Analysis Details
| Category | Package | Started | Completed | Duration | Options | Logs | ||||
|---|---|---|---|---|---|---|---|---|---|---|
| FILE | generic | 2026-06-29 16:37:24 | 2026-06-29 16:37:58 | 34s |
|
|||||
| Reports | JSON | |||||||||
Options
vnc_port=5900
Analysis Log
2026-06-29 14:58:59,526 [root] INFO: Date set to: 20260629T16:37:29, timeout set to: 200 2026-06-29 16:37:29,180 [root] DEBUG: Starting analyzer from: C:\2_6me6uj 2026-06-29 16:37:29,181 [root] DEBUG: Storing results at: C:\xUytmwVfoP 2026-06-29 16:37:29,182 [root] DEBUG: Pipe server name: \\.\PIPE\EcXQecBoz 2026-06-29 16:37:29,182 [root] DEBUG: Python path: C:\Users\Rajesh\AppData\Local\Programs\Python\Python314 2026-06-29 16:37:29,183 [root] INFO: analysis running as an admin 2026-06-29 16:37:29,183 [root] DEBUG: no analysis package configured, picking one for you 2026-06-29 16:37:29,274 [root] INFO: analysis package selected: "generic" 2026-06-29 16:37:29,275 [root] DEBUG: importing analysis package module: "modules.packages.generic"... 2026-06-29 16:37:29,282 [root] DEBUG: imported analysis package "generic" 2026-06-29 16:37:29,283 [root] DEBUG: initializing analysis package "generic"... 2026-06-29 16:37:29,283 [lib.common.common] INFO: no wrapping 2026-06-29 16:37:29,284 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation 2026-06-29 16:37:29,285 [root] DEBUG: New location of moved file: C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4 2026-06-29 16:37:29,285 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll option 2026-06-29 16:37:29,285 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll_64 option 2026-06-29 16:37:29,286 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader option 2026-06-29 16:37:29,286 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader_64 option 2026-06-29 16:37:29,306 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser" 2026-06-29 16:37:29,318 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig" 2026-06-29 16:37:29,344 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise" 2026-06-29 16:37:29,488 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human" 2026-06-29 16:37:29,496 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops' 2026-06-29 16:37:29,497 [lib.api.screenshot] ERROR: No module named 'PIL' 2026-06-29 16:37:29,498 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots" 2026-06-29 16:37:29,501 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump" 2026-06-29 16:37:29,502 [root] DEBUG: Initialized auxiliary module "Browser" 2026-06-29 16:37:29,502 [root] DEBUG: attempting to configure 'Browser' from data 2026-06-29 16:37:29,504 [root] DEBUG: module Browser does not support data configuration, ignoring 2026-06-29 16:37:29,504 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"... 2026-06-29 16:37:29,507 [root] DEBUG: Started auxiliary module modules.auxiliary.browser 2026-06-29 16:37:29,508 [root] DEBUG: Initialized auxiliary module "DigiSig" 2026-06-29 16:37:29,509 [root] DEBUG: attempting to configure 'DigiSig' from data 2026-06-29 16:37:29,509 [root] DEBUG: module DigiSig does not support data configuration, ignoring 2026-06-29 16:37:29,510 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"... 2026-06-29 16:37:29,510 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature 2026-06-29 16:37:30,279 [modules.auxiliary.digisig] DEBUG: File has an invalid signature 2026-06-29 16:37:30,280 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json 2026-06-29 16:37:30,284 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig 2026-06-29 16:37:30,284 [root] DEBUG: Initialized auxiliary module "Disguise" 2026-06-29 16:37:30,284 [root] DEBUG: attempting to configure 'Disguise' from data 2026-06-29 16:37:30,285 [root] DEBUG: module Disguise does not support data configuration, ignoring 2026-06-29 16:37:30,285 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"... 2026-06-29 16:37:30,291 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 3728) 2026-06-29 16:37:30,296 [modules.auxiliary.disguise] INFO: Disguising GUID to 66c92be0-096a-4693-b2f4-39ea0ebbe16e 2026-06-29 16:37:30,297 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise 2026-06-29 16:37:30,297 [root] DEBUG: Initialized auxiliary module "Human" 2026-06-29 16:37:30,298 [root] DEBUG: attempting to configure 'Human' from data 2026-06-29 16:37:30,299 [root] DEBUG: module Human does not support data configuration, ignoring 2026-06-29 16:37:30,299 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"... 2026-06-29 16:37:30,366 [root] DEBUG: Started auxiliary module modules.auxiliary.human 2026-06-29 16:37:30,366 [root] DEBUG: Initialized auxiliary module "Screenshots" 2026-06-29 16:37:30,369 [root] DEBUG: attempting to configure 'Screenshots' from data 2026-06-29 16:37:30,370 [root] DEBUG: module Screenshots does not support data configuration, ignoring 2026-06-29 16:37:30,370 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"... 2026-06-29 16:37:30,380 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled 2026-06-29 16:37:30,380 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots 2026-06-29 16:37:30,381 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets" 2026-06-29 16:37:30,382 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data 2026-06-29 16:37:30,383 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring 2026-06-29 16:37:30,383 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"... 2026-06-29 16:37:30,389 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process 2026-06-29 16:37:30,390 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump 2026-06-29 16:37:36,622 [root] INFO: Restarting WMI Service 2026-06-29 16:37:38,844 [root] DEBUG: package modules.packages.generic does not support configure, ignoring 2026-06-29 16:37:38,845 [root] WARNING: configuration error for package modules.packages.generic: error importing data.packages.generic: No module named 'data.packages' 2026-06-29 16:37:38,846 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation 2026-06-29 16:37:38,848 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4"" with pid 4120 2026-06-29 16:37:39,208 [lib.api.process] INFO: Monitor config for process 4120: C:\2_6me6uj\dll\4120.ini 2026-06-29 16:37:39,224 [lib.api.process] INFO: 64-bit DLL to inject is C:\2_6me6uj\dll\QpoIZn.dll, loader C:\2_6me6uj\bin\dmvuBXAR.exe 2026-06-29 16:37:39,246 [root] DEBUG: Loader: Injecting process 4120 (thread 1896) with C:\2_6me6uj\dll\QpoIZn.dll. 2026-06-29 16:37:39,248 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT. 2026-06-29 16:37:39,250 [root] DEBUG: Successfully injected DLL C:\2_6me6uj\dll\QpoIZn.dll. 2026-06-29 16:37:39,253 [lib.api.process] INFO: Injected into 64-bit <Process 4120 cmd.exe> 2026-06-29 16:37:41,269 [lib.api.process] INFO: Successfully resumed process with pid 4120 2026-06-29 16:37:41,480 [root] DEBUG: 4120: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'. 2026-06-29 16:37:41,484 [root] DEBUG: 4120: Disabling sleep skipping. 2026-06-29 16:37:41,485 [root] DEBUG: 4120: Dropped file limit defaulting to 100. 2026-06-29 16:37:41,505 [root] DEBUG: 4120: YaraInit: Compiled 44 rule files 2026-06-29 16:37:41,510 [root] DEBUG: 4120: YaraInit: Compiled rules saved to file C:\2_6me6uj\data\yara\capemon.yac 2026-06-29 16:37:41,563 [root] DEBUG: 4120: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0 2026-06-29 16:37:41,564 [root] DEBUG: 4120: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a 2026-06-29 16:37:41,569 [root] DEBUG: 4120: YaraScan hit: FindFixAndRun 2026-06-29 16:37:41,570 [root] DEBUG: 4120: Monitor initialised: 64-bit capemon loaded in process 4120 at 0x00007FF987A90000, thread 1896, image base 0x00007FF79A450000, stack from 0x0000006F32204000-0x0000006F32300000 2026-06-29 16:37:41,571 [root] DEBUG: 4120: Commandline: "C:\Windows\system32\cmd.exe" /c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4" 2026-06-29 16:37:41,587 [root] DEBUG: 4120: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress 2026-06-29 16:37:41,654 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2' 2026-06-29 16:37:41,655 [root] DEBUG: 4120: set_hooks: Unable to hook LockResource 2026-06-29 16:37:41,672 [root] DEBUG: 4120: Hooked 630 out of 631 functions 2026-06-29 16:37:41,677 [root] DEBUG: 4120: set_hooks_exe: Hooked FindFixAndRun at 0x00007FF79A45C620 2026-06-29 16:37:41,680 [root] DEBUG: 4120: Syscall hook installed, syscall logging level 1 2026-06-29 16:37:41,696 [root] DEBUG: 4120: RestoreHeaders: Restored original import table. 2026-06-29 16:37:41,698 [root] INFO: Loaded monitor into process with pid 4120 2026-06-29 16:37:41,700 [root] DEBUG: 4120: caller_dispatch: Added region at 0x00007FF79A450000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF79A4693C1, thread 1896). 2026-06-29 16:37:41,702 [root] DEBUG: 4120: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a 2026-06-29 16:37:41,712 [root] DEBUG: 4120: ProcessImageBase: Main module image at 0x00007FF79A450000 unmodified (entropy change 0.000000e+00) 2026-06-29 16:37:41,736 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A6030000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes). 2026-06-29 16:37:41,738 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A8700000: C:\Windows\System32\bcryptPrimitives (0x83000 bytes). 2026-06-29 16:37:41,743 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A5B50000: C:\Windows\system32\uxtheme (0x9e000 bytes). 2026-06-29 16:37:41,763 [root] DEBUG: 4120: DLL loaded at 0x00007FF994050000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32 (0x29a000 bytes). 2026-06-29 16:37:41,767 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A9D30000: C:\Windows\System32\SHCORE (0xad000 bytes). 2026-06-29 16:37:41,770 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A7A90000: C:\Windows\system32\Wldp (0x2c000 bytes). 2026-06-29 16:37:41,771 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A6230000: C:\Windows\SYSTEM32\windows.storage (0x790000 bytes). 2026-06-29 16:37:41,775 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A2720000: C:\Windows\system32\PROPSYS (0xf6000 bytes). 2026-06-29 16:37:41,788 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A9600000: C:\Windows\System32\clbcatq (0xa9000 bytes). 2026-06-29 16:37:41,826 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A8050000: C:\Windows\system32\profapi (0x1f000 bytes). 2026-06-29 16:37:41,935 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A8110000: C:\Windows\System32\CFGMGR32 (0x4e000 bytes). 2026-06-29 16:37:41,942 [root] DEBUG: 4120: DLL loaded at 0x00007FF993730000: C:\Windows\system32\edputil (0x24000 bytes). 2026-06-29 16:37:41,990 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A1300000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes). 2026-06-29 16:37:42,006 [root] DEBUG: 4120: DLL loaded at 0x00007FF9903B0000: C:\Windows\System32\Windows.UI.AppDefaults (0x4c000 bytes). 2026-06-29 16:37:42,081 [root] DEBUG: 4120: DLL loaded at 0x00007FF99F680000: C:\Windows\system32\iertutil (0x2b0000 bytes). 2026-06-29 16:37:42,083 [root] DEBUG: 4120: DLL loaded at 0x00007FF99F650000: C:\Windows\system32\srvcli (0x28000 bytes). 2026-06-29 16:37:42,084 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A75F0000: C:\Windows\system32\netutils (0xc000 bytes). 2026-06-29 16:37:42,088 [root] DEBUG: 4120: DLL loaded at 0x00007FF99F930000: C:\Windows\system32\urlmon (0x1eb000 bytes). 2026-06-29 16:37:42,100 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A7200000: C:\Windows\system32\msvcp110_win (0x8a000 bytes). 2026-06-29 16:37:42,101 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A35E0000: C:\Windows\SYSTEM32\policymanager (0xa0000 bytes). 2026-06-29 16:37:42,125 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A5A30000: C:\Windows\SYSTEM32\apphelp (0x90000 bytes). 2026-06-29 16:37:42,948 [root] DEBUG: 4120: DLL loaded at 0x00007FF99EEA0000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x798000 bytes). 2026-06-29 16:37:42,963 [root] DEBUG: 4120: DLL loaded at 0x00007FF9A4DC0000: C:\Windows\System32\wintypes (0x154000 bytes). 2026-06-29 16:37:42,985 [root] DEBUG: 4120: DLL loaded at 0x00007FF991500000: C:\Windows\System32\RTWorkQ (0x30000 bytes). 2026-06-29 16:37:42,986 [root] DEBUG: 4120: DLL loaded at 0x00007FF986060000: C:\Windows\System32\mfmp4srcsnk (0x206000 bytes). 2026-06-29 16:37:43,016 [root] DEBUG: 4120: DLL loaded at 0x00007FF990D80000: C:\Windows\System32\MFPlat (0x1bc000 bytes). 2026-06-29 16:37:43,118 [root] DEBUG: 4120: NtTerminateProcess hook: Attempting to dump process 4120 2026-06-29 16:37:43,120 [root] DEBUG: 4120: VerifyCodeSection: Executable code does not match, 0xb620 of 0x30ef9 matching 2026-06-29 16:37:43,121 [root] DEBUG: 4120: DoProcessDump: Code modification detected, dumping Imagebase at 0x00007FF79A450000. 2026-06-29 16:37:43,122 [root] DEBUG: 4120: DumpImageInCurrentProcess: Attempting to dump virtual PE image. 2026-06-29 16:37:43,123 [root] DEBUG: 4120: DumpProcess: Instantiating PeParser with address: 0x00007FF79A450000. 2026-06-29 16:37:43,124 [root] DEBUG: 4120: DumpProcess: Module entry point VA is 0x00007FF79A468F50. 2026-06-29 16:37:43,161 [lib.common.results] INFO: Uploading file C:\xUytmwVfoP\CAPE\4120_69823243372329162026 to procdump\7c4d1031e9b4e2df6c5f9d12568c6ca93d6bcafaef81b4e2a6c1e540e4de07d0; Size is 401920; Max size: 100000000 2026-06-29 16:37:43,171 [root] DEBUG: 4120: DumpProcess: Module image dump success - dump size 0x62200. 2026-06-29 16:37:43,206 [root] INFO: Process with pid 4120 has terminated 2026-06-29 16:37:44,797 [modules.auxiliary.human] INFO: Found button "recommended settings", clicking it 2026-06-29 16:37:48,406 [root] INFO: Process list is empty, terminating analysis 2026-06-29 16:37:49,420 [root] INFO: Created shutdown mutex 2026-06-29 16:37:50,446 [root] INFO: Shutting down package 2026-06-29 16:37:50,446 [root] INFO: Stopping auxiliary modules 2026-06-29 16:37:50,447 [root] INFO: Stopping auxiliary module: Browser 2026-06-29 16:37:50,447 [root] INFO: Stopping auxiliary module: Human 2026-06-29 16:37:51,884 [modules.auxiliary.human] INFO: Found button "recommended settings", clicking it 2026-06-29 16:37:53,904 [root] INFO: Stopping auxiliary module: Screenshots 2026-06-29 16:37:53,905 [root] INFO: Finishing auxiliary modules 2026-06-29 16:37:53,906 [root] INFO: Shutting down pipe server and dumping dropped files 2026-06-29 16:37:53,907 [root] WARNING: Folder at path "C:\xUytmwVfoP\debugger" does not exist, skipping 2026-06-29 16:37:53,907 [root] WARNING: Folder at path "C:\xUytmwVfoP\tlsdump" does not exist, skipping 2026-06-29 16:37:53,909 [root] INFO: Analysis completed
Process Log
Pre-Script Log
During-Script Log
Machine Information
| Name | Label | Manager | Started On | Shutdown On | Route |
|---|---|---|---|---|---|
| win10 | win10 | KVM | 2026-06-29 16:37:24 | 2026-06-29 16:37:58 | internet |
File Details
| File Name |
ssstik.io__jeznions_.mp4
|
|---|---|
| File Type | ISO Media, MP4 Base Media v1 [ISO 14496-12:2003] |
| File Size | 620848 bytes |
| MD5 | 08e72659f2482b1ddd681c929b4625bb |
| SHA1 | 6a6565ce90e3761e3c255316407594eb86772644 |
| SHA256 | 4de4ed46b08ce490fbb479eaf5d8550037e4a1a523edb4798958f71d89307490 VT MWDB Bazaar |
| SHA3-384 | a107ef3e051fc9c79d6b7d04ca771aa02ab264b373e86e549eb0da88c1907d4562cb234e14ff4b486e55b981243a74c6 |
| CRC32 | 5E402106 |
| TLSH | T168D4230AE7A143C8C509333D22F51288A199E788DE3FCFE792891771523A255AD77EF1 |
| Ssdeep | 12288:yYzKG0u0gt+sbPBdLCWjmVUXxHRvUJESwjC2c+a1WFsk0qKAXJnZ47YOh3:P3Ggt+sbBdeWFhl0ESie8F0qK+nXOh3 |
Strings
=VBtN~6
12tFK7E!
q3C\t
\R;a]
m6Y#S2
P\:f>
*^(R'qT
?GIV"
4glTHk
B$6 5j
W7,5'
8we>s
hrtVq(
oInh@0
JVy>+Z#3
/wzU]
a"`'RU
>$mJf
5*gDC
]:2vR.
=i3Ks
`08-1
%T<fH
e#H_X8
N>{u'
S$|tC
%?]]y
',[y5'
5iR&q
h/0`~
RFhjY
uG,o>
VYV'j
??8}s
)MZ+'ie
d]*zU
-p|ml
B7~c
o;?]l
zw#mM
I*0|P
<]u(Ad
cV*#W
w(B9ZQ
PViHB$
lEP@!
[ZJvQ
2s+RN?
8xIoT
'h:G,
f4S'ArK
WR+#i2
}|6yA%
[w{*
`uJDa
]a4!X
mL9&%i
XN2PC
~T|(C
%a]0X
WJXZC
*DW9I
`EaD|
216H8P+nZ
`u{5H
_J2mf]
$/]kN
24E_91
K Aq:j
2,'o@Y#
Hd%jM
ZEdC1
x4^Ws
I="x-
N;p%2p
7K7k)
nEhR=
+ks:F}\
Y!sQpE,k
3J~P9
GN@=&R@
b].'J
ppHc%
J2Q1G
5:19/
2N=jq
{K3$;
[kHp& u
gg!A#
e|IBYyRf
@$b[u7
+{8{5
r-m&j
^>m^zn
y >2(m
{/wY\
3minf
"D|mL'P
)D"h+
*2:N<
w%[96
Ukt-$
$% F~Sd
_]8`k`
$g@=gIk
Fh81*ES
4`mw8
Uf-@W?
MeYOeqK
5esds
Fn"w'F8$C
A;5o#
sokj}
jEw9V
k_tTv
%" JQ
Q9EM=
#(ZxA
X07SA
#IhsT
Zn3T\{
m=Rh@Q
`8P)58
xH)A[
zb{)/
D\L${n
[-{rc~
_^K8a7
1[sD"
e<ux3
7'-iF
BF4WT
SZRc?
5R./1
O6cTO4
Z]<(uK
RMXPt
9nOsx
&&j<t
(%NA#
1>rAB
xq0Pw
Q6#1C
u|h{V)
\.$2]D
oHE!i
pz}hRl
?t+X_PN?
4@~C_Pkx*
ff"&]
1[B4E+
08SCT
r9W>*P
`Nsi1U|
4`g-E
Q1?rd
eV;!~
tlY-?ly
qy|rK
g$1(P(
ySXo2z
G8"Jg'h
_uEj,;
2MDAB
WBlsr
:#Y}5"
R{FJ]
{3'/-
iu!8e
'URwP
flI;}/
Na?/9
v%UE2
QT#(l
ykn9;
l&<7/P@
g*IBAxT
S]hNN&
R6Sr3
Hj+*,
#:@,s
"e ,B
!h>BM
O .V#
vKV-:)t}
,sD6$&
mXqbB
n%~6-
J@lY_)
O~Q[:tl
n.%([
1#j&Ny0
Z[14H
cFR]C
'Byy$
|$:te
$?J4[c`
0x,*)
eSJ<E
sF0,(m
~0n1c
ZldDY
#j:M*
8w]XNexz,A
. #0Cp
"5fhLd
ze4WS
*)sFZ
IU'wp:
(gwkV_
v]|P4!
k8W!/
8)KQ"
'vCX:U*
r6;Ll
-y V!
}AI9_
:~T!c
W',vkK
>@-0V
k#;#4
3#LGg
Dv'U~
f.4]`
<?2zA}
?@Gu-t
``8y,
Gefjg
xdAR;
foC:8
bm]Ix
kWh=1<B;c7
#:d7J
MHZ]f
"NsV D^
fCbIEV
C%BL
`w :F
~Zj\v
JKc;6`
Wac%G
^N^;D
IFmEP
%data
v':&y
B]Byh2
QS,qx
(&Qmo<
:jrd;
<A>vU
<oqr v
{KF|g
|O?py
7Nv/;
9E1LR
>yC(N
wn,$q,
I|yn*
8Z''
[3H<e0C
C&;;~
fEO@L
=$?r?*
VZ8:L
w-QpW!
mO6):Z\
o?g\S9H
'M_O:u
E2N5?(!
se:ko
C c9u
59m@`
pb`zX
Pn+m~#d
xr{A3
6:_D(rwA
$<U5jv
`h!E\-
Z}E9
.-]mH&d
0U@SUrG
V=)h+
{T^0U
+fV:o
T5G?5
NR*1E
!fT/b
}gWEvt`G
2p,Lifz
w{#p}(
H@4m&
A?Kwu
c[mrJ
#lFTr[
8!`mH
Gem0w;NW
=fA@FM2o
#t#,`
' ,=AD?
4data
aUB5"/
]3ip;R,
ab'*n
}<OzO
;3$}n&
kO`k*SI
e:$Ny
*@/H6
[qC!d
'v6=DT?ez*
iG14@
*^u? 1
<:O`C
e*'~"Z
Y}S%=QG
4^.uL
"S?j
66JhW
-)eXn
FvP"\
Qgt7^
)?T/W
& @Qi
w h-?D
|~~HV
i3,&LKw
cL$}j
<tzx:
OkZmj-
NGAu(
Ok6,@-
Pe=]M_CA
\07p".
]PDea
e+f\QE
0#tkx
O7*\/
he[Xy
62`R4
D[ *7c:=
r.{O$h
-p|V
E"_LSm
|}.i?
wA_,]
+|o#)H
1q#@u
.{beOVh
s@o*1,A
y?`;9
;S?"<
y00Mj
9RVsU&R
-n .kq
QHMSq
'WM+<
6_+>9
"6{I)
?mjH}E
Hctts
'Fs7"-
d+7F<7
ezFK/
HaGJ"0
i^&+g%@
EAZ,/
d-g#:
ZM~Q>0b
mp@MG
(}VO1
f8gbG
#%#:eG
J6^YCTe
z4L{Y
b>*5}
2OQuo#
ZR]$Y
{O*J*
]ukC-
e4j+VH
T}U!g9
/:~.ptn
o'gU'?\
rA ~Ut
gzhk7S
BsDPH|
ganKr
K-#N*7
z67cdJ
Yg"a+
7ZUW4a
[CDS`
REH"`e
:Xf-4
t]@/8N
>->$r
{;Ku7
Td(egFR
C?)\J+
+5p3~r~[e'
W2ol#
Hgm*T
D$2zj
Ajrd<(
)Fz .
:v`k!l
?^ESf
h4gog
?iRoH
F{N/l
_NZxa
B=Hrt,
5fF9\
9!d+\
6bq<V
jn[c`
Ajt=LJj
b0m~x
kj#x:3
P)q*>
t}I#*
\P<XoH
=Oz>M
[7$R|
{nEb;
R(oNJG
~7`:{]hw
xf%c6
1:"Bp
%K7rs
Sx5A:
:~0@+
``"U.-
F-n_`
{#G^5
|U_te
}_iQx
JgbuZ6<
v$@rNP
3^m2j|
s+N0Q
WOwh)
w|lD!4
lmvhd
6:(NU
V#:4>
./h}O
rwa6]
#$GK3
PQ[J"
A;}]N
mueq[n
?pL3^
k|yTx
|nz<o
`{XjOAU
Dbr\Nq
i(J8c
VV)/Z
dF-Z6
LkqUc;m
:G(;)
6"/lQ
%aN36
F"c@3
HOO:.8
6"7;.c
#pH69
lTZ(y
WjL`}
d["*N|
M> FV
^u"j;
Q+QFh
]LCmW
5WFQU
#OXLw
cU#nc{]+
|HREo/
5OPit_
B5Qd<
i=czWI*
ce)X}B
\pmUC
M;!3W40
DS@)]N
ywDeM#<y
A><FKr
C$Nhb
Vij\
2lkkO
[l/9l
;,qnN
mdtacomment
+S<7r
go/id
I),CF
@4<}9
?4|p5
6LUdkj
R*~4A
0=/o{
LyIS?eA
0C5bU
lr2)Y
Nbw8D7
_(whq
%q?AtP
C'v";
h61Ni
#IOSG
h6Z)"
5c]%[
uw8S@
^g5:RU;
ZM5Eoz
Q[d=^L
=u}hftD}
%0*$G
@\k{1
{M3b>?
"V_C aS4
SZQeQ
>tx>:y
+@Nks
r=W$rT
C2\\h
WFw~p
wYH[R
j%h75E
*NEGe7JV<D>
iyYeZ
+Sz+D
m7XpP
yL7vA
GZM?H
yn!\^A`?
MM-y'
SK6~d
\4VyA
s6;xe\
:avcC
`|RJIb
Q[WQkMe
f/2lY
,S&m_V
[/(i9
$2/:5
V=~dpz
HnIl-
r4)O,
:\@ G
Vqy_e
5HA9)a
&<9\d
B(:D/}
9Y"\%
tMH~U|g-
#ru2b
fkY??W
_2jOT
1o|39
;IK7U
B}>l:
x6V1x
sbN:r
Pm6m7]
BnGei*
-iT/F$7K#\
D!LY\E
(F\5u3k
8eHCN
wz>^U
TwG!q
6Fe4qE
1lF\v
*"RuD
<$sito
3n2OB5f
b/%9%
l(vWU%
NV^94
px|Oe
%/;oI
B#_}A
nKRy>
,.*US
C,>t]
Djn:d
NqqA}c4
`!,R}
4e`Lz
&E^+<B
>pE_1
0W&04
k]o5-G
,~/ sb*c
iuB^5
?"`<
@?8-,
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ^
%Mz-H
;9<H9H
1&U,Q
:ghm@
_>`wrQ
Mfg'Mz
>no<Q
l)qer
Q\^Srt
`]:$Nz
hU6j2G
c<vLX
;GW7^E
/0;H[>
W7C5HE
*r'e~
h~'*B
wr#u2*
}'U_y
H-[^%6v
Xj| p
@JT/=
p-F&M
#!?ME
>nQ<r
t,3\;E*&
:]JIk[|O
#B!*p/
*j}aa
spy3G
r0BR_z
y\QV[
1!%O22
{Rpj~
xRG},2M
0ipei
k4!`3H
rV^eTk
9B{CQ
]P VS
VKS9#
B/ot@kH
?aX\z
_y!DD
^0>S5j
$Y/?$1?
@lld3
q&U'$`
[#L)f
%?s,Euv
S[/'I
8%/k[
1.w@{
3@yN\7
D\Gac[!
!/:$/v
HgbD7
Y<Sd[J:
&C[Nb
&I_~GE
_+Tn%
Z7co174
rs-"g
&qx'\CG
+}u*t
FkR'Q~T
b9HBC
rv;2(
GD{Vc
U.iSq
8s[uz
xeabT
>2X*R
LAWwq
~qn 8x
m|T&+r6~
%Lv29
|.T?Y
YBa[P
go>\;
"%gDup
M$X}@G
6gg#t
-W;Lf
P-3E'
G=$HW
LMq?5
e6O~.
lj{On
akvpS
=T((f
Y&i]w
ljA/dA1
dK{\:
z!.*Z
{=r%|V
KFy.h
]R*Du_
@&j%PV
n@M3;
9Kk./
VA$,
!eTNs
"un-Q
2t,E];
A-CfXv
T:")b!b
i[5xstO
. o?#
CAkPAw
Q\\4w
(oMpQ
H[gW;(
r:<-U
bl$7y
-Ly#Iu5l
+ZFT!
1%u=YpE
K8Yf9
Ifg_;n
B<|U_X
Jj{nD
BWF5t
v=d0^H
]}.!}X
S x}UB
B(m"\
D2wvT
Vr"JZ
y^}kt5
cFo9[p
CmRTM}
EbQXH6
r!_a.
PqpyS
}/tS$9
8:HU@
`h@{>
[I#Xvi
{!qp
uV;Wp
z#rnE
M#&,t_
IER4)
\0H8^
2169q
^p%o`
#:K5S
yEwv;Y
(];(\
N:XQW
ABx*o
'pS)*
`s+k`
!sxc4
mL{s|
D,n44
[\5:i{
t#HPj
J/~BDj
+'~5{
8bQ$=b"P
VD!Wr$
kV@Ul
r4OFM
;VI!9
XUIdA
-2BsP
>Zi5k
Nf_{i
.j6:t1
)1}06D
O[e8NX
];Kyy
H"7'|
,XOFTD
.:].;
i4x'<iI
s*A)2oQ
H5}@j*
Se+{r
.#-IV=
"ikZ^)
1L|b\`
-/HT,4
U]IqE
Ddy&SKk
:LFDq
<t!pc
)u3Qw
Bv{V'9S`[
yI+fU}
8R5l9)
>ih"m
<(_,8!h
5Zr~17;5':
FrH~mvT
.Lpq{
~!PIY
oee2k
U%E%0
7~"g4XR
^<6e
GRFRI,=5
i{oy*
I::S9
We[P`
%S4T~
aBmWU'w
Xe)j}
Ji:AC
rs]cG
qqK@;
$4Z8)t
xdd+x
>ItO
zb/n''
X606XV]
JW1dX
iYCh$b
YdmNc
5yH:f
+"ng|
~*Xl.G
p9\.n
7s$!R
^CrtX
4Y!/t
HOJTi
/DUzlN<
%>'()
|w?K(d
ksfB7Nl@}
BKmp<
=BiioJ;
k.@p)J
P>[xX
(G>E.w
jV.<?
]pY8~
fbas{
SFWt]
o/Djv
Iu]!
w'9cJO
h3i[]
wH~%)j
#6FO62
5SiJ9
R6lGn&
>+~Y%(a
a9N*cx
m?gG.
N/`}N
Xq]BK
#u~S->X
_G/Gt
uqu[4
P=)0)k
i,4W`7
'ri;dn
Q=c ^
JLBl42"
\a(V}
#fR~%>`L
"E-de
p]0t0!
7~zP0
Kp4#a
iD>Ye
ly(!V
Psh-9
hIaV8
&n+Pv
FkNqB
M-=~D
Vd&c
&VB6'
uN]9oXB
a&UTG
|s6rky
h9Was
rH3Eh
2:m4F
~kz|n#
[v|(~7S
gR[9V%;
n!`aeY
ftypisom
4ksTmY
7+t^fZ
SZ[R8
*UjK!
6B~f(
T3*onC
.%c#k
LEBGx
}brfd
J%T6t
qZ:S?
!/ZVM
Ue;$3O
5*v]uS
+=Gi`g[s
?=>7nv
WsA>]
U,hL183q
'i V`
|T:@L
E\Oe%
w7q5:
| .#d
B:.Uw,
9;>;R
/,a]*%+
;&;GG
4ZxG1-D`
9ZO)rp
Dw9~|
?{nQNn
7ISr$
>9ZP'
QQ42RD
bS;"x
b)8Ta
RUH^G
<x@?^
zQ5N&I
G_(~!
jW'/YddE
*RL@"
@TqMAy
Ue~X
kHc*|
isomiso2avc1mp41
ELf3c
\4p4LX
a=iX)
+T-e(
ja,'p1j
z*4Q\8
K_ZP~
xND){
|I#s<d
F*H\H
2:Bj`
'\PSw
fqf!N
z\z_bU
8>bJ(?
omr]bP
0rZD?4d
:PUt+0i
GC8a4
pm*In
UKLdY
LtB|E
n]3-#
QMDy{
0Yb}r}
XH?8)
OP~&T
v\F/&
_GhDqfsN
G=mv6rVL
H2+jP
{G)`9z)
c|K5I9
qCKZE
2]_%L
+:/gs
8,A\o4
AE4E}
_w^1wE
_5{pIhz
pF1{A
F;:]5
~>KL|
)H9_G
)`Jqa
2gHcu
JXt]|
.3]"V
(9MjP
u? ?m
)cB!\
]c)HK
B(I$F
\g@C{f&a
/t!v{
Rh=0]p
k\DWC(
kc~N)
dcD<Zh
?G#SPa
b#c;pe
NJIe|
q5s;M
B;7e5
',FG6R
Rq%R'
^QAh>d
BN';S
AMeu/
l-s`ST
VxY%54
-RVCn
gh#vfA@i
}^P['
Ax4CW
_~M2)
?6L0 E
lK8WKg
#}x[m
x^p0]
@~`cz
M!lK$
!k<#Cv
6oA, QJ
Qh*@U
N}xq2
BAghz
S`1$'D>
"(3Md
yIWoNE
CAkhB
5W8k
'pHBw
q7mO}
gkk28
,/B@4x
ex^6$
>amOS
;/*RXJ
cpKTb/
nK;oRN
"HV&[
p'j'Ny2
0?+UI+z
_u$QYHSm
O/G4\
NIa)z3
S}OI{s
vs>b~Ru
w6wu1h
\y._ZWRr
X\b/L
~Vvs}
]U+F#X
}c^+e~#
V$N="
M6QN><
#yoYm
ozoMZ-+
L-FNk
Z+ZUi3
'FzKd
r,j2n
Hh&\Y
m.2l,bU
7,q5@}r
{%u(S8
g)hfF
>*(c;]M
t&!WqQ*
kSf[P
xx7<{
sGM)9
7U pi
2d_`;QX
p[+}8
hHpWRz>
,7:!<c
x5M!d
dIF7V
Uq>p
+jqth=
:')>Y
5@_[,
dW$<kC,2u}+
]V/m/[
pg{b~eodG+2
^#efWVV
Un)@u
8HvpztR
>BrOM
pts5Kz
2nU]Re
;Y R\[)
llOpX
qY0@T
>9uKx
ON;<l
:ZcR@
_#U:27
bb8U:,i
u_T}>
)-KCq
6jT]cX
VAzt1
|?c(D3)
{gk,S
{Pz|_R
B6td7
+sCLs
*qZTZvs`
]xpx+
f%c.6
Rj!7SX
yy"9N+07$
{9QA!
pLGKT
b3A6k
o6@c5L
TThq"I
Tj.tan;
l4*-7G
m]2jz
uLHpe
4MuVF
gX#<Z
3eXgN@8
J`cE:
=.$.*
c2qQp1vl
=L8lwE
!ATL2
zzU'Q>e24
5)>F9U
GfI+]
$Q4%r
jKnf$
v_=ct
exsR#
0OTLa
{d9-D:
8Bu-<"
uX2D&`e
M"JAf
@EW^^fK/
>$*'2vfWq_
c4:mM
yc6Nw
yQ6 I
`?{Iny
4stsc
J` sv
p?KoX
[pl}T>
$edts
"/jl4
G+D'+J
Y~?|"
=Moj"i
9e6]@
r;6l+.6
t4@<lS
VyB5X
:B65$
:!K{8h
P#-vC
lr*l_"
HDwA=f
dC^{H
RCX!2
m!7Em
>#HP^
6Q}TJ
7T,7j
~vQ~)f
E^/f%
)4nB,
ljzlT
LRVVG
<ntC_
G7@nV
@:7?o
ui#_}.
kjII+IS
(`/Ff
ML{T'
4=%!J
]C{X-^
eO8>+
X8Gym
$dinf
=zH?^d
[-ONgA`
B8#w`
88An^{
BNiR
vid:v14044g50000d4rdkafog65mecorj980
f?O[<
P!ZRS'M
2OM;ZBc
ugYe`
bhF]h
U,Ikg
|9)F\
;)L_J
6:[T$
ve+jr
]cn_e`
w*G\F
hs R]
iO<m!
[Ggn#
|L[ch
&i-u+
S]!HS
rxdss
$-\ -
qUDDt
njy{C
n@+;bO
d/C,`
*^{il/
d.RJ&
AIWJl
+0NgMji
-[wXJ#
R>9C?
2=oyh
29V/=Q
YBeFiQ
Yc.K$
Ngk&l
#cVm#
fY-V+E
u$`m&S
>z/r.
KV-;`
[?Mb+
5lhPD
]U_p=
:lx+@
8:2\ pr
DM6"X
voaR(
upu?I
N8/(MGC
xt-Zp
sXd3"
C`w}R
]4T\P
y/zs[df
gbDk`Go
KY/&
qN&FC#yc
FBi[@^
6r`|Y
2LJeY4
@hDcW
/?Ib*9_P
_Ur[bC0IQ3
1}DYy
yZb8y
.B6fN
$Y+1C
l"n[b
Z?zWv
w#+&`
~3Rwl
gWTM-
}v)b>i|
A.AX#
;\v|"
lF*9@c
}{2,C
QuD)29
+IA ;
]b15xA\
WIR}1
XE`l+
<Lc~
/?W0\
lI_7y
qw6x#u*
Tf1L_
KDXF?B
[fPu(
[2zmXW
{aOmJ
~U'_x
ldDcdz
%rUS"
umQ6l=F
^*Q\T
@gD,X
6F!+.b
q}[tA\
|D`T3
OGa3h
ZCKv^e{
<iK7.
N{Ds>
X#%[hi
Xy:U^|
EHPh>
0KQSh
!b-'kn
BrdE<
7d~+A
nS7)x
Nz:Ja+
FBbuU
Ej/8v
4Ul?*
|1!Y=
zIBhq
2=)0)b
sHsH u
&9}Jf
r/?CZVn
zGHom
fk*$P
u*f*Q
RQd<2
,^nN!w
`U=&k
fTAg&
=zp0%
%fwU)
jfn!s
)nHnn
U-Qx-
b-1yZZ
ogd$I
wW3 k
{2~cH[
#oT.xYB
5u$B\
>,azE
">\(I
P& Mu
l0Zbb A
/SQb|
D'0"{f
TFNlosj
mcL_~
Nu [a
ooK!~
#Ns#c
X/ "N
2m+l_ua
d1}{o
2MvmD
WS=@e
K0Si}
"]"P}
Gs Y;
3iFRQ
}*aQ=W
d&x!28A
NgDR?
&{m=Fm
Zce)E
uqAQYUE
re`%t
LN>7s
~}$jn$
!9J54_
gs7Sy
Czh.[7&
=[22G
C30.&
:`WDj`
)Q76}E
sj*5FF
uuPI`
-nYpLEM
v~7V+R<
0([ta^
X*kRAX
<Svk+
#*>?oN
]_,MB`
HE2P{
*2,D)+
"d-`F
O\b2P
g9zp}76
CPJ3%uLS
Z'K]xY}
eoR.>
DY}[b#
hKtpn
PRNI.q
XxgCX
M2M.*F
Jv,\R+N
~s<jHLS
:=\o$
yA'C0
~6u)|V
Euioq
cmk~T+
]Z'3F
~36q[
/glHP
eHf*:?(
2NujV
Q{^Xh08/
p 6E{
E%Fp,
m>6\N
3%Xx.FT
is'#3
JwY~vy
#_aQ?
\@sVW
L(`x>
W6Z/-d
;umu~W
V33b+G
}I1b+
ViSS(
p@.0G
dp}aj
Fx~G?
pSX9cEc
?pOCQ
Cbtc<1{
Uu@5Y
|I+M\
FVi.g
]K~`.
p/X+VV
:? GZ
)w=h{,E
?vi!W
Mg)2:
A-Kbu)
:lNlK
(4a9%i
!1cJ*
GY';c
2D::G
NWUfFP
yD^A,
a(O$/(
v7lOb
(5BT!
Co+(>u
7Bu0J
z{j25
8E##,
YlQyb#
9b8%,h
ttd.Zp
Q=#uWt
v$GJ4oY4
q!$:{Y
'F'vs
q%9\cK
jv{HH
_DD+?b
T{Q4
y3TMO
]Uf.q
%AbR&&
[!i-Y
#+nHh
GlK(lNw
>g#8"OK
4<:iP%S
J;$d+>
\da{q
ZTNJQ
A=)0)k
nHV]'p
w"DW5
q ;YQ
z,K1P
>)*}b
g.I(u
%eWi5
CvgE6$;
4Wy5~
/G*ND
[{4vz
xOzZ#
L q94
*_4`T
c(~hr
D&?Sj
kjD '
3%B_sK
Cv{dB
`KOv]@]
T9@wX
E<R"~B
-J9'I>~
ZrB9(
rnq~0CZE
&qs*y
Euk.P\
3BK~?
pm`2A
U|ZOZ
?^ZXX:1=
vLWcB
"1DR3Wc(
JtR/*-
Z0Db^
|*,"7
{U~L+e
Kkp(0
C)%%7
<_B~V
5$Z:d
2VWNnNr_
4@Dqv
38mI5e;n:
+7b4-J
n4w>S
pgw<T
OF#oM
_epc~
c)CE^
k!Nl8@s
fx=iw
ys=}
Dm._P
AyjYW
!0P&2
?f\G)t
M xP!uP
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ^
d,]KLZ
'vq,]5
.^Xa*
MYT-QD
D;0+!
~yk/z
S|3L^
:,w7A
W2K#)
M)^Jr
`x-(>
Uf0VWe
43yHD0::(
~sP!l
rC'-v
SLe]m
cd0|ECbb
hgSY[L~
2:t>wq
hI]d-4n
QfAvd(}<L
I#BZmJV
vCGKY^
Q_T)a
)=v_87
3|5!5
sX;4%
[$^e{
c+fGF
>Y=`@
|raht
{uI{DLJ
BNvP/<
.[jte
hWOwE
]]drW
kH <n-#
5u=ud
Q c;w
Ae7jn
x>/OM
]3R+U
DZMK#1
p*E5W
NpU/E
zM]z;l
))AV7
s&w1+
K<&7\
AN#6J
]K`\b
fS t,
HpDOO
W%]*&
k\A5T4e
yevdky(
KBxNu
7h2XT
^HyI;
Lavf58.76.100
KYs9/
Nkgv6
X>te^
R7(VJ<.faI
]],NN
cAT^9
^9{lY@
8<1i/f}y
)k5PV
!j[~S
nE`V<!|
&pFZN
qxTv+
JESyY
5+;S9
kxtqt
WdR]{C
iCmB0u
fYRX]rY
9|kf(
hS&eB&6K
B[sV,
++vD>
&pB>B
sDZ>O
;Te-S
w2Ffs
dn`s6Sc
{"aigc_label_type":0}
wq-ar
b2`.G
lYPK(]
f[e'uv
mfd#u9
<7><_A$:m
y,RV)B~Nv
|?z~w
IYv&x
as%^y
KhPkyp
]?3qh
AT%Go
a4=\5
e8<_]
EO_@E
M"%Ig
$+5[t0
=0]0^q
fU=tN
06`Cv
WkTo%
0z6a4
*z`q^
BJC/*
6Qu)+
r!){C3M
Mh.KDodb
4-JeO
7C#[Ti^
!I[Q_
OZcHq
-9#?Rf
eS;s+D
}oYiC
s5}=V
"ZM:4
^t?3]!b
4+NRjM
+~SBP
\BMI"
CbmoF
v.]_S
1cC"s_
l<+1@z
@j@_i_
X|Nui
;Yb[|Y
SFyW!
:ZGvjFV
5Ax#B?
Z(VsL0
7nW&y
e=sEzc
iC#&(.
/M}q/
#v+!c
?P!5y
LfpXxv
wnt^5
3hY,<
DpvAM'TVy}
x_KH:
I)@b.
/@vsq
G2*bYW
Z/}S"
3pkJP
``$[-
*"xOR
X<]i_
_Xlen
l:NqMQ
^[bw n~
`h[v'2
\5p9A
Th*nm
mmp4a
EN8%
iD<!~L
i8nmM
x@Cuk
,3=g\
ZZ%EW
J*r{^
Jrg$M
c<33p
A*/;3&Q
x| Y$ja
0ky,P
Pd:G~
E4LGS++
gY8mN
K'0H:
q<?f_
(CM>T
j;0a9
G-)B*
T/T:;
=ioc[
yT'D,
#~97l
cCT:g
mdtaencoder
XYC1_
_InC66
K,Er}
cHK\E
xP&F"
ZA~zD>
`;LASo
^4bYe
)_!hW
Vs.2lm'7
tnC!
3JL'd
[]cEXE
fV`h,qD
]iRa>6
EBYXPt
ja4/7
8u_;y4{)
FL*MF
YuV#u
Y_FbA
?7$uWUiB
P H=B
i6]My1I
TD\ct
J5=E@
<1*Q8W
V6?~0P
&"ZG78]X
X}ecXi
kPzZH
"a]WtF
@2\Vh
T!*wdMX
$^3R&G
xzQ}w
6&)Tq
7rgRb
s3QMj
hsy^_
e+}=z
|Su[=,
4902eYq
=mE!^lM
N(o)>
LcI|r
~Fzr`
V&F[f
\\_|X
c`[Iz
#v1m9
a9IYn,
)Tzd.
1b!6UE\[I
/EBN9
;ht&.
zoI)o$
P(WPE
uOahR
rC_.n
cGL![
AB7$r
90S5a
:3ej$
];c~v
<SQw#
%Gw} g[}
UwAO,
{i[/-
q%JCJ Ql
-hXL2
"xb5k
vgA.9
G%jxQ
C~*$\
e~o&x4
G`;.g2
<G2dT@ =
xT<:3
[1oy]
7NAmq
Cg_dv
~O40<
GTWNu-,
A%}4.`6V
T%'y;
iunc;
gcgzYZ
5:gq7
-\euB
"U_@k
R\{P!
!=.OQ
P_&%._u
Tbj=a
g Faa
%&Rq[D
W#Ma_p
</_*a
hZ?aT:V
^4Agl
ruSTs|
Nkeys
gH%Z\
<XIW0
-~KHD
4]2hq
|e`PQ(
lOdszb
-=[e)
XL$H>_(-
XT_Y.,c
%B[[R
iA(P&
_7IL\
u#*wQ9o
a5oNa4
;~JN#
!!U$*
}>k,6!6
w^nBg
(81}8
;u,^c
Az= 6
4H2$[
O^5G,
VideoHandler
/OHIB
t`UD_
k)!>|NxZ
84JA@
`H:.$Ud
"L_j9^
t9zjLZ+
q6U&d
p_[U8
'N_ik3
-'>y,
M`k[$'
O(AD[
4)HfmSF
f-1xgy;
Z0,Gl
7wjMg
|Hox;zgy
kfpG~m
*$?rq
ei&A>
Er%\C|
!Roh
*F%.mgs
fx jP
^_hi*
{yXwX
(5E@+
E5t{x
s^Tb4
>0"4('
lhreR
%HPhd
.XQ`VGp
A5cJD:
\6T7%
K3ifC
Vq.jX
,0!?c
UfZjXz
jUEoc
f]9ED
Usf/U
J/j@(XhC`
qYe_2
(~ujFu
_2Uu7
UM|9*
F<=Q<\
~T~s0'&d
R3k/Icf
^{sv}
`t0Lk
CDtBc
E)-@{
YPCY[
tx##K[\
RQJ#;
3W|uQ[
^)zpG
:-e`?
c[F0K
;yLf4Q$
X>[sY
Udf8A*&|oy.
[IWs5H
+2)^)
o^/o8
Q<wmh^
oC3"8
`[tft
[_"#zn4
1Q** B<Y
aCRiX
%l#Q;
\}d ^3i
bLGau
uq$gXn\
c?n[U
3g]&om2
sNMJ=
L-h9>
<,>4+2
A1?s9
L9+L>4
X##Gy
'2Brw>
f~-nb
C]Y~_
wzY"P&C
S0jrQw
f1x?IG
[1yCqc
Z)1$_
Tr2ai9
i5q6>#
~=f.mG
]/*=-m
7q~5'
|/$=Qe
MaX|-
nfjO"
!hdlr
*"9"3
8[cPR
EIi>H
%a,)b
.Pg24k
O<j9'
]=L>,5
;,,K;
?'/s.o
;vx|q
bXf9T
6v;{*
}ZeX|r
L.{I+
A.3kc
YmkR
=w'?U
nLy$h
S7Y]R
,B%e$
f/)Zwb
'] nH#
-XCIi
,w\0"
_CVyew
H-Ux
)Z6a5;
lFz1=
BqPtz
|Bls&
7xT8(.
y^+Q>
!Ve7l
4OYYUN(
H!I;a\Lp
8.BYG[O
=minf
9Yf?'
f-noJ0
1TzZgp
`3+#@
ZTJ1F
0!r/<
hvYS~
S g&U
LT$es
Z7?3/
kG\Ny
IMu~i%
JcxE&
b,Zm}
_['chP
';f2u
R>lAJ
X4O}fW
*alBN2
]}~/a
>?>d>
>)E>e
O66&w
XddhJ
y%6&;p
vP-/.9
djr'9
mu#8N
L8S]x
=TA9j
}_/K[7
_-gSB
uA$/
(xV-i
CKue}
`G['LW
A^L:^S
AX8zz~
/^dD>
"*`R_
PI{6B;
|!Bxw
>Ir[6
?QcIV
@Bi)f
Tz@w-YI
~-[0s
#=&6A
QZ~@H
UA'B,*bQ
3(3m=
PD$o+
>"98r
m~k,a
NX$OF~
NDn\y
({Pwy
' zxn
M?an<
-#>jZo<
<aAbhiAP
YO%{/
b'KlS1
D;NyI
EKe@#
V}%u(P
71|/i
(3^$9
0data
k!uK#
Z&.J"
[1c9'?
p)<*\
MK|Ej
P_U]io%
mqwdw)
R:CLeQ?(
.`#J1
;{h;8Z8
B[zBcc
KOU7<c
`?Yqv
QW/!u'
."]}"p
NE@7M
2d9Jm
GV?Z2.*
[*CUfo
L9yAv
cZv{,e
:!]<%m}|D
Fcw{f
WFR>v
@rL+G
&"/pBY&6
2;,J5
t2OEG;
U>E kSI
<>hbq
UN[Zm
cKe?c
6{w6B
|>X@&
;L\qu
5[?Ki%
)2W##
R!wQQ
IMs8yI
amLs+*
DS@P(
NE?u+
YMxCC
STVh2
-hdlr
eP;qiS
xAAH]
["o[#
"wlLL"xDB
u+23x
mdtaaigc_info
;n9v7
?%r_#~
9P@ XyW
z=,~}
2ONV%
hI0&I
=)tz~
>UsDy
]zY8pC
%"It`
O+Y2zQc
n>V-/t
[CiC-/
-:nBN
&D$CK
OY8m
~2*./1*:
-9L)9
H+\tf
slhFT+
IP88U
{4zFd
VKlJ;)
y{wMavn;
'_QrW
\tkhd
l%;:fk
W@$2^
pi{"{
.08^
]4q7
Imeta
bEb7*t(
9/=z*
Bc\D~
wB.y}8
}?_?Ut
wDr8n
p)yL
Ei70J
pO]0j
q_LsN
@i@|h
5 hlP
Wz8th
IQ_&w
lp-g&R
z+$CkLi
oLLZ![
w0I+n
{{-NE
0$Qex
<!Q%4
=QKN$
&t2V_
rkx-9&
@T8xGO
4fVSv
Siz|Pb6
UJd>U
a@>x?[}
jWoaI
fOpr~
sS\@mXs
^g+MA2~
G*|e#
mdtavid_md5
;5_sv
}q~#rQ
Qc}ch
t&X$%
yN\rl
eW"R/_
Pxg+N
QO2!owj
RB:>?R
WM'A
pzcs#f
Zzu4P5
R5{Ua&
Czj&_
=1j<=g
3\oo5
oMP?v
4g Xa
N#B@U~[
5Pya}
zX[e)
ApZ)0
(T|WZ
U(m38}@$
.ox`K
nDHEu9
r3Up)
Cl?~k
j;hb9
&< gZ
r)RDw
g7b=F
LF)X"d
}esgv
}EEgmW
$O_o'
~9J|R
Z6hz,X
)b5E"
"~K2VHw
hx1+ry~ozn
BZRjNx
e{aD[
ek9vV<j
9TYF[
SoundHandler
(*MU)
A^2Yy
f69\~
c;X3S0j
F}5y#L-
WF\YS
~H{l4?
3`6j"'Pq5
^ZN~B
V H8]OnvA
At;SC
&I<3T
o+oW!
3/eEp
hv:a7t
D*6S s
\^PS%Ge
{{uk0
Le)ZT-!@
UH1G'r
wQ94H^
?H)BY
@1tNjQ
(G*t.%
e>X&1
8w ^>
Lw}oQ
6Q"(Txm
)(\BA
zV26AYH
6gpfk
8`R#&z\:
sQBQ.
.P52S
#kvze
?h$d!Cy2
Qtd_1P
6"Rv$?
zTycTu
aGE,Q
DIXg<]
hg,4_
[pt7q
u3EsE
BNj_3
st$0f
*5bZ.
J36^R
*mIl|
d%U}#V
kmDdT
o/udF
*E5ZQ
rphGf
7dgWZ)i
vum#z
l_RJk
XTHMJY
G(mw?-
dzM E
]}Gk[w`a
%N1e6F
\$^y-\6S
W~pW%
1e/ 5$
nT6\4
FpEs:`
`e=~^m
Kz}kh>gX
pw]l"m
]jK5f
Jb1@f
XX(XXH7S
m&0Qp
4qJiu
_("}A
+9=V<
T]),^8
BX*AO"
7493f1dfd5f71733de08b0948dd9588a
O\=I-[
S=Wjbz
DwQLn
Ns"?~
t-,=%
\G0 #
Iq/'7
PgXY
a&:w,!
=BPO
<+2YW?
xHS;s
\F|.1
.u8dd
Aky2u
Zm|i=
L?~93
OOeNR
Q2'+>q
4xvf4
N5X,C
llu,IQuG
G\~xV
?Mu\p\
_cWk7
Y-|e8D
@A+At
@oL,{
uv.r6
)_VGO
zI1H!
rqYr6
;HnwO
&:5@O
zfY#x
X2\(-
:zWVmf
BV|-8
yx$Ua
\xq.U
pF:M.
SB5}9
r@&u[
Ke2m4
pAloB
K^e7{
68";L
VGT4I
Qudta
j>o:*
daQzE
m\z@N
fgv"]}
V,8T%
#|./`
Xa\6A
rI=Ds
w!y,|
g.Mh5
@C/<"r
{eR :(
I6~%a
`l_F"
e`;Xj
>j|$}m
Hj8Su
t-g{U
"vp-QY
[hib~Y
!"63c
EPEQnt
bM D{m
;bR7S
0nZ%9
Be@ei
NiUSo
WMCRU#
5!:YRv
? ,IZ
D_C=/
a_g(M
eY"9t
_J3ew
m64=P
NcCgf
+X<Q'~
]X^6L
SDRB(
Kh ,p
"%8d#_
L~.]P
WY9ksKY
N(\0
lcv%J
#r#e|!^
&-Y7w
:LL1y
qE4LG
Z/mM!D
yKi`6
SuXI'
NI\%1
u2x$m
<BySH
[)3uU
I[TwcW
)U<HyB
W|cF~X
a^z?{
eZ"&2N]
9o'LOv0
]x7Y2
m#g.k
NaqI7
>%:0C
f5d99c
=Ol0K
s0 Rf
@#=<6
GU%al
4jpVF
ciBa6
0$:e,R`
SE]%`7.
VLWbR
g9: Cz
9e%U\!T
bs9|q
(XazCX
),4B.
C"/c_
+Tk;N
s?ml%
EV)ib
ey OC@
"px4>
clt]AR
L:%<7
+:'41
Vxfyv
_Q )8
Cw7/u
+NzAu
}k-fp
_$[jx
lH1`Jn
Hn<i[c
RC$;$
NrMtk
GfvFF
B6n+8
}stsd
";<XW
colrnclx
\cV4uQ
q4mQW
~(k_pVP
k{,x(E
cL8")z
"I3xW9
&\?'=
z"G4D
J5!;O
~'ScH0
m"]>|
<1Ri7
G`8\P
%=yZuL
GRM_(
%ixY~
[l{P7
YdtMy
.Njrv
A7F7J2
y#rLG
HR/2%
#yv%>
A/%LZ
$Y:-M
?gc[t
817oa
340,tr
/-;|Tug
\9);1
Uy@&L
iI]oq
OP*/>B^
QF<<o \1
y#Y66X
+}^BWL
u;wANw
AIy2p
Sn~0WS;6
zp?&Rb
T2CR,
"=%;i]W
,w Y.
]ZZ+\
X1OR~
+OAwzN"
'PI>V(IV
}3hTBOcrNE
Bvr*j2
-6zk,
zmk=iiV?
Dfz.!
B<` rG%
=8J_T
HUUmy
"Oj^I
4nyUm
:m:xV
o:Z+>
nN;Dm>
mdhd
(b-UG
&n0K7
O9$bO_~h
G(P<!
#zq'0
$:[al#_
B]x@5
(3j~'
|JB$B
&m(e/K
EWeMq
qQ*z$e
^qn|n
stts
Z5F;@fb
;MDo3
u%~zZ
>cdOS
bvc0ot v2.2.1.3-20250220
uV+Pu
^0#pQ
LP"By
WDlXO
|m+GU
}@)5)
3>]H34
ZR{~yW{
Zj^>"
jDZ5%
fk?!s
a-{f`
bqU~E
v$!x+6
&7LE^
c,.5VO
v&9F*
/9=#_
xn|(Xj
V5Dob
8/3'J
0-1,?j6
Jwvo^\
wK)-Y
V^vHEM5
A#!)N*
>`dyhW!^j
bT1~1
'a5B/:
.NW80/
qLxI2
Z<##7u
He4R[
9qK<&
9]6jj
+9=^3
(Re;J
CNV,t
5)bEd4
B=<qs
a^o`u
,Mtr&
/;t)c
)~)0J
AI`hbb
a$y ,e
B?<gO6k
NvK@zr
t]&,%
@8~rg
KWhzl{
uSY>B
::J_P
E=zfq
}LGeg
?'yHSQ
12Be.{
b>UfD
E1K04
zun{nB"
oLvgtZ
vn[Y^Q
:hRj-
"Sf)}j
bKvKI
ujtu[
sGzx&P
q$oysO
Zw%>5
xle3BCO
h~:>|
GO[Y.A?
+&*`u
ixORc
6GBNM<)&$
NdLDK
0YHOc
QT~\!
W{~I~
/$`uxPU[z-
v%}ZF
DmmmNu/
e|P,)
Echc{E
Ha>NB
{tHuo
y|IC:i@B5
dR=l:)
L*g;"
'1QRP'D
Nia}6X
e"Ivs
Processing 2.23s
- 2.106s CAPE
- 0.046s NetworkAnalysis
- 0.038s BehaviorAnalysis
- 0.036s AnalysisInfo
- 0.002s Debug
Signatures 0.12s
- 0.027s antiav_detectreg
- 0.01s infostealer_ftp
- 0.01s territorial_disputes_sigs
- 0.006s antianalysis_detectreg
- 0.006s infostealer_im
- 0.005s network_dns_url_shortener
- 0.004s suspicious_tld
- 0.004s ransomware_files
- 0.003s antiav_detectfile
- 0.003s antivm_vbox_keys
- 0.003s ransomware_extensions_known
- 0.002s network_dyndns
- 0.002s antianalysis_detectfile
- 0.002s antivm_vmware_keys
- 0.002s antivm_xen_keys
- 0.002s infostealer_bitcoin
- 0.002s infostealer_mail
- 0.002s suspicious_command_tools
- 0.002s uses_windows_utilities
- 0.001s network_torgateway
- 0.001s antidebug_devices
- 0.001s antivm_bochs_keys
- 0.001s antivm_generic_diskreg
- 0.001s antivm_hyperv_keys
- 0.001s antivm_parallels_keys
- 0.001s antivm_vbox_files
- 0.001s antivm_vpc_keys
- 0.001s ketrican_regkeys
- 0.001s browser_security
- 0.001s suspicious_browser_arguments
- 0.001s bypass_firewall
- 0.001s disables_backups
- 0.001s disables_browser_warn
- 0.001s disables_power_options
- 0.001s masquerade_process_name
- 0.001s network_dns_opennic
- 0.001s network_dns_paste_site
- 0.001s network_dns_temp_file_storage
- 0.001s recon_fingerprint
Reporting 0.00s
- 0.003s JsonDump
Signatures
Network activity detected but not expressed in monitor API logs
ip: 192.178.183.94
ip: 142.251.16.94
ip: 172.253.157.95
ip: 151.101.206.172
ip: 20.190.159.23
domain: wmploc.dll
domain: beacons.gcp.gvt2.com
Queried the FIPS cryptography policy, can be used to adapt C2 network encryption or by legitimate encryption software
behavioral_fips_reconnaissance: ["cmd.exe (PID: 4120) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "cmd.exe (PID: 4120) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "cmd.exe (PID: 4120) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'", "cmd.exe (PID: 4120) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "cmd.exe (PID: 4120) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'"]
Queries registry mount points to identify historical or connected removable/network drives
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
Created a process from a suspicious location
file: C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4
command: "C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4"
Screenshots
Summary
- C:\Users\Rajesh\AppData\Local\Temp
- C:\Users
- C:\Users\Rajesh
- C:\Users\Rajesh\AppData
- C:\Users\Rajesh\AppData\Local
- C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4
- C:\Windows\System32\kernel.appcore.dll
- \Device\CNG
- \Device\DeviceApi\CMApi
- \??\MountPointManager
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
- HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
- HKEY_CURRENT_USER\Software\Microsoft\Command Processor
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
- HKEY_CURRENT_USER
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
- HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes
- HKEY_CURRENT_USER\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
- HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
- HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
- "C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4"
- C:\Users\Rajesh\AppData\Local\Temp\ssstik.io__jeznions_.mp4
No results found.
No behavioral analysis data available.
Sorry! No strace.
Sorry! No tracee.
Hosts
No hosts contacted.
TCP Connections
No TCP connections recorded.
UDP Connections
No UDP connections recorded.
DNS Requests
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP Traffic
No SMTP traffic performed.
IRC Traffic
No IRC requests performed.
ICMP Traffic
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.
No dropped files found.
Sorry! No process dumps.