Analysis Details
Category Package Started Completed Duration Logs
FILE generic 2026-06-29 07:56:11 2026-06-29 07:56:52 41s
Analysis Log
2026-06-28 14:55:58,243 [root] INFO: Date set to: 20260629T07:56:17, timeout set to: 200
2026-06-29 07:56:18,600 [root] DEBUG: Starting analyzer from: C:\7d7wfxi0
2026-06-29 07:56:18,601 [root] DEBUG: Storing results at: C:\UfGevMwj
2026-06-29 07:56:18,601 [root] DEBUG: Pipe server name: \\.\PIPE\XCYBIPQd
2026-06-29 07:56:18,602 [root] DEBUG: Python path: C:\Users\Rajesh\AppData\Local\Programs\Python\Python314
2026-06-29 07:56:18,602 [root] INFO: analysis running as an admin
2026-06-29 07:56:18,602 [root] DEBUG: no analysis package configured, picking one for you
2026-06-29 07:56:18,605 [root] INFO: analysis package selected: "generic"
2026-06-29 07:56:18,606 [root] DEBUG: importing analysis package module: "modules.packages.generic"...
2026-06-29 07:56:18,614 [root] DEBUG: imported analysis package "generic"
2026-06-29 07:56:18,615 [root] DEBUG: initializing analysis package "generic"...
2026-06-29 07:56:18,615 [lib.common.common] INFO: no wrapping
2026-06-29 07:56:18,615 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-29 07:56:18,616 [root] DEBUG: New location of moved file: C:\Users\Rajesh\AppData\Local\Temp\-
2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll option
2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a dll_64 option
2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader option
2026-06-29 07:56:18,617 [root] INFO: Analyzer: Package modules.packages.generic does not specify a loader_64 option
2026-06-29 07:56:18,843 [root] DEBUG: Imported auxiliary module "modules.auxiliary.browser"
2026-06-29 07:56:18,860 [root] DEBUG: Imported auxiliary module "modules.auxiliary.digisig"
2026-06-29 07:56:18,956 [root] DEBUG: Imported auxiliary module "modules.auxiliary.disguise"
2026-06-29 07:56:19,166 [root] DEBUG: Imported auxiliary module "modules.auxiliary.human"
2026-06-29 07:56:19,223 [lib.api.screenshot] DEBUG: Importing 'PIL.ImageChops'
2026-06-29 07:56:19,224 [lib.api.screenshot] ERROR: No module named 'PIL'
2026-06-29 07:56:19,225 [root] DEBUG: Imported auxiliary module "modules.auxiliary.screenshots"
2026-06-29 07:56:19,230 [root] DEBUG: Imported auxiliary module "modules.auxiliary.tlsdump"
2026-06-29 07:56:19,251 [root] DEBUG: Initialized auxiliary module "Browser"
2026-06-29 07:56:19,252 [root] DEBUG: attempting to configure 'Browser' from data
2026-06-29 07:56:19,253 [root] DEBUG: module Browser does not support data configuration, ignoring
2026-06-29 07:56:19,255 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.browser"...
2026-06-28 14:56:01,670 [root] DEBUG: Started auxiliary module modules.auxiliary.browser
2026-06-28 14:56:01,671 [root] DEBUG: Initialized auxiliary module "DigiSig"
2026-06-28 14:56:01,671 [root] DEBUG: attempting to configure 'DigiSig' from data
2026-06-28 14:56:01,672 [root] DEBUG: module DigiSig does not support data configuration, ignoring
2026-06-28 14:56:01,672 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.digisig"...
2026-06-28 14:56:01,673 [modules.auxiliary.digisig] DEBUG: Checking for a digital signature
2026-06-28 14:56:02,887 [modules.auxiliary.digisig] DEBUG: File has an invalid signature
2026-06-28 14:56:02,887 [modules.auxiliary.digisig] INFO: Uploading signature results to aux/DigiSig.json
2026-06-28 14:56:02,902 [root] DEBUG: Started auxiliary module modules.auxiliary.digisig
2026-06-28 14:56:02,906 [root] DEBUG: Initialized auxiliary module "Disguise"
2026-06-28 14:56:02,906 [root] DEBUG: attempting to configure 'Disguise' from data
2026-06-28 14:56:02,907 [root] DEBUG: module Disguise does not support data configuration, ignoring
2026-06-28 14:56:02,907 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.disguise"...
2026-06-28 14:56:02,910 [modules.auxiliary.disguise] INFO: Launched background process notepad.exe hidden (PID: 4112)
2026-06-28 14:56:02,916 [modules.auxiliary.disguise] INFO: Disguising GUID to 1a1c3eed-927b-46ed-96f8-95fcd45ef564
2026-06-28 14:56:02,916 [root] DEBUG: Started auxiliary module modules.auxiliary.disguise
2026-06-28 14:56:02,917 [root] DEBUG: Initialized auxiliary module "Human"
2026-06-28 14:56:02,917 [root] DEBUG: attempting to configure 'Human' from data
2026-06-28 14:56:02,917 [root] DEBUG: module Human does not support data configuration, ignoring
2026-06-28 14:56:02,917 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.human"...
2026-06-28 14:56:02,924 [root] DEBUG: Started auxiliary module modules.auxiliary.human
2026-06-28 14:56:02,924 [root] DEBUG: Initialized auxiliary module "Screenshots"
2026-06-28 14:56:02,924 [root] DEBUG: attempting to configure 'Screenshots' from data
2026-06-28 14:56:02,924 [root] DEBUG: module Screenshots does not support data configuration, ignoring
2026-06-28 14:56:02,924 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.screenshots"...
2026-06-28 14:56:02,934 [modules.auxiliary.screenshots] WARNING: Python Image Library is not installed, screenshots are disabled
2026-06-28 14:56:02,934 [root] DEBUG: Started auxiliary module modules.auxiliary.screenshots
2026-06-28 14:56:02,936 [root] DEBUG: Initialized auxiliary module "TLSDumpMasterSecrets"
2026-06-28 14:56:02,937 [root] DEBUG: attempting to configure 'TLSDumpMasterSecrets' from data
2026-06-28 14:56:02,937 [root] DEBUG: module TLSDumpMasterSecrets does not support data configuration, ignoring
2026-06-28 14:56:02,938 [root] DEBUG: Trying to start auxiliary module "modules.auxiliary.tlsdump"...
2026-06-28 14:56:02,943 [modules.auxiliary.tlsdump] WARNING: Unable to find lsass.exe process
2026-06-28 14:56:02,943 [root] DEBUG: Started auxiliary module modules.auxiliary.tlsdump
2026-06-28 14:56:09,541 [root] INFO: Restarting WMI Service
2026-06-28 14:56:11,798 [root] DEBUG: package modules.packages.generic does not support configure, ignoring
2026-06-28 14:56:11,800 [root] WARNING: configuration error for package modules.packages.generic: error importing data.packages.generic: No module named 'data.packages'
2026-06-28 14:56:11,801 [lib.core.compound] INFO: C:\Users\Rajesh\AppData\Local\Temp already exists, skipping creation
2026-06-28 14:56:11,803 [lib.api.process] INFO: Successfully executed process from path "C:\Windows\system32\cmd.exe" with arguments "/c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\-"" with pid 2192
2026-06-28 14:56:12,168 [lib.api.process] INFO: Monitor config for process 2192: C:\7d7wfxi0\dll\2192.ini
2026-06-28 14:56:12,186 [lib.api.process] INFO: 64-bit DLL to inject is C:\7d7wfxi0\dll\sctTxzh.dll, loader C:\7d7wfxi0\bin\kTLHFLzB.exe
2026-06-28 14:56:12,210 [root] DEBUG: Loader: Injecting process 2192 (thread 1724) with C:\7d7wfxi0\dll\sctTxzh.dll.
2026-06-28 14:56:12,213 [root] DEBUG: InjectDllViaIAT: Successfully patched IAT.
2026-06-28 14:56:12,214 [root] DEBUG: Successfully injected DLL C:\7d7wfxi0\dll\sctTxzh.dll.
2026-06-28 14:56:12,218 [lib.api.process] INFO: Injected into 64-bit <Process 2192 cmd.exe>
2026-06-28 14:56:14,238 [lib.api.process] INFO: Successfully resumed process with pid 2192
2026-06-28 14:56:14,467 [root] DEBUG: 2192: Python path set to 'C:\Users\Rajesh\AppData\Local\Programs\Python\Python314'.
2026-06-28 14:56:14,468 [root] DEBUG: 2192: Disabling sleep skipping.
2026-06-28 14:56:14,469 [root] DEBUG: 2192: Dropped file limit defaulting to 100.
2026-06-28 14:56:14,498 [root] DEBUG: 2192: YaraInit: Compiled 44 rule files
2026-06-28 14:56:14,502 [root] DEBUG: 2192: YaraInit: Compiled rules saved to file C:\7d7wfxi0\data\yara\capemon.yac
2026-06-28 14:56:14,559 [root] DEBUG: 2192: RtlInsertInvertedFunctionTable 0x00007FF9AAA0090E, LdrpInvertedFunctionTableSRWLock 0x00007FF9AAB5B4F0
2026-06-28 14:56:14,560 [root] DEBUG: 2192: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a
2026-06-28 14:56:14,565 [root] DEBUG: 2192: YaraScan hit: FindFixAndRun
2026-06-28 14:56:14,566 [root] DEBUG: 2192: Monitor initialised: 64-bit capemon loaded in process 2192 at 0x00007FF9866E0000, thread 1724, image base 0x00007FF79A450000, stack from 0x0000003552804000-0x0000003552900000
2026-06-28 14:56:14,569 [root] DEBUG: 2192: Commandline: "C:\Windows\system32\cmd.exe" /c start /wait "" "C:\Users\Rajesh\AppData\Local\Temp\-"
2026-06-28 14:56:14,586 [root] DEBUG: 2192: hook_api: LdrpCallInitRoutine export address 0x00007FF9AAA099BC obtained via GetFunctionAddress
2026-06-28 14:56:14,648 [root] WARNING: b'Unable to create trampoline for LockResource, hook type 2'
2026-06-28 14:56:14,649 [root] DEBUG: 2192: set_hooks: Unable to hook LockResource
2026-06-28 14:56:14,666 [root] DEBUG: 2192: Hooked 630 out of 631 functions
2026-06-28 14:56:14,672 [root] DEBUG: 2192: set_hooks_exe: Hooked FindFixAndRun at 0x00007FF79A45C620
2026-06-28 14:56:14,675 [root] DEBUG: 2192: Syscall hook installed, syscall logging level 1
2026-06-28 14:56:14,694 [root] DEBUG: 2192: RestoreHeaders: Restored original import table.
2026-06-28 14:56:14,696 [root] INFO: Loaded monitor into process with pid 2192
2026-06-28 14:56:14,698 [root] DEBUG: 2192: caller_dispatch: Added region at 0x00007FF79A450000 to tracked regions list (kernel32::SetUnhandledExceptionFilter returns to 0x00007FF79A4693C1, thread 1724).
2026-06-28 14:56:14,700 [root] DEBUG: 2192: YaraScan: Scanning 0x00007FF79A450000, size 0x6630a
2026-06-28 14:56:14,709 [root] DEBUG: 2192: ProcessImageBase: Main module image at 0x00007FF79A450000 unmodified (entropy change 0.000000e+00)
2026-06-28 14:56:14,736 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A6030000: C:\Windows\SYSTEM32\kernel.appcore (0x12000 bytes).
2026-06-28 14:56:14,739 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8700000: C:\Windows\System32\bcryptPrimitives (0x83000 bytes).
2026-06-28 14:56:14,744 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A5B50000: C:\Windows\system32\uxtheme (0x9e000 bytes).
2026-06-28 14:56:14,758 [root] DEBUG: 2192: DLL loaded at 0x00007FF994050000: C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.19041.1110_none_60b5254171f9507e\comctl32 (0x29a000 bytes).
2026-06-28 14:56:14,770 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A9D30000: C:\Windows\System32\SHCORE (0xad000 bytes).
2026-06-28 14:56:14,775 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A7A90000: C:\Windows\system32\Wldp (0x2c000 bytes).
2026-06-28 14:56:14,778 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A6230000: C:\Windows\SYSTEM32\windows.storage (0x790000 bytes).
2026-06-28 14:56:14,790 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A2720000: C:\Windows\system32\PROPSYS (0xf6000 bytes).
2026-06-28 14:56:14,814 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A9600000: C:\Windows\System32\clbcatq (0xa9000 bytes).
2026-06-28 14:56:14,838 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8050000: C:\Windows\system32\profapi (0x1f000 bytes).
2026-06-28 14:56:14,957 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A8110000: C:\Windows\System32\CFGMGR32 (0x4e000 bytes).
2026-06-28 14:56:14,964 [root] DEBUG: 2192: DLL loaded at 0x00007FF993730000: C:\Windows\system32\edputil (0x24000 bytes).
2026-06-28 14:56:15,011 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A1300000: C:\Windows\System32\Windows.StateRepositoryPS (0x146000 bytes).
2026-06-28 14:56:15,035 [root] DEBUG: 2192: DLL loaded at 0x00007FF9903B0000: C:\Windows\System32\Windows.UI.AppDefaults (0x4c000 bytes).
2026-06-28 14:56:15,060 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F680000: C:\Windows\system32\iertutil (0x2b0000 bytes).
2026-06-28 14:56:15,061 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F650000: C:\Windows\system32\srvcli (0x28000 bytes).
2026-06-28 14:56:15,064 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A75F0000: C:\Windows\system32\netutils (0xc000 bytes).
2026-06-28 14:56:15,068 [root] DEBUG: 2192: DLL loaded at 0x00007FF99F930000: C:\Windows\system32\urlmon (0x1eb000 bytes).
2026-06-28 14:56:15,097 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A5A30000: C:\Windows\SYSTEM32\apphelp (0x90000 bytes).
2026-06-28 14:56:15,157 [root] DEBUG: 2192: DLL loaded at 0x00007FF99EEA0000: C:\Windows\System32\OneCoreUAPCommonProxyStub (0x798000 bytes).
2026-06-28 14:56:15,172 [root] DEBUG: 2192: DLL loaded at 0x00007FF9A4DC0000: C:\Windows\System32\wintypes (0x154000 bytes).
2026-06-28 14:56:15,224 [root] DEBUG: 2192: DLL loaded at 0x00007FF99D480000: C:\Windows\System32\OneCoreCommonProxyStub (0x7d000 bytes).
2026-06-28 14:56:15,235 [root] DEBUG: 2192: DLL loaded at 0x00007FF99CC30000: C:\Windows\System32\ActXPrxy (0xa1000 bytes).
2026-06-28 14:56:15,353 [root] DEBUG: 2192: NtTerminateProcess hook: Attempting to dump process 2192
2026-06-28 14:56:15,355 [root] DEBUG: 2192: VerifyCodeSection: Executable code does not match, 0xb620 of 0x30ef9 matching
2026-06-28 14:56:15,355 [root] DEBUG: 2192: DoProcessDump: Code modification detected, dumping Imagebase at 0x00007FF79A450000.
2026-06-28 14:56:15,356 [root] DEBUG: 2192: DumpImageInCurrentProcess: Attempting to dump virtual PE image.
2026-06-28 14:56:15,357 [root] DEBUG: 2192: DumpProcess: Instantiating PeParser with address: 0x00007FF79A450000.
2026-06-28 14:56:15,358 [root] DEBUG: 2192: DumpProcess: Module entry point VA is 0x00007FF79A468F50.
2026-06-28 14:56:15,386 [lib.common.results] INFO: Uploading file C:\UfGevMwj\CAPE\2192_45423915562128062026 to procdump\c0090b5e27c7873e958b45dc440522055641177ef145e1bf23bf979fd3cfad70; Size is 401920; Max size: 100000000
2026-06-28 14:56:15,390 [root] DEBUG: 2192: DumpProcess: Module image dump success - dump size 0x62200.
2026-06-28 14:56:15,527 [root] INFO: Process with pid 2192 has terminated
2026-06-28 14:56:21,304 [root] INFO: Process list is empty, terminating analysis
2026-06-28 14:56:22,317 [root] INFO: Created shutdown mutex
2026-06-28 14:56:23,449 [root] INFO: Shutting down package
2026-06-28 14:56:23,449 [root] INFO: Stopping auxiliary modules
2026-06-28 14:56:23,450 [root] INFO: Stopping auxiliary module: Browser
2026-06-28 14:56:23,450 [root] INFO: Stopping auxiliary module: Human
2026-06-28 14:56:29,376 [root] INFO: Stopping auxiliary module: Screenshots
2026-06-28 14:56:29,452 [root] INFO: Finishing auxiliary modules
2026-06-28 14:56:29,453 [root] INFO: Shutting down pipe server and dumping dropped files
2026-06-28 14:56:29,453 [root] WARNING: Folder at path "C:\UfGevMwj\debugger" does not exist, skipping
2026-06-28 14:56:29,454 [root] WARNING: Folder at path "C:\UfGevMwj\tlsdump" does not exist, skipping
2026-06-28 14:56:29,456 [root] INFO: Analysis completed
Process Log

        
Pre-Script Log

        
During-Script Log

        
Machine Information
Name Label Manager Started On Shutdown On Route
win10 win10 KVM 2026-06-29 07:56:11 2026-06-29 07:56:51 internet
File Details
File Information
File Name
-
File Type JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 1280x720, components 3
File Size 17901 bytes
MD5 d39c7030104821789406d61592dc8d26
SHA1 44762a79a1530cda4cb4bdcfd732e61891c766a0
SHA256 5f110d10a4f54721e7e550e9c3d4e9d94f37c1aadb2b9b0cc1ecad90a0d31a70 VT MWDB Bazaar
SHA3-384 a82191f05c3f3a368ee564d816622bbdb6aa49ef898c10dc8e1af9294f26e20cab78547c9308c17a54d4db23be9b05e1
CRC32 6153BCE7
TLSH T122825E179D094B93942997E8BE034EEC6F492F0CE9823AFF55225EC73D302225D5E12E
Ssdeep 192:t1pZzIuRsxA3+0OGmEH/FrqN0cZ24JXZ8CILrc60/y4W/AeAx6b4I4r:t1/zP2AzDrqN001ZAVaeKr
Strings
JZJZ@
IRR`S
QFj@(
%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
hLJQIJ)
QEI@)i)h
)piqE
~4sKE
)X.IE2
QH`)i)h
IKITH
KIKHaE%
j=qKE
LciFi
()i)h
))i)2
=?J:Q
%4&%-
QEY!E
P!1F)h
Q@\ZL
i)M%i
bQKI@
&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz
a\Z2)(
QH`)i(
Processing 1.69s
  • 1.626s CAPE
  • 0.033s BehaviorAnalysis
  • 0.022s NetworkAnalysis
  • 0.011s AnalysisInfo
  • 0.001s Debug
Signatures 0.09s
  • 0.026s antiav_detectreg
  • 0.009s infostealer_ftp
  • 0.009s territorial_disputes_sigs
  • 0.006s antianalysis_detectreg
  • 0.005s infostealer_im
  • 0.004s ransomware_files
  • 0.003s antiav_detectfile
  • 0.003s antivm_vbox_keys
  • 0.003s ransomware_extensions_known
  • 0.002s antianalysis_detectfile
  • 0.002s antivm_vmware_keys
  • 0.002s infostealer_bitcoin
  • 0.002s infostealer_mail
  • 0.002s masquerade_process_name
  • 0.001s antivm_generic_diskreg
  • 0.001s antivm_parallels_keys
  • 0.001s antivm_vbox_files
  • 0.001s antivm_vpc_keys
  • 0.001s antivm_xen_keys
  • 0.001s ketrican_regkeys
  • 0.001s browser_security
  • 0.001s bypass_firewall
  • 0.001s disables_backups
  • 0.001s disables_browser_warn
  • 0.001s disables_power_options
  • 0.001s recon_fingerprint
  • 0.001s suspicious_command_tools
  • 0.001s uses_windows_utilities
Reporting 0.00s
  • 0.003s JsonDump
Signatures
ip: 173.194.76.94
ip: 108.177.15.139
ip: 108.177.15.94
ip: 74.125.206.84
ip: 66.102.1.138
ip: 74.125.206.138
ip: 74.125.133.95
ip: 142.251.150.119
ip: 142.251.168.139
ip: 142.251.168.100
ip: 74.125.206.101
ip: 74.125.71.94
ip: 142.251.16.94
process: cmd.exe, PID 2192
behavioral_fips_reconnaissance: ["cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\MDMEnabled'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\Enabled'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Lsa\\FipsAlgorithmPolicy\\STE'", "cmd.exe (PID: 2192) probed FIPS encryption policy at 'HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Lsa\\FipsAlgorithmPolicy'"]
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
mount_point_key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
Hosts
Direct IP Country Name ASN
Y 173.194.76.94 [VT] unknown -
Y 108.177.15.139 [VT] unknown -
Y 108.177.15.94 [VT] unknown -
Y 74.125.206.84 [VT] unknown -
Y 66.102.1.138 [VT] unknown -
Y 74.125.206.138 [VT] unknown -
Y 74.125.133.95 [VT] unknown -
Y 142.251.150.119 [VT] unknown -
Y 142.251.168.139 [VT] unknown -
Y 142.251.168.100 [VT] unknown -
Y 74.125.206.101 [VT] unknown -
Y 74.125.71.94 [VT] unknown -
Y 142.251.16.94 [VT] unknown -
Summary
  • C:\Users\Rajesh\AppData\Local\Temp
  • C:\Users
  • C:\Users\Rajesh
  • C:\Users\Rajesh\AppData
  • C:\Users\Rajesh\AppData\Local
  • C:\Users\Rajesh\AppData\Local\Temp\-.*
  • C:\Users\Rajesh\AppData\Local\Temp\-.COM
  • C:\Users\Rajesh\AppData\Local\Temp\-.EXE
  • C:\Users\Rajesh\AppData\Local\Temp\-.BAT
  • C:\Users\Rajesh\AppData\Local\Temp\-.CMD
  • C:\Users\Rajesh\AppData\Local\Temp\-.VBS
  • C:\Users\Rajesh\AppData\Local\Temp\-.VBE
  • C:\Users\Rajesh\AppData\Local\Temp\-.JS
  • C:\Users\Rajesh\AppData\Local\Temp\-.JSE
  • C:\Users\Rajesh\AppData\Local\Temp\-.WSF
  • C:\Users\Rajesh\AppData\Local\Temp\-.WSH
  • C:\Users\Rajesh\AppData\Local\Temp\-.MSC
  • C:\Windows\System32\kernel.appcore.dll
  • \Device\CNG
  • \Device\DeviceApi\CMApi
  • \??\MountPointManager
  • C:\Users\Rajesh\AppData\Local\Temp\-
  • HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Command Processor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
  • HKEY_CURRENT_USER\Software\Microsoft\Command Processor
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Policies\Microsoft\Cryptography\Configuration
  • HKEY_CURRENT_USER
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
  • HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsRuntime
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\CustomAttributes
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLE\Diagnosis
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CustomAttributes
  • HKEY_CURRENT_USER\Software\Classes\Interface\{8645456F-D9A2-4B82-AFEC-58F0E8DF0ACF}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{C53E07EC-25F3-4093-AA39-FC67EA22E99D}
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\TreatAs
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler32
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InprocHandler
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
  • HKEY_CURRENT_USER\Software\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\LocalServer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\Elevation
  • HKEY_CURRENT_USER\Software\Classes\Interface\{AF86E2E0-B12D-4C6A-9C5A-D7AA65101E90}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
  • HKEY_CURRENT_USER\Software\Classes\Interface\{89BC3F49-F8D9-5103-BA13-DE497E609167}
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\GRE_Initialize
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DisableUNCCheck
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\EnableExtensions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DelayedExpansion
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\DefaultColor
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\CompletionChar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\PathCompletionChar
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Command Processor\AutoRun
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\STE
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\Enabled
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy
  • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Lsa\FipsAlgorithmPolicy\MDMEnabled
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Themes\Personalize\AppsUseLightTheme
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-100000000000}\Generation
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-300300000000}\Generation
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Data
  • HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{e1e1ae7a-0000-0000-0000-10e008000000}\Generation
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivationType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Server
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\DllPath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Threading
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\TrustLevel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\RemoteServer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateAsUser
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInSharedBroker
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateInBrokerForMediumILContainer
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\Permissions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.Internal.StateRepository.FileTypeAssociation\ActivateOnHostFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExePath
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\CommandLine
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\IdentityType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Permissions
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ActivatableClasses
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServerType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\AppId
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\Identity
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ServiceName
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\Server\StateRepository\ExplicitPsmActivationType
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{8645456f-d9a2-4b82-afec-58f0e8df0acf}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\ActivateOnHostFlags
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\InprocServer32
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\InProcServer32\ThreadingModel
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c53e07ec-25f3-4093-aa39-fc67ea22e99d}\AppID
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AF86E2E0-B12D-4c6a-9C5A-D7AA65101E90}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{89bc3f49-f8d9-5103-ba13-de497e609167}\ProxyStubClsid32\(Default)
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableMetaFiles
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\GRE_Initialize\DisableUmpdBufferSizeCheck
  • C:\Users\Rajesh\AppData\Local\Temp\-

No results found.

No behavioral analysis data available.

Sorry! No strace.
Sorry! No tracee.
Hosts
No hosts contacted.
TCP Connections
No TCP connections recorded.
UDP Connections
No UDP connections recorded.
DNS Requests
No domains contacted.
HTTP Requests
No HTTP(s) requests performed.
SMTP Traffic
No SMTP traffic performed.
IRC Traffic
No IRC requests performed.
ICMP Traffic
No ICMP traffic performed.
CIF Results
No CIF Results
Suricata Alerts
No Suricata Alerts
Suricata TLS
No Suricata TLS
Suricata HTTP
No Suricata HTTP
Sorry! No Suricata Extracted files.

No dropped files found.

Sorry! No process dumps.