File name:

WMI.reg

Full analysis: https://app.any.run/tasks/345be759-0a44-4766-95a5-a92cf2564cf6
Verdict: No threats detected
Analysis date: March 23, 2020, 15:12:33
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: Little-endian UTF-16 Unicode text, with CRLF, CR line terminators
MD5:

E2AA23CE00CF977B99AAE7AB4EE9B9B1

SHA1:

54E32189812F9FDDBF88CF230EB19273363439F8

SHA256:

A70A8E75F2F7D406A7A86FC9581F849731E827D5B4CA98D138F565C6BEA75277

SSDEEP:

768:xdPyK/GkgQtfUyiMJLYC47mWl88/IsoZej9K5f0/Uo645IAHjo:xeEl547gg6MLo

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    No suspicious indicators.

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.reg | Windows Registry Data (Ver. 5.0 - UTF16) (96.9)
.txt | Text - UTF-16 (LE) encoded (2)
.mp3 | MP3 audio (1)
No data.
screenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
38
Monitored processes
2
Malicious processes
0
Suspicious processes
0

Behavior graph

Click at the process to see the details
start regedit.exe regedit.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
1724"C:\Windows\regedit.exe" "C:\Users\admin\AppData\Local\Temp\WMI.reg"C:\Windows\regedit.exe
explorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Registry Editor
Exit code:
0
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
1756"C:\Windows\regedit.exe" "C:\Users\admin\AppData\Local\Temp\WMI.reg"C:\Windows\regedit.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Registry Editor
Exit code:
3221226540
Version:
6.1.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\windows\regedit.exe
c:\systemroot\system32\ntdll.dll
Total events
520
Read events
0
Write events
520
Delete events
0

Modification events

(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:123c80d2-937f-4cfe-80f4-c40d596e48b7
Value:
01000480880000009800000000000000140000000200740005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000018001F001200010200000000000520000000210200000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:479b20b4-5559-46fe-be97-7d222154421f
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:d43412ac-67f9-4fbb-a081-1752a2c33e84
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:671a8285-4edb-4cae-99fe-69a15c48c0bc
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:9831b7e6-09ac-491f-8d07-3c3d649d8240
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:2e2d2463-b537-4da7-8eee-51306f1f482f
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:a56dbcf9-c4f0-44a8-9c1b-bb3b3f774b4d
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:51565945-498a-4a77-acc6-151becc805ca
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:ea324793-51bb-486a-aa9d-0f5552353413
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
(PID) Process:(1724) regedit.exeKey:HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\WMI\Security
Operation:writeName:6dc76655-063c-4524-a862-b8410c26281b
Value:
01000480840000009400000000000000140000000200700005000000000018001F00120001020000000000052000000020020000000014001F001200010100000000000513000000000014001F001200010100000000000514000000000014001F001200010100000000000512000000000014001F0012000101000000000002010000000102000000000005200000002002000001020000000000052000000020020000
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
WMI.reg