0.3
低危
该样本未表现出任何异常!
重新分析
更多

026df28dea7061f848729f6300b4e6c54a10e62dc2082d351cb2855ac1c75acb

026df28dea7061f848729f6300b4e6c54a10e62dc2082d351cb2855ac1c75acb.exe

分析耗时

73s

最近分析

389天前

文件大小

118.9KB
静态报毒 动态报毒 UNKNOWN
鹰眼引擎
DACN 0.12
FACILE 1.00
IMCLNet 0.55
MFGraph 0.00
静态判定
反病毒引擎
未检测 暂无反病毒引擎检测结果
静态指标
行为判定
动态指标
可视化分析
二进制图像
数据导入图像 288x288
数据导入图像 224x224
数据导入图像 192x192
数据导入图像 160x160
数据导入图像 128x128
数据导入图像 96x96
数据导入图像 64x64
数据导入图像 32x32
运行截图
暂无运行截图 该样本运行过程中未生成截图

👋 欢迎使用 ChatHawk

我是您的恶意软件分析助手,可以帮您分析和解读恶意软件报告。请随时向我提问!

🔍 主要威胁分析
⚡ 行为特征
🛡️ 防护建议
🔧 技术手段
🎯 检测方法
🤖

PE Compile Time

2010-07-31 19:55:58

PE Imphash

ba23a556ac1d6444f7f76feafd6c8867

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x0000189a 0x00002000 5.131358637328581
.rdata 0x00003000 0x00000a98 0x00001000 4.1081480977202425
.data 0x00004000 0x00000520 0x00001000 1.0715771578017714
.rsrc 0x00005000 0x00009c60 0x0000a000 0.0

Imports

Library KERNEL32.dll:
0x403040 lstrcatA
0x403044 lstrcpyA
0x40304c GetShortPathNameA
0x403050 GetModuleFileNameA
0x403054 GetLastError
0x403058 SetFileAttributesA
0x40305c CopyFileA
0x403060 CloseHandle
0x403064 GetCurrentProcess
0x403068 CreateFileA
0x40306c GlobalFree
0x403070 LockResource
0x403074 GlobalAlloc
0x403078 LoadResource
0x40307c SizeofResource
0x403080 FindResourceA
0x403084 SetPriorityClass
0x403088 GetCurrentThread
0x40308c SetThreadPriority
0x403090 ResumeThread
0x403094 Sleep
0x403098 GetStartupInfoA
0x40309c CreateProcessA
0x4030a0 lstrlenA
0x4030a4 VirtualAllocEx
0x4030a8 WriteProcessMemory
0x4030ac GetModuleHandleA
0x4030b0 GetProcAddress
0x4030b4 CreateRemoteThread
0x4030bc GetSystemDirectoryA
0x4030c0 WriteFile
Library USER32.dll:
0x403164 MessageBoxA
Library comdlg32.dll:
0x40316c GetFileTitleA
Library ADVAPI32.dll:
0x403000 CloseServiceHandle
0x403004 RegOpenKeyExA
0x403008 RegQueryValueExA
0x403010 RegCreateKeyA
0x403018 SetServiceStatus
0x40301c RegOpenKeyA
0x403020 RegDeleteValueA
0x403024 RegSetValueExA
0x403028 RegCloseKey
0x40302c OpenServiceA
0x403030 CreateServiceA
0x403034 OpenSCManagerA
0x403038 StartServiceA
Library ole32.dll:
0x403174 CoUninitialize
0x403178 CoCreateGuid
0x40317c CoInitialize
Library MFC42.DLL:
0x4030c8 None
0x4030cc None
0x4030d0 None
0x4030d4 None
0x4030d8 None
Library MSVCRT.dll:
0x4030f4 _controlfp
0x4030f8 __set_app_type
0x4030fc __CxxFrameHandler
0x403100 _snprintf
0x403104 free
0x403108 fwrite
0x40310c fclose
0x403110 fread
0x403114 malloc
0x403118 ftell
0x40311c fseek
0x403120 fopen
0x403124 exit
0x403128 strstr
0x40312c strncmp
0x403130 _except_handler3
0x403134 __dllonexit
0x403138 _onexit
0x40313c _exit
0x403140 _XcptFilter
0x403144 _acmdln
0x403148 __getmainargs
0x40314c _initterm
0x403150 __setusermatherr
0x403154 _adjust_fdiv
0x403158 __p__commode
0x40315c __p__fmode
Library MSVCP60.dll:
L!This program cannot be run in DOS mode.
`.rdata
@.data
SVD$\WP]
VWh|C@
D$TSUVWh
3|$$\$
L$ D$$D
D$ RPj
P_^]3[`
QR; @@
jeQD$(
d$ P$<
PQRhC@
L$lPQ\$
PD$pPj
r 3+t$L|$LhC@
3RQPPPPP$
PRPD$@D
D$HD$DD$L|$lfD$rD$tf|$p
PQB @@
jeQD$$
UV5d1@
3|$1D$0
T$0QL$ D$
t<L$ D$ (A@
QR3IQPQ
uChlD@
tBT$ D$
SUVWL$$D$(
YHUjh1@
hSVWe3
EPEPEP
0u>"u:Fu
<"u>"u
> vFuj
YY3%0@
IwHwS5w
wFw+wX1w+wC5w
z+Rv*Rv3PvMYRv
{834CB23E-502F-45b0-800F-7450031D234B}
vKZPvQvQvE
PvkAXvRvlQv
Xu:VuVup
PuPuPuPu
(v4v|vvvvy=vv
v+vQvwv2v'v'v
GetSystemDirectoryA
GetSystemWindowsDirectoryA
CreateRemoteThread
GetProcAddress
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
lstrlenA
CreateProcessA
GetStartupInfoA
ResumeThread
SetThreadPriority
GetCurrentThread
SetPriorityClass
GetCurrentProcess
lstrcatA
lstrcpyA
GetEnvironmentVariableA
GetShortPathNameA
GetModuleFileNameA
GetLastError
SetFileAttributesA
CopyFileA
CloseHandle
WriteFile
CreateFileA
GlobalFree
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
KERNEL32.dll
MessageBoxA
USER32.dll
GetFileTitleA
comdlg32.dll
RegCloseKey
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegQueryValueExA
RegOpenKeyExA
CloseServiceHandle
StartServiceA
OpenServiceA
CreateServiceA
OpenSCManagerA
ADVAPI32.dll
CoUninitialize
CoCreateGuid
CoInitialize
ole32.dll
MFC42.DLL
__CxxFrameHandler
_snprintf
fwrite
fclose
malloc
strstr
strncmp
_except_handler3
MSVCRT.dll
__dllonexit
_onexit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
MSVCP60.dll
StormServer.dll
Storm ddos Server
Welcome to use storm ddos
Thank you
Program Files\Internet Explorer
calc.exe
notepad.exe
iexplore.exe
Kernel32
LoadLibraryA
ServiceDLL
SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
%SystemRoot%\System32\
> nul
/c del
COMSPEC
{%08X-%04X-%04x-%02X%02X-%02X%02X%02X%02X%02X%02X}
stubpath
SOFTWARE\Microsoft\Active Setup\Installed Components\
Description
SYSTEM\CurrentControlSet\Services\
oLq+2/XBPbG84P21eK0nQshRCgrb7+zrQ0qm8iOu75M=
pBeoAt+o4LduQNgbijEgrAwSFIGNV9An96aBd5EQdAE=
pQogZozG8ZGhDeHFGoCAzllMhJsicBnZQJCZj+5JIsk=
ec55c71c-3b15-4b01-b387-ac3b864ae1d3
ec55c71c-3b15-4b01-b387-ac3b864ae1d3
pSbICt7Gb2ApvrsPkuqTbYi97kX1gA6dAKl/E6g9zBU=
03f61f66-8883-8a61-5869-3dea2662685b
03f61f66-8883-8a61-5869-3dea2662685b
0497bc9f-6aa6-c1e3-103e-98529d089518
0497bc9f-6aa6-c1e3-103e-98529d089518
050284eb-777b-73a6-4cb2-5b4423ae7683
050284eb-777b-73a6-4cb2-5b4423ae7683
05b745a7-54b4-6966-8257-f1ddf45e38ee
05b745a7-54b4-6966-8257-f1ddf45e38ee
062640f4-b32b-0d87-e569-e104dd9fc79d
062640f4-b32b-0d87-e569-e104dd9fc79d
19e3ee59-07ac-3477-aac3-14b8061eb218
19e3ee59-07ac-3477-aac3-14b8061eb218
2159525d-a6a2-600f-ada7-5d527a1db6af
2159525d-a6a2-600f-ada7-5d527a1db6af
21849df1-e394-1be7-12bc-fff17e739b77
21849df1-e394-1be7-12bc-fff17e739b77
23050a58-24fe-0e74-7fe3-d92a604eea19
23050a58-24fe-0e74-7fe3-d92a604eea19
2578994c-3b32-c2ab-f8d4-a9e18301907d
2578994c-3b32-c2ab-f8d4-a9e18301907d
27f6e2cb-321c-71b3-14fa-f9a5be32c018
27f6e2cb-321c-71b3-14fa-f9a5be32c018
31745652-42b3-9db0-f12a-3cfcbebb5ee7
31745652-42b3-9db0-f12a-3cfcbebb5ee7
344b07bd-637d-587e-1041-4c3a8e8df508
344b07bd-637d-587e-1041-4c3a8e8df508
3d0efc8f-9d2e-55ee-62c9-11c878444fa6
3d0efc8f-9d2e-55ee-62c9-11c878444fa6
3dbac6e0-a3bc-8c89-90b5-5e95e1e4456f
3dbac6e0-a3bc-8c89-90b5-5e95e1e4456f
3f2a5d05-fdc9-722d-1bae-26480a09b361
3f2a5d05-fdc9-722d-1bae-26480a09b361
3fe222d7-0891-97e9-4ee7-323d5c48265d
3fe222d7-0891-97e9-4ee7-323d5c48265d
4225ead3-3318-a92a-ceb7-fd92479fcc11
4225ead3-3318-a92a-ceb7-fd92479fcc11
4a411d7f-012a-e3e3-b139-5ffb9f4dce9c
4a411d7f-012a-e3e3-b139-5ffb9f4dce9c
4a69babc-79ff-d8d0-e21f-1ad764610ba5
4a69babc-79ff-d8d0-e21f-1ad764610ba5
4d6bd88a-7817-3bec-4a2f-f8205a547e77
4d6bd88a-7817-3bec-4a2f-f8205a547e77
50e07dda-3e8f-7f35-e0e3-93d2d5801978
50e07dda-3e8f-7f35-e0e3-93d2d5801978
55e355a4-a6e2-dad6-ab07-111fe8d862ba
55e355a4-a6e2-dad6-ab07-111fe8d862ba
585f9e04-208c-a713-f44d-3e1b391b4324
585f9e04-208c-a713-f44d-3e1b391b4324
59077d8c-e774-3a45-4f61-8af09320fe13
59077d8c-e774-3a45-4f61-8af09320fe13
5c905f6f-3303-4456-d145-32796471cdc9
5c905f6f-3303-4456-d145-32796471cdc9
60bd071d-89a5-36a5-9ab8-5e94b8ceb81d
60bd071d-89a5-36a5-9ab8-5e94b8ceb81d
63f7d6b3-2b29-5864-50cf-9f7231237dbe
63f7d6b3-2b29-5864-50cf-9f7231237dbe
65342a1f-a506-1872-3895-b2a2324f9f39
65342a1f-a506-1872-3895-b2a2324f9f39
65904b29-a3f7-213d-2a08-c712954e716c
65904b29-a3f7-213d-2a08-c712954e716c
66cd0696-27fe-0594-be1e-88ae3228b097
66cd0696-27fe-0594-be1e-88ae3228b097
69ac1b04-f36a-2bd1-b7ec-1ae9ee709361
69ac1b04-f36a-2bd1-b7ec-1ae9ee709361
6b9b822b-3a52-cdf6-1a20-2c3ca2b44ad2
6b9b822b-3a52-cdf6-1a20-2c3ca2b44ad2
72265f61-2ae6-0dcf-a15e-3495ea6c5663
72265f61-2ae6-0dcf-a15e-3495ea6c5663
7819756d-aaa5-84ee-fd32-83f9ff6bca25
7819756d-aaa5-84ee-fd32-83f9ff6bca25
7d141cc8-75a1-5d14-1583-53c8065e7556
7d141cc8-75a1-5d14-1583-53c8065e7556
7e746adc-aded-b4e0-f905-958045b82a91
7e746adc-aded-b4e0-f905-958045b82a91
829de4ec-c68f-e5b5-bfc8-09faa229aa76
829de4ec-c68f-e5b5-bfc8-09faa229aa76
82f5712a-7b87-7adf-046e-73c039632dea
82f5712a-7b87-7adf-046e-73c039632dea
86924d2f-ac44-e4bc-4a71-b12855ab45a5
86924d2f-ac44-e4bc-4a71-b12855ab45a5
8a68dfdb-cf7a-734d-82a0-ecf2f1614e65
8a68dfdb-cf7a-734d-82a0-ecf2f1614e65
8c5aeebc-1e71-f9e6-4eb2-9fcd391beeae
8c5aeebc-1e71-f9e6-4eb2-9fcd391beeae
8d61ad59-f947-03ff-1472-fb4bda47aae4
8d61ad59-f947-03ff-1472-fb4bda47aae4
8e782466-c8cd-72f2-d954-38c2921ec3a9
8e782466-c8cd-72f2-d954-38c2921ec3a9
8f41e452-9780-ff52-fa7f-3f473959bbee
8f41e452-9780-ff52-fa7f-3f473959bbee
9503a4e9-5367-9f58-682a-c903313a1221
9503a4e9-5367-9f58-682a-c903313a1221
a42bb518-efa0-d48d-ff70-baea1b6a54a6
a42bb518-efa0-d48d-ff70-baea1b6a54a6
a5d17195-7b13-38b4-82df-2f248b9dbdc6
a5d17195-7b13-38b4-82df-2f248b9dbdc6
acadb843-ccea-7b83-a030-3837e583b79b
acadb843-ccea-7b83-a030-3837e583b79b
b1d0a08e-b875-344e-ea23-c5ef62d74c32
b1d0a08e-b875-344e-ea23-c5ef62d74c32
bb84a932-2455-c803-5571-28702ab9ef37
bb84a932-2455-c803-5571-28702ab9ef37
bb9d857f-e12c-1d29-f0cd-01a3664b332a
bb9d857f-e12c-1d29-f0cd-01a3664b332a
bf694aa9-17f8-0148-7cdd-d3e366fb9706
bf694aa9-17f8-0148-7cdd-d3e366fb9706
bf82650e-f5b5-7940-7b18-7d061958ea98
bf82650e-f5b5-7940-7b18-7d061958ea98
c2493c89-65b0-7954-a2b8-aa5efecc5c6a
c2493c89-65b0-7954-a2b8-aa5efecc5c6a
c4ddee78-55b7-8e06-319f-e099efa3c9f5
c4ddee78-55b7-8e06-319f-e099efa3c9f5
c8b1143e-86d0-a5d9-857f-ecb8b3733997
c8b1143e-86d0-a5d9-857f-ecb8b3733997
cde4d5c7-2f36-dfac-49ee-b4ef7966706a
cde4d5c7-2f36-dfac-49ee-b4ef7966706a
d4eea32c-0105-ad15-8749-c7ff24f68005
d4eea32c-0105-ad15-8749-c7ff24f68005
d8762de4-0e0c-3d1f-83f9-324bc2106432
d8762de4-0e0c-3d1f-83f9-324bc2106432
d89156d5-e156-286a-9db7-14b5530034fc
d89156d5-e156-286a-9db7-14b5530034fc
dbbd74e8-8a74-f200-ab6a-d5ac9689cb5b
dbbd74e8-8a74-f200-ab6a-d5ac9689cb5b
dd988d42-3935-2ce5-d88a-3d7d9fd5e283
dd988d42-3935-2ce5-d88a-3d7d9fd5e283
ddf07116-61ed-e702-ecc3-407e2a93967c
ddf07116-61ed-e702-ecc3-407e2a93967c
de0daafe-b7c0-5d0f-4b82-fb863520bb93
de0daafe-b7c0-5d0f-4b82-fb863520bb93
e04832c7-38ba-a7cf-b6a8-dc0589faf247
e04832c7-38ba-a7cf-b6a8-dc0589faf247
e3d4363f-c347-a427-5719-d0714ad4e28b
e3d4363f-c347-a427-5719-d0714ad4e28b
e424241c-3885-725a-612f-a597a877aabe
e424241c-3885-725a-612f-a597a877aabe
e4daf208-1ebb-9632-b278-f4266c29924f
e4daf208-1ebb-9632-b278-f4266c29924f
e8038c90-e7f4-f62c-c863-48294d42f12b
e8038c90-e7f4-f62c-c863-48294d42f12b
efa6b689-7379-25d7-da8b-b36f7017a3c3
efa6b689-7379-25d7-da8b-b36f7017a3c3
f0eedd9e-f12e-a35f-84f2-9d91222d52d3
f0eedd9e-f12e-a35f-84f2-9d91222d52d3
fc0547ef-4789-d2c9-324b-c3b2f910573e
fc0547ef-4789-d2c9-324b-c3b2f910573e
fde9a948-da42-4dda-8551-5bc37d07ed22
fde9a948-da42-4dda-8551-5bc37d07ed22
pYm2nwOxGc6z7lSognw0yFDwAvT6vw19fUA6AgZO2X4=
2cc8915a-3a60-ab50-0b94-483c874cd226
pcdWYYb9DmAfsyF2r5F3eZ8d90dxwbNrwv3g3w7zeG4=
pwsgLvKPxCIWaZdkJ81sXVaE8Ymalx/SRYktvM2Dh2k=
q/cVBi5bLXPmKTBHoGXvK0NQDslNR4/LIQEIJNzO6qE=
941a9c72-2af4-4642-8d02-6379d1d01e73
941a9c72-2af4-4642-8d02-6379d1d01e73
q1FNKc7L95Bjoq4LdpTlT55H9/GA7NrEYgjR4bYMRCk=
qGbT+3BHgVpKK4yzVtpIQGke8nDSy7hBbZN2FaO/YjA=
Professional
rG/80lIrgu9gxSukpjJY8GepG6lZBo0aTQVgz983V2k=
rNW8+1dYY0SO5Ag5BJER3TO7LhJXA3RY/1EuEAy9G6k=
rSVK8aavrF/LZg9sXFGSnfYxYpmE8+gx/DJ5MBEV2lE=
rSaN/+tfU1xiVR9ND1UU0tB79P6PNBrDbXJ2KWc8ySA=
red0qq/Fs4OTDS215GF6C5M0hkAW3NX/qfCCTvXZANA=
rhzeyCQUAtCrEqc16GNC1p622/MMRmZzfnQsGEWkl40=
riI0DhKryU1Z0g6laOd39UxsGCgPj/Hzpwcy7Yfiino=
rll+0wlFr1PpioBZNSxEtecv9kkjGWBAFMHCf4jzqv0=
s/6zJNbqhucQ/NDmyl9SdVpR19nv1R2OrTnHBjSNFZE=
s7JlVbzM93bGBRXOjEiiS3w3toxxHz859kgcAOz+LSA=
79beab45-eb30-4241-963f-8bb56445710e
sF6N7Wi2dPcZsHsqx0N8Fg9noXavVX6ufoK1I8XIFgc=
Professional
sdhN9RGwAtjv5+MerUI/dHJFSkeUD58EaYOHBok4Ol0=
sh/r5eITW4bSMCWroTbj4GYJLbjtSpAr2maqsRELNDE=
b59d7075-6453-45f1-84bb-a336993295f3
shI6YlARjCaeU1PqCiltNy8GEA/yRcZkIyt8iLGrGEU=
29d0b60f-66da-4858-bcaf-9eb513cd310d
spjtN9oazl8ECu5md2RfuUbygnsTBJDJkfHuDMbY3w0=
suI30jC2RYFZtbeZXCDc4jsTwWjT6PO0GyTqtfcM3TY=
770bc271-8dc1-467d-b574-73cbacbeccd1
770bc271-8dc1-467d-b574-73cbacbeccd1
t1bLDWFRMY8BFlXSxSLCnjbOBh+Rt8/bM4bwJiK94EM=
1de2866f-3dc2-4763-ab0d-4d2f2094921f
t69L90H6P5xtoHpePYo9Ra5regd2zHXxe0i9t9wEcCw=
55c92734-d682-4d71-983e-d6ec3f16059f
55c92734-d682-4d71-983e-d6ec3f16059f
trc8S5Y++YCczOPk9J92vlJxmt+jSPNlXw4g5NgyRNI=
77ba058e-7d3b-4cbf-be4a-ffe6bb75db60
uNaogO9ZgucG27V3dKg3439uuBgizOzXO0Aim1bXS+I=
Professional
v//krh+g/YrOAtp7QoJiCdjQ+G1g5ZJYFS3D+WTUIHw=
55c92734-d682-4d71-983e-d6ec3f16059f
55c92734-d682-4d71-983e-d6ec3f16059f
v75jLjq2zg8fM0Sk8Bp2seg3HqUQbKsmVVL1zsv5ZtA=
vIlWpIirsw3KDDBjcVW94T98RVgK8iktACJZ6/NM7EE=
vw+qeiUI5idWmh5OOxI7QTf81jaAb5pAnLrBq0sAI9w=
80e74f83-3c1f-448d-bacd-5bb3d73fdcc4
w95meEqW3FYqBxbTGoTOC65HXd6t6K6eM9idh8d3BhQ=
c1e88de3-96c4-4563-ad7d-775f65b1e670
wNdlfcmqjxfFDnpwHwvzlKqd4HzZ7vBuzFBv96Cwovc=
wX1m8VG4XCBpiNNEnfigjny2xyhJes5W0Yoj94IVHXs=
wZc5207/ErcSA0kde5XlWIO8EifHcsA6DICoe4N+PMk=
36a09ff3-2d00-474a-b5b8-6769630e99a6
36a09ff3-2d00-474a-b5b8-6769630e99a6
wi/OYMDJWFJu05JQsjvAKNr2JorXVEgRPx8Ezf2Fh9c=
283b89f8-0359-4c17-acd7-9c02563d3121
wr/jDOv1Ly5gQx2kOVN1Frb+4uGsLnOZlKpc+WljVrc=
55c92734-d682-4d71-983e-d6ec3f16059f
55c92734-d682-4d71-983e-d6ec3f16059f
x2IewLL49ZGPwaBBKatfGEtAFT9g327lJCkLLIoJXpM=
97a85bd6-e8e5-49f7-8ff9-756694f4dfda
xDbT1e+qGJave1OTY/ygBFJhJbgdwxpx4lxdAWl51Ic=
ec55c71c-3b15-4b01-b387-ac3b864ae1d3
xNUwNRFByrMbAU+l2wmio8woFRDqtAWsOfcAdsghvt4=
xmjkt6fp6j+g3KhBPT4h+OiExL+P9NMCmfOqq41RoSc=
xyKmH7A1/oIp5lUH+NtM0FN31dNUXtYxe5pZCqlyaA4=
y4iM9uCJE/mE3T92jo2vwmI8NFgNqPfM8s510Z/DTGU=
y7fKFPiTmrSYJ73XBy4QZBRLTTLXbh5VvB2I0NBqFHs=
yAMSqgCMN1H8WB3o9Ov7cNge+dk2g35v+lZoNymlthU=
yDyLgxA9pd/zqjrD7h7oa6ByFAve0+3KsCo9UI+tQ1I=
Professional
yYCcG8/qRu+gOkWAyqOjKX1TbiBenhmH0I9Tu4vTW2o=
d8e04254-f9a5-4729-ae86-886de6aa907c
yg0w88nOB5qHNlCQxUIU8B9p/EUiehe4DYyOwpYCQiw=
1c5a7fc8-a76a-47a1-8250-981ccd55195b
1c5a7fc8-a76a-47a1-8250-981ccd55195b
1de2866f-3dc2-4763-ab0d-4d2f2094921f
1de2866f-3dc2-4763-ab0d-4d2f2094921f
1e26474e-9d0c-4034-8cd9-10b734a2018b
1e26474e-9d0c-4034-8cd9-10b734a2018b
283b89f8-0359-4c17-acd7-9c02563d3121
283b89f8-0359-4c17-acd7-9c02563d3121
36a09ff3-2d00-474a-b5b8-6769630e99a6
36a09ff3-2d00-474a-b5b8-6769630e99a6
3f804ef3-67eb-4e88-8674-9dcb9f2c2d5f
3f804ef3-67eb-4e88-8674-9dcb9f2c2d5f
4349ff16-6159-4e09-a1dc-6f2f36f95bb7
4349ff16-6159-4e09-a1dc-6f2f36f95bb7
5064cc25-1700-4b7d-a177-ac6cfb7c946b
5064cc25-1700-4b7d-a177-ac6cfb7c946b
5773d727-ee83-43c4-857d-786b1232aa36
5773d727-ee83-43c4-857d-786b1232aa36
59fae268-eb0b-4136-a389-06a087f27e2d
59fae268-eb0b-4136-a389-06a087f27e2d
6f46bd86-35ad-422d-9f8a-5e3222a5f3bb
6f46bd86-35ad-422d-9f8a-5e3222a5f3bb
8551f7a0-bf5d-4fb3-80fd-c5a855ce558f
8551f7a0-bf5d-4fb3-80fd-c5a855ce558f
941a9c72-2af4-4642-8d02-6379d1d01e73
941a9c72-2af4-4642-8d02-6379d1d01e73
94f1f73c-2773-4413-b9fb-e6d0b4ea5c3e
94f1f73c-2773-4413-b9fb-e6d0b4ea5c3e
97a85bd6-e8e5-49f7-8ff9-756694f4dfda
97a85bd6-e8e5-49f7-8ff9-756694f4dfda
9f7cd04a-2046-4871-a460-83252d75f549
9f7cd04a-2046-4871-a460-83252d75f549
a5cf0fcc-e4ad-46bf-90c8-2a49e4cec90c
a5cf0fcc-e4ad-46bf-90c8-2a49e4cec90c
b59d7075-6453-45f1-84bb-a336993295f3
b59d7075-6453-45f1-84bb-a336993295f3
c506e35a-f05d-4b32-933d-46bb37c84360
c506e35a-f05d-4b32-933d-46bb37c84360
c74517ee-e555-481e-98e3-08241af97a33
c74517ee-e555-481e-98e3-08241af97a33
eb4e4a15-53a5-43ce-8fa3-5b486a76219a
eb4e4a15-53a5-43ce-8fa3-5b486a76219a
ec55c71c-3b15-4b01-b387-ac3b864ae1d3
ec55c71c-3b15-4b01-b387-ac3b864ae1d3
f06c5764-72ea-4193-93be-e830e271afd4
f06c5764-72ea-4193-93be-e830e271afd4
fb145d3b-d17a-4c62-9aed-85eb228a3782
fb145d3b-d17a-4c62-9aed-85eb228a3782
yjhxq0Mt81Js/tywTYOqRyeZQt+pcNk7cWHMje2rpr0=
yp8qh7xyWqRtJs3oUXU7G7tX6O0Rd6BmvmJFK+YVl78=
z1+Ygj9ktWka7U7xm3qJzxk4j+ml86n/ThxQi6V/cDg=
z3OVg1jAn59c6a3+LtCZjsW18F45Ca1bLBGk86KPM4Q=
zDwqKOp/SQyDXdf/F3bhKnGaAilxziKZxCCtRc/08gw=
zPjjMqhmZ0tz1u79IGnYXauraE60T6NqpSsLX4ptDT4=
zrCTYCgjsweB6JAGfWOVgES8wFsuU1dX4OtScgTQ2pk=
55c92734-d682-4d71-983e-d6ec3f16059f
770bc271-8dc1-467d-b574-73cbacbeccd1-ConsumptionResult
770bc271-8dc1-467d-b574-73cbacbeccd1
ACLUIFileFolderTool-IsSecurityUIEnabled
ChangeDesktopBackground-Enabled
DNS-Client-license-DAPolicy
GroupPolicy-License-DomainIncapableSystem
GroupPolicy-License-NetworkWaitTimeoutInSeconds
GroupPolicy-License-WaitForNetwork
IASLicensing-allowSubnetSyntax
IASLicensing-maxClient
IASLicensing-maxServerGroups
Kernel-DynamicPartitioningSupported
Kernel-ExpirationDate
Kernel-MUI-Language-Allowed
Kernel-MUI-Language-Disallowed
Kernel-MUI-Language-SKU
en-US;ar-SA;pt-BR;zh-TW;zh-CN;zh-HK;cs-CZ;da-DK;el-GR;es-ES;fi-FI;fr-FR;de-DE;he-IL;hu-HU;it-IT;ja-JP;ko-KR;nl-NL;nb-NO;pl-PL;pt-PT;ru-RU;sv-SE;tr-TR;bg-BG;hr-HR;et-EE;lv-LV;lt-LT;ro-RO;sr-Latn-CS;sk-SK;sl-SI;th-TH;uk-UA;fy-NL;qps-ploc;qps-plocm
Kernel-MUI-Number-Allowed
Kernel-MaxPhysicalPage
Kernel-MemoryMirroringSupported
Kernel-NativeVHDBoot
Kernel-PersistDefectiveMemoryList
Kernel-PhysicalMemoryAddAllowed
Kernel-ProductInfo
Kernel-RegisteredProcessors
Kernel-VirtualDynamicPartitioningSupported
Kernel-VmPhysicalMemoryAddAllowed
Kernel-WindowsMaxMemAllowedia64
Kernel-WindowsMaxMemAllowedx64
Kernel-WindowsMaxMemAllowedx86
LSA-Credman-DisableDomainCreds
LSA-Policy-EnableTrustedDomains
MCLicense-6F20786B-7DFC-4d72-B98B-FAA8699E5758-AdvancedConfigurationEnabled
MCLicense-7CBE1823-362F-43b1-9AB6-92F18C216806-SupportedTunerCount
MCLicense-9871786D-C2DE-4474-BDBB-C21A8B81B6C3-DVDRemotingEnabled
MCLicense-CCE46F5E-2F26-49fd-82F8-00A2CB7C3E74-AEPEnabled
MathRecognizerEventsLicensing-EnableMathRecognizer
MediaCenter-EnabledSku
Microsoft-Windows-AuxiliaryDisplay-EnableAPI
Microsoft-Windows-AuxiliaryDisplay-EnableCPL
Microsoft-Windows-AuxiliaryDisplay-EnableDriver
Microsoft-Windows-AuxiliaryDisplay-EnableSDP
Microsoft-Windows-Core-AllowMultiMon
Microsoft-Windows-Core-AllowedControlledDevicesForBoot
Microsoft-Windows-Core-InstanceLimitExemptedApps
Microsoft-Windows-Core-MaxConcurrentIApp
Microsoft-Windows-Core-MaxHRes
Microsoft-Windows-Core-MaxTopLevelWinPerApp
Microsoft-Windows-Core-MaxVRes
Microsoft-Windows-Core-NeedsFullOEMVerification
Microsoft-Windows-Core-ParentProcessDenyList
Microsoft-Windows-DOT11PREF-AllowAdhoc
Microsoft-Windows-DesktopWindowManager-Core-AnimatedTransitionsAllowed
Microsoft-Windows-DesktopWindowManager-Core-CompositionAllowed
Microsoft-Windows-DesktopWindowManager-Core-Flip3dAllowed
Microsoft-Windows-DesktopWindowManager-Core-LivePreviewAllowed
Microsoft-Windows-DesktopWindowManager-Core-ThumbnailsAllowed
Microsoft-Windows-DesktopWindowManager-Core-TransparencyAllowed
Microsoft-Windows-Fax-Common-DeviceLimit
Microsoft-Windows-Fax-Common-EnableServerPolicy
Microsoft-Windows-HotStart-EnableHotStart
Microsoft-Windows-IE-InternetExplorer-SupportEnableAutoUpgrade
Microsoft-Windows-InternetConnectionSharingConfig-HomeNetBeacon
Microsoft-Windows-InternetConnectionSharingConfig-HomeNetICS
Microsoft-Windows-NetworkBridge-WindowsHomeNwkEnabled
Microsoft-Windows-OfflineFiles-Core-BranchCachingEnabled
Microsoft-Windows-OfflineFiles-Core-FeatureEnabled
Microsoft-Windows-QWAVE-EnableAdaptiveFlow
Microsoft-Windows-QWAVE-Layer3Probing
Microsoft-Windows-SensorsLicense-EnableCPL
MicrosoftWindowsSafeDocsMain-BackupToNetShare
MicrosoftWindowsSafeDocsMain-GPSupport
MicrosoftWindowsSafeDocsMain-PerUserBackup
MobilePCMobilityCenter-EnableMobilityCenter
MobilePCPresentationSettings-EnablePresentationSettings
NetworkProjection-CanRunNetworkProjection
NetworkProjection-CanStartPresenting
NetworkSecurity-IPsecDoSProtection-EnabledPolicy
OMD-API-Enabled
PeerDist-Common-Client-Enabled
PeerDist-Common-HostedCache-Enabled
PeerDist-Common-KMDriver-Enabled
PeerDist-Common-Server-Enabled
PeerToPeerBase-Collaboration-EnabledPolicy
PeerToPeerBase-Graphing-EnabledPolicy
PeerToPeerBase-Grouping-EnabledPolicy
PeerToPeerBase-IdManager-EnabledPolicy
PeerToPeerBase-Pnrp-EnabledPolicy
Personalization-Enabled
PhotoMinFeature-AdvancedSlideshow
PhotoMinFeature-MakeDVD
Printing-Spooler-Core-Localspl-Licensing-Enabled
Printing-Spooler-Core-Spoolss-Licensing-Enabled
Printing-Spooler-Core-Spoolss-Licensing-Network-Default-Printer-Enabled
Printing-Spooler-Pmc-Licensing-Enabled
RasBase-DefaultConnections
RasBase-MaxConnections
SLC-Component-SKU-OCUR-OCURControlContentAllowed
SMBServer-AllowHashPublication
SMBServer-AllowRemoteLegacyShadowCopyAccess
SMBServer-AllowRemoteShadowCopyAccess
SMBServer-WindowsMaxInSMBConns
SecureStartupFeature-Enabled
SecureStartupFeature-Enabled-Driver
SecureStartupFeature-Enabled-Premium
SecureStartupFeature-PerfWarning
Security-SPP-ActivationResetCount
Security-SPP-ActivationResetCountMax
Security-SPP-ApplicationActivationResetCount
Security-SPP-ApplicationActivationResetCountMax
Security-SPP-CMIDExpirationPeriod
Security-SPP-EvaluationModeEnabled
Security-SPP-GenuineLocalStatus
Security-SPP-KmsCountedIdList
Security-SPP-Reserved-EnableNotificationMode
Security-SPP-Reserved-SkuPpdConsumed
Security-SPP-TokenActivation-AdditionalInfo
Security-SPP-UX-Slui-SelectivelySetBlackBackground
SnippingToolLicensing-Enabled
StickyNotesLicensing-Enabled
TabletPC-MathInputLicensing-EnableMathInput
TabletPC-UIHub-EnableCursors
TabletPC-UIHub-EnableFeedback
TabletPC-UIHub-EnableFlicks
TabletPC-tabbtn-EnableButtons
TabletPCAccessories-EnableJournal
TabletPCAccessories-EnableStickyNotes
TabletPCCoreInkRecognitionLicensing-EnableText
TabletPCInputPanel-EnableTIP
TabletPCInputPanel-EnableTIPSynced
TabletPCInputPersonalization-EnablePersonalization
TabletPCPlatformInput-core-EnableTouchUI
TabletPCPlatformInput-core-MultiTouchGestures
TabletPCPlatformInput-core-SFP
TerminalServices-DeviceRedirection-Licenses-PnpRedirectionAllowed
TerminalServices-DeviceRedirection-Licenses-TSAudioCaptureAllowed
TerminalServices-DeviceRedirection-Licenses-TSEasyPrintAllowed
TerminalServices-DeviceRedirection-Licenses-TSMFPluginAllowed
TerminalServices-RDP-7-Advanced-Compression-Allowed
TerminalServices-RemoteConnectionManager-0f0a4bf8-8362-435d-938c-222a518a8b78-Disabled
TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly
TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions
TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-InitialProgram
%SystemRoot%\ehome\mcrmgr.exe
TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions
TerminalServices-RemoteConnectionManager-AllowAppServerMode
TerminalServices-RemoteConnectionManager-AllowD3DRemoting
TerminalServices-RemoteConnectionManager-AllowMultimon
TerminalServices-RemoteConnectionManager-AllowMultipleSessions
TerminalServices-RemoteConnectionManager-AllowRemoteConnections
TerminalServices-RemoteConnectionManager-MaxUserSessions
TerminalServices-RemoteConnectionManager-UiEffects-DWMRemotingAllowed
TerminalServices-RemoteConnectionManager-b7857721-7a62-4a37-aff3-253fe2b8b0e8-MaxSessions
VirtualPC-licensing-Enabled
VirtualXP-licensing-Enabled
WMPPlayer-HMEAllowed
WMPPlayer-RMEAllowed
WMPPlayer-RMESecurityGroupAllowed
WindowsAnytimeUpgrade-CanUpgrade
WindowsSearchComponent-ComponentInstalled
WorkstationService-DomainJoinEnabled
appid-EnableV2
explorer-AeroAnimationAllowed
explorer-AeroShakeAllowed
feclient-EfsEnabled
feclient-EfsUserCacheLimit
msac3enc-DolbyDigitalEncoderV2AddIn
msac3enc-DolbyDigitalEncoderV2AddInEnable
msac3enc-DolbyDigitalEncoderV2InSKU
msmpeg2adec-AACDecoderV2AddIn
msmpeg2adec-AACDecoderV2AddInEnable
msmpeg2adec-AACDecoderV2InSKU
msmpeg2adec-DolbyDigitalDecoderV2AddIn
msmpeg2adec-DolbyDigitalDecoderV2AddInEnable
msmpeg2adec-DolbyDigitalDecoderV2InSKU
msmpeg2enc-MPEG2VideoEncoderV2AddIn
msmpeg2enc-MPEG2VideoEncoderV2AddInEnable
msmpeg2enc-MPEG2VideoEncoderV2InSKU
msmpeg2vdec-H264VideoDecoderV2AddIn
msmpeg2vdec-H264VideoDecoderV2AddInEnable
msmpeg2vdec-H264VideoDecoderV2InSKU
msmpeg2vdec-MPEG2VideoDecoderV2AddIn
msmpeg2vdec-MPEG2VideoDecoderV2AddInEnable
msmpeg2vdec-MPEG2VideoDecoderV2InSKU
parentalcontrols-EnableFeature
provsvc-license-HomeGroupCreate
shell-homegroup-Enabled
shell32-license-GroupPolicy-TryHarderPinned
volmgrx-SupportDynamic
volmgrx-SupportMirror
volmgrx-SupportRaid5
SppHostParameterGraceTimerSuffix
/6.1.1DB1.5B6B.27245
SppHostParameterIsNotificationSku
SppHostParameterOOTTimerSuffix
/6.1.1DB1.5B6B.27245
SppHostParameterUniqueGraceTimerSeed
Professional
SppHostParameterUniqueOOTTimerSeed
770bc271-8dc1-467d-b574-73cbacbeccd1
SppHostParameterUniqueValidityTimerSeed
Professional
SppBindingLicenseData
msft:rm/algorithm/hwid/4.0
msft:rm/algorithm/hwid/4.0
Security-SPP-Reserved-GraceTimerUniqueness
EditionId
Security-SPP-Reserved-ValidityTimerUniqueness
EditionId
SppBindingLicenseData
SppHostParameterAddonInfo
Professional
msft:rm/algorithm/flags/1.0

Process Tree

026df28dea7061f848729f6300b4e6c54a10e62dc2082d351cb2855ac1c75acb.exe, PID: 3012, Parent PID: 2236

default registry file network process services synchronisation iexplore office pdf

DNS

Name Response Post-Analysis Lookup
dns.msftncsi.com A 131.107.255.255 131.107.255.255
dns.msftncsi.com AAAA fd3e:4f5a:5b81::1 131.107.255.255

TCP

No TCP connections recorded.

UDP

Source Source Port Destination Destination Port
192.168.56.101 53179 224.0.0.252 5355
192.168.56.101 49642 224.0.0.252 5355
192.168.56.101 137 192.168.56.255 137
192.168.56.101 61714 114.114.114.114 53
192.168.56.101 56933 114.114.114.114 53
192.168.56.101 138 192.168.56.255 138

HTTP & HTTPS Requests

No HTTP requests performed.

ICMP traffic

No ICMP traffic performed.

IRC traffic

No IRC requests performed.

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

Snort Alerts

No Snort Alerts

Sorry! No dropped files.
Sorry! No dropped buffers.