Advanced File Analysis System

File Name: bf352825a70685039401abde5daf1712fd968d6eee233ea72393cbc6faffe5a2.bin

File Type: PE32 executable (GUI) Intel 80386, for MS Windows

SHA1: 949f1903642e72575e107ee492faba670c8e0006

MD5: 5384f752e3a2b59fad9d0f143ce0215a

Download Kill Chain Report

Accessed Files

C:\Users\user\AppData\Local\Temp
C:\Windows\SysWOW64\explorer.exe
C:\Users\user\AppData\Roaming\9a5b7f1e
C:\Users\user\AppData\Local\Temp\949f1903642e72575e107ee492faba670c8e0006.exe
C:\Users\user\AppData\Roaming\9a5b7f1e\252729a89a.exe
- C:\Windows\SysWOW64\svchost.exe
- C:\Users\user\AppData\Roaming\f1e3b452
- C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
- C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
- C:\Windows\System32\ras\*.pbk
- C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
- C:\Users\user\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
- C:\Users\user\AppData\LocalLow
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
Show More 24

Read Registry Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\appdata
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\FileDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\FileDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2298303332-66077612-2598613238-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
Show More 32

Modified Files

C:\Users\user\AppData\Roaming\9a5b7f1e
C:\Users\user\AppData\Roaming\9a5b7f1e\252729a89a.exe
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
Show More 11

Resolved APIs

kernel32.dll.GetModuleHandleA
kernel32.dll.LoadLibraryA
kernel32.dll.VirtualAlloc
kernel32.dll.VirtualFree
kernel32.dll.OutputDebugStringA
- ntdll.dll._stricmp
- ntdll.dll.memset
- ntdll.dll.memcpy
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptCreateHash
- cryptsp.dll.CryptHashData
- cryptsp.dll.CryptGetHashParam
- cryptsp.dll.CryptDestroyHash
- cryptsp.dll.CryptReleaseContext
- cryptbase.dll.SystemFunction036
- oleaut32.dll.#500
- rasapi32.dll.RasConnectionNotificationW
- ole32.dll.CoInitializeEx
- advapi32.dll.RegDeleteTreeA
- advapi32.dll.RegDeleteTreeW
- ole32.dll.CoCreateInstance
- ole32.dll.CoTaskMemAlloc
- oleaut32.dll.#8
- oleaut32.dll.#9
- oleaut32.dll.DllGetClassObject
- oleaut32.dll.DllCanUnloadNow
- advapi32.dll.RegOpenKeyW
- ole32.dll.CoTaskMemFree
- ole32.dll.StringFromIID
- iphlpapi.dll.GetAdaptersAddresses
- dhcpcsvc.dll.DhcpRequestParams
- oleaut32.dll.#2
- oleaut32.dll.#6
- ole32.dll.CoUninitialize
- shlwapi.dll.UrlGetPartW
- winhttp.dll.WinHttpOpen
- winhttp.dll.WinHttpSetTimeouts
- winhttp.dll.WinHttpSetOption
- winhttp.dll.WinHttpCrackUrl
- shlwapi.dll.StrCmpNW
- cryptbase.dll.SystemFunction001
- cryptbase.dll.SystemFunction002
- cryptbase.dll.SystemFunction003
- cryptbase.dll.SystemFunction004
- cryptbase.dll.SystemFunction005
- cryptbase.dll.SystemFunction028
- cryptbase.dll.SystemFunction029
- cryptbase.dll.SystemFunction034
- cryptbase.dll.SystemFunction040
- cryptbase.dll.SystemFunction041
- winhttp.dll.WinHttpConnect
- winhttp.dll.WinHttpOpenRequest
- winhttp.dll.WinHttpGetDefaultProxyConfiguration
- winhttp.dll.WinHttpGetIEProxyConfigForCurrentUser
- nsi.dll.NsiAllocateAndGetTable
- cfgmgr32.dll.CM_Open_Class_Key_ExW
- iphlpapi.dll.ConvertInterfaceGuidToLuid
- iphlpapi.dll.GetIfEntry2
- iphlpapi.dll.GetIpForwardTable2
- iphlpapi.dll.GetIpNetEntry2
- iphlpapi.dll.FreeMibTable
- nsi.dll.NsiFreeTable
- sechost.dll.ConvertSidToStringSidW
- profapi.dll.#104
- winhttp.dll.WinHttpTimeFromSystemTime
- winhttp.dll.WinHttpSendRequest
- ws2_32.dll.GetAddrInfoW
- ws2_32.dll.WSASocketW
- ws2_32.dll.#2
- ws2_32.dll.#21
- ws2_32.dll.#9
- ws2_32.dll.WSAIoctl
- ws2_32.dll.FreeAddrInfoW
- ws2_32.dll.#6
- ws2_32.dll.#5
- ws2_32.dll.WSARecv
- ws2_32.dll.WSASend
- winhttp.dll.WinHttpReceiveResponse
- winhttp.dll.WinHttpQueryHeaders
- shlwapi.dll.StrStrIW
- winhttp.dll.WinHttpQueryDataAvailable
- winhttp.dll.WinHttpReadData
- winhttp.dll.WinHttpCloseHandle
- rpcrt4.dll.RpcBindingFree
- ws2_32.dll.#116
- ws2_32.dll.#3
Show More 81

Registry Keys

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\appdata
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\9a5b7f1e
HKEY_CURRENT_USER\Software\Classes
- HKEY_CURRENT_USER\Software\Classes\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{26656EAA-54EB-4E6F-8F85-4F0EF901A406}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{8A40A45D-055C-4B62-ABD7-6D613E2CEAEC}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{55272A00-42CB-11CE-8135-00AA004BB851}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\TreatAs
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\Progid
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\InprocServer32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\(Default)
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32\ThreadingModel
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocHandler
- HKEY_LOCAL_MACHINE\Software\Microsoft\OleAut
- HKEY_CURRENT_USER\Software\Classes\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{BCD1DE7E-2DB1-418B-B047-4A74E101F8C1}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Classes\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32
- HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2A1C9EB2-DF62-4154-B800-63278FCB8037}\ProxyStubClsid32\(Default)
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Wpad
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadExpirationDays
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoProxyDetectType
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecisionReason
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadNetworkName
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\0a-00-27-00-00-00
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASAPI32\FileDirectory
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\EnableFileTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\FileTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\EnableConsoleTracing
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\ConsoleTracingMask
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\MaxFileSize
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\svchost_RASMANCS\FileDirectory
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\ProgramData
- HKEY_USERS\S-1-5-21-2298303332-66077612-2598613238-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\AppData
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2298303332-66077612-2598613238-1000
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-2298303332-66077612-2598613238-1000\ProfileImagePath
- HKEY_CURRENT_USER\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\SchemeDllRetrieveEncodedObjectW
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\SchemeDllRetrieveEncodedObjectW
- HKEY_LOCAL_MACHINE\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\WinHttpSettings
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\Local AppData
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ChainEngine\Config
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\OID\EncodingType 0\CertDllCreateCertificateChainEngine\Config\EnableInetUnknownAuth
Show More 73

Read Files

C:\Users\user\AppData\Local\Temp
C:\Users\user\AppData\Local\Temp\949f1903642e72575e107ee492faba670c8e0006.exe
C:\Users\user\AppData\Roaming\f1e3b452
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E49827401028F7A0F97B5576C77A26CB_7CE95D8DCA26FE957E7BD7D76F353B08
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DDA0FB4C19C05ADBCFF4DD29A3593F63
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_74167E25E5476CCA2A5946AAA61BF9E1
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5457A8CE4B2A7499F8299A013B6E1C7C_CE50F893881D43DC0C815E4D80FAF2B4
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
- C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_C7B398B93BFA7397A840C520A0E096A2
Show More 12

Mutexes

DBWinMutex
IESQMMUTEX_0_208

Modified Registry Keys

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\9a5b7f1e
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecisionReason
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecisionTime
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadDecision
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{E2D0CA08-2243-4725-9430-A8A2D5F46E6B}\WpadNetworkName
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionReason
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecisionTime
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\0a-00-27-00-00-00\WpadDecision
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
Show More 5

Loading...