules.auxiliary.digisig] DEBUG: File has an invalid signature 2026-06-28 14:56:02,887 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2026-06-28 14:56:02,902 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2026-06-28 14:56:02,906 [root] DEBUG: Initialized auxiliary module "Disguise" 2026-06-28 14:56:02,906 [root] DEBUG: attempting to configure 'Disguise' from data 2026-06-28 14:56:02,907 [root] DEBUG: module Disguise does not support data configuration, ignoring 2026-06-28 14:56:02,907 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2026-06-28 14:56:02,910 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 4112) 2026-06-28 14:56:02,916 [modules.auxiliary.disguise] INFO: Disguising GUID to 1a1c3eed-927b-46ed-96f8-95fcd45ef564 2026-06-28 14:56:02,916 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2026-06-28 14:56:02,917 [root] DEBUG: Initialized auxiliary module "Human" 2026-06-28 14:56:02,917 [root] DEBUG: attempting to configure 'Human' from data 2026-06-28 14:56:02,917 [root] DEBUG: module Human does not support data configuration, ignoring 2026-06-28 14:56:02,917 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2026-06-28 14:56:02,924 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2026-06-28 14:56:02,924 [root] DEBUG: Initialized auxiliary module "Screenshots" 2026-06-28 14:56:02,924 [root] DEBUG: attempting to configure 'Screenshots' from data 2026-06-28 14:56:02,924 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2026-06-28 14:56:02,924 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2026-06-28 14:56:02,934 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2026-06-28 14:56:02,934 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2026-06-28 14:56:02,936 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2026-06-28 14:56:02,937 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2026-06-28 14:56:02,937 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2026-06-28 14:56:02,938 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2026-06-28 14:56:02,943 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process 2026-06-28 14:56:02,943 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump 2026-06-28 14:56:09,541 [root] INFO: Restarting WMI Service 2026-06-28 14:56:11,798 [root] DEBUG: package modules.packages.generic does not support configure, ignoring 2026-06-28 14:56:11,800 [root] WARNING: configuration error for package modules.packages.generic: error importing data.packages.generic: No module named 'data.packages' 2026-06-28 14:56:11,801 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation 2026-06-28 14:56:11,803 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\-"" with pid 2192 2026-06-28 14:56:12,168 [lib.api.process] INFO: Monitor config for process 2192: C:\7d7wfxi0\dll\2192.ini 2026-06-28 14:56:12,186 [lib.api.process] INFO: 64-bit DLL to inject is C:\7d7wfxi0\dll\sctTxzh.dll, loader C:\7d7wfxi0\bin\kTLHFLzB.exe 2026-06-28 14:56:12,210 [root] DEBUG: Loader: Injecting process 2192 (thread 1724) with C:\7d7wfxi0\dll\sctTxzh.dll. 2026-06-28 14:56:12,213 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT. 2026-06-28 14:56:12,214 [root] DEBUG: Successfully injected DLL C:\7d7wfxi0\dll\sctTxzh.dll. 2026-06-28 14:56:12,218 [lib.api.process] INFO: Injected into 64-bit <Process 2192 cmd.exe> 2026-06-28 14:56:14,238 [lib.api.process] INFO: Successfully resumed process with pid 2192 2026-06-28 14:56:14,467 [root] DEBUG: 2192: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'. 2026-06-28 14:56:14,468 [root] DEBUG: 2192: Disabling sleep skipping. 2026-06-28 14:56:14,469 [root] DEBUG: 2192: Dropped file limit defaulting to 100. 2026-06-28 14:56:14,498 [root] DEBUG: 2192: YaraInit: Compiled 44 rule files 2026-06-28 14:56:14,502 [root] DEBUG: 2192: YaraInit: Compiled rules saved to file C:\7d7wfxi0\data\yara\capemon.yac 2026-06-28 14:56:14,559 [root] DEBUG: 2192: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0 2026-06-28 14:56:14,560 [root] DEBUG: 2192: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a 2026-06-28 14:56:14,565 [root] DEBUG: 2192: YaraScan hit: FindFixAndRun 2026-06-28 14:56:14,566 [root] DEBUG: 2192: Monitor initialised: 64-bit capemon loaded in process 2192 at 0x00007FF9866E0000, thread 1724, image base 0x00007FF79A450000, stack from 0x0000003552804000-0x0000003552900000 2026-06-28 14:56:14,569 [root] DEBUG: 2192: Commandline: "C:\Windows\system32\cmd.exe" /c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\-" 2026-06-28 14:56:14,586 [root] DEBUG: 2192: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress 2026-06-28 14:56:14,648 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2' 2026-06-28 14:56:14,649 [root] DEBUG: 2192: set_hooks: Unable to hook LockResource 2026-06-28 14:56:14,666 [root] DEBUG: 2192: Hooked 630 out of 631 functions 2026-06-28 14:56:14,672 [root] DEBUG: 2192: set_hooks_exe: Hooked FindFixAndRun at 0x00007FF79A45C620 2026-06-28 14:56:14,675 [root] DEBUG: 2192: Syscall hook installed, syscall logging level 1 2026-06-28 14:56:14,694 [root] DEBUG: 2192: RestoreHeaders: Restored original import table. 2026-06-28 14:56:14,696 [root] INFO: Loaded monitor into process with pid 2192 2026-06-28 14:56:14,698 [root] DEBUG: 2192: caller_dispatch: Added region at 0x00007FF79A450000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF79A4693C1, thread 1724). 2026-06-28 14:56:14,700 [root] DEBUG: 2192: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a 2026-06-28 14:56:14,709 [root] DEBUG: 2192: ProcessImageBase: Main module image at 0x00007FF79A450000 unmodified (entropy change 0.000000e+00) 2026-06-28 14:56:14,736 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A6030000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes). 2026-06-28 14:56:14,739 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8700000: C:\Windows\System32\bcryptPrimitives (0x83000 bytes). 2026-06-28 14:56:14,744 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A5B50000: C:\Windows\system32\uxtheme (0x9e000 bytes). 2026-06-28 14:56:14,758 [root] DEBUG: 2192: DLL loaded at 0x00007FF994050000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32 (0x29a000 bytes). 2026-06-28 14:56:14,770 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A9D30000: C:\Windows\System32\SHCORE (0xad000 bytes). 2026-06-28 14:56:14,775 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A7A90000: C:\Windows\system32\Wldp (0x2c000 bytes). 2026-06-28 14:56:14,778 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A6230000: C:\Windows\SYSTEM32\windows.storage (0x790000 bytes). 2026-06-28 14:56:14,790 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A2720000: C:\Windows\system32\PROPSYS (0xf6000 bytes). 2026-06-28 14:56:14,814 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A9600000: C:\Windows\System32\clbcatq (0xa9000 bytes). 2026-06-28 14:56:14,838 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8050000: C:\Windows\system32\profapi (0x1f000 bytes). 2026-06-28 14:56:14,957 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8110000: C:\Windows\System32\CFGMGR32 (0x4e000 bytes). 2026-06-28 14:56:14,964 [root] DEBUG: 2192: DLL loaded at 0x00007FF993730000: C:\Windows\system32\edputil (0x24000 bytes). 2026-06-28 14:56:15,011 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A1300000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes). 2026-06-28 14:56:15,035 [root] DEBUG: 2192: DLL loaded at 0x00007FF9903B0000: C:\Windows\System32\Windows.UI.AppDefaults (0x4c000 bytes). 2026-06-28 14:56:15,060 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F680000: C:\Windows\system32\iertutil (0x2b0000 bytes). 2026-06-28 14:56:15,061 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F650000: C:\Windows\system32\srvcli (0x28000 bytes). 2026-06-28 14:56:15,064 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A75F0000: C:\Windows\system32\netutils (0xc000 bytes). 2026-06-28 14:56:15,068 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F930000: C:\Windows\system32\urlmon (0x1eb000 bytes). 2026-06-28 14:56:15,097 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A5A30000: C:\Windows\SYSTEM32\apphelp (0x90000 bytes). 2026-06-28 14:56:15,157 [root] DEBUG: 2192: DLL loaded at 0x00007FF99EEA0000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x798000 bytes). 2026-06-28 14:56:15,172 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A4DC0000: C:\Windows\System32\wintypes (0x154000 bytes). 2026-06-28 14:56:15,224 [root] DEBUG: 2192: DLL loaded at 0x00007FF99D480000: C:\Windows\System32\OneCoreCommonProxyStub (0x7d000 bytes). 2026-06-28 14:56:15,235 [root] DEBUG: 2192: DLL loaded at 0x00007FF99CC30000: C:\Windows\System32\ActXPrxy (0xa1000 bytes). 2026-06-28 14:56:15,353 [root] DEBUG: 2192: NtTerminateProcess hook: Attempting to dump process 2192 2026-06-28 14:56:15,355 [root] DEBUG: 2192: VerifyCodeSection: Executable code does not match, 0xb620 of 0x30ef9 matching 2026-06-28 14:56:15,355 [root] DEBUG: 2192: DoProcessDump: Code modification detected, dumping Imagebase at 0x00007FF79A450000. 2026-06-28 14:56:15,356 [root] DEBUG: 2192: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2026-06-28 14:56:15,357 [root] DEBUG: 2192: DumpProcess: Instantiating PeParser with address: 0x00007FF79A450000. 2026-06-28 14:56:15,358 [root] DEBUG: 2192: DumpProcess: Module entry point VA is 0x00007FF79A468F50. 2026-06-28 14:56:15,386 [lib.common.results] INFO: Uploading file C:\UfGevMwj\CAPE\2192_45423915562128062026 to procdump\c0090b5e27c7873e958b45dc440522055641177ef145e1bf23bf979fd3cfad70; Size is 401920; Max size: 100000000 2026-06-28 14:56:15,390 [root] DEBUG: 2192: DumpProcess: Module image dump success - dump size 0x62200. 2026-06-28 14:56:15,527 [root] INFO: Process with pid 2192 has terminated 2026-06-28 14:56:21,304 [root] INFO: Process list is empty, terminating analysis 2026-06-28 14:56:22,317 [root] INFO: Created shutdown mutex 2026-06-28 14:56:23,449 [root] INFO: Shutting down package 2026-06-28 14:56:23,449 [root] INFO: Stopping auxiliary modules 2026-06-28 14:56:23,450 [root] INFO: Stopping auxiliary module: Browser 2026-06-28 14:56:23,450 [root] INFO: Stopping auxiliary module: Human 2026-06-28 14:56:29,376 [root] INFO: Stopping auxiliary module: Screenshots 2026-06-28 14:56:29,452 [root] INFO: Finishing auxiliary modules 2026-06-28 14:56:29,453 [root] INFO: Shutting down pipe server and dumping dropped files 2026-06-28 14:56:29,453 [root] WARNING: Folder at path "C:\UfGevMwj\debugger" does not exist, skipping 2026-06-28 14:56:29,454 [root] WARNING: Folder at path "C:\UfGevMwj\tlsdump" does not exist, skipping 2026-06-28 14:56:29,456 [root] INFO: Analysis completed
Process Log
Pre-Script Log
During-Script Log
Machine Information
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10 | win10 | KVM | 2026-06-29 07:56:11 | 2026-06-29 07:56:51 | internet |
File Details
| File Name |
-
|
|---|---|
| File Type | JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3 |
| File Size | 17901 bytes |
| MD5 | d39c7030104821789406d61592dc8d26 |
| SHA1 | 44762a79a1530cda4cb4bdcfd732e61891c766a0 |
| SHA256 | 5f110d10a4f54721e7e550e9c3d4e9d94f37c1aadb2b9b0cc1ecad90a0d31a70 VT MWDB Bazaar |
| SHA3-384 | a82191f05c3f3a368ee564d816622bbdb6aa49ef898c10dc8e1af9294f26e20cab78547c9308c17a54d4db23be9b05e1 |
| CRC32 | 6153BCE7 |
| TLSH | T122825E179D094B93942997E8BE034EEC6F492F0CE9823AFF55225EC73D302225D5E12E |
| Ssdeep | 192:t1pZzIuRsxA3+0OGmEH/FrqN0cZ24JXZ8CILrc60/y4W/AeAx6b4I4r:t1/zP2AzDrqN001ZAVaeKr |
Strings
JZJZ@
IRR`S
QFj@(
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
hLJQIJ)
QEI@)i)h
)piqE
~4sKE
)X.IE2
QH`)i)h
IKITH
KIKHaE%
j=qKE
LciFi
()i)h
))i)2
=?J:Q
%4&%-
QEY!E
P!1F)h
Q@\ZL
i)M%i
bQKI@
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
a\Z2)(
QH`)i(
Processing 1.69s
- 1.626s CAPE
- 0.033s BehaviorAnalysis
- 0.022s NetworkAnalysis
- 0.011s AnalysisInfo
- 0.001s Debug
Signatures 0.09s
- 0.026s antiav_detectreg
- 0.009s infostealer_ftp
- 0.009s territorial_disputes_sigs
- 0.006s antianalysis_detectreg
- 0.005s infostealer_im
- 0.004s ransomware_files
- 0.003s antiav_detectfile
- 0.003s antivm_vbox_keys
- 0.003s ransomware_extensions_known
- 0.002s antianalysis_detectfile
- 0.002s antivm_vmware_keys
- 0.002s infostealer_bitcoin
- 0.002s infostealer_mail
- 0.002s masquerade_process_name
- 0.001s antivm_generic_diskreg
- 0.001s antivm_parallels_keys
- 0.001s antivm_vbox_files
- 0.001s antivm_vpc_keys
- 0.001s antivm_xen_keys
- 0.001s ketrican_regkeys
- 0.001s browser_security
- 0.001s bypass_firewall
- 0.001s disables_backups
- 0.001s disables_browser_warn
- 0.001s disables_power_options
- 0.001s recon_fingerprint
- 0.001s suspicious_command_tools
- 0.001s uses_windows_utilities
Reporting 0.00s
- 0.003s JsonDump
Signatures
Network activity detected but not expressed in monitor API logs
ip: 173.194.76.94
ip: 108.177.15.139
ip: 108.177.15.94
ip: 74.125.206.84
ip: 66.102.1.138
ip: 74.125.206.138
ip: 74.125.133.95
ip: 142.251.150.119
ip: 142.251.168.139
ip: 142.251.168.100
ip: 74.125.206.101
ip: 74.125.71.94
ip: 142.251.16.94
Possible date expiration check, exits too soon after checking local time
process: cmd.exe, PID 2192
Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software
behavioral_fips_reconnaissance: ["cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'"]
Queries registry mount points to identify historical or connected removable/network drives
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
Screenshots
Hosts
| Direct | IP | Country Name | ASN |
|---|---|---|---|
| Y | 173.194.76.94 [VT] | unknown | - |
| Y | 108.177.15.139 [VT] | unknown | - |
| Y | 108.177.15.94 [VT] | unknown | - |
| Y | 74.125.206.84 [VT] | unknown | - |
| Y | 66.102.1.138 [VT] | unknown | - |
| Y | 74.125.206.138 [VT] | unknown | - |
| Y | 74.125.133.95 [VT] | unknown | - |
| Y | 142.251.150.119 [VT] | unknown | - |
| Y | 142.251.168.139 [VT] | unknown | - |
| Y | 142.251.168.100 [VT] | unknown | - |
| Y | 74.125.206.101 [VT] | unknown | - |
| Y | 74.125.71.94 [VT] | unknown | - |
| Y | 142.251.16.94 [VT] | unknown | - |
Summary
- C:\Users\Rajesh\AppData\Local\Temp
- C:\Users
- C:\Users\Rajesh
- C:\Users\Rajesh\AppData
- C:\Users\Rajesh\AppData\Local
- C:\Users\Rajesh\AppData\Local\Temp\-.*
- C:\Users\Rajesh\AppData\Local\Temp\-.COM
- C:\Users\Rajesh\AppData\Local\Temp\-.EXE
- C:\Users\Rajesh\AppData\Local\Temp\-.BAT
- C:\Users\Rajesh\AppData\Local\Temp\-.CMD
- C:\Users\Rajesh\AppData\Local\Temp\-.VBS
- C:\Users\Rajesh\AppData\Local\Temp\-.VBE
- C:\Users\Rajesh\AppData\Local\Temp\-.JS
- C:\Users\Rajesh\AppData\Local\Temp\-.JSE
- C:\Users\Rajesh\AppData\Local\Temp\-.WSF
- C:\Users\Rajesh\AppData\Local\Temp\-.WSH
- C:\Users\Rajesh\AppData\Local\Temp\-.MSC
- C:\Windows\System32\kernel.appcore.dll
- \Device\CNG
- \Device\DeviceApi\CMApi
- \??\MountPointManager
- C:\Users\Rajesh\AppData\Local\Temp\-
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
- HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes
- HKEY_CURRENT_USER\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
- HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
- C:\Users\Rajesh\AppData\Local\Temp\-
No results found.
No behavioral analysis data available.
Sorry! No strace.
Sorry! No tracee.
Hosts
No hosts contacted.
TCP Connections
No TCP connections recorded.
UDP Connections
No UDP connections recorded.
DNS Requests
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP Traffic
No SMTP traffic performed.
IRC Traffic
No IRC requests performed.
ICMP Traffic
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
No dropped files found.
Sorry! No process dumps.