| File name: | 1 (1436) |
| Full analysis: | https://app.any.run/tasks/5a95a5d0-07d5-4105-867e-dfe254ec5d02 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 14:27:13 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | E6D569AC62E886E85C51FACC8FB4E8D0 |
| SHA1: | 6D8597CC05F12FD5354A5607927C39EE2129D675 |
| SHA256: | 4C5F51D4E0BA74C7833811766A408B5609759AFF52920B92A7D044221B369FC2 |
| SSDEEP: | 6144:UBe8CUmdQDASABFUj0e2PbSx+tPrlp8+BL/xpeOagkb8ScjwpyAvEhpyDXZ9sWJa:UI31LSABWj3UPh+SLJpeOaPx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1436).exe (PID: 4844)
- Unicorn-27568.exe (PID: 1764)
- Unicorn-2435.exe (PID: 1088)
- Unicorn-25124.exe (PID: 6476)
- Unicorn-45222.exe (PID: 4424)
- Unicorn-235.exe (PID: 3272)
- Unicorn-22834.exe (PID: 5720)
- Unicorn-52103.exe (PID: 1128)
- Unicorn-26852.exe (PID: 2772)
- Unicorn-3499.exe (PID: 1568)
- Unicorn-8138.exe (PID: 5112)
- Unicorn-18609.exe (PID: 5164)
- Unicorn-14599.exe (PID: 6724)
- Unicorn-33432.exe (PID: 5260)
- Unicorn-19570.exe (PID: 4976)
- Unicorn-3499.exe (PID: 5964)
- Unicorn-1719.exe (PID: 4464)
- Unicorn-21734.exe (PID: 5436)
- Unicorn-52958.exe (PID: 4268)
- Unicorn-59088.exe (PID: 1240)
- Unicorn-5803.exe (PID: 2284)
- Unicorn-51475.exe (PID: 5956)
- Unicorn-30043.exe (PID: 6112)
- Unicorn-16637.exe (PID: 2240)
- Unicorn-42752.exe (PID: 5864)
- Unicorn-62788.exe (PID: 728)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-61911.exe (PID: 7220)
- Unicorn-12902.exe (PID: 7240)
- Unicorn-3795.exe (PID: 7264)
- Unicorn-18085.exe (PID: 7284)
- Unicorn-7457.exe (PID: 3156)
- Unicorn-54620.exe (PID: 2800)
- Unicorn-34754.exe (PID: 5972)
- Unicorn-4657.exe (PID: 5332)
- Unicorn-34754.exe (PID: 3332)
- Unicorn-53956.exe (PID: 7308)
- Unicorn-53956.exe (PID: 7300)
- Unicorn-8839.exe (PID: 7336)
- Unicorn-406.exe (PID: 7352)
- Unicorn-21646.exe (PID: 7384)
- Unicorn-46949.exe (PID: 7464)
- Unicorn-30198.exe (PID: 7452)
- Unicorn-58232.exe (PID: 7436)
- Unicorn-53386.exe (PID: 7476)
- Unicorn-61740.exe (PID: 7500)
- Unicorn-43550.exe (PID: 7588)
- Unicorn-37982.exe (PID: 7572)
- Unicorn-49415.exe (PID: 7596)
- Unicorn-43550.exe (PID: 7604)
- Unicorn-37982.exe (PID: 7564)
- Unicorn-62295.exe (PID: 7520)
- Unicorn-43240.exe (PID: 7728)
- Unicorn-24857.exe (PID: 7736)
- Unicorn-2954.exe (PID: 7704)
- Unicorn-22244.exe (PID: 7760)
- Unicorn-63852.exe (PID: 7696)
- Unicorn-10738.exe (PID: 7824)
- Unicorn-52176.exe (PID: 7840)
- Unicorn-42856.exe (PID: 7816)
- Unicorn-23131.exe (PID: 7864)
- Unicorn-7945.exe (PID: 7772)
- Unicorn-19482.exe (PID: 7956)
- Unicorn-19482.exe (PID: 7940)
- Unicorn-19482.exe (PID: 7964)
- Unicorn-19482.exe (PID: 7972)
- Unicorn-19482.exe (PID: 7948)
- Unicorn-2783.exe (PID: 8020)
- Unicorn-32382.exe (PID: 7556)
- Unicorn-29186.exe (PID: 8092)
- Unicorn-41246.exe (PID: 8040)
- Unicorn-23457.exe (PID: 8132)
- Unicorn-20080.exe (PID: 8072)
- Unicorn-7443.exe (PID: 8140)
- Unicorn-16188.exe (PID: 8112)
- Unicorn-46343.exe (PID: 7344)
- Unicorn-7635.exe (PID: 8208)
- Unicorn-31948.exe (PID: 8176)
- Unicorn-38070.exe (PID: 8168)
- Unicorn-16358.exe (PID: 8272)
- Unicorn-29260.exe (PID: 7400)
- Unicorn-60158.exe (PID: 8232)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-41512.exe (PID: 7392)
- Unicorn-60920.exe (PID: 4272)
- Unicorn-7635.exe (PID: 8200)
- Unicorn-13198.exe (PID: 8344)
- Unicorn-53676.exe (PID: 8300)
- Unicorn-28596.exe (PID: 8472)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-49519.exe (PID: 8368)
- Unicorn-16358.exe (PID: 8264)
- Unicorn-9799.exe (PID: 8456)
- Unicorn-7106.exe (PID: 8488)
- Unicorn-53676.exe (PID: 8304)
- Unicorn-40654.exe (PID: 8408)
- Unicorn-15274.exe (PID: 8480)
- Unicorn-57760.exe (PID: 8316)
- Unicorn-29708.exe (PID: 8584)
- Unicorn-37843.exe (PID: 8592)
- Unicorn-57303.exe (PID: 8508)
- Unicorn-16624.exe (PID: 7528)
- Unicorn-2237.exe (PID: 8552)
- Unicorn-15449.exe (PID: 8708)
- Unicorn-45124.exe (PID: 8436)
- Unicorn-54039.exe (PID: 8544)
- Unicorn-53484.exe (PID: 8536)
- Unicorn-62612.exe (PID: 8620)
- Unicorn-20817.exe (PID: 8688)
- Unicorn-53484.exe (PID: 8528)
- Unicorn-23617.exe (PID: 8696)
- Unicorn-42000.exe (PID: 8780)
- Unicorn-42960.exe (PID: 8844)
- Unicorn-38876.exe (PID: 8828)
- Unicorn-63572.exe (PID: 8980)
- Unicorn-63380.exe (PID: 8864)
- Unicorn-27178.exe (PID: 8812)
- Unicorn-51055.exe (PID: 8940)
- Unicorn-2119.exe (PID: 8992)
- Unicorn-32937.exe (PID: 8956)
- Unicorn-5362.exe (PID: 9056)
- Unicorn-53934.exe (PID: 9112)
- Unicorn-60256.exe (PID: 9172)
- Unicorn-52088.exe (PID: 9156)
- Unicorn-18072.exe (PID: 9080)
- Unicorn-11034.exe (PID: 9208)
- Unicorn-60064.exe (PID: 9120)
- Unicorn-52259.exe (PID: 5308)
- Unicorn-60811.exe (PID: 9180)
- Unicorn-8367.exe (PID: 8560)
- Unicorn-63194.exe (PID: 6468)
Executable content was dropped or overwritten
- Unicorn-27568.exe (PID: 1764)
- 1 (1436).exe (PID: 4844)
- Unicorn-45222.exe (PID: 4424)
- Unicorn-235.exe (PID: 3272)
- Unicorn-2435.exe (PID: 1088)
- Unicorn-22834.exe (PID: 5720)
- Unicorn-25124.exe (PID: 6476)
- Unicorn-14599.exe (PID: 6724)
- Unicorn-52103.exe (PID: 1128)
- Unicorn-26852.exe (PID: 2772)
- Unicorn-16637.exe (PID: 2240)
- Unicorn-3499.exe (PID: 1568)
- Unicorn-8138.exe (PID: 5112)
- Unicorn-33432.exe (PID: 5260)
- Unicorn-3499.exe (PID: 5964)
- Unicorn-21734.exe (PID: 5436)
- Unicorn-52958.exe (PID: 4268)
- Unicorn-18609.exe (PID: 5164)
- Unicorn-19570.exe (PID: 4976)
- Unicorn-5803.exe (PID: 2284)
- Unicorn-51475.exe (PID: 5956)
- Unicorn-30043.exe (PID: 6112)
- Unicorn-42752.exe (PID: 5864)
- Unicorn-34754.exe (PID: 5972)
- Unicorn-59088.exe (PID: 1240)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-61911.exe (PID: 7220)
- Unicorn-12902.exe (PID: 7240)
- Unicorn-3795.exe (PID: 7264)
- Unicorn-18085.exe (PID: 7284)
- Unicorn-54620.exe (PID: 2800)
- Unicorn-53956.exe (PID: 7308)
- Unicorn-53956.exe (PID: 7300)
- Unicorn-1719.exe (PID: 4464)
- Unicorn-8839.exe (PID: 7336)
- Unicorn-46343.exe (PID: 7344)
- Unicorn-406.exe (PID: 7352)
- Unicorn-21646.exe (PID: 7384)
- Unicorn-30198.exe (PID: 7452)
- Unicorn-46949.exe (PID: 7464)
- Unicorn-53386.exe (PID: 7476)
- Unicorn-61740.exe (PID: 7500)
- Unicorn-41512.exe (PID: 7392)
- Unicorn-37982.exe (PID: 7572)
- Unicorn-16624.exe (PID: 7528)
- Unicorn-62788.exe (PID: 728)
- Unicorn-32382.exe (PID: 7556)
- Unicorn-37982.exe (PID: 7564)
- Unicorn-43550.exe (PID: 7588)
- Unicorn-62295.exe (PID: 7520)
- Unicorn-63852.exe (PID: 7696)
- Unicorn-43240.exe (PID: 7728)
- Unicorn-24857.exe (PID: 7736)
- Unicorn-2954.exe (PID: 7704)
- Unicorn-22244.exe (PID: 7760)
- Unicorn-7945.exe (PID: 7772)
- Unicorn-52176.exe (PID: 7840)
- Unicorn-10738.exe (PID: 7824)
- Unicorn-42856.exe (PID: 7816)
- Unicorn-23131.exe (PID: 7864)
- Unicorn-19482.exe (PID: 7940)
- Unicorn-7457.exe (PID: 3156)
- Unicorn-19482.exe (PID: 7964)
- Unicorn-19482.exe (PID: 7948)
- Unicorn-2783.exe (PID: 8020)
- Unicorn-19482.exe (PID: 7956)
- Unicorn-29186.exe (PID: 8092)
- Unicorn-23457.exe (PID: 8132)
- Unicorn-41246.exe (PID: 8040)
- Unicorn-20080.exe (PID: 8072)
- Unicorn-7443.exe (PID: 8140)
- Unicorn-4657.exe (PID: 5332)
- Unicorn-34754.exe (PID: 3332)
- Unicorn-16188.exe (PID: 8112)
- Unicorn-7635.exe (PID: 8208)
- Unicorn-38070.exe (PID: 8168)
- Unicorn-31948.exe (PID: 8176)
- Unicorn-16358.exe (PID: 8272)
- Unicorn-60158.exe (PID: 8232)
- Unicorn-29260.exe (PID: 7400)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-60920.exe (PID: 4272)
- Unicorn-7635.exe (PID: 8200)
- Unicorn-13198.exe (PID: 8344)
- Unicorn-53676.exe (PID: 8300)
- Unicorn-28596.exe (PID: 8472)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-9799.exe (PID: 8456)
- Unicorn-49519.exe (PID: 8368)
- Unicorn-16358.exe (PID: 8264)
- Unicorn-57760.exe (PID: 8316)
- Unicorn-40654.exe (PID: 8408)
- Unicorn-15449.exe (PID: 8708)
- Unicorn-15274.exe (PID: 8480)
- Unicorn-7106.exe (PID: 8488)
- Unicorn-29708.exe (PID: 8584)
- Unicorn-57303.exe (PID: 8508)
- Unicorn-53484.exe (PID: 8528)
- Unicorn-45124.exe (PID: 8436)
- Unicorn-53484.exe (PID: 8536)
- Unicorn-20817.exe (PID: 8688)
- Unicorn-23617.exe (PID: 8696)
- Unicorn-8367.exe (PID: 8560)
- Unicorn-62612.exe (PID: 8620)
- Unicorn-43550.exe (PID: 7604)
- Unicorn-42960.exe (PID: 8844)
- Unicorn-42000.exe (PID: 8780)
- Unicorn-49415.exe (PID: 7596)
- Unicorn-27178.exe (PID: 8812)
- Unicorn-63572.exe (PID: 8980)
- Unicorn-31454.exe (PID: 8948)
- Unicorn-43130.exe (PID: 9036)
- Unicorn-63380.exe (PID: 8864)
- Unicorn-38876.exe (PID: 8828)
- Unicorn-51055.exe (PID: 8940)
- Unicorn-2119.exe (PID: 8992)
- Unicorn-32937.exe (PID: 8956)
- Unicorn-53934.exe (PID: 9112)
- Unicorn-18072.exe (PID: 9080)
- Unicorn-5362.exe (PID: 9056)
- Unicorn-60256.exe (PID: 9172)
- Unicorn-11034.exe (PID: 9208)
- Unicorn-60064.exe (PID: 9120)
- Unicorn-52088.exe (PID: 9156)
- Unicorn-52259.exe (PID: 5308)
- Unicorn-60811.exe (PID: 9180)
- Unicorn-58232.exe (PID: 7436)
- Unicorn-63194.exe (PID: 6468)
- Unicorn-44880.exe (PID: 9236)
- Unicorn-14245.exe (PID: 9292)
- Unicorn-50116.exe (PID: 9352)
- Unicorn-24460.exe (PID: 9320)
- Unicorn-24460.exe (PID: 9328)
- Unicorn-62368.exe (PID: 9368)
- Unicorn-2237.exe (PID: 8552)
- Unicorn-17252.exe (PID: 9380)
- Unicorn-10737.exe (PID: 9420)
- Unicorn-37843.exe (PID: 8592)
- Unicorn-54039.exe (PID: 8544)
- Unicorn-10737.exe (PID: 9428)
- Unicorn-35626.exe (PID: 9452)
- Unicorn-21890.exe (PID: 9460)
- Unicorn-52346.exe (PID: 9400)
- Unicorn-19482.exe (PID: 7972)
- Unicorn-19673.exe (PID: 9544)
- Unicorn-17636.exe (PID: 9528)
- Unicorn-2415.exe (PID: 9596)
- Unicorn-5959.exe (PID: 9492)
- Unicorn-10775.exe (PID: 9628)
- Unicorn-53676.exe (PID: 8304)
- Unicorn-42187.exe (PID: 9768)
- Unicorn-37318.exe (PID: 9572)
- Unicorn-59078.exe (PID: 9668)
- Unicorn-33041.exe (PID: 9752)
- Unicorn-48855.exe (PID: 9848)
- Unicorn-11351.exe (PID: 9840)
- Unicorn-16374.exe (PID: 9884)
- Unicorn-3183.exe (PID: 9856)
- Unicorn-31004.exe (PID: 9760)
- Unicorn-40324.exe (PID: 9864)
- Unicorn-64807.exe (PID: 10012)
- Unicorn-7458.exe (PID: 10144)
- Unicorn-35856.exe (PID: 10052)
- Unicorn-26793.exe (PID: 10136)
- Unicorn-37008.exe (PID: 10152)
- Unicorn-63987.exe (PID: 9968)
- Unicorn-26427.exe (PID: 9932)
- Unicorn-55015.exe (PID: 9952)
- Unicorn-44387.exe (PID: 9960)
- Unicorn-52000.exe (PID: 9984)
- Unicorn-12046.exe (PID: 10188)
- Unicorn-36301.exe (PID: 10100)
- Unicorn-32540.exe (PID: 9032)
- Unicorn-59867.exe (PID: 10228)
- Unicorn-635.exe (PID: 10276)
- Unicorn-51974.exe (PID: 10376)
- Unicorn-61491.exe (PID: 8824)
- Unicorn-16209.exe (PID: 10288)
- Unicorn-20179.exe (PID: 5280)
- Unicorn-51490.exe (PID: 10440)
- Unicorn-26492.exe (PID: 10336)
- Unicorn-57620.exe (PID: 10424)
- Unicorn-57620.exe (PID: 10432)
- Unicorn-53043.exe (PID: 10368)
- Unicorn-45923.exe (PID: 10480)
- Unicorn-24455.exe (PID: 10300)
- Unicorn-49836.exe (PID: 10268)
- Unicorn-21610.exe (PID: 10512)
- Unicorn-251.exe (PID: 10488)
- Unicorn-21248.exe (PID: 10408)
- Unicorn-38352.exe (PID: 10564)
- Unicorn-51159.exe (PID: 10624)
Executes application which crashes
- Unicorn-28980.exe (PID: 8336)
INFO
Reads the computer name
- Unicorn-27568.exe (PID: 1764)
- 1 (1436).exe (PID: 4844)
- Unicorn-22834.exe (PID: 5720)
- Unicorn-2435.exe (PID: 1088)
- Unicorn-235.exe (PID: 3272)
- Unicorn-33432.exe (PID: 5260)
- Unicorn-3499.exe (PID: 1568)
- Unicorn-52958.exe (PID: 4268)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-406.exe (PID: 7352)
- Unicorn-46343.exe (PID: 7344)
- Unicorn-7945.exe (PID: 7772)
- Unicorn-22244.exe (PID: 7760)
- Unicorn-23131.exe (PID: 7864)
- Unicorn-2783.exe (PID: 8020)
- Unicorn-23457.exe (PID: 8132)
- Unicorn-7443.exe (PID: 8140)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-15449.exe (PID: 8708)
- Unicorn-54039.exe (PID: 8544)
- Unicorn-42000.exe (PID: 8780)
- Unicorn-18072.exe (PID: 9080)
- Unicorn-63194.exe (PID: 6468)
Checks supported languages
- Unicorn-27568.exe (PID: 1764)
- 1 (1436).exe (PID: 4844)
- Unicorn-22834.exe (PID: 5720)
- Unicorn-45222.exe (PID: 4424)
- Unicorn-52103.exe (PID: 1128)
- Unicorn-235.exe (PID: 3272)
- Unicorn-5803.exe (PID: 2284)
- Unicorn-8138.exe (PID: 5112)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-3795.exe (PID: 7264)
- Unicorn-4657.exe (PID: 5332)
- Unicorn-21646.exe (PID: 7384)
- Unicorn-30198.exe (PID: 7452)
- Unicorn-61740.exe (PID: 7500)
- Unicorn-37982.exe (PID: 7572)
- Unicorn-2954.exe (PID: 7704)
- Unicorn-42856.exe (PID: 7816)
- Unicorn-19482.exe (PID: 7948)
- Unicorn-23457.exe (PID: 8132)
- Unicorn-29186.exe (PID: 8092)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-57760.exe (PID: 8316)
- Unicorn-31948.exe (PID: 8176)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-16358.exe (PID: 8272)
- Unicorn-15274.exe (PID: 8480)
- Unicorn-53484.exe (PID: 8536)
- Unicorn-29708.exe (PID: 8584)
- Unicorn-62612.exe (PID: 8620)
- Unicorn-18072.exe (PID: 9080)
- Unicorn-60064.exe (PID: 9120)
- Unicorn-53934.exe (PID: 9112)
- Unicorn-60811.exe (PID: 9180)
- Unicorn-5362.exe (PID: 9056)
- Unicorn-10737.exe (PID: 9428)
- Unicorn-21890.exe (PID: 9460)
- Unicorn-19673.exe (PID: 9544)
- Unicorn-52346.exe (PID: 9400)
- Unicorn-33041.exe (PID: 9752)
- Unicorn-3183.exe (PID: 9856)
- Unicorn-40324.exe (PID: 9864)
- Unicorn-36301.exe (PID: 10100)
- Unicorn-7458.exe (PID: 10144)
- Unicorn-32540.exe (PID: 9032)
- Unicorn-21248.exe (PID: 10408)
- Unicorn-53043.exe (PID: 10368)
- Unicorn-251.exe (PID: 10488)
- Unicorn-21610.exe (PID: 10512)
- Unicorn-24053.exe (PID: 10676)
- Unicorn-38352.exe (PID: 10556)
- Unicorn-51372.exe (PID: 10868)
- Unicorn-63816.exe (PID: 10916)
- Unicorn-50303.exe (PID: 10884)
- Unicorn-36764.exe (PID: 11260)
- Unicorn-29673.exe (PID: 11120)
- Unicorn-16928.exe (PID: 11328)
- Unicorn-28928.exe (PID: 11076)
- Unicorn-37594.exe (PID: 11068)
- Unicorn-15938.exe (PID: 11112)
- Unicorn-47894.exe (PID: 11632)
- Unicorn-48278.exe (PID: 11548)
- Unicorn-38648.exe (PID: 11828)
- Unicorn-10853.exe (PID: 11384)
- Unicorn-49919.exe (PID: 11504)
- Unicorn-7298.exe (PID: 12060)
- Unicorn-31943.exe (PID: 12100)
- Unicorn-7298.exe (PID: 12056)
- Unicorn-13825.exe (PID: 12172)
- Unicorn-44247.exe (PID: 11916)
- Unicorn-38959.exe (PID: 11948)
- Unicorn-8507.exe (PID: 12136)
- Unicorn-19882.exe (PID: 12356)
- Unicorn-53323.exe (PID: 3968)
- Unicorn-54911.exe (PID: 12444)
- Unicorn-47838.exe (PID: 12220)
- Unicorn-61564.exe (PID: 12252)
- Unicorn-17221.exe (PID: 12716)
- Unicorn-10754.exe (PID: 12764)
- Unicorn-61948.exe (PID: 12512)
- Unicorn-6809.exe (PID: 12656)
- Unicorn-6286.exe (PID: 12724)
- Unicorn-21329.exe (PID: 13336)
- Unicorn-28398.exe (PID: 13244)
- Unicorn-10090.exe (PID: 13212)
- Unicorn-44735.exe (PID: 13268)
- Unicorn-46380.exe (PID: 12868)
- Unicorn-57490.exe (PID: 12932)
- Unicorn-49355.exe (PID: 12924)
- Unicorn-35990.exe (PID: 13072)
- Unicorn-43281.exe (PID: 13356)
- Unicorn-7022.exe (PID: 13448)
- Unicorn-39530.exe (PID: 13464)
- Unicorn-43281.exe (PID: 13360)
- Unicorn-65155.exe (PID: 13388)
- Unicorn-43802.exe (PID: 13656)
- Unicorn-56686.exe (PID: 13704)
- Unicorn-26181.exe (PID: 13604)
- Unicorn-22388.exe (PID: 13996)
- Unicorn-56114.exe (PID: 13944)
- Unicorn-29934.exe (PID: 13840)
- Unicorn-37033.exe (PID: 13896)
- Unicorn-61475.exe (PID: 13936)
- Unicorn-46219.exe (PID: 14128)
- Unicorn-5219.exe (PID: 14152)
The sample compiled with chinese language support
- 1 (1436).exe (PID: 4844)
- Unicorn-37982.exe (PID: 7572)
- Unicorn-29708.exe (PID: 8584)
- Unicorn-27568.exe (PID: 1764)
- Unicorn-16624.exe (PID: 7528)
- Unicorn-16637.exe (PID: 2240)
- Unicorn-46949.exe (PID: 7464)
- Unicorn-45124.exe (PID: 8436)
- Unicorn-42752.exe (PID: 5864)
- Unicorn-61740.exe (PID: 7500)
- Unicorn-23617.exe (PID: 8696)
- Unicorn-62612.exe (PID: 8620)
- Unicorn-53484.exe (PID: 8536)
- Unicorn-58232.exe (PID: 7436)
- Unicorn-57303.exe (PID: 8508)
- Unicorn-53484.exe (PID: 8528)
- Unicorn-8138.exe (PID: 5112)
- Unicorn-235.exe (PID: 3272)
- Unicorn-3499.exe (PID: 1568)
- Unicorn-53386.exe (PID: 7476)
- Unicorn-62295.exe (PID: 7520)
- Unicorn-9799.exe (PID: 8456)
- Unicorn-20817.exe (PID: 8688)
- Unicorn-63194.exe (PID: 6468)
- Unicorn-18609.exe (PID: 5164)
- Unicorn-49415.exe (PID: 7596)
- Unicorn-62788.exe (PID: 728)
- Unicorn-3499.exe (PID: 5964)
- Unicorn-63852.exe (PID: 7696)
- Unicorn-21734.exe (PID: 5436)
- Unicorn-2954.exe (PID: 7704)
- Unicorn-61911.exe (PID: 7220)
- Unicorn-33432.exe (PID: 5260)
- Unicorn-14599.exe (PID: 6724)
- Unicorn-42000.exe (PID: 8780)
- Unicorn-22244.exe (PID: 7760)
- Unicorn-37982.exe (PID: 7564)
- Unicorn-22834.exe (PID: 5720)
- Unicorn-42960.exe (PID: 8844)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-12902.exe (PID: 7240)
- Unicorn-25124.exe (PID: 6476)
- Unicorn-44880.exe (PID: 9236)
- Unicorn-43130.exe (PID: 9036)
- Unicorn-31454.exe (PID: 8948)
- Unicorn-63572.exe (PID: 8980)
- Unicorn-2119.exe (PID: 8992)
- Unicorn-32937.exe (PID: 8956)
- Unicorn-19482.exe (PID: 7940)
- Unicorn-7457.exe (PID: 3156)
- Unicorn-19482.exe (PID: 7964)
- Unicorn-43240.exe (PID: 7728)
- Unicorn-51055.exe (PID: 8940)
- Unicorn-23131.exe (PID: 7864)
- Unicorn-18085.exe (PID: 7284)
- Unicorn-38876.exe (PID: 8828)
- Unicorn-3795.exe (PID: 7264)
- Unicorn-27178.exe (PID: 8812)
- Unicorn-34754.exe (PID: 3332)
- Unicorn-29186.exe (PID: 8092)
- Unicorn-14245.exe (PID: 9292)
- Unicorn-5362.exe (PID: 9056)
- Unicorn-50116.exe (PID: 9352)
- Unicorn-53934.exe (PID: 9112)
- Unicorn-41246.exe (PID: 8040)
- Unicorn-19482.exe (PID: 7956)
- Unicorn-4657.exe (PID: 5332)
- Unicorn-24460.exe (PID: 9328)
- Unicorn-53956.exe (PID: 7308)
- Unicorn-34754.exe (PID: 5972)
- Unicorn-60256.exe (PID: 9172)
- Unicorn-23457.exe (PID: 8132)
- Unicorn-52958.exe (PID: 4268)
- Unicorn-38070.exe (PID: 8168)
- Unicorn-7443.exe (PID: 8140)
- Unicorn-59088.exe (PID: 1240)
- Unicorn-16188.exe (PID: 8112)
- Unicorn-18072.exe (PID: 9080)
- Unicorn-31948.exe (PID: 8176)
- Unicorn-8839.exe (PID: 7336)
- Unicorn-46343.exe (PID: 7344)
- Unicorn-7635.exe (PID: 8208)
- Unicorn-7635.exe (PID: 8200)
- Unicorn-16358.exe (PID: 8272)
- Unicorn-24460.exe (PID: 9320)
- Unicorn-62368.exe (PID: 9368)
- Unicorn-1719.exe (PID: 4464)
- Unicorn-53956.exe (PID: 7300)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-60158.exe (PID: 8232)
- Unicorn-406.exe (PID: 7352)
- Unicorn-60064.exe (PID: 9120)
- Unicorn-52088.exe (PID: 9156)
- Unicorn-41512.exe (PID: 7392)
- Unicorn-51475.exe (PID: 5956)
- Unicorn-26852.exe (PID: 2772)
- Unicorn-60811.exe (PID: 9180)
- Unicorn-49519.exe (PID: 8368)
- Unicorn-52259.exe (PID: 5308)
- Unicorn-13198.exe (PID: 8344)
- Unicorn-21646.exe (PID: 7384)
- Unicorn-53676.exe (PID: 8300)
- Unicorn-52103.exe (PID: 1128)
- Unicorn-29260.exe (PID: 7400)
- Unicorn-11034.exe (PID: 9208)
- Unicorn-2435.exe (PID: 1088)
- Unicorn-60920.exe (PID: 4272)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-30198.exe (PID: 7452)
- Unicorn-30043.exe (PID: 6112)
- Unicorn-40654.exe (PID: 8408)
- Unicorn-7106.exe (PID: 8488)
- Unicorn-15449.exe (PID: 8708)
- Unicorn-2237.exe (PID: 8552)
- Unicorn-10737.exe (PID: 9420)
- Unicorn-17252.exe (PID: 9380)
- Unicorn-37843.exe (PID: 8592)
- Unicorn-45222.exe (PID: 4424)
- Unicorn-5803.exe (PID: 2284)
- Unicorn-57760.exe (PID: 8316)
- Unicorn-8367.exe (PID: 8560)
- Unicorn-54039.exe (PID: 8544)
- Unicorn-35626.exe (PID: 9452)
- Unicorn-21890.exe (PID: 9460)
- Unicorn-43550.exe (PID: 7604)
- Unicorn-24857.exe (PID: 7736)
- Unicorn-52176.exe (PID: 7840)
- Unicorn-52346.exe (PID: 9400)
- Unicorn-19570.exe (PID: 4976)
- Unicorn-10737.exe (PID: 9428)
- Unicorn-7945.exe (PID: 7772)
- Unicorn-19482.exe (PID: 7972)
- Unicorn-2783.exe (PID: 8020)
- Unicorn-17636.exe (PID: 9528)
- Unicorn-10738.exe (PID: 7824)
- Unicorn-63380.exe (PID: 8864)
- Unicorn-42856.exe (PID: 7816)
- Unicorn-5959.exe (PID: 9492)
- Unicorn-19673.exe (PID: 9544)
- Unicorn-10775.exe (PID: 9628)
- Unicorn-28596.exe (PID: 8472)
- Unicorn-33041.exe (PID: 9752)
- Unicorn-15274.exe (PID: 8480)
- Unicorn-53676.exe (PID: 8304)
- Unicorn-37318.exe (PID: 9572)
- Unicorn-2415.exe (PID: 9596)
- Unicorn-20080.exe (PID: 8072)
- Unicorn-59078.exe (PID: 9668)
- Unicorn-16358.exe (PID: 8264)
- Unicorn-40324.exe (PID: 9864)
- Unicorn-48855.exe (PID: 9848)
- Unicorn-16374.exe (PID: 9884)
- Unicorn-11351.exe (PID: 9840)
- Unicorn-3183.exe (PID: 9856)
- Unicorn-32382.exe (PID: 7556)
- Unicorn-42187.exe (PID: 9768)
- Unicorn-31004.exe (PID: 9760)
- Unicorn-44387.exe (PID: 9960)
- Unicorn-64807.exe (PID: 10012)
- Unicorn-52000.exe (PID: 9984)
- Unicorn-7458.exe (PID: 10144)
- Unicorn-26793.exe (PID: 10136)
- Unicorn-35856.exe (PID: 10052)
- Unicorn-63987.exe (PID: 9968)
- Unicorn-26427.exe (PID: 9932)
- Unicorn-55015.exe (PID: 9952)
- Unicorn-36301.exe (PID: 10100)
- Unicorn-43550.exe (PID: 7588)
- Unicorn-12046.exe (PID: 10188)
- Unicorn-32540.exe (PID: 9032)
- Unicorn-61491.exe (PID: 8824)
- Unicorn-59867.exe (PID: 10228)
- Unicorn-19482.exe (PID: 7948)
- Unicorn-54620.exe (PID: 2800)
- Unicorn-635.exe (PID: 10276)
- Unicorn-51974.exe (PID: 10376)
- Unicorn-37008.exe (PID: 10152)
- Unicorn-49836.exe (PID: 10268)
- Unicorn-57620.exe (PID: 10432)
- Unicorn-51490.exe (PID: 10440)
- Unicorn-26492.exe (PID: 10336)
- Unicorn-57620.exe (PID: 10424)
- Unicorn-53043.exe (PID: 10368)
- Unicorn-24455.exe (PID: 10300)
- Unicorn-20179.exe (PID: 5280)
- Unicorn-16209.exe (PID: 10288)
- Unicorn-21610.exe (PID: 10512)
- Unicorn-51159.exe (PID: 10624)
- Unicorn-45923.exe (PID: 10480)
- Unicorn-251.exe (PID: 10488)
- Unicorn-21248.exe (PID: 10408)
- Unicorn-38352.exe (PID: 10564)
Create files in a temporary directory
- Unicorn-22834.exe (PID: 5720)
- Unicorn-45222.exe (PID: 4424)
- Unicorn-27568.exe (PID: 1764)
- 1 (1436).exe (PID: 4844)
- Unicorn-25124.exe (PID: 6476)
- Unicorn-235.exe (PID: 3272)
- Unicorn-14599.exe (PID: 6724)
- Unicorn-8138.exe (PID: 5112)
- Unicorn-2435.exe (PID: 1088)
- Unicorn-18609.exe (PID: 5164)
- Unicorn-19570.exe (PID: 4976)
- Unicorn-52958.exe (PID: 4268)
- Unicorn-59088.exe (PID: 1240)
- Unicorn-26852.exe (PID: 2772)
- Unicorn-30043.exe (PID: 6112)
- Unicorn-3499.exe (PID: 1568)
- Unicorn-61911.exe (PID: 7220)
- Unicorn-33432.exe (PID: 5260)
- Unicorn-3499.exe (PID: 5964)
- Unicorn-54620.exe (PID: 2800)
- Unicorn-1719.exe (PID: 4464)
- Unicorn-21646.exe (PID: 7384)
- Unicorn-46343.exe (PID: 7344)
- Unicorn-406.exe (PID: 7352)
- Unicorn-52103.exe (PID: 1128)
- Unicorn-30198.exe (PID: 7452)
- Unicorn-46949.exe (PID: 7464)
- Unicorn-42752.exe (PID: 5864)
- Unicorn-32382.exe (PID: 7556)
- Unicorn-62295.exe (PID: 7520)
- Unicorn-37982.exe (PID: 7572)
- Unicorn-20324.exe (PID: 7200)
- Unicorn-43240.exe (PID: 7728)
- Unicorn-24857.exe (PID: 7736)
- Unicorn-22244.exe (PID: 7760)
- Unicorn-7945.exe (PID: 7772)
- Unicorn-52176.exe (PID: 7840)
- Unicorn-3795.exe (PID: 7264)
- Unicorn-12902.exe (PID: 7240)
- Unicorn-10738.exe (PID: 7824)
- Unicorn-19482.exe (PID: 7940)
- Unicorn-19482.exe (PID: 7964)
- Unicorn-29186.exe (PID: 8092)
- Unicorn-41246.exe (PID: 8040)
- Unicorn-53956.exe (PID: 7300)
- Unicorn-16188.exe (PID: 8112)
- Unicorn-38070.exe (PID: 8168)
- Unicorn-8839.exe (PID: 7336)
- Unicorn-13757.exe (PID: 8248)
- Unicorn-51475.exe (PID: 5956)
- Unicorn-13198.exe (PID: 8344)
- Unicorn-28596.exe (PID: 8472)
- Unicorn-5803.exe (PID: 2284)
- Unicorn-9799.exe (PID: 8456)
- Unicorn-57760.exe (PID: 8316)
- Unicorn-16637.exe (PID: 2240)
- Unicorn-37843.exe (PID: 8592)
- Unicorn-45124.exe (PID: 8436)
- Unicorn-62612.exe (PID: 8620)
- Unicorn-43550.exe (PID: 7604)
- Unicorn-21734.exe (PID: 5436)
- Unicorn-37982.exe (PID: 7564)
- Unicorn-43130.exe (PID: 9036)
- Unicorn-19482.exe (PID: 7948)
- Unicorn-53956.exe (PID: 7308)
- Unicorn-7443.exe (PID: 8140)
- Unicorn-20080.exe (PID: 8072)
- Unicorn-5362.exe (PID: 9056)
- Unicorn-53676.exe (PID: 8300)
- Unicorn-43550.exe (PID: 7588)
- Unicorn-18765.exe (PID: 8356)
- Unicorn-52259.exe (PID: 5308)
- Unicorn-16624.exe (PID: 7528)
- Unicorn-57303.exe (PID: 8508)
- Unicorn-53484.exe (PID: 8528)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
496
Monitored processes
362
Malicious processes
55
Suspicious processes
56
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 456 | C:\Users\admin\AppData\Local\Temp\Unicorn-52218.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52218.exe | — | Unicorn-7106.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 728 | C:\Users\admin\AppData\Local\Temp\Unicorn-62788.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-62788.exe | Unicorn-8138.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 780 | C:\Users\admin\AppData\Local\Temp\Unicorn-4947.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4947.exe | — | Unicorn-2954.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 924 | C:\Users\admin\AppData\Local\Temp\Unicorn-22766.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22766.exe | — | Unicorn-20324.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1088 | C:\Users\admin\AppData\Local\Temp\Unicorn-2435.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2435.exe | Unicorn-27568.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1128 | C:\Users\admin\AppData\Local\Temp\Unicorn-52103.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52103.exe | Unicorn-2435.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-59088.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-59088.exe | Unicorn-26852.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1568 | C:\Users\admin\AppData\Local\Temp\Unicorn-3499.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-3499.exe | Unicorn-18609.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1764 | C:\Users\admin\AppData\Local\Temp\Unicorn-27568.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27568.exe | 1 (1436).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2240 | C:\Users\admin\AppData\Local\Temp\Unicorn-16637.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16637.exe | Unicorn-27568.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
9 301
Read events
9 301
Write events
0
Delete events
0
Modification events
Executable files
1 005
Suspicious files
3
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1088 | Unicorn-2435.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25124.exe | executable | |
MD5:7EEC77CA3FFCE79BD5AEB25E9A7A0157 | SHA256:89AB1974980ACDF5BE4CEE21EE346FADB9EC18EDF1EDCAEC656EE3567FEDC0DA | |||
| 4844 | 1 (1436).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27568.exe | executable | |
MD5:9CCD481C4EB1FE8F7B9C9604E7C06C9B | SHA256:58FED33EC7785771714124F1205115C51DEFC3FA20620CA6622F6D308593EF43 | |||
| 1764 | Unicorn-27568.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2435.exe | executable | |
MD5:9CA1602610EAC9528FFC84796DD7454B | SHA256:86AB215FAD5ABAB45AD81CF31EC7563744E32E49609EDF09A957C688F4B31EB3 | |||
| 4844 | 1 (1436).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18609.exe | executable | |
MD5:1000C18A9A0ABF8D71E742F840355FF9 | SHA256:E5701E8BF60833A5AB1956EE80226D344891FAF1D6FAA375BB8F1BDC5FD427CE | |||
| 1764 | Unicorn-27568.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45222.exe | executable | |
MD5:CD3E24D948CD154D89B791B4C3891B25 | SHA256:0013E4F107D83F48DE2DE2E1A37DCDED2E8F3B9780BE18DA1C556E05F7A6C8E0 | |||
| 4844 | 1 (1436).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22834.exe | executable | |
MD5:CC3D75076AD89BFAF8CED409C5850A86 | SHA256:5E4E46929604B76DE9A5C478EE0FC07CE21EF77A91E0A5BAA87088B62AC1D1D5 | |||
| 1764 | Unicorn-27568.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16637.exe | executable | |
MD5:B7637C3037DD3B3D2D20A42EF66B6E1B | SHA256:7FA3E5B7026177AD6A4A6B52D5EB61F1C55AA50048D4EEE6310772B2CEC1E4FD | |||
| 5720 | Unicorn-22834.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-8138.exe | executable | |
MD5:A1012567ECA456E89A8E277385008892 | SHA256:8D157DC7815AAE10AECE2DA3F8BA0C3CABE75C18B5C05547EB44B2013B7932FA | |||
| 4424 | Unicorn-45222.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26852.exe | executable | |
MD5:C428A12D199B373CDF969C9725415281 | SHA256:737601C5CE39FA09E4C822EB09ACBA47FCB24D62381E346913F7A0B9413DF32D | |||
| 5720 | Unicorn-22834.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-235.exe | executable | |
MD5:A070551D87637138CDA9CB70844699D3 | SHA256:D44FBC33AFEE943F8D515B80241A9528676FBC3686E7AD65D43F907DDFBA8DDE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
14
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.16.164.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.16.164.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2800 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8768 | SIHClient.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
8768 | SIHClient.exe | GET | 200 | 23.52.120.96:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.16.164.120:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.159.128:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
2112 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2800 | backgroundTaskHost.exe | 20.31.169.57:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |