Analysis Report · CAPE Sandbox

Analysis

Category	Package	Started	Completed	Duration	Options	Log(s)
FILE	exe	2025-06-13 17:32:48	2025-06-13 18:03:50	1862 seconds	Show Options	Show Analysis Log

procmemdump=1
import_reconstruction=1
unpacker=2
norefer=1
no-iat=1

2024-11-25 13:37:15,209 [root] INFO: Date set to: 20250613T10:32:12, timeout set to: 1800
2025-06-13 11:32:12,705 [root] DEBUG: Starting analyzer from: C:\tmp_gell1p8
2025-06-13 11:32:12,705 [root] DEBUG: Storing results at: C:\mZmWgxH
2025-06-13 11:32:12,705 [root] DEBUG: Pipe server name: \\.\PIPE\gxpNJC
2025-06-13 11:32:12,705 [root] DEBUG: Python path: C:\Users\Packager\AppData\Local\Programs\Python\Python310-32
2025-06-13 11:32:12,705 [root] INFO: analysis running as an admin
2025-06-13 11:32:12,705 [root] INFO: analysis package specified: "exe"
2025-06-13 11:32:12,705 [root] DEBUG: importing analysis package module: "modules.packages.exe"...
2025-06-13 11:32:13,127 [root] DEBUG: imported analysis package "exe"
2025-06-13 11:32:13,142 [root] DEBUG: initializing analysis package "exe"...
2025-06-13 11:32:13,142 [lib.common.common] INFO: wrapping
2025-06-13 11:32:13,142 [lib.core.compound] INFO: C:\Users\Packager\AppData\Local\Temp already exists, skipping creation
2025-06-13 11:32:13,142 [root] DEBUG: New location of moved file: C:\Users\Packager\AppData\Local\Temp\NetworkTrafficView.exe
2025-06-13 11:32:13,142 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL option
2025-06-13 11:32:13,142 [root] INFO: Analyzer: Package modules.packages.exe does not specify a DLL_64 option
2025-06-13 11:32:13,142 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader option
2025-06-13 11:32:13,142 [root] INFO: Analyzer: Package modules.packages.exe does not specify a loader_64 option
2025-06-13 11:32:13,408 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2025-06-13 11:32:13,439 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2025-06-13 11:32:13,455 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2025-06-13 11:32:13,470 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2025-06-13 11:32:13,486 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2025-06-13 11:32:13,486 [lib.api.screenshot] ERROR: No module named 'PIL'
2025-06-13 11:32:13,486 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2025-06-13 11:32:13,486 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2025-06-13 11:32:13,486 [root] DEBUG: Initialized auxiliary module "Browser"
2025-06-13 11:32:13,486 [root] DEBUG: attempting to configure 'Browser' from data
2025-06-13 11:32:13,486 [root] DEBUG: module Browser does not support data configuration, ignoring
2025-06-13 11:32:13,486 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2025-06-13 11:32:13,486 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2025-06-13 11:32:13,486 [root] DEBUG: Initialized auxiliary module "DigiSig"
2025-06-13 11:32:13,486 [root] DEBUG: attempting to configure 'DigiSig' from data
2025-06-13 11:32:13,486 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2025-06-13 11:32:13,486 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2025-06-13 11:32:13,486 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2025-06-13 11:32:24,986 [modules.auxiliary.digisig] DEBUG: File has a valid signature
2025-06-13 11:32:24,986 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2025-06-13 11:32:25,220 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2025-06-13 11:32:25,220 [root] DEBUG: Initialized auxiliary module "Disguise"
2025-06-13 11:32:25,220 [root] DEBUG: attempting to configure 'Disguise' from data
2025-06-13 11:32:25,220 [root] DEBUG: module Disguise does not support data configuration, ignoring
2025-06-13 11:32:25,220 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2025-06-13 11:32:25,220 [modules.auxiliary.disguise] INFO: Disguising GUID to 5cb1f9c1-8350-4f7b-8488-0b9f5262cdbf
2025-06-13 11:32:25,220 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2025-06-13 11:32:25,220 [root] DEBUG: Initialized auxiliary module "Human"
2025-06-13 11:32:25,220 [root] DEBUG: attempting to configure 'Human' from data
2025-06-13 11:32:25,220 [root] DEBUG: module Human does not support data configuration, ignoring
2025-06-13 11:32:25,220 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2025-06-13 11:32:25,220 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2025-06-13 11:32:25,220 [root] DEBUG: Initialized auxiliary module "Screenshots"
2025-06-13 11:32:25,220 [root] DEBUG: attempting to configure 'Screenshots' from data
2025-06-13 11:32:25,220 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2025-06-13 11:32:25,220 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2025-06-13 11:32:25,220 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2025-06-13 11:32:25,220 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2025-06-13 11:32:25,220 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2025-06-13 11:32:25,220 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2025-06-13 11:32:25,220 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2025-06-13 11:32:25,220 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2025-06-13 11:32:25,220 [modules.auxiliary.tlsdump] INFO: lsass.exe found, pid 696
2025-06-13 11:32:25,252 [lib.api.process] INFO: Monitor config for <Process 696 lsass.exe>: C:\tmp_gell1p8\dll\696.ini
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'procmemdump' with value '1' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'import_reconstruction' with value '1' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'unpacker' with value '2' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'norefer' with value '1' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'no-iat' with value '1' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: Option 'tlsdump' with value '1' sent to monitor
2025-06-13 11:32:25,267 [lib.api.process] INFO: 64-bit DLL to inject is C:\tmp_gell1p8\dll\yLKHDT.dll, loader C:\tmp_gell1p8\bin\wBsGnKoA.exe
2025-06-13 11:32:25,330 [root] DEBUG: Loader: IAT patching disabled.
2025-06-13 11:32:25,330 [root] DEBUG: Loader: Injecting process 696 with C:\tmp_gell1p8\dll\yLKHDT.dll.
2025-06-13 11:32:25,377 [root] DEBUG: 696: Python path set to 'C:\Users\Packager\AppData\Local\Programs\Python\Python310-32'.
2025-06-13 11:32:25,377 [root] INFO: Disabling sleep skipping.
2025-06-13 11:32:25,377 [root] DEBUG: 696: Full process memory dumps enabled.
2025-06-13 11:32:25,377 [root] DEBUG: 696: Import reconstruction of process dumps enabled.
2025-06-13 11:32:25,377 [root] DEBUG: 696: Active unpacking of payloads enabled
2025-06-13 11:32:25,377 [root] DEBUG: 696: CAPE debug - unrecognised key norefer.
2025-06-13 11:32:25,377 [root] DEBUG: 696: TLS secret dump mode enabled.
2025-06-13 11:32:25,377 [root] DEBUG: 696: InternalYaraScan: Scanning 0x00007FF84A790000, size 0x1f4542
2025-06-13 11:32:25,392 [root] DEBUG: 696: InternalYaraScan hit: RtlInsertInvertedFunctionTable
2025-06-13 11:32:25,392 [root] DEBUG: 696: RtlInsertInvertedFunctionTable 0x00007FF84A7A090E, LdrpInvertedFunctionTableSRWLock 0x00007FF84A8FB4F0
2025-06-13 11:32:25,392 [root] DEBUG: 696: Monitor initialised: 64-bit capemon loaded in process 696 at 0x00007FF822E30000, thread 1372, image base 0x00007FF60D500000, stack from 0x0000008EFACF4000-0x0000008EFAD00000
2025-06-13 11:32:25,392 [root] DEBUG: 696: Commandline: C:\Windows\system32\lsass.exe
2025-06-13 11:32:25,423 [root] DEBUG: 696: Hooked 5 out of 5 functions
2025-06-13 11:32:25,439 [root] DEBUG: InjectDllViaThread: Successfully injected Dll into process via RtlCreateUserThread.
2025-06-13 11:32:25,439 [root] DEBUG: Successfully injected DLL C:\tmp_gell1p8\dll\yLKHDT.dll.
2025-06-13 11:32:25,439 [lib.api.process] INFO: Injected into 64-bit <Process 696 lsass.exe>
2025-06-13 11:32:2 <truncated>

Machine

Name	Label	Manager	Started On	Shutdown On	Route
win10-2	win10-2	KVM	2025-06-13 17:32:48	2025-06-13 18:03:31	none

File Details

File Name	NetworkTrafficView.exe
File Type	PE32+ executable (GUI) x86-64, for MS Windows
File Size	255864 bytes
MD5	1227d216064c70b376d2badd63106c03
SHA1	92c34ebe484cdb54cd897b2acb0a3b89365fee9b
SHA256	85f773d523490fee9d8469ae0c8d46506900c49e7307c301b6b1f7ff79c425af [VT] [MWDB] [Bazaar]
SHA3-384	db0de02c64dd0a145661bd63b24644d1e35dbe1bbdc81609700f1d7040e7f371fc48c1c88db3024e3f5d447639441344
CRC32	47BBECEA
TLSH	T186447C45A3F414A9F9BBDA74DD62C723E7B278544734C70F07A08AAA1F23750BE25326
Ssdeep	3072:pyajz8inG3HYeoV4DfBaw0vdlRjMCKra5FeQYUTpFiRaY0GgwkEHAkx65n/r6++X:pyAlU9DfkfllRjmQYOpFijdAk4C3Uo
PE	File Strings BinGraph Vba2Graph

VirusTotal (0/77)

Full Results

Engine	Result	Engine	Result	Engine	Result

@.data

SelectObject

%USERTrust RSA Certification Authority

SetMenuItemInfoW

metagram

t[D9s

tns-cml

cmip-man

GetMenuStringW

GetStartupInfoW

D9qPA

x ATAUAWH

ldaps

>H9>L

appleqtc

WATAUH

Reserved

gppitnp

AutoExport

rsh-spx

contentserver

SeDebugPrivilege

meta5

http-alt

NmGetAdapterCount

CreateWindowExW

WritePrivateProfileStringW

Group By IP Country

xns-courier

tFD9{

EndDialog

SetCursor

fD9-z-

8"u8fff

NetworkTrafficView

sqlserv

rtsps

npmp-local

synotics-broker

comdlg32.dll

_wcslwr

AllocateAndGetTcpExTableFromStack

040904b0

WATAU

190909000000Z

fhwwr

181102000000Z

|g~}.

+D$`D+|$xL

LoadLibraryExW

memcmp

fD9"t

S&top Capture

MAC Address

Show IPv&6 Packets

Q(HcA89

_XcptFilter

AddressesDisplayMode

AutoExportOnlyOnChange

NetworkTrafficView.exe

A]A\_

%s_%d

UnmapViewOfFile

SysListView32

dsfgw

WS2_32.dll

D9aDH

strcmp

K@<"ICB$M?:

/deleteregkey

%s %s

D9vPE

netgw

_initterm

newacct

afpovertcp

/stabular

s}5Ic

LoadLibraryW

`hwwr

srssend

netrjs-4

vsinet

.pdata

NtQuerySystemInformation

wcschr

mondex

OH;H(s

GetModuleFileNameExW

Automatically add NetworkTrafficView to Windows firewall on capture start and remove it when capture is stopped (This option is needed for 'Raw Sockets' method)

D9vtt

l$ VWATH

wwwwww

Sectigo RSA Time Stamping CA0

d$<fD

FPD9%

Error: Cannot load the common control classes.

Copy Exception

L$ Lc

ShowTCP

D$0Lc

/nosaveload

mdc-portmapper

SetMenu

klogin

tTf!T$0H

td-replica

DrawTextExW

repscmd

Addresses Display Mode

8A_A^A]A\_^][

Process32Next

hello-port

wwwwwwwwwwwp

GetMessageW

vettcp

<font

sprintf

Properties

L$XE3

D9o\u

_exit

openvms-sysipc

/CaptureTime

%c%c%c%c%c%c%c%c%c%c

mt^Ju~

ocs_cmu

UVWATAUAVAW

Microsoft Sans Serif

DnsQuery_W

^.o 3

|$ ATH

D9!tf

UseMinimumPackets

H9\$8t

D$0fA

repcmd

nntps

rpc2portmap

9\$PA

9_P~/

shell32.dll

powerburst

Hc^PH

u#9\$P

D;cD|

_memicmp

Save All Items

dhcp-failover2

mortgageware

GetPrivateProfileIntW

CoCreateInstance

HTML Report - All Items

EAX=%16.16I64X EBX=%16.16I64X ECX=%16.16I64X EDX=%16.16I64X

concert

NtSuspendThread

wwwwwwp

hwwwwwwwwwwwwwwwwwwx

301231235959Z0|1

7<`F-

report.html

|$8A^A]A\

GetMenuItemCount

bh611

GetFileAttributesW

&Sort List On Every Update

CompareFileTime

connendp

&Advanced Options

I0G0E

discard

wwwwwwwwwwwwwwwwwwx

ss7ns

ingres-net

http://ocsp.usertrust.com0

Select network adapter:

sdnskmp

DispatchMessageW

NmGetFrameTimeStamp

EIP=%16.16I64X

201023000000Z

arcisdms

dantz

F()x(H

Maxmind File Loaded

TranslatorURL

DestroyIcon

/nocapdriver

hyperwave-isp

country_name

WAVAW

LoadMenuW

d$ H;

L$0A;

CreatePopupMenu

XA_A^A]A\_^][

FileDescription

HTML File - Horizontal

D$(Hc

su-mit-tg

PromiscuousMode

https://sectigo.com/CPS0C

</table>

DhcpSubnetMask

zannet

fD950$

L$0A+@

infoseek

BeginPaint

swift-rvf

Npcap\wpcap.dll

E&xit

fprintf

lanserver

intrinsa

shell

DeviceIoControl

submission

%0.1f

SetWindowLongPtrW

<td bgcolor=#%s nowrap>%s

GeneralGrouping

ggf-ncp

SetWindowLongW

/savelangfile

synotics-relay

onmux

AdjustTokenPrivileges

/sort

T$@A;

l$0E3

GetFileVersionInfoSizeW

NtTerminateThread

F t0H

Width of selected column (in pixels):

D$(E3

Capture On Program Start

f!t$ 3

D9oHL

&Start Capture

secure-aux-bus

u,HcC H

EnumChildWindows

at-nbp

netrjs-2

unidata-ldm

commerce

daytime

strings

9kp~J

GetSysColor

td-service

L$0E3

avian

netrcs

0A]A\_

Greater Manchester1

MainFont

D9oXu$H

D$@A+

9EX~*

Total Packets Size

GetCurrentDirectoryW

Exception !

D$DfB

PacketSnifferClass1

Wshlwapi.dll

Mark &Odd/Even Rows

StretchBlt

PortsFilterMode

bootps

%2.2X

quotad

D$Hu$H

"Always overwrite the previous file"Generate new file on every session

d$8fD

sql-net

Source Address

Advanced Options

ris-cm

IP Addresses Only

ocs_amu

MinimumPackets

uarps

at-echo

ariel3

Process Display Mode

NtUnloadDriver

hmmp-op

OpenTraceW

NmGetRawFrame

T$ E3

_wtoi

Choose config file to load

Ctrl+I

D95j&

KillTimer

SetDlgItemTextW

<item>

wcstoul

@SUVWATAUAV

hosts2-ns

eyelink

D958.

WATAWH

mobilip-mn

DestroyBlob

GetModuleHandleW

ginad

pcap_freecode

GetTimeFormatW

[C]e=P

KiB/Sec

bhfhs

Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\%s\Connection

D;S(}

L$ E3

ocbinder

entrust-kmsh

&Edit

&Next Page

whois++

Choose Colum&ns

datasurfsrvsec

&Show

%%0.%df

%I64d

Packets Count

SystemTimeToFileTime

sfs-config

%-18s: %s

T$`Hc

sonar

A^A]A\_^

ocserver

OriginalFilename

dn6-smm-red

WinPcap capture file*Microsoft Network Monitor 3.x capture file

tcpmux

xns-mail

d$0E3

Speed Unit

ndsauth

0A\_^

D9)t[

FileTimeToSystemTime

mumps

npmp-gui

mpm-flags

ampr-rcmd

Host Names or IP Addresses

netware-ip

&File

uTf!T$ H

Capture Options

ftps-data

Duration

svrloc

Npcap

VWATH

CreateCompatibleBitmap

&Capture Options

tacacs-ds

pcap_open

hp-managed-node

x ATH

MS Sans Serif

ImageList_Add

maitrd

wwwwp

EnableWindow

A;4$r

locus-map

width="%s"

microsoft-ds

corba-iiop

\$@fD

UVWATAUAVAWH

netviewdm2

CloseHandle

nicname

#Sectigo RSA Time Stamping Signer #20

/StartCapture

servstat

swscanf

t$xfD

wpages

8"u!I

Destination Country

ShowIPv6

@P9CP

3http://crt.usertrust.com/USERTrustRSAAddTrustCA.crt0%

d$:fD

LoadResource

_purecall

GetSystemTimeAsFileTime

tempo

AutoExportFilename

entomb

ControlTraceW

&Hide

audionews

fA;0r

ulistproc

AdapterName

gss-xlicen

LD@fD

vacdsm-sws

x ATAUAVAWD

DnsExtractRecordsFromMessage_W

</application>

ibm-app

fD9%w

u(HcS

Use Default Font

strcpy

subdivision_1_name

RegisterWindowMessageW

ddm-dfm

LB@%ICB(HGF"GGG

AutoExportInterval

NmConfigAdapter

oxD9oXu

wcscmp

j0h0?

Options

genie

netsc-prod

k-block

pim-rp-disc

A94$vf

.text

Gt9G|

zserv

Version

CAIlic

rushd

DD$x;

D9)t^

L$2tD

covia

SetWindowPos

UKliC

Export to a file only when there is a change since the previous export

invalid distance too far back

smartsdp

decbsrv

sSTATIC

nxedit

GetDlgItemTextW

ftell

=0;09

mcidas

A_A^A]A\

TCP SACK

D9 vb3

omginitialrefs

{Unknown}

CreateStatusWindowW

mit-ml-dev

decladebug

%2.2X

AlwaysOnTop

macon-tcp

MarkOddEvenRows

A]A\_

OnlyAboveSpeed

emfis-cntl

L$DA+

"%s" /nodlgstart

sift-uft

__dllonexit

DM0Ic

fclose

H9s0u>H9s8u83

VERSION.dll

RegEnumKeyExW

busboy

fD92t`H

cycleserv2

Source Country

Open NetworkTrafficView

Network Monitor Driver 3.x

3com-tsmux

hp-alarm-mgr

3http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#

Choose a capture file to load

softpc

COMCTL32.dll

&Properties

chshell

fopen

Zl$8f

p WATAUH

genrad-mux

D99ti

NirSoft

__C_specific_handler

AddExportHeaderLine

nextstep

work-sol

0A_A^A]A\_^]

GetSysColorBrush

Packet Direction Grouping:

2&-jWp

MoveWindow

LoadAcceleratorsW

phonebook

ohimsrv

CreateEventW

040904E4

dls-mon

E94$viI

DeleteObject

knet-cmp

ulD9%

t$ WH

kpasswd

-TLYZ5

EmptyClipboard

A;PPu

pcap_findalldevs_ex

RtlIpv6AddressToStringW

D&eselect All

apertus-ldp

The following application error has occurred:

iso-tsap

mobileip-agent

KhH+Kx

T$@D)oHD

dbase

hyper-g

acr-nema

StartAsHidden

NtResumeThread

%USERTrust RSA Certification Authority0

imap4-ssl

<wt-<ru.H

GetWindowRect

Group by Destination Address

<?xml version="1.0" ?>

` AUH

L$@A;

EndPaint

at-zis

f!D$0H

&Find

cisco-fna

Automatically export all folder changes to a file every....

*.xml

GetModuleBaseNameW

SetClipboardData

D95g)

f9K,uAH

D9)tZ

0A_A]A\

%2.2X%2.2X%2.2X

GetDateFormatW

/load_file_netmon

telnet

l$ VWATAUAV

SHGetSpecialFolderPathW

*.cfg

Display Filter Options

deviceshare

</asmv3:application><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1">

IPNetInfo - Source IP

accessbuilder

npmp-trap

Data Speed

SubnetMask

WATAVH

comctl32.dll

SYSTEM\CurrentControlSet

bhevent

mit-dov

cimplex

RtlIpv6StringToAddressW

texar

EndDeferWindowPos

sysdatetimepick32

rfile

@.rsrc

NmGetAdapter

JB?&ICB'HFC&HFE$GGG

is99c

L$0t$

ServiceName

fD9d$Lu

meter

</table><p>

Wntdll.dll

`A_A^A]A\_^]

Ethernet Type

pcap_compile

Arial

dnsapi.dll

LegalCopyright

GetNetworkInfoFromBlob

NmGetRawFrameLength

xns-ch

nsiiops

ICMPv6

garcon

TFt1b

+D$dH;

D9)tb

SetCurrentDirectoryW

dec_dlm

D$0|_

GetSaveFileNameW

9yH~\

MonitorFromWindow

A3D$$A

Select &All

l$XD;

inbusiness

itm-mcell-s

&Generate filename with numeric counter Generate filename with date/time

utmpsd

pcap_next

@A]A\_^]

multiplex

F tFH

streettalk

@A_A^A]A\_^]

%d item(s)

Q0LcA<D9

NT Kernel Logger

fread

Columns

ulpnet

LoadStringW

sfs-smp-net

WAVAWH

dsETOS

/nosort

Process32NextW

Capture Method

Process ID

GetAdaptersInfo

netbios-ssn

Add Header Line To CSV/Tab-Delimited File

Gp9G|r

dsp3270

QueryFullProcessImageNameW

Sectigo RSA Code Signing CA

legent-1

xns-auth

netrjs-1

List1

cab-protocol

Ctrl+X

strlen

smpnameres

ImageList_Create

OriginalFileName

20210708091733Z

T$ D;

dixie

WaitForSingleObject

@SUVWATAUAVAW

netmsg.dll

RtlInitUnicodeString

D$(fB

SetPixel

x ATAUAW

New Jersey1

lstrlenW

qsort

aminet

Auto Size Columns On Every Update

decauth

OpenProcessToken

tenfold

iafdbase

ModifyMenuW

%s_%4.4d%2.2d%2.2d%2.2d%2.2d%2.2d

ni-mail

StartTraceW

MessageBoxW

SVWATAUAVAWH

wwwwwp

DeviceDesc

fA;P"

S8H!{(

opalis-rdv

320122235959Z0

TCP Reset

CLD#K|L#

D$@Hk

Ctrl+F

memcpy

SetForegroundWindow

D9GDH

Group by Source Address

creativepartnr

ptp-event

uufD;

Host Names and IP Addresses

D$8=k

mm-admin

SetErrorMode

%s [%4.4x]

/scomma

190502000000Z

snare

&Previous Page

D$@Lc

sqlsrv

vemmi

WinPos

Unidentified Packets

keyserver

eudora-set

GeoLite2-City-Blocks-IPv4.csv

scoi2odialog

RunAs

sanity

ExpandEnvironmentStringsW

ipcserver

pcap_open_live

Adapter Name

914c/g

z39.50

remote-kis

TrayMenu

ZwOpenSection

__setusermatherr

HeapFree

legent-2

a.exe

SaveFilterIndex

GetTickCount

Registers:

Network Monitor Driver

u~L95

xdmcp

subntbcst_tftp

citadel

A^A]A\_^

wcscat

mpm-snd

vpps-qua

PostMessageW

kryptolan

&Copy Selected Items

fA9Lu

GGG-GGG-GGG

VWAUH

mdbs_daemon

t9D9o

SetDlgItemInt

\$0Hc_(

objcall

monitor

AutoSizeColumnsOnUpdate

vHfA;

;D$dtGI

emfis-data

MultiByteToWideChar

pcap_setfilter

AutoExportOverwriteMode

D99t^

nlogin

Show &Grid Lines

device

fujitsu-dev

Destination Address

SortOnEveryUpdate

Generate new file on every save

decap

T$(A+

dtag-ste-sb

_c_exit

geoname_id

novastorbakcup

HTML R&eport - Selected Items

graphics

t{9oXtv+w

CLD#C|L#

lD I+

Show &TCP Packets

rtelnet

scx-proxy

_itow

\oAbU^K

SHELL32.dll

AutoExportFileType

First Packet Time

/SaveToFileInterval

matip-type-a

H9\$8

)_HD9oH

banyan-vip

appleqtcsrvr

ATAUAWH

CreateProcessW

VWATAUAVH

WATAUAVAWH

D9)te

HTML File - Vertical

\systemroot

ShellExecuteW

GeoLite2-City-Locations-en.csv

ieee-mms

9)t]A

General

NmOpenCaptureFile

A_A^A]A\_

|D0 u

W%d.%d.%d.%d

ADVAPI32.dll

ShowIPv4

uucp-rlogin

netviewdm1

mfcobol

iafserver

CreateThread

SetBkMode

90705

/LoadConfig

%4.4X%4.4X

vslmp

_wcsicmp

TrackPopupMenu

icad-el

DialogBoxParamW

FreeLibrary

Error

CreateToolbarEx

GetWindowTextW

ftp-agent

cfdptkt

FindTextW

D$Zs'3

Shift+Plus

GeoLite2-City-Locations*.csv

pcap_freealldevs

cvc_hostd

GetKeyState

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">

TCP Fin

tserver

CompanyName

prm-sm

sco-websrvrmgr

CreateNPPInterface

\Device\Udp

GetCurrentThreadId

cadlock

DefaultGateway

ms-shuttle

Select Another &Font

xns-time

D99tb

u@M9p

EnumProcesses

http-mgmt

GetProcessHeap

fD9 u

Sleep

vacdsm-app

Shell_NotifyIconW

SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\%s

NmStopCapture

Error %d: %s

hmmp-ind

hcp-wismar

GetTextExtentPoint32W

whoami

GlobalFree

{49K4u

IcN(I

D9cDA

ShellExecuteExW

ftp-data

vmnet

ubD8e

ChooseFontW

IPv6 Routing

hwwr'wwwwww

/load_file_pcap

GetUdpTable

https://sectigo.com/CPS0D

LeaseObtainedTime

IPsec AH

RegOpenKeyExW

IPsec ESP

WUpKN

netbios-ns

Terminate Application

SetBkColor

InstallDir

http://ocsp.sectigo.com0

%s <h3>%s</h3>

NtLoadDriver

FindFirstFileW

MinimumDuration

D$"fD9 u

GeoLiteCity.dat

L$"E3

PA_A^A]A\_^]

LockResource

GetObjectW

Promiscuous Mode

f!l$0A

\$8Mc

printer

kerberos

mcns-sec

systat

%0.2f

TCP Window Scale

DhcpDefaultGateway

GetNumberFormatW

Popup1

Average Packet Size

9YP~2

cloanto-net-1

Default

x AUH

CPHcx

ntalk

pcap_dispatch

wcsrchr

D9_(}

telnets

sco-websrvrmg3

ibm-db2

esro-emsdp

silverplatter

D$PE3

domain

SOFTWARE\Microsoft\Netmon3

NetMonAdapterName

Load C&onfiguration From File

f9=YI

ddm-rdb

fD9k"t

ImageList_AddMasked

supdup

NmStartCapture

strchr

GeoLiteCity.dat.gz

iso-tp0

L$@Lc

timbuktu

OpenProcess

A\_^

A_A\_

__set_app_type

xyplex-mux

cableport-ax

TCP Push

escp-ip

GGG)GGG'GGG

LoadIconW

pov-ray

ideafarm-chat

AlignNumbersToRight

Ctrl+A

dialog_%d

chargen

SizeofResource

AddToWindowsFirewall

wcslen

sshell

NtQueryInformationThread

wpcap.dll

entrusttime

ReleaseDC

t$8A+t$

9kP~L

NtOpenThread

wwwww

Column Settings

s-net

A_A^A]A\_^]

Ctrl+C

x ATAUAV

finger

PeekMessageW

asip-webadmin

hybrid-pop

GetThreadSelectorEntry

TranslateMessage

sun-dr

SHAutoComplete

GetClientRect

IsDialogMessageW

\StringFileInfo\

Latency

CreateToolhelp32Snapshot

ReadFile

t9H9YHt

WideCharToMultiByte

RegQueryValueExW

VarFileInfo

>MQ)H

_fmode

u6M9i

prospero

fD9:t

230909235959Z0q1

Process Filename

ansatrader

Last Packet Time

openport

elcsd

H!\$ L

+L$DD+L$@

corerjd

GetFileVersionInfoW

Display only items with minimum number of packets:

l$ VWATAUAVH

ReadProcessMemory

aed-512

rsvp_tunnel

Continue

CreateFileW

entrust-ash

GlobalAlloc

NmApi.dll

embl-ndt

Align Numeric Columns To Right

Jersey City1

FileTimeToDosDateTime

L$PE3

fcp-udp

sur-meas

datex-asn

FormatMessageW

pwdgen

re-mail-ck

D9S(~.E

H9~Ht

mailbox-lm

color="#%s"

conference

bl-idm

Module32First

A_A^A]A\_

!t$(H

as-servermap

semantix

Move &Up

skronk

NirSoft NetworkTrafficView

A^A]A\

D+d$TH

GetWindowLongW

ShowUDP

A_A]A\

submit

tcpnethaspsrv

intecourier

DH0f=

DuplicateHandle

Display only items with duration longer than...

utmpcd

multiling-http

dn6-nlm-aud

new-rwho

GetFileSize

GetCursorPos

collaborator

%2.2X-%2.2X-%2.2X-%2.2X-%2.2X-%2.2X

GetWindow

dhcpv6-server

3http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t

%s (%s)

GetDeviceCaps

lstrcpyW

DestroyMenu

locus-con

NmApiInitialize

ariel1

entrust-sps

380118235959Z0}1

imap3

GetStdHandle

borland-dsj

MB/Sec

Raw Sockets (Windows 2000/XP)

Connected

TCP Ack

scohelp

EnumResourceNamesW

wcscpy

IpA;Hp

<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s

NtClose

WriteFile

f:\Projects\VS2005\NetworkTrafficView\x64\Release\NetworkTrafficView.pdb

D9vpt

y<D98H

OH;H8s

??2@YAPEAX_K@Z

uuidgen

t$0A+

DestroyWindow

, %d Selected

WSAIoctl

If this problem persists, copy the above exception information to the clipboard, and send it to the author of this software.

InsertMenuItemW

DhcpIPAddress

Check the columns that you would like to make visible. Use the Move Up and Move Down buttons to reorder the columns

mylex-mapd

L$ fB

banyan-rpc

Sectigo RSA Time Stamping CA

\$,HcK

e)5*-

iso-tsap-c2

71351171

2011 - 2021 Nir Sofer

fln-spx

kerberos-adm

Status

SetWindowTextW

Sectigo RSA Code Signing CA0

D$TfD9

UseMinimumDuration

Comma Delimited Text File

ptp-general

DeleteDC

fD95f'

__wgetmainargs

IPNetInfo.exe

wwwwww~fwwwwwwwwwwwwwwwwwwwp

EnableMenuItem

LoadCursorW

custix

WWK7P

cisco-tdp

sco-inetmgr

Connection Name

H!t$`3

\Device\Tcp

iso-ip

TraceTcpIpProcesses

L$HD+K8+S<A+H

aux_bus_shunt

msvcrt.dll

\$ UVWATAUAVAWH

Maximum Data Speed

StringFileInfo

D9_0}

Software

ole32.dll

IP-Country File Loaded

f9\$Lu4H

ident

meregister

rpasswd

u0IcY

GetOpenFileNameW

country_iso_code

Show &Non-IP Packets

_lng.ini

TCP Window Size

iclcnet-locate

D$XE3

Unknown Error

Process32FirstW

irc-serv

IP Address

ProcessTrace

GlobalUnlock

ImageList_SetImageCount

videotex

#y1x1

&Load From Capture File

x ATAUAVH

nsrmp

</item>

bgs-nsi

vmpwscs

#+3;CScs

L$PMc

tn-tl-fd1

SUVWATAUAVAWH

Show Time In GMT

GeoLite2-Country-Blocks-IPv4.csv

MiB/Sec

pawserv

size="%d"

pkix-timestamp

tffD9

GetDlgCtrlID

LACNIC

snmptrap

InitCommonControlsEx

netviewdm3

H9~Pt

ShowGridLines

BeginDeferWindowPos

GeoLite2-Country-Locations-en.csv

seconds

T$@E3

%s - %s, %s, %s

AFRINIC

creativeserver

mecomm

nowrap

decvms-sysmgt

tacacs

</asmv3:windowsSettings>

wwww`

digital-vrc

netrjs-3

h0f0?

UpdateWindow

</compatibility></assembly>PPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGx!

msg-icp

password-chg

/stext

%d ms_Failed to start the capturing process. Do you want to run NetworkTrafficView as administrator ?

Exception %8.8X at address %16.16I64X in module %s

nest-protocol

Salford1

GetModuleInformation

TranslateAcceleratorW

NtQueryObject

vpps-via

_wcmdln

Move &Down

GetModuleFileNameW

asa-appl-proto

??3@YAXPEAX@Z

%s - %s, %s

9uD~^L

/sverhtml

fE90u

SetTimer

netcp

D9 ~4H

?\uGf

/stab

F`HcG

KERNEL32.dll

9D$H~;A

mac-srvr-admin

T$XA;

D#G|D

GetSubMenu

Show IPv&4 Packets

|$ Ei

pcap_open_offline

DnsGetCacheDataTable

_atoi64

invalid literal/length code

|$0A;

w H9_

E(f9G,u0H

D9^X}

FindResourceW

GetWindowsDirectoryW

DefWindowProcW

H9~`t

support@nirsoft.net0

rmonitor

Filename:

,\$(@

GetVersionExW

@SUVWATAUAVAWH

CloseTraceW

MapViewOfFile

;GxudH

GetSystemDirectoryW

dna-cml

NetworkTrafficView Config File

ShowNonIP

tacnews

VS_VERSION_INFO

#Sectigo RSA Time Stamping Signer #2

PortsFilterStr

toMcD$

/StopCommandLineCapture

Services\Tcpip\Parameters\Interfaces

%s [%2.2x]

PostQuitMessage

D9-z-

DhcpServer

GetPixel

GPLch

_snwprintf

Nir Sofer0

dhcp-failover

D9)tbA

SendMessageW

Process32First

RemoveMenu

ddm-ssl

|$HHc

Text File

Alt+Enter

audit

$Capture traffic of all TCP/UDP ports3Capture only traffic of the specified TCP/UDP ports/Skip the traffic of the specified TCP/UDP ports

direct

'wwww

statsrv

smpte

Auto Size Columns+Headers

?http://crl.usertrust.com/USERTrustRSACertificationAuthority.crl0v

A_A^A]A\_^][

OpenClipboard

GGG$GGG(GGG)GGG*HFD'HCB(HFC1HGF-GGG$GGG

sql*net

GetNPPBlobTable

memset

entrust-aams

/shtml

ShowIcon

Sectigo Limited1%0#

masqdialer

D95w.

D9)tiA

SetFocus

DeferWindowPos

GetProcAddress

sgmp-traps

Fpt;H9~

DhcpNameServer

esro-gen

ProductName

Hc~XA;

GetClassNameW

fxp-1

matip-type-b

CreateCompatibleDC

aurora-cmgr

Stack Data: %s

ShowInfoTip

InsertMenuW

dnsix

PnpInstanceID

Ctrl+Plus

ExitProcess

H9~hu

LeaseTerminatesTime

Tabular Text File

GetParent

L$ Mc

D$8=a

la-maint

*.csv

NetMon3AdapterName

GetMenuItemInfoW

European Union

asipregistry

'wwwww

ESI=%16.16I64X EDI=%16.16I64X EBP=%16.16I64X ESP=%16.16I64X

Display Filter

rsync

0A^A]A\

]IMrV

EnumResourceTypesW

} A;\$

@A_A]A\

shrinkwrap

FileVersion

Clear All Current Items

&View

sunrpc

menu_%d

remotefs

L<0D;

|$@D3"

imaps

T$LfA

teedtap

Interface Guid

NmCloseHandle

hostname

&Auto Size Columns

CreateDialogParamW

L$`Hc

hassle

<asmv3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">

sntp-heartbeat

?}\mv;

A_A^_

philips-vc

pop3s

PAGAKALASKAHALALABAMAIARARKANSASHAZARIZONAKCACALIFORNIAICOCOLORADOLCTCONNECTICUTUDCDISTRICT OF COLUMBIAIDEDELAWAREHFLFLORIDAHGAGEORGIAGHIHAWAIIEIAIOWAFIDIDAHOIILILLINOISHININDIANAGKSKANSASIKYKENTUCKYJLALOUISIANANMAMASSACHUSETTSIMDMARYLANDFMEMAINEIMIMICHIGANJMNMINNESOTAIMOMISSOURILMSMISSISSIPPIHMTMONTANAONCNORTH CAROLINAMNDNORTH DAKOTAINENEBRASKANNHNEW HAMPSHIREKNJNEW JERSEYKNMNEW MEXICOGNVNEVADAINYNEW YORKEOHOHIOIOKOKLAHOMAGOROREGONMPAPENNSYLVANIALPRPUERTO RICOMRIRHODE ISLANDOSCSOUTH CAROLINAMSDSOUTH DAKOTAJTNTENNESSEEFTXTEXASNUSUNITED STATESEUTUTAHIVAVIRGINIAVVIVIRGIN ISLANDS OF USAHVTVERMONTKWAWASHINGTONJWIWISCONSINNWVWEST VIRGINIAHWYWYOMINGQMHMARSHALL ISLANDSAPADLAFAFGHANISTANHALALBANIAHDZALGERIAOASAMERICAN SAMOAHADANDORRAGAOANGOLAIAIANGUILLAKAQANTARCTICATAGANTIGUA AND BARBUDAJARARGENTINAHAMARMENIAFAWARUBAQACASCENSION ISLANDJAUAUSTRALIAHATAUSTRIAKAZAZERBAIJANHBSBAHAMASHBHBAHRAINKBDBANGLADESHIBBBARBADOSHBYBELARUSHBEBELGIUMGBZBELIZEFBJBENINHBMBERMUDAGBTBHUTANHBOBOLIVIAWBABOSNIA AND HERZEGOWINAIBWBOTSWANANBVBOUVET ISLANDGBRBRAZIL_IOBRITISH INDIAN OCEAN TERRITORYRBNBRUNEI DARUSSALAMIBGBULGARIAMBFBURKINA FASOHBIBURUNDIIKHCAMBODIAICMCAMEROONGCACANADAKCVCAPE VERDEOKYCAYMAN ISLANDSYCFCENTRAL AFRICAN REPUBLICETDCHADFCLCHILEFCNCHINAQCXCHRISTMAS ISLANDXCCCOCOS (KEELING) ISLANDSICOCOLOMBIAHKMCOMOROSeCDCONGO THE DEMOCRATIC REPUBLIC OF THEFCGCONGOMCKCOOK ISLANDSKCRCOSTA RICANCICOTE D'IVOIREHHRCROATIAECUCUBAGCYCYPRUSOCZCZECH REPUBLICHDKDENMARKIDJDJIBOUTIIDMDOMINICASDODOMINICAN REPUBLICKTPEAST TIMORHECECUADORFEGEGYPTLSVEL SALVADORRGQEQUATORIAL GUINEAHERERITREAHEEESTONIAIETETHIOPIAOEUEUROPEAN UNION\FKFALKLAND ISLANDS (MALVINAS)NFOFAROE ISLANDSEFJFIJIHFIFINLANDMFXFRANCE METROGFRFRANCENGFFRENCH GUIANAQPFFRENCH POLYNESIA\TFFRENCH SOUTHERN TERRITORIESFGAGABONGGMGAMBIAHGEGEORGIAHDEGERMANYFGHGHANAJGIGIBRALTARGGRGREECEJGLGREENLANDHGDGRENADAKGPGUADELOUPEEGUGUAMJGTGUATEMALAIGGGUERNSEYGGNGUINEANGWGUINEA-BISSAUGGYGUYANAFHTHAITI\HMHEARD AND MC DONALD ISLANDS^VAHOLY SEE (VATICAN CITY STATE)IHNHONDURASJHKHONG KONGHHUHUNGARYHISICELANDFININDIAJIDINDONESIA[IRIRAN (ISLAMIC REPUBLIC OF)EIQIRAQHIEIRELANDLIMISLE OF MANGILISRAELFITITALYHJMJAMAICAFJPJAPANGJEJERSEYGJOJORDANKKZKAZAKHSTANFKEKENYAIKIKIRIBATIfKPKOREA DEMOCRATIC PEOPLE'S REPUBLIC OFRKRKOREA REPUBLIC OFGKWKUWAITKKGKYRGYZSTANaLALAO PEOPLE'S DEMOCRATIC REPUBLICGLVLATVIAHLBLEBANONHLSLESOTHOHLRLIBERIAWLYLIBYAN ARAB JAMAHIRIYANLILIECHTENSTEINJLTLITHUANIAKLULUXEMBOURGFMOMACAUJMKMACEDONIAKMGMADAGASCARGMWMALAWIIMYMALAYSIAIMVMALDIVESEMLMALIFMTMALTAQMHMARSHALL ISLANDSKMQMARTINIQUEKMRMAURITANIAJMUMAURITIUSHYTMAYOTTEGMXMEXICO_FMMICRONESIA FEDERATED STATES OFTMDMOLDOVA REPUBLIC OFGMCMONACOIMNMONGOLIAKMSMONTSERRATHMAMOROCCOKMZMOZAMBIQUEHMMMYANMARKMEMontenegroHNANAMIBIAFNRNAURUFNPNEPALUANNETHERLANDS ANTILLESLNLNETHERLANDSNNCNEW CALEDONIALNZNEW ZEALANDJNINICARAGUAFNENIGERHNGNIGERIAENUNIUE[APNON-SPEC ASIA PAS LOCATIONONFNORFOLK ISLANDYMPNORTHERN MARIANA ISLANDSGNONORWAYEOMOMANIPKPAKISTANFPWPALAU_PSPALESTINIAN TERRITORY OCCUPIEDGPAPANAMAQPGPAPUA NEW GUINEAIPYPARAGUAYEPEPERULPHPHILIPPINESIPNPITCAIRNGPLPOLANDIPTPORTUGALLPRPUERTO RICOFQAQATARIZZRESERVEDHREREUNIONHROROMANIASRURUSSIAN FEDERATIONGRWRWANDAVKNSAINT KITTS AND NEVISLLCSAINT LUCIAaVCSAINT VINCENT AND THE GRENADINESFWSSAMOAKSMSAN MARINOVSTSAO TOME AND PRINCIPEMSASAUDI ARABIAHSNSENEGALKSCSEYCHELLESMSLSIERRA LEONEJSGSINGAPORE[SKSLOVAKIA (Slovak Republic)ISISLOVENIAPSBSOLOMON ISLANDSHSOSOMALIAMZASOUTH AFRICAmGSSOUTH GEORGIA AND THE SOUTH SANDWICH ISLANDSFESSPAINJLKSRI LANKAKSHST. HELENAXPMST. PIERRE AND MIQUELONFSDSUDANISRSURINAME_SJSVALBARD AND JAN MAYEN ISLANDSJSZSWAZILANDGSESWEDENLCHSWITZERLANDUSYSYRIAN ARAB REPUBLICVCSSerbia and MontenegroVYUSerbia and MontenegroGRSSerbiaGTWTAIWANKTJTAJIKISTAN\TZTANZANIA UNITED REPUBLIC OFITHTHAILANDLTLTIMOR-LESTEETGTOGOHTKTOKELAUFTOTONGATTTTRINIDAD AND TOBAGOHTNTUNISIAGTRTURKEYMTMTURKMENISTANYTCTURKS AND CAICOS ISLANDSGTVTUVALUGUGUGANDAHUAUKRAINEUAEUNITED ARAB EMIRATESOGBUNITED KINGDOMOUKUNITED KINGDOMeUMUNITED STATES MINOR OUTLYING ISLANDSNUSUNITED STATESHUYURUGUAYKUZUZBEKISTANHVUVANUATUJVEVENEZUELAIVNVIET NAMYVGVIRGIN ISLANDS (BRITISH)VVIVIRGIN ISLANDS (U.S.)ZWFWALLIS AND FUTUNA ISLANDSOEHWESTERN SAHARAFYEYEMENGZMZAMBIAIZWZIMBABWENAXALAND ISLANDSMMFSAINT MARTINA

NtOpenSymbolicLinkObject

l$4A+

@"f9C"t

xvttp

FileTimeToLocalFileTime

&HTML Report - All Items

RegisterClassW

A^A]A\

r'a?R

hp-collector

CheckMenuItem

go-login

Display only items with speed above...

<td bgcolor=#%s>%s

epmap

integra-sme

*.pcap;*.cap

Instance ID

PCapAdapterName

ripng

Show &Tooltips

ljk-login

VerQueryValueW

D9)ta

EnableDHCP

9D$H~AA

CaptureOnProgramStart

NmApiClose

invalid distance code

ph_*Hq

Start As &Hidden

ms-rome

D;S(|

\Device\PhysicalMemory

GlobalLock

D;\$|u

Comma delimited list, port range is allowed. Example: 80, 25, 137-139

DeleteFileW

https

Source Port

GetPrivateProfileStringW

GDI32.dll

_ultow

Total Data Size

EnumProcessModules

city_name

timed

InvalidateRect

clearcase

entrust-aaas

GetStockObject

Only Filename

E94$v~I

agentx

L$ fE

210708091733Z0?

T$pE3

Ctrl+S

A^A]A\_^][

npptools.dll

GetProcessTimes

2http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s

ShowICMP

Description

GetExtendedUdpTable

Dakar 21, Unit 821

Nir Sofer1

InternalName

cisco-tna

ideafarm-catch

malloc

D$ Hc

bhmds

/Display both packet directions in a single line4Display the 2 packet directions in 2 separated lines

fD95S

corba-iiop-ssl

xact-backup

utime

D95A+

%%-%d.%ds

cadlock2

(t$PI

cmip-agent

D;GD|

y8D98H

rescap

GetDC

SetTextColor

pcmail-srv

scc-security

fD9%?

A_A^A]A\_^]H

FindNextFileW

fD9%F

OLEAUT32.dll

kernel32.dll

<body>

pcap_close

personal-link

FindClose

unify

UVWATAUH

ariel2

GetTempPathW

general

wwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwwww(

profile

D9h u

\$0E3

GetCurrentProcessId

&Put Icon On Tray

prm-nm

datasurfsrv

L$DD+D$H

magenta-logic

~ 9yP~

ansanotify

pcap_findalldevs

Service Name

netnews

DnsRecordListFree

_strcmpi

PGroup by combination of Ethernet Type, IP Protocol, Addresses, and TCP/UDP PortsXGroup by combination of Ethernet Type, IP Protocol, and Addresses. Ignore TCP/UDP Ports'Group by process (Only for TCP packets)

snagas

SetTcpEntry

MapWindowPoints

Full Path

GetSystemMetrics

<0:08

l$\+t$@+l$T+\$D

netwall

T$0fA

IPNetInfo - Destination IP

t$ WATAUH

D+D$P

AutoExportOverwriteName

&Refresh

&About

GetIfTable

Trace TCP/UDP Processes

SACK Permitted

GetDlgItem

CloseClipboard

PostThreadMessageW

MS Shell Dlg

ieee-mms-ssl

GetDesktopWindow

Maximum Segment Size

gopher

SpeedUnit

D9!tZ

realm-rusd

DirectionsGrouping

ShowTimeInGMT

&Save Selected Items

cybercash

APNIC

mailq

msexch-routing

Sectigo Limited1$0"

f9K.uV

!This program cannot be run in DOS mode.

kB/Sec

oZ%pb

opalis-robot

rlzdbase

accessnetwork

HideClosedTCP

gdomap

A_A^A]A\_^[

GetLocaleInfoW

wwwwwwww

charset

IPAddress

K?:W8

bgcolor="%s"

|D u

*.cap

\VarFileInfo\Translation

ChildWindowFromPoint

commdlg_FindReplace

E;4$r

USER32.dll

netsc-dev

GetCurrentThread

Software\Microsoft\Windows NT\CurrentVersion\NetworkCards

wwwwwwwwwwwwwwwwwwww~gwwwwwwwwwwwwwwwwwwwwwwwN

Group by service name

A^A\_

&Help

<th%s>%s%s%s

qbikgdp

;|$@r

dei-icda

Network Traffic SummaryDFailed to start capturing packets from the current network adapter !

GetTcpTable

NmOpenCaptureEngine

Code Data: %s

CreateFontIndirectW

Maximum Packet Size

</%s>

NameServer

_errno

webster

synoptics-trap

ha-cluster

LoadImageW

General Grouping:

Sort By

NmGetFrameCount

GetDlgItemInt

UseOnlyAboveSpeed

Automatically Scroll &Down On New Items

tn-tl-w1

at-rtmp

Created by using

D$AHk

SendDlgItemMessageW

cisco-sys

cycleserv

AutoScrollDown

t5H9~ t/H9~0t)H9~8t#H9~@t

smakynet

GetCurrentProcess

Always On Top

Translation:

GetMenu

<%s>%s</%s>

opc-job-track

Microsoft\Windows NT\CurrentVersion\NetworkCards

SHGetFileInfoW

advapi32.dll

D95%&

Destination Port

passgo-tivoli

f!t$ H

| ;Q(}

LocalFree

dhcpv6-client

netbios-dgm

Module32Next

3com-amp3

pcap_loop

nss-routing

alpes

Translation

opc-job-start

Choose config file to save

A_A^A]A\_^]

FindWindowW

caption

L$0Mc

Closed

wcsncat

CHMc,

%s [%s]

ticf-1

E*f9G.u:

SetStretchBltMode

JPvF'-

is99s

NtQuerySymbolicLinkObject

purenoise

D9qXu

csi-sgwp

GeoLite2-Country-Blocks-IPv6.csv

L$0H;

GetTempFileNameW

ProductVersion

g0e0>

micom-pfs

ni-ftp

D$(Hi

</body></html>

digital-evm

HTML Report - Selected Items

IPv6 Fragmentation

rRj;B7|

auditd

omserv

IP Protocol

wwwwpw~fhwwr

ShowWindow

_onexit

The USERTRUST Network1.0,

fD9k t

(|$@L

|$@Ic

iclcnet_svinfo

compressnet

codaauth2

@A]A\_

GeoLite2-Country-Locations*.csv

iphlpapi.dll

disclose

photuris

D$0E3

D8d$pt#I

Rich!\

cryptoadmin

passgo

A)1BPb

network

H9~XH

x AVH

sco-sysmgr

Show I&CMP Packets

Cancel

WinPcap Packet Capture Driver

D$@H!t$8H!t$0!t$(!t$ E3

pkix-3-ca-ra

GetExtendedTcpTable

psapi.dll

CheckMenuRadioItem

CaptureMethod

%.2d:%.2d:%2.2d.%.3d

t*fA9m

Deselect All

&Hide Closed TCP Connections

Shift+Ctrl+S

LookupPrivilegeValueW

pcap_next_ex

D9-z4

\$HfA

kshell

D$5u>A

Show &UDP Packets

nsw-fe

isakmp

cARSDSz

TranslatorName

TCP Syn

|$HLc

flexlm

isi-gl

/sxml

_cexit

uucp-path

comscm

tnETOS

XML File

x ATAUAVAW3

GetLocalTime

T$PfA

*.htm;*.html

GetMonitorInfoW

GetWindowPlacement

t$ WATAUAVAWH

NmGetFrame

\IpToCountry.csv

*.txt

GetLastError

_commode

D#C|D

DosDateTimeToFileTime

Save &Configuration To File

ptcnameservice

sco-dtmgr

Sectigo Limited1,0*

ticf-2

yak-chat

@A^A]A\

AllocateAndGetUdpExTableFromStack

msg-auth

x-bone-ctl

File type:

ZwOpenFile

Select a filename to save

p WATAUAVAWH

9YH~!

Tab Delimited Text File

>c~oVo

courier

osu-nms

Unknown

gss-http

l$`Hc+H

L$@Hc

A_A]A\

jargon

_stricmp

ProcessDisplayMode

^HH9^HH

TrayIcon

DrawFrameControl

iso-ill

print-srv

fatserv

</font>

`.rdata

2http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#

#jYhRB_

bootpc

H9sXuAH

RegQueryInfoKeyW

f!T$0H

RegCloseKey

uID9o\uC

A;C(}

GeoLite2-City-Blocks-IPv6.csv

http-rpc-epmap

Ctrl+D

wwwwwwwwwwwwwwxwwN

NirSoft_IPNetInfo

ferror

PE Information

Image Base	Entry Point	Reported Checksum	Actual Checksum	Minimum OS Version	PDB Path	Compile Time	Import Hash	Icon	Icon Exact Hash	Icon Similarity Hash	Icon DHash
0x140000000	0x00027b90	0x00040f8b	0x00040f8b	4.0	f:\Projects\VS2005\NetworkTrafficView\x64\Release\NetworkTrafficView.pdb	2021-07-08 09:14:48	3932bf1ed183682687c3bde26c4a5dcb		b514cc708238a2c7ce6469b575c1ccab	9ed1dde8aa568fd709c1951082b36cdc	04343d2b6707e37b

Version Infos

CompanyName	NirSoft
FileDescription	NetworkTrafficView
FileVersion	2.41
InternalName	NetworkTrafficView
LegalCopyright	Copyright Â© 2011 - 2021 Nir Sofer
OriginalFilename	NetworkTrafficView.exe
ProductName	NetworkTrafficView
ProductVersion	2.41
Translation	0x0409 0x04b0

Sections

Name	RAW Address	Virtual Address	Virtual Size	Size of Raw Data	Characteristics	Entropy
.text	0x00000400	0x00001000	0x00027323	0x00027400	IMAGE_SCN_CNT_CODE\|IMAGE_SCN_MEM_EXECUTE\|IMAGE_SCN_MEM_READ	6.33
.rdata	0x00027800	0x00029000	0x00007c96	0x00007e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	4.85
.data	0x0002f600	0x00031000	0x00013948	0x00002e00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ\|IMAGE_SCN_MEM_WRITE	0.59
.pdata	0x00032400	0x00045000	0x000015e4	0x00001600	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.26
.rsrc	0x00033a00	0x00047000	0x00008b20	0x00008c00	IMAGE_SCN_CNT_INITIALIZED_DATA\|IMAGE_SCN_MEM_READ	5.31

Overlay

Offset	0x0003c600
Size	0x00002178

Name	Offset	Size	Language	Sub-language	Entropy	File type
BIN	0x000479d8	0x00001a7e	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.24	None
BIN	0x00049458	0x0000029d	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.26	None
BIN	0x000496f8	0x00000dec	LANG_ENGLISH	SUBLANG_ENGLISH_US	4.57	None
RT_CURSOR	0x0004a4e4	0x00000134	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.78	None
RT_BITMAP	0x0004a618	0x000003e8	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.85	None
RT_BITMAP	0x0004aa00	0x000000d8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.41	None
RT_BITMAP	0x0004aad8	0x000000d8	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.45	None
RT_ICON	0x0004abb0	0x000010a8	LANG_ENGLISH	SUBLANG_ENGLISH_US	6.28	None
RT_ICON	0x0004bc58	0x00000128	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.30	None
RT_MENU	0x0004bd80	0x00000bb6	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.47	None
RT_MENU	0x0004c938	0x0000023c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.25	None
RT_MENU	0x0004cb74	0x000000aa	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.98	None
RT_DIALOG	0x0004cc20	0x00000138	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.11	None
RT_DIALOG	0x0004cd58	0x00000296	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.38	None
RT_DIALOG	0x0004cff0	0x000004ee	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.51	None
RT_DIALOG	0x0004d4e0	0x000000fa	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.09	None
RT_DIALOG	0x0004d5dc	0x000002e6	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.36	None
RT_DIALOG	0x0004d8c4	0x0000039a	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.54	None
RT_DIALOG	0x0004dc60	0x00000478	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.47	None
RT_STRING	0x0004e0d8	0x00000254	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.31	None
RT_STRING	0x0004e32c	0x000000f6	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.02	None
RT_STRING	0x0004e424	0x0000005c	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.36	None
RT_STRING	0x0004e480	0x00000118	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.04	None
RT_STRING	0x0004e598	0x000000e6	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.77	None
RT_STRING	0x0004e680	0x000002b0	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.34	None
RT_STRING	0x0004e930	0x0000012c	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.97	None
RT_STRING	0x0004ea5c	0x0000009c	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.75	None
RT_STRING	0x0004eaf8	0x00000172	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.90	None
RT_STRING	0x0004ec6c	0x000000e0	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.05	None
RT_STRING	0x0004ed4c	0x000001aa	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.37	None
RT_STRING	0x0004eef8	0x0000013c	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.33	None
RT_STRING	0x0004f034	0x00000096	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.82	None
RT_STRING	0x0004f0cc	0x0000003c	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.75	None
RT_STRING	0x0004f108	0x0000003e	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.76	None
RT_STRING	0x0004f148	0x00000048	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.94	None
RT_STRING	0x0004f190	0x00000044	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.12	None
RT_STRING	0x0004f1d4	0x00000056	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.47	None
RT_STRING	0x0004f22c	0x00000032	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.32	None
RT_STRING	0x0004f260	0x00000086	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.88	None
RT_STRING	0x0004f2e8	0x0000002c	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.08	None
RT_ACCELERATOR	0x0004f314	0x00000080	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.13	None
RT_GROUP_CURSOR	0x0004f394	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.84	None
RT_GROUP_ICON	0x0004f3a8	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	1.94	None
RT_GROUP_ICON	0x0004f3bc	0x00000014	LANG_ENGLISH	SUBLANG_ENGLISH_US	2.02	None
RT_VERSION	0x0004f3d0	0x00000308	LANG_ENGLISH	SUBLANG_ENGLISH_US	3.33	None
RT_MANIFEST	0x0004f6d8	0x00000447	LANG_ENGLISH	SUBLANG_ENGLISH_US	5.40	None

Imports

Name	Address
__wgetmainargs	0x1400297a0
_wcmdln	0x1400297a8
_wcslwr	0x1400297b0
qsort	0x1400297b8
_strcmpi	0x1400297c0
strchr	0x1400297c8
_atoi64	0x1400297d0
wcscmp	0x1400297d8
strlen	0x1400297e0
_initterm	0x1400297e8
malloc	0x1400297f0
exit	0x1400297f8
free	0x140029800
modf	0x140029808
wcstoul	0x140029810
??2@YAPEAX_K@Z	0x140029818
??3@YAXPEAX@Z	0x140029820
wcslen	0x140029828
wcsrchr	0x140029830
_memicmp	0x140029838
strcpy	0x140029840
_ultow	0x140029848
_wcsicmp	0x140029850
__setusermatherr	0x140029858
_commode	0x140029860
_fmode	0x140029868
__set_app_type	0x140029870
wcschr	0x140029878
memcpy	0x140029880
_wtoi	0x140029888
memcmp	0x140029890
swscanf	0x140029898
_itow	0x1400298a0
wcscpy	0x1400298a8
memset	0x1400298b0
_stricmp	0x1400298b8
strcmp	0x1400298c0
_cexit	0x1400298c8
_exit	0x1400298d0
_c_exit	0x1400298d8
_XcptFilter	0x1400298e0
__C_specific_handler	0x1400298e8
_onexit	0x1400298f0
__dllonexit	0x1400298f8
_purecall	0x140029900
sprintf	0x140029908
fclose	0x140029910
ftell	0x140029918
wcsncat	0x140029920
_snwprintf	0x140029928
wcscat	0x140029930
_errno	0x140029938
fopen	0x140029940
fread	0x140029948
fprintf	0x140029950
ferror	0x140029958

Name	Address
CreateToolbarEx	0x140029030
ImageList_Add	0x140029038
ImageList_Create	0x140029040
ImageList_AddMasked	0x140029048
ImageList_SetImageCount	0x140029050
CreateStatusWindowW	0x140029058

Name	Address
GetFileVersionInfoW	0x1400296e8
GetFileVersionInfoSizeW	0x1400296f0
VerQueryValueW	0x1400296f8

Name	Address
setsockopt	0x140029708
recv	0x140029710
bind	0x140029718
socket	0x140029720
WSAIoctl	0x140029728
WSACleanup	0x140029730
closesocket	0x140029738
getservbyport	0x140029740
inet_ntoa	0x140029748
inet_addr	0x140029750
WSAAsyncSelect	0x140029758
htons	0x140029760
WSAStartup	0x140029768

Name	Address
CreateThread	0x140029100
GetCurrentThreadId	0x140029108
EnumResourceTypesW	0x140029110
CreateToolhelp32Snapshot	0x140029118
Process32NextW	0x140029120
Process32FirstW	0x140029128
HeapFree	0x140029130
DuplicateHandle	0x140029138
UnmapViewOfFile	0x140029140
WaitForSingleObject	0x140029148
GetSystemTimeAsFileTime	0x140029150
EnumResourceNamesW	0x140029158
GetCurrentDirectoryW	0x140029160
GetStartupInfoW	0x140029168
GetPrivateProfileIntW	0x140029170
GetPrivateProfileStringW	0x140029178
SetCurrentDirectoryW	0x140029180
MapViewOfFile	0x140029188
DeviceIoControl	0x140029190
CreateEventW	0x140029198
GetThreadSelectorEntry	0x1400291a0
OpenProcess	0x1400291a8
GetProcessHeap	0x1400291b0
GetCurrentThread	0x1400291b8
GlobalFree	0x1400291c0
ReadProcessMemory	0x1400291c8
GetCurrentProcess	0x1400291d0
ExitProcess	0x1400291d8
ExpandEnvironmentStringsW	0x1400291e0
GetCurrentProcessId	0x1400291e8
DeleteFileW	0x1400291f0
Sleep	0x1400291f8
GetLocalTime	0x140029200
CreateProcessW	0x140029208
SetErrorMode	0x140029210
WideCharToMultiByte	0x140029218
GetTickCount	0x140029220
FileTimeToLocalFileTime	0x140029228
CompareFileTime	0x140029230
FileTimeToSystemTime	0x140029238
MultiByteToWideChar	0x140029240
GetFileSize	0x140029248
CloseHandle	0x140029250
FreeLibrary	0x140029258
SystemTimeToFileTime	0x140029260
GetModuleHandleW	0x140029268
LoadLibraryW	0x140029270
GetProcAddress	0x140029278
GetModuleFileNameW	0x140029280
FindResourceW	0x140029288
CreateFileW	0x140029290
GetWindowsDirectoryW	0x140029298
LoadResource	0x1400292a0
GlobalAlloc	0x1400292a8
LoadLibraryExW	0x1400292b0
GetSystemDirectoryW	0x1400292b8
lstrlenW	0x1400292c0
LocalFree	0x1400292c8
GetNumberFormatW	0x1400292d0
LockResource	0x1400292d8
lstrcpyW	0x1400292e0
GlobalUnlock	0x1400292e8
GetTempPathW	0x1400292f0
GetLocaleInfoW	0x1400292f8
GetDateFormatW	0x140029300
GetTempFileNameW	0x140029308
GlobalLock	0x140029310
SizeofResource	0x140029318
GetLastError	0x140029320
FormatMessageW	0x140029328
GetVersionExW	0x140029330
FindFirstFileW	0x140029338
FindNextFileW	0x140029340
FindClose	0x140029348
GetTimeFormatW	0x140029350
GetFileAttributesW	0x140029358
WriteFile	0x140029360
ReadFile	0x140029368
FileTimeToDosDateTime	0x140029370
DosDateTimeToFileTime	0x140029378
WritePrivateProfileStringW	0x140029380
GetStdHandle	0x140029388

Name	Address
MapWindowPoints	0x1400293d8
SetForegroundWindow	0x1400293e0
PeekMessageW	0x1400293e8
MonitorFromWindow	0x1400293f0
GetMonitorInfoW	0x1400293f8
DispatchMessageW	0x140029400
TranslateMessage	0x140029408
KillTimer	0x140029410
IsDialogMessageW	0x140029418
RemoveMenu	0x140029420
InsertMenuW	0x140029428
PostThreadMessageW	0x140029430
SetTimer	0x140029438
GetMessageW	0x140029440
PostQuitMessage	0x140029448
TrackPopupMenu	0x140029450
RegisterWindowMessageW	0x140029458
DrawTextExW	0x140029460
LoadIconW	0x140029468
GetSysColorBrush	0x140029470
ShowWindow	0x140029478
CreatePopupMenu	0x140029480
SetCursor	0x140029488
ChildWindowFromPoint	0x140029490
ReleaseDC	0x140029498
GetDC	0x1400294a0
GetWindowRect	0x1400294a8
GetDlgItem	0x1400294b0
GetWindow	0x1400294b8
GetDlgItemInt	0x1400294c0
InvalidateRect	0x1400294c8
DrawFrameControl	0x1400294d0
SetWindowTextW	0x1400294d8
EndPaint	0x1400294e0
UpdateWindow	0x1400294e8
GetWindowPlacement	0x1400294f0
SetDlgItemTextW	0x1400294f8
GetDlgItemTextW	0x140029500
SetDlgItemInt	0x140029508
SetWindowLongPtrW	0x140029510
BeginPaint	0x140029518
GetSystemMetrics	0x140029520
GetClientRect	0x140029528
DeferWindowPos	0x140029530
CreateWindowExW	0x140029538
SetWindowPos	0x140029540
SendDlgItemMessageW	0x140029548
EndDialog	0x140029550
TranslateAcceleratorW	0x140029558
SetMenu	0x140029560
LoadAcceleratorsW	0x140029568
DefWindowProcW	0x140029570
SendMessageW	0x140029578
PostMessageW	0x140029580
RegisterClassW	0x140029588
MessageBoxW	0x140029590
LoadImageW	0x140029598
FindWindowW	0x1400295a0
GetSysColor	0x1400295a8
SetWindowLongW	0x1400295b0
GetWindowLongW	0x1400295b8
EndDeferWindowPos	0x1400295c0
BeginDeferWindowPos	0x1400295c8
SetFocus	0x1400295d0
CloseClipboard	0x1400295d8
GetParent	0x1400295e0
GetMenu	0x1400295e8
EmptyClipboard	0x1400295f0
EnableMenuItem	0x1400295f8
MoveWindow	0x140029600
GetClassNameW	0x140029608
GetSubMenu	0x140029610
OpenClipboard	0x140029618
InsertMenuItemW	0x140029620
CheckMenuItem	0x140029628
GetMenuItemCount	0x140029630
GetMenuStringW	0x140029638
CheckMenuRadioItem	0x140029640
GetCursorPos	0x140029648
SetClipboardData	0x140029650
EnableWindow	0x140029658
LoadCursorW	0x140029660
DestroyWindow	0x140029668
GetWindowTextW	0x140029670
LoadMenuW	0x140029678
ModifyMenuW	0x140029680
GetMenuItemInfoW	0x140029688
GetDlgCtrlID	0x140029690
DestroyMenu	0x140029698
DialogBoxParamW	0x1400296a0
CreateDialogParamW	0x1400296a8
EnumChildWindows	0x1400296b0
LoadStringW	0x1400296b8
GetDesktopWindow	0x1400296c0
SetMenuItemInfoW	0x1400296c8
DestroyIcon	0x1400296d0
GetKeyState	0x1400296d8

Name	Address
GetStockObject	0x140029070
SetBkColor	0x140029078
GetTextExtentPoint32W	0x140029080
CreateCompatibleBitmap	0x140029088
StretchBlt	0x140029090
SetPixel	0x140029098
SelectObject	0x1400290a0
CreateCompatibleDC	0x1400290a8
GetObjectW	0x1400290b0
DeleteDC	0x1400290b8
GetPixel	0x1400290c0
SetTextColor	0x1400290c8
CreateFontIndirectW	0x1400290d0
GetDeviceCaps	0x1400290d8
SetBkMode	0x1400290e0
DeleteObject	0x1400290e8
SetStretchBltMode	0x1400290f0

Name	Address
FindTextW	0x140029778
GetOpenFileNameW	0x140029780
GetSaveFileNameW	0x140029788
ChooseFontW	0x140029790

Name	Address
RegQueryInfoKeyW	0x140029000
RegEnumKeyExW	0x140029008
RegOpenKeyExW	0x140029010
RegCloseKey	0x140029018
RegQueryValueExW	0x140029020

Name	Address
Shell_NotifyIconW	0x1400293b0
ShellExecuteW	0x1400293b8
SHGetFileInfoW	0x1400293c0
ShellExecuteExW	0x1400293c8

Name	Address
CoCreateInstance	0x140029968

Name	Address
SysAllocString	0x140029398
SysFreeString	0x1400293a0

Reports: JSON

Statistics (40.14)

Usage

Processing ( 37.64 seconds )

32.641 ProcessMemory
3.953 BehaviorAnalysis
1.04 CAPE
0.007 AnalysisInfo
0.001 Debug

Signatures ( 0.08 seconds )

0.01 antiav_detectreg
0.008 ransomware_files
0.005 antianalysis_detectfile
0.005 ransomware_extensions
0.004 infostealer_ftp
0.004 territorial_disputes_sigs
0.003 antiav_detectfile
0.003 ursnif_behavior
0.002 antianalysis_detectreg
0.002 antivm_vbox_files
0.002 infostealer_bitcoin
0.002 infostealer_im
0.002 infostealer_mail
0.002 poullight_files
0.002 masquerade_process_name
0.001 antidebug_devices
0.001 antivm_generic_diskreg
0.001 antivm_parallels_keys
0.001 antivm_vbox_keys
0.001 antivm_vmware_keys
0.001 antivm_xen_keys
0.001 ketrican_regkeys
0.001 geodo_banking_trojan
0.001 browser_security
0.001 disables_backups
0.001 disables_browser_warn
0.001 disables_power_options
0.001 azorult_mutexes
0.001 cryptbot_files
0.001 echelon_files
0.001 qulab_files
0.001 revil_mutexes
0.001 modirat_behavior
0.001 recon_fingerprint

Reporting ( 2.42 seconds )

2.224 CAPASummary
0.195 JsonDump

Signatures

Queries the keyboard layout

The PE file contains a PDB path

pdbpath: f:\Projects\VS2005\NetworkTrafficView\x64\Release\NetworkTrafficView.pdb

Enumerates running processes

process: System with pid 4

process: Registry with pid 92

process: smss.exe with pid 384

process: csrss.exe with pid 476

process: wininit.exe with pid 552

process: services.exe with pid 656

process: lsass.exe with pid 696

process: fontdrvhost.exe with pid 784

process: svchost.exe with pid 808

process: svchost.exe with pid 924

process: svchost.exe with pid 976

process: svchost.exe with pid 1036

process: svchost.exe with pid 1108

process: svchost.exe with pid 1116

process: svchost.exe with pid 1204

process: svchost.exe with pid 1240

process: svchost.exe with pid 1296

process: svchost.exe with pid 1348

process: svchost.exe with pid 1392

process: svchost.exe with pid 1428

process: svchost.exe with pid 1452

process: svchost.exe with pid 1544

process: svchost.exe with pid 1552

process: svchost.exe with pid 1676

process: svchost.exe with pid 1756

process: svchost.exe with pid 1772

process: svchost.exe with pid 1788

process: Memory Compression with pid 1844

process: svchost.exe with pid 1864

process: svchost.exe with pid 1940

process: svchost.exe with pid 1964

process: svchost.exe with pid 1976

process: svchost.exe with pid 1364

process: svchost.exe with pid 2024

process: svchost.exe with pid 1692

process: svchost.exe with pid 2116

process: svchost.exe with pid 2128

process: svchost.exe with pid 2136

process: svchost.exe with pid 2144

process: svchost.exe with pid 2252

process: spoolsv.exe with pid 2340

process: svchost.exe with pid 2384

process: svchost.exe with pid 2416

process: svchost.exe with pid 2568

process: svchost.exe with pid 2580

process: svchost.exe with pid 2596

process: svchost.exe with pid 2608

process: svchost.exe with pid 2640

process: svchost.exe with pid 2736

process: svchost.exe with pid 2756

process: svchost.exe with pid 2764

process: MsMpEng.exe with pid 2772

process: svchost.exe with pid 2800

process: svchost.exe with pid 2852

process: svchost.exe with pid 3136

process: svchost.exe with pid 3772

process: svchost.exe with pid 3912

process: MicrosoftEdgeUpdate.exe with pid 3080

process: svchost.exe with pid 64

process: svchost.exe with pid 820

process: svchost.exe with pid 3692

process: SearchIndexer.exe with pid 5088

process: svchost.exe with pid 5940

process: svchost.exe with pid 6084

process: svchost.exe with pid 6092

process: svchost.exe with pid 5208

process: svchost.exe with pid 3440

process: dasHost.exe with pid 4544

process: svchost.exe with pid 4576

process: SecurityHealthService.exe with pid 4392

process: NisSrv.exe with pid 5416

process: svchost.exe with pid 6748

process: svchost.exe with pid 7040

process: svchost.exe with pid 6580

process: SgrmBroker.exe with pid 1796

process: svchost.exe with pid 6248

process: svchost.exe with pid 572

process: svchost.exe with pid 3184

process: svchost.exe with pid 3180

process: svchost.exe with pid 5236

process: svchost.exe with pid 1572

process: svchost.exe with pid 5020

process: csrss.exe with pid 6676

process: winlogon.exe with pid 780

process: fontdrvhost.exe with pid 4680

process: dwm.exe with pid 3860

process: sihost.exe with pid 2360

process: svchost.exe with pid 2216

process: svchost.exe with pid 6832

process: svchost.exe with pid 5524

process: taskhostw.exe with pid 7156

process: explorer.exe with pid 640

process: svchost.exe with pid 4968

process: StartMenuExperienceHost.exe with pid 4628

process: RuntimeBroker.exe with pid 6224

process: SearchApp.exe with pid 2060

process: RuntimeBroker.exe with pid 2732

process: SearchApp.exe with pid 952

process: ctfmon.exe with pid 5664

process: SkypeBackgroundHost.exe with pid 648

process: TextInputHost.exe with pid 676

process: smartscreen.exe with pid 5572

process: RuntimeBroker.exe with pid 6932

process: SecurityHealthSystray.exe with pid 5404

process: OneDrive.exe with pid 4508

process: SystemSettings.exe with pid 5096

process: ApplicationFrameHost.exe with pid 4160

process: UserOOBEBroker.exe with pid 5852

process: audiodg.exe with pid 5596

process: dllhost.exe with pid 1856

process: svchost.exe with pid 1632

process: ShellExperienceHost.exe with pid 5964

process: RuntimeBroker.exe with pid 6872

process: conhost.exe with pid 2892

process: upfc.exe with pid 4840

process: svchost.exe with pid 4788

process: backgroundTaskHost.exe with pid 5408

process: CompatTelRunner.exe with pid 6432

process: TrustedInstaller.exe with pid 3124

process: TiWorker.exe with pid 1380

process: conhost.exe with pid 5924

process: MoUsoCoreWorker.exe with pid 4600

process: sppsvc.exe with pid 4192

process: svchost.exe with pid 7000

process: SppExtComObj.Exe with pid 3844

process: RuntimeBroker.exe with pid 2872

process: RuntimeBroker.exe with pid 4736

process: svchost.exe with pid 2232

process: svchost.exe with pid 4404

process: NetworkTrafficView.exe with pid 3612

Expresses interest in specific running processes

process: ctfmon.exe

Yara detections observed in process dumps, payloads or dropped files

Hit: PID 3612 triggered the Yara rule 'shellcode_get_eip' with data '['{ E8 00 00 00 00 59 }']'

Anomalous binary characteristics

anomaly: Entrypoint of binary is located outside of any mapped sections

Installs WinPCAP

file: C:\Windows\System32\Npcap\wpcap.dll

Screenshots

No screenshots available.

Hosts

No hosts contacted.

DNS

No domains contacted.

Summary

C:\Users\Packager\AppData\Local\SystemResources\NetworkTrafficView.exe.mun
C:\Windows\System32\Npcap\wpcap.dll
C:\Users\Packager\AppData\Local\Temp\NetworkTrafficView_lng.ini
C:\Windows\Fonts\staticcache.dat
C:\Users\Packager\AppData\Local\Temp\TextShaping.dll
C:\Windows\System32\TextShaping.dll
C:\Windows\Globalization\Sorting\sortdefault.nls
C:\Windows\System32\uxtheme.dll.Config
C:\Windows\System32\uxtheme.dll
\Device\DeviceApi\CMApi
\??\MountPointManager
C:\Windows
C:\Users\Packager\AppData\Local\Temp\NetworkTrafficView.cfg
C:\Windows\System32\textinputframework.dll
C:\Windows\System32\CoreUIComponents.dll
C:\Windows\System32\CoreMessaging.dll
C:\Windows\System32\ntmarta.dll
C:\Windows\System32\WinTypes.dll
C:\Users\Packager\AppData\Local\Temp
C:\Users\Packager\AppData\Local\Temp\IPNetInfo.exe
C:\Users\Packager\AppData\Local\Temp\GeoLiteCity.dat
C:\Users\Packager\AppData\Local\Temp\GeoLiteCity.dat.gz
C:\Users\Packager\AppData\Local\Temp\GeoLite2-City-Locations-en.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-City-Locations*.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-City-Blocks-IPv4.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-City-Blocks-IPv6.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-Country-Locations-en.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-Country-Locations*.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-Country-Blocks-IPv4.csv
C:\Users\Packager\AppData\Local\Temp\GeoLite2-Country-Blocks-IPv6.csv
C:\Users\Packager\AppData\Local\Temp\IpToCountry.csv
\Device\Afd\AsyncSelectHlp
C:\Windows\System32\drivers\etc\services
C:\Windows\System32\svchost.exe
C:\a.exe
C:\Windows\SystemResources\svchost.exe.mun
C:\Users\Packager\AppData\Local\Programs\Python\SystemResources\python.exe.mun
C:\Users\Packager\AppData\Local\Microsoft\Windows\Explorer
C:\Users\Packager\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

\Device\Afd\AsyncSelectHlp
C:\Users\Packager\AppData\Local\Microsoft\Windows\Explorer\iconcache_32.db

HKEY_CURRENT_USER
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontLink\SystemLink
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Segoe UI
HKEY_CURRENT_USER\Control Panel\Desktop
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Sorting\Ids
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Netmon3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\NetworkTrafficView.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\Compatibility\AppCompatClassName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\Software\Microsoft\Input
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_CURRENT_USER\Software\Microsoft\CTF\DirectSwitchHotkeys
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\StateSeparation\RedirectionMap\Keys
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\TimeZoneInformation
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\Bias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardStart
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Arial
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\MS Sans Serif
HKEY_LOCAL_MACHINE\Software
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\IPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\SubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\DefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{b6767322-347b-409e-8d77-0268b7aaa738}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\IPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\SubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\DefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\Connection
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\12\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\12\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2\Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_10D3&SUBSYS_00008086&REV_00\4&336a283&0&0010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_10EC&DEV_8139&SUBSYS_11001AF4&REV_20\5&24692d7b&0&080010
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\KDNIC\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\KDNIC\0000\DeviceDesc
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\PCI\VEN_8086&DEV_10D3&SUBSYS_00008086&REV_00\4&12829b10&0&0014
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}
HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\SecurityService
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcp\VParameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcp\Parameters
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DatabasePath
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\WinSock2\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect\.current
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect\.Current\(Default)
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions
HKEY_CLASSES_ROOT\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\ResourcePolicies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\Disable
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\DataStore_V1.0\DataFilePath
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane6
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane7
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane8
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane9
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane10
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane11
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane12
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane13
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane14
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\LanguagePack\SurrogateFallback\Plane16
HKEY_CURRENT_USER\Control Panel\Desktop\SmoothScroll
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewAlphaSelect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ListviewShadow
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\AccListViewV6
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\UseDoubleClickTimer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Versions\000603xx
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en-US
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\Sorting\Ids\en
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\Segoe UI
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TurnOffSPIAnimations
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-10e03f000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-100000000000}\Generation
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Data
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{01989354-0000-0000-0000-300300000000}\Generation
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\OOBE\LaunchUserOOBE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CTF\EnableAnchorContext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\IsVailContainer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\ResyncResetTime
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Input\MaxResyncAttempts
HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\Bias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\StandardStart
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightName
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightBias
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation\DaylightStart
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes\MS Sans Serif
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0825e3c8-f6b1-44c5-9707-be5a20d7a8f5}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0825E3C8-F6B1-44C5-9707-BE5A20D7A8F5}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0b3cc30e-0931-43e7-8f7b-5be2fcc6f17f}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{0B3CC30E-0931-43E7-8F7B-5BE2FCC6F17F}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\IPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\SubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\DefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{27e3d6d8-a922-11ef-90c1-806e6f6e6963}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpIPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpSubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpDefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpNameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{b6767322-347b-409e-8d77-0268b7aaa738}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{B6767322-347B-409E-8D77-0268B7AAA738}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\MTU
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\EnableDHCP
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\IPAddress
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\SubnetMask
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\DefaultGateway
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\NameServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\DhcpServer
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\LeaseObtainedTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\LeaseTerminatesTime
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\T1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cc6eeb36-5ae2-46be-81a9-5f0b62ecf81f}\T2
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\Name
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\PnpInstanceID
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CC6EEB36-5AE2-46BE-81A9-5F0B62ECF81F}\Connection\ShowIcon
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\11\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\12\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\12\Description
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2\ServiceName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkCards\2\Description
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\ROOT\KDNIC\0000\DeviceDesc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\SecurityService\DefaultAuthLevel
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DatabasePath
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\WinSock_Registry_Version
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\AutodialDLL
HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\CCSelect\.Current\(Default)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\FolderExtensions\{fbeb8a05-beee-4442-804e-409d6c4515e9}\DriveMask

Local\SM0:3612:304:WilStaging_02
Local\SM0:3612:120:WilError_03
Local\MSCTF.Asm.MutexDefault3
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault3
Global\C::Users:Packager:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!rwReaderRefs
Global\C::Users:Packager:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!1fae48
Global\C::Users:Packager:AppData:Local:Microsoft:Windows:Explorer:iconcache_idx.db!04cd88

No results

Sorry! No behavior.

Sorry! No strace.

Sorry! No tracee.

No hosts contacted.

No TCP connections recorded.

No UDP connections recorded.

No domains contacted.

HTTP Requests

No HTTP(s) requests performed.

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Suricata HTTP

No Suricata HTTP

Sorry! No Suricata Extracted files.

Sorry! No dropped files.

Sorry! No process dumps.