'
metaflows logo
Category Started On Completed On Duration Cuckoo Version
FILE 2016-09-01 15:15:58.487532 2016-09-01 15:19:00.492991 182 seconds 2.0-dev
Machine Label Manager Started On Shutdown On
win7cuckoo2 win7 Clone 2 VirtualBox 2016-09-01 15:16:00 2016-09-01 15:18:59

File Details

File name 26864ecc0ed183f192009058a4547cbaf7b50e1c.exe
File size 1094501 bytes
File type PE32 executable for MS Windows (GUI) Intel 80386 32-bit
CRC32 7A21AD89
MD5 b53ad22d5a8e16d11ffb919eb07c9b89
SHA1 26864ecc0ed183f192009058a4547cbaf7b50e1c
SHA256 fbf53615ed884e887946d98f3fa5a852f48faafec24e11f7e6bf9e3bba1580fc
SHA512 99b0acc3268b8ed0387f0e998d9da99ad685a9e462a7ee574551eeae6df14396b6aad678536593496947764b2d48b2930a02ec7774698b198da9e73b3fdcad16
Ssdeep 24576:/Jid0TqwtLZWtp1VnSc01wLnvcHv8d2coHeD1KTzvtO1k6PTnK:60Th1KBnv0mMM2ARavtO+6DK
PEiD None matched
Yara None matched
VirusTotal Permalink
VirusTotal Scan Date: 2016-08-24 00:25:06
Detection Rate: 1/55 (Expand)

MetaFlows Scores

Metaflows Analysis Results (Signatures=75, Anomalies=0, PEiD=0, Yara=0, VT[1472743180]=0): Snort Events=0, AV Events=1
Total Score=75

CLAMAV DETECTED:
Can't write to file ERROR

Signatures

has_pdb details
packer_entropy details
exploit_heapspray details

Screenshots

No screenshots available.

Static Analysis

Sections

Resources

Imports

Strings

Dropped Files

7c21b29e4d388803_copy_reg.pyo

932345ee549e0c58___init__.pyc

18d2d98bca28d6b9_connections.pyo

8252bb49d8d5a5ab_warnings.pyo

43b8421145e209a8_cr.pyo

1b937bf1a2d38129__weakrefset.pyo

0340826546a4507f___init__.pyo

3e01a5b4eebc20b7_ntpath.pyo

82d4445792ebc4fe_sre_constants.pyo

4b19806ef7e0f63f___init__.pyo

cdf2315c998bd23c_release.pyo

1898c6e90c00e0ed_sre_compile.pyo

7478d33a3f644075_re.pyo

1551b9f8f8f098b6_aliases.pyo

06c85728eab4e04f_os.pyo

abda9aaf11972c22_refresh.pyc

bed3bb93031fb55f_converters.pyo

4a4fdb50e0ebca6a_times.pyc

cbdf38a7a9536da4_stat.pyo

52def964142be689_removemysql-python.exe

c93dfcabd4df774b_abc.pyo

c8dbd66ba659fe15_cursors.pyc

40728f9b5c8ab89a_traceback.pyo

1099ce7c2da6704c_userdict.pyo

bd54ea0286a4f754_py_compile.pyo

5ec167fca6d3c3b3__abcoll.pyo

36ab77108588530c_functools.pyo

9c8c5ff02bb449b3_types.pyo

79631d74a94ffc42_er.pyc

0ac3fb6cb3698989_flag.pyo

73f134eeddee9ddd_site.pyo

779adffcb8f910c8_locale.pyo

8bf41e3dbea9e47d___init__.pyo

69a261bda60c8ea1_sre_parse.pyo

2ee1f30c830f61ba_mysql-python-wininst.log

1cb737d02ef13a1d_linecache.pyo

d1a766d9f3b1f47e_cp1252.pyo

8be3c16a2dbe83bb_sysconfig.pyo

2975ba82cf67652a_field_type.pyo

8b0a39f18bca0a54_codecs.pyo

3d13544e91a7db17__mysql_exceptions.pyc

e8ce5cb41c1bd68d_genericpath.pyo

0eca5dfb0a63cf6c_client.pyo

Network Analysis

Hosts Involved

DNS Requests

HTTP Requests

Behavior Summary

File-Read
  • C:\Python27\Lib\site-packages\MySQLdb\connections.py
  • C:\Python27\Lib\UserDict.py
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CR.py
  • C:\Python27\Lib\os.pyc
  • C:\Python27\Lib\linecache.py
  • C:\Python27\Lib\sre_constants.py
  • C:\Python27\Lib\site-packages\MySQLdb\release.py
  • C:\Python27\Lib\warnings.py
  • C:\Python27\Lib\re.py
  • C:\Python27\Lib\ntpath.pyc
  • C:\Users\Harry Dresden\AppData\Local\Temp\~duFF8C.tmp
  • C:\Python27\Lib\site-packages\MySQLdb\__init__.py
  • C:\Python27\Lib\_abcoll.pyc
  • C:\Python27\Lib\copy_reg.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\converters.py
  • C:\Python27\Lib\warnings.pyc
  • C:\Python27\Lib\locale.py
  • C:\Python27\Lib\traceback.pyc
  • C:\Python27\Lib\sysconfig.py
  • C:\Python27\Lib\encodings\aliases.py
  • C:\Python27\Lib\types.pyc
  • C:\Python27\Lib\sre_parse.py
  • C:\Python27\Lib\UserDict.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\ER.py
  • C:\Python27\Lib\codecs.pyc
  • C:\Python27\Lib\encodings\aliases.pyc
  • C:\Python27\Lib\os.py
  • C:\Python27\Lib\site-packages\MySQLdb\constants\REFRESH.py
  • C:\Python27\Lib\functools.pyc
  • C:\Python27\Lib\_abcoll.py
  • C:\Python27\Lib\sysconfig.pyc
  • C:\Python27\Lib\copy_reg.py
  • C:\Python27\Lib\encodings\cp1252.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\times.py
  • C:\Python27\Lib\types.py
  • C:\Python27\Lib\genericpath.pyc
  • C:\Python27\Lib\stat.pyc
  • C:\Python27\Lib\re.pyc
  • C:\Python27\Lib\linecache.pyc
  • C:\Python27\Lib\codecs.py
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FLAG.py
  • C:\Python27\Lib\encodings\__init__.py
  • C:\Python27\Lib\encodings\cp1252.py
  • C:\Python27\Lib\sre_constants.pyc
  • C:\Python27\Lib\traceback.py
  • C:\Python27\Lib\_weakrefset.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\__init__.py
  • C:\Python27\Lib\sre_compile.pyc
  • C:\Python27\Lib\functools.py
  • C:\Python27\Lib\site.pyc
  • C:\Python27\Lib\site.py
  • C:\Python27\Lib\genericpath.py
  • C:\Windows\Fonts\staticcache.dat
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CLIENT.py
  • C:\Python27\Lib\_weakrefset.py
  • C:\Python27\Lib\abc.pyc
  • C:\Python27\Lib\stat.py
  • C:\Python27\Lib\py_compile.py
  • C:\Python27\Lib\site-packages\MySQLdb\cursors.py
  • C:\Python27\Lib\locale.pyc
  • C:\Python27\Lib\sre_parse.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FIELD_TYPE.py
  • C:\Python27\Lib\abc.py
  • C:\Python27\Lib\ntpath.py
  • C:\Python27\Lib\py_compile.pyc
  • C:\Python27\Lib\encodings\__init__.pyc
  • C:\Python27\Lib\sre_compile.py
  • C:\Python27\Lib\site-packages\_mysql_exceptions.py
File-Written
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CR.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\ER.pyo
  • C:\Python27\Lib\os.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CR.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\__init__.pyc
  • C:\Python27\Lib\_abcoll.pyo
  • C:\Python27\Lib\copy_reg.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\cursors.pyc
  • C:\Python27\Lib\ntpath.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\cursors.pyo
  • C:\Python27\Lib\codecs.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\ER.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\__init__.pyo
  • C:\Python27\Lib\UserDict.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FLAG.pyo
  • C:\Python27\Lib\types.pyo
  • C:\Python27\Lib\warnings.pyo
  • C:\Python27\Lib\traceback.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FLAG.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\REFRESH.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\REFRESH.pyo
  • C:\Python27\Lib\functools.pyo
  • C:\Python27\Lib\re.pyo
  • C:\Python27\Lib\encodings\aliases.pyo
  • C:\Python27\Lib\sysconfig.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\times.pyo
  • C:\Python27\Lib\linecache.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\connections.pyo
  • C:\Python27\Lib\genericpath.pyo
  • C:\Python27\Lib\stat.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\connections.pyc
  • C:\Python27\Lib\site-packages\_mysql_exceptions.pyo
  • C:\Python27\Lib\encodings\cp1252.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\times.pyc
  • C:\Python27\Lib\sre_compile.pyo
  • C:\Python27\Lib\_weakrefset.pyo
  • C:\Python27\MySQL-python-wininst.log
  • C:\Python27\Lib\sre_constants.pyo
  • C:\Python27\Lib\abc.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\converters.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\release.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CLIENT.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\release.pyc
  • C:\Python27\RemoveMySQL-python.exe
  • C:\Python27\Lib\site.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\converters.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FIELD_TYPE.pyo
  • C:\Python27\Lib\encodings\__init__.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\__init__.pyo
  • C:\Python27\Lib\py_compile.pyo
  • C:\Python27\Lib\site-packages\_mysql_exceptions.pyc
  • C:\Python27\Lib\sre_parse.pyo
  • C:\Python27\Lib\locale.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FIELD_TYPE.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CLIENT.pyo
  • C:\Python27\Lib\site-packages\MySQLdb\constants\__init__.pyc
File-Deleted
  • C:\Python27\Lib\os.pyo
  • C:\Python27\Lib\_abcoll.pyo
  • C:\Python27\Lib\copy_reg.pyo
  • C:\Python27\Lib\ntpath.pyo
  • C:\Python27\Lib\codecs.pyo
  • C:\Python27\Lib\UserDict.pyo
  • C:\Python27\Lib\types.pyo
  • C:\Python27\Lib\warnings.pyo
  • C:\Python27\Lib\traceback.pyo
  • C:\Python27\Lib\sysconfig.pyo
  • C:\Python27\Lib\functools.pyo
  • C:\Python27\Lib\encodings\aliases.pyo
  • C:\Python27\Lib\linecache.pyo
  • C:\Python27\Lib\genericpath.pyo
  • C:\Python27\Lib\stat.pyo
  • C:\Python27\Lib\re.pyo
  • C:\Python27\Lib\encodings\cp1252.pyo
  • C:\Python27\Lib\sre_compile.pyo
  • C:\Python27\Lib\_weakrefset.pyo
  • C:\Python27\Lib\sre_constants.pyo
  • C:\Python27\Lib\abc.pyo
  • C:\Python27\Lib\site.pyo
  • C:\Python27\Lib\encodings\__init__.pyo
  • C:\Python27\Lib\py_compile.pyo
  • C:\Python27\Lib\sre_parse.pyo
  • C:\Python27\Lib\locale.pyo
File-Opened
  • C:\Python27\Lib\site-packages\MySQLdb\connections.py
  • C:\Python27\Lib\encodings\cp1252.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FLAG.py
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CR.py
  • C:\Python27\Lib\os.pyc
  • C:\Python27\Lib\codecs.pyc
  • C:\Python27\Lib\linecache.py
  • C:\Python27\Lib\sre_constants.py
  • C:\Python27\Lib\encodings\aliases.py
  • C:\Python27\Lib\warnings.py
  • C:\Python27\Lib\re.py
  • C:\Python27\Lib\ntpath.pyc
  • C:\Windows\SysWOW64\en-US\KERNELBASE.dll.mui
  • C:\Users\Harry Dresden\AppData\Local\Temp\~duFF8C.tmp
  • C:\Python27\Lib\site-packages\MySQLdb\__init__.py
  • C:\Python27\Lib\_abcoll.pyc
  • C:\Python27\Lib\copy_reg.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\converters.py
  • C:\Python27\Lib\warnings.pyc
  • C:\Python27\Lib\traceback.pyc
  • C:\Python27\Lib\sysconfig.py
  • C:\Python27\Lib\types.pyc
  • C:\Python27\Lib\encodings\aliases.pyc
  • C:\Python27\Lib\UserDict.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\ER.py
  • C:\Python27\Lib\abc.py
  • C:\Python27\Lib\sre_parse.py
  • C:\Python27\Lib\os.py
  • C:\Python27\Lib\site-packages\MySQLdb\constants\REFRESH.py
  • C:\Python27\Lib\locale.py
  • C:\Python27\Lib\_abcoll.py
  • C:\Python27\Lib\sysconfig.pyc
  • C:\Users\Harry Dresden\AppData\Local\Temp\26864ecc0ed183f192009058a4547cbaf7b50e1c.exe
  • C:\Python27\Lib\copy_reg.py
  • C:\Python27\Lib\UserDict.py
  • C:\Python27\Lib\site-packages\MySQLdb\times.py
  • C:\Python27\Lib\types.py
  • C:\Python27\Lib\genericpath.pyc
  • C:\Python27\Lib\stat.pyc
  • C:\Python27\Lib\re.pyc
  • C:\Python27\Lib\linecache.pyc
  • C:\Python27\Lib\codecs.py
  • C:\Python27\Lib\functools.pyc
  • C:\Python27\Lib\encodings\__init__.py
  • C:\Python27\Lib\encodings\cp1252.py
  • C:\Python27\Lib\site-packages\MySQLdb\release.py
  • C:\Python27\Lib\sre_constants.pyc
  • C:\Python27\Lib\traceback.py
  • C:\Python27\Lib\_weakrefset.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\__init__.py
  • C:\Python27\Lib\sre_compile.pyc
  • C:\Python27\Lib\functools.py
  • C:\Python27\Lib\site.pyc
  • C:\Python27\Lib\site.py
  • C:\Windows\Fonts\staticcache.dat
  • C:\Windows\Globalization\Sorting\sortdefault.nls
  • C:\Python27\Lib\site-packages\MySQLdb\constants\CLIENT.py
  • C:\Python27\Lib\_weakrefset.py
  • C:\Python27\Lib\abc.pyc
  • C:\Python27\Lib\encodings\__init__.pyc
  • C:\Python27\Lib\py_compile.py
  • C:\Python27\Lib\site-packages\MySQLdb\cursors.py
  • C:\Python27\Lib\locale.pyc
  • C:\Python27\Lib\sre_parse.pyc
  • C:\Python27\Lib\site-packages\MySQLdb\constants\FIELD_TYPE.py
  • C:\Python27\Lib\genericpath.py
  • C:\Python27\Lib\ntpath.py
  • C:\Python27\Lib\py_compile.pyc
  • C:\Python27\Lib\stat.py
  • C:\Python27\Lib\sre_compile.py
  • C:\Python27\Lib\site-packages\_mysql_exceptions.py
Directory-Created
  • C:\Python27\Lib\site-packages\MySQLdb\constants
  • C:\Python27\Lib\site-packages\MySQL_python-1.2.4b4-py2.7.egg-info
  • C:\Python27\Lib\site-packages\MySQLdb
Directory-Enumerated
  • C:\Users\Harry Dresden\AppData\Local\Temp
  • C:\Python27\Lib\linecache.py
  • C:\Python27\Lib\sre_constants.py
  • C:\Python27\Lib\warnings.py
  • C:\Python27\Lib\plat-win
  • C:\Windows\System32\python27.zip
  • C:\Windows\System32
  • C:\Python27\Lib\encodings
  • C:\Python27\*.*
  • C:\Python27\Lib\sysconfig.py
  • C:\Python27\Lib\sre_parse.py
  • C:\Python27\Lib\os.py
  • C:\Python27\Lib\locale.py
  • C:\Python27\Lib\_abcoll.py
  • C:\Python27\Lib\copy_reg.py
  • C:\Python27\Lib
  • C:\Python27\Lib\UserDict.py
  • C:\Python27\Lib\lib-tk
  • C:\Python27\Lib\types.py
  • C:\Python27\Lib\re.py
  • C:\Windows
  • C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll
  • C:\Python27\Lib\abc.py
  • C:\Python27\Lib\site-packages
  • C:\Python27\Lib\encodings\__init__.py
  • C:\Python27\Lib\encodings\cp1252.py
  • C:\Python27
  • C:\Python27\Lib\traceback.py
  • C:\Python27\Lib\site-packages\*.*
  • C:\Python27\Lib\encodings\aliases.py
  • C:\Python27\Lib\functools.py
  • C:\Python27\Lib\codecs.py
  • C:\Python27\Lib\site.py
  • C:\Python27\Lib\_weakrefset.py
  • C:\Python27\Lib\py_compile.py
  • C:\Python27\Lib\genericpath.py
  • C:\Windows\winsxs
  • C:\Python27\Lib\ntpath.py
  • C:\Python27\DLLs
  • C:\Python27\Lib\stat.py
  • C:\Python27\Lib\sre_compile.py
Registry Key-Opened
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\site
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\_weakrefset
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\UserDict
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\genericpath
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_parse
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\types
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\usercustomize
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\functools
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MySQL-python-py2.7
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\_abcoll
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\abc
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\PythonPath
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_parse
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\genericpath
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\warnings
  • HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\os
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\copy_reg
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\UserDict
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\abc
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\KnownClasses
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\stat
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sitecustomize
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sysconfig
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sysconfig
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\site
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\InstallPath
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sitecustomize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
  • HKEY_CURRENT_USER\Software\Python\PythonCore
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\PythonPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_constants
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\usercustomize
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\encodings
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\linecache
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\traceback
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\ntpath
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_constants
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\codecs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\copy_reg
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\py_compile
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\stat
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\types
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\linecache
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\re
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\sre_compile
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\codecs
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\locale
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\26864ecc0ed183f192009058a4547cbaf7b50e1c.exe
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\os
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\re
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\_weakrefset
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\py_compile
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\encodings
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\sre_compile
  • HKEY_LOCAL_MACHINE\Software\Python\PythonCore\2.7\Modules\warnings
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Shell Dlg
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\locale
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\traceback
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\ntpath
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\functools
  • HKEY_CURRENT_USER\Software\Python\PythonCore\2.7\Modules\_abcoll
Registry Key-Read
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\TIP\{0000897b-83df-4b96-be07-0fb58b01c4a4}\LanguageProfile\0x00000000\{0001bea3-ed56-483d-a2e2-aeae25577436}\Enable
  • HKEY_CURRENT_USER\Control Panel\Desktop\PreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\AlternateCodePage
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language\InstallLanguageFallback
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Locale\00000409
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\CTF\EnableAnchorContext
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Language Groups\1
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Python\PythonCore\2.7\InstallPath\(Default)
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Shell Dlg
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
  • HKEY_CURRENT_USER\Control Panel\Desktop\MuiCached\MachinePreferredUILanguages
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\EMPTY
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\MUI\UILanguages\en-US\Type
Registry Key-Written
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MySQL-python-py2.7\DisplayName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MySQL-python-py2.7\UninstallString

Processes

registry filesystem process services network synchronization

C:\Windows\system32\lsass.exe PID: 460, Parent PID: 364

"C:\Users\Harry Dresden\AppData\Local\Temp\26864ecc0ed183f192009058a4547cbaf7b50e1c.exe" PID: 5936, Parent PID: 5224

Volatility

Nothing to display.