| File name: | 1 (301) |
| Full analysis: | https://app.any.run/tasks/9ad3e43a-9c64-42a1-b2f4-7728619aadc2 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 17:44:31 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 6C0D52E50A257E8346A27AB4C093EC70 |
| SHA1: | E3BEB021E353C990C52E2417A6C53179AE8AA7F0 |
| SHA256: | 62F68E34A0807AA7A99D82412D48F3DFC1FAC2D4978DC998402ADEBD3E7E2421 |
| SSDEEP: | 6144:C7Ngu7SBgDJHA5lxm7YRFofx5tBqlvJGBm7cyeedTk/8SwjwpyAvEhUdYNOus7Ha:ChfGkHA5/msyBMham4yeedOx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (301).exe (PID: 5968)
- Unicorn-28013.exe (PID: 6488)
- Unicorn-34593.exe (PID: 2148)
- Unicorn-15796.exe (PID: 2692)
- Unicorn-36321.exe (PID: 5404)
- Unicorn-48573.exe (PID: 5244)
- Unicorn-26106.exe (PID: 6872)
- Unicorn-12371.exe (PID: 3272)
- Unicorn-2024.exe (PID: 2600)
- Unicorn-2024.exe (PID: 4988)
- Unicorn-43611.exe (PID: 6080)
- Unicorn-47909.exe (PID: 736)
- Unicorn-47909.exe (PID: 4400)
- Unicorn-38764.exe (PID: 6184)
- Unicorn-44629.exe (PID: 1324)
- Unicorn-43611.exe (PID: 7144)
- Unicorn-41661.exe (PID: 2316)
- Unicorn-58744.exe (PID: 2852)
- Unicorn-58744.exe (PID: 1512)
- Unicorn-29409.exe (PID: 920)
- Unicorn-23470.exe (PID: 1040)
- Unicorn-58189.exe (PID: 6272)
- Unicorn-58189.exe (PID: 1020)
- Unicorn-54852.exe (PID: 1568)
- Unicorn-31638.exe (PID: 1096)
- Unicorn-25517.exe (PID: 5164)
- Unicorn-29278.exe (PID: 7184)
- Unicorn-40214.exe (PID: 7176)
- Unicorn-49144.exe (PID: 7192)
- Unicorn-9180.exe (PID: 6592)
- Unicorn-29491.exe (PID: 7368)
- Unicorn-12408.exe (PID: 7344)
- Unicorn-19221.exe (PID: 7200)
- Unicorn-41189.exe (PID: 7392)
- Unicorn-50104.exe (PID: 7412)
- Unicorn-12216.exe (PID: 7440)
- Unicorn-61417.exe (PID: 7460)
- Unicorn-47119.exe (PID: 7476)
- Unicorn-27466.exe (PID: 7496)
- Unicorn-17349.exe (PID: 5964)
- Unicorn-21537.exe (PID: 7544)
- Unicorn-17453.exe (PID: 7576)
- Unicorn-25621.exe (PID: 7552)
- Unicorn-45968.exe (PID: 7624)
- Unicorn-41957.exe (PID: 7524)
- Unicorn-54136.exe (PID: 7608)
- Unicorn-21515.exe (PID: 7660)
- Unicorn-26367.exe (PID: 7636)
- Unicorn-41381.exe (PID: 7672)
- Unicorn-16877.exe (PID: 7752)
- Unicorn-46233.exe (PID: 7644)
- Unicorn-37389.exe (PID: 7712)
- Unicorn-43519.exe (PID: 7728)
- Unicorn-23653.exe (PID: 7704)
- Unicorn-20638.exe (PID: 7796)
- Unicorn-46212.exe (PID: 7776)
- Unicorn-31573.exe (PID: 7828)
- Unicorn-43519.exe (PID: 7736)
- Unicorn-16877.exe (PID: 7744)
- Unicorn-40611.exe (PID: 7784)
- Unicorn-12282.exe (PID: 7996)
- Unicorn-3207.exe (PID: 7928)
- Unicorn-39409.exe (PID: 7908)
- Unicorn-14328.exe (PID: 7988)
- Unicorn-34373.exe (PID: 7844)
- Unicorn-22497.exe (PID: 7960)
- Unicorn-51277.exe (PID: 8064)
- Unicorn-35495.exe (PID: 8032)
- Unicorn-36979.exe (PID: 8088)
- Unicorn-60597.exe (PID: 8184)
- Unicorn-42869.exe (PID: 3268)
- Unicorn-35828.exe (PID: 6068)
- Unicorn-3399.exe (PID: 3332)
- Unicorn-3155.exe (PID: 2908)
- Unicorn-15673.exe (PID: 5304)
- Unicorn-15865.exe (PID: 4200)
- Unicorn-32947.exe (PID: 8212)
- Unicorn-44069.exe (PID: 8132)
- Unicorn-3783.exe (PID: 8168)
- Unicorn-45968.exe (PID: 8368)
- Unicorn-40177.exe (PID: 5608)
- Unicorn-296.exe (PID: 8376)
- Unicorn-54712.exe (PID: 8308)
- Unicorn-50073.exe (PID: 8328)
- Unicorn-9580.exe (PID: 8520)
- Unicorn-54328.exe (PID: 8428)
- Unicorn-62133.exe (PID: 8288)
- Unicorn-2673.exe (PID: 8604)
- Unicorn-21833.exe (PID: 8488)
- Unicorn-46529.exe (PID: 8536)
- Unicorn-62865.exe (PID: 8528)
- Unicorn-58211.exe (PID: 8564)
- Unicorn-2673.exe (PID: 8580)
- Unicorn-5859.exe (PID: 8712)
- Unicorn-2673.exe (PID: 8588)
- Unicorn-52459.exe (PID: 8744)
- Unicorn-19402.exe (PID: 8628)
- Unicorn-53419.exe (PID: 8840)
- Unicorn-6264.exe (PID: 8808)
- Unicorn-46783.exe (PID: 8784)
- Unicorn-51381.exe (PID: 8852)
- Unicorn-41299.exe (PID: 8680)
- Unicorn-37977.exe (PID: 8688)
- Unicorn-10348.exe (PID: 8824)
- Unicorn-30363.exe (PID: 8672)
- Unicorn-54505.exe (PID: 8796)
- Unicorn-51149.exe (PID: 8832)
- Unicorn-53227.exe (PID: 9104)
- Unicorn-48044.exe (PID: 8920)
- Unicorn-26554.exe (PID: 8904)
- Unicorn-43519.exe (PID: 7720)
- Unicorn-21449.exe (PID: 8620)
- Unicorn-26877.exe (PID: 8880)
- Unicorn-50229.exe (PID: 8704)
- Unicorn-30769.exe (PID: 8752)
- Unicorn-52459.exe (PID: 8912)
- Unicorn-39875.exe (PID: 8928)
- Unicorn-46337.exe (PID: 8816)
- Unicorn-28914.exe (PID: 8872)
- Unicorn-13663.exe (PID: 8860)
- Unicorn-26420.exe (PID: 8776)
- Unicorn-3140.exe (PID: 9188)
- Unicorn-14816.exe (PID: 9180)
- Unicorn-34204.exe (PID: 8948)
- Unicorn-35429.exe (PID: 8148)
- Unicorn-47681.exe (PID: 9208)
- Unicorn-55776.exe (PID: 1348)
- Unicorn-28221.exe (PID: 7020)
- Unicorn-49580.exe (PID: 9260)
- Unicorn-40857.exe (PID: 9284)
- Unicorn-45304.exe (PID: 9236)
- Unicorn-56425.exe (PID: 9152)
- Unicorn-60680.exe (PID: 7568)
- Unicorn-25790.exe (PID: 9300)
- Unicorn-11884.exe (PID: 8020)
- Unicorn-60701.exe (PID: 9384)
- Unicorn-64785.exe (PID: 9324)
- Unicorn-40473.exe (PID: 9404)
- Unicorn-40473.exe (PID: 9432)
- Unicorn-35111.exe (PID: 9648)
- Unicorn-37711.exe (PID: 9612)
- Unicorn-40473.exe (PID: 9440)
- Unicorn-8303.exe (PID: 9424)
- Unicorn-35111.exe (PID: 9656)
- Unicorn-29543.exe (PID: 9620)
- Unicorn-25459.exe (PID: 9672)
- Unicorn-36071.exe (PID: 9744)
- Unicorn-33270.exe (PID: 9728)
- Unicorn-22335.exe (PID: 9736)
- Unicorn-33462.exe (PID: 9784)
- Unicorn-21397.exe (PID: 9812)
- Unicorn-31271.exe (PID: 9836)
- Unicorn-30141.exe (PID: 9868)
- Unicorn-45278.exe (PID: 9908)
- Unicorn-48899.exe (PID: 9964)
- Unicorn-18635.exe (PID: 9932)
- Unicorn-18635.exe (PID: 9940)
- Unicorn-64349.exe (PID: 10020)
Executable content was dropped or overwritten
- 1 (301).exe (PID: 5968)
- Unicorn-28013.exe (PID: 6488)
- Unicorn-15796.exe (PID: 2692)
- Unicorn-34593.exe (PID: 2148)
- Unicorn-48573.exe (PID: 5244)
- Unicorn-26106.exe (PID: 6872)
- Unicorn-2024.exe (PID: 2600)
- Unicorn-36321.exe (PID: 5404)
- Unicorn-43611.exe (PID: 7144)
- Unicorn-2024.exe (PID: 4988)
- Unicorn-47909.exe (PID: 736)
- Unicorn-47909.exe (PID: 4400)
- Unicorn-38764.exe (PID: 6184)
- Unicorn-44629.exe (PID: 1324)
- Unicorn-12371.exe (PID: 3272)
- Unicorn-29409.exe (PID: 920)
- Unicorn-41661.exe (PID: 2316)
- Unicorn-58744.exe (PID: 2852)
- Unicorn-58744.exe (PID: 1512)
- Unicorn-58189.exe (PID: 6272)
- Unicorn-58189.exe (PID: 1020)
- Unicorn-23470.exe (PID: 1040)
- Unicorn-31638.exe (PID: 1096)
- Unicorn-29278.exe (PID: 7184)
- Unicorn-25517.exe (PID: 5164)
- Unicorn-43611.exe (PID: 6080)
- Unicorn-17349.exe (PID: 5964)
- Unicorn-12408.exe (PID: 7344)
- Unicorn-29491.exe (PID: 7368)
- Unicorn-19221.exe (PID: 7200)
- Unicorn-50104.exe (PID: 7412)
- Unicorn-61417.exe (PID: 7460)
- Unicorn-12216.exe (PID: 7440)
- Unicorn-41189.exe (PID: 7392)
- Unicorn-47119.exe (PID: 7476)
- Unicorn-27466.exe (PID: 7496)
- Unicorn-41957.exe (PID: 7524)
- Unicorn-17453.exe (PID: 7576)
- Unicorn-25621.exe (PID: 7552)
- Unicorn-45968.exe (PID: 7624)
- Unicorn-21537.exe (PID: 7544)
- Unicorn-46233.exe (PID: 7644)
- Unicorn-21515.exe (PID: 7660)
- Unicorn-41381.exe (PID: 7672)
- Unicorn-46212.exe (PID: 7776)
- Unicorn-54136.exe (PID: 7608)
- Unicorn-43519.exe (PID: 7728)
- Unicorn-23653.exe (PID: 7704)
- Unicorn-20638.exe (PID: 7796)
- Unicorn-54852.exe (PID: 1568)
- Unicorn-40214.exe (PID: 7176)
- Unicorn-37389.exe (PID: 7712)
- Unicorn-31573.exe (PID: 7828)
- Unicorn-43519.exe (PID: 7720)
- Unicorn-43519.exe (PID: 7736)
- Unicorn-16877.exe (PID: 7744)
- Unicorn-34373.exe (PID: 7844)
- Unicorn-39409.exe (PID: 7908)
- Unicorn-3207.exe (PID: 7928)
- Unicorn-14328.exe (PID: 7988)
- Unicorn-12282.exe (PID: 7996)
- Unicorn-49144.exe (PID: 7192)
- Unicorn-9180.exe (PID: 6592)
- Unicorn-35495.exe (PID: 8032)
- Unicorn-51277.exe (PID: 8064)
- Unicorn-36979.exe (PID: 8088)
- Unicorn-60597.exe (PID: 8184)
- Unicorn-22497.exe (PID: 7960)
- Unicorn-40177.exe (PID: 5608)
- Unicorn-35828.exe (PID: 6068)
- Unicorn-15673.exe (PID: 5304)
- Unicorn-15865.exe (PID: 4200)
- Unicorn-44069.exe (PID: 8132)
- Unicorn-45968.exe (PID: 8368)
- Unicorn-32947.exe (PID: 8212)
- Unicorn-54712.exe (PID: 8308)
- Unicorn-50073.exe (PID: 8328)
- Unicorn-9580.exe (PID: 8520)
- Unicorn-54328.exe (PID: 8428)
- Unicorn-62133.exe (PID: 8288)
- Unicorn-21833.exe (PID: 8488)
- Unicorn-26367.exe (PID: 7636)
- Unicorn-2673.exe (PID: 8604)
- Unicorn-46529.exe (PID: 8536)
- Unicorn-62865.exe (PID: 8528)
- Unicorn-2673.exe (PID: 8580)
- Unicorn-58211.exe (PID: 8564)
- Unicorn-5859.exe (PID: 8712)
- Unicorn-52459.exe (PID: 8744)
- Unicorn-19402.exe (PID: 8628)
- Unicorn-10348.exe (PID: 8824)
- Unicorn-16877.exe (PID: 7752)
- Unicorn-2673.exe (PID: 8588)
- Unicorn-38723.exe (PID: 8760)
- Unicorn-6264.exe (PID: 8808)
- Unicorn-41299.exe (PID: 8680)
- Unicorn-46783.exe (PID: 8784)
- Unicorn-30363.exe (PID: 8672)
- Unicorn-54505.exe (PID: 8736)
- Unicorn-53419.exe (PID: 8840)
- Unicorn-51149.exe (PID: 8832)
- Unicorn-53227.exe (PID: 9104)
- Unicorn-48044.exe (PID: 8920)
- Unicorn-54505.exe (PID: 8796)
- Unicorn-40611.exe (PID: 7784)
- Unicorn-21449.exe (PID: 8620)
- Unicorn-26877.exe (PID: 8880)
- Unicorn-50229.exe (PID: 8704)
- Unicorn-30769.exe (PID: 8752)
- Unicorn-52459.exe (PID: 8912)
- Unicorn-39875.exe (PID: 8928)
- Unicorn-28914.exe (PID: 8872)
- Unicorn-13663.exe (PID: 8860)
- Unicorn-46337.exe (PID: 8816)
- Unicorn-34204.exe (PID: 8948)
- Unicorn-14816.exe (PID: 9180)
- Unicorn-35429.exe (PID: 8148)
- Unicorn-26420.exe (PID: 8776)
- Unicorn-47681.exe (PID: 9208)
- Unicorn-3140.exe (PID: 9188)
- Unicorn-55776.exe (PID: 1348)
- Unicorn-49580.exe (PID: 9260)
- Unicorn-28221.exe (PID: 7020)
- Unicorn-40857.exe (PID: 9284)
- Unicorn-45304.exe (PID: 9236)
- Unicorn-60680.exe (PID: 7568)
- Unicorn-52533.exe (PID: 9348)
- Unicorn-64785.exe (PID: 9324)
- Unicorn-60701.exe (PID: 9384)
- Unicorn-42869.exe (PID: 3268)
- Unicorn-3399.exe (PID: 3332)
- Unicorn-25790.exe (PID: 9300)
- Unicorn-40473.exe (PID: 9404)
- Unicorn-40473.exe (PID: 9432)
- Unicorn-35111.exe (PID: 9648)
- Unicorn-37711.exe (PID: 9612)
- Unicorn-8303.exe (PID: 9424)
- Unicorn-3783.exe (PID: 8168)
- Unicorn-25459.exe (PID: 9672)
- Unicorn-22335.exe (PID: 9736)
- Unicorn-36071.exe (PID: 9744)
- Unicorn-33270.exe (PID: 9728)
- Unicorn-35111.exe (PID: 9656)
- Unicorn-29543.exe (PID: 9620)
- Unicorn-33462.exe (PID: 9784)
- Unicorn-31271.exe (PID: 9836)
- Unicorn-21397.exe (PID: 9812)
- Unicorn-18635.exe (PID: 9940)
- Unicorn-48899.exe (PID: 9964)
- Unicorn-30141.exe (PID: 9868)
- Unicorn-296.exe (PID: 8376)
- Unicorn-45278.exe (PID: 9908)
- Unicorn-18635.exe (PID: 9932)
- Unicorn-64349.exe (PID: 10020)
- Unicorn-26554.exe (PID: 8904)
- Unicorn-33138.exe (PID: 10044)
- Unicorn-11412.exe (PID: 10076)
- Unicorn-51381.exe (PID: 8852)
- Unicorn-40961.exe (PID: 10232)
- Unicorn-10518.exe (PID: 10096)
- Unicorn-20157.exe (PID: 10128)
- Unicorn-20157.exe (PID: 10136)
- Unicorn-8096.exe (PID: 10188)
- Unicorn-57297.exe (PID: 10212)
- Unicorn-25393.exe (PID: 8504)
- Unicorn-25179.exe (PID: 9292)
- Unicorn-54728.exe (PID: 3784)
- Unicorn-11884.exe (PID: 8020)
- Unicorn-5143.exe (PID: 8272)
- Unicorn-21693.exe (PID: 10320)
- Unicorn-54557.exe (PID: 10340)
- Unicorn-10379.exe (PID: 9112)
- Unicorn-44225.exe (PID: 10680)
- Unicorn-54364.exe (PID: 10460)
- Unicorn-15423.exe (PID: 10432)
- Unicorn-14463.exe (PID: 10384)
- Unicorn-16191.exe (PID: 10696)
- Unicorn-63877.exe (PID: 10412)
- Unicorn-43073.exe (PID: 10484)
- Unicorn-10400.exe (PID: 10512)
- Unicorn-7468.exe (PID: 10736)
- Unicorn-15637.exe (PID: 10720)
- Unicorn-62791.exe (PID: 10728)
- Unicorn-14987.exe (PID: 10824)
- Unicorn-60487.exe (PID: 8244)
- Unicorn-33945.exe (PID: 8204)
- Unicorn-5143.exe (PID: 9692)
- Unicorn-33923.exe (PID: 9720)
- Unicorn-49824.exe (PID: 11136)
- Unicorn-954.exe (PID: 10840)
- Unicorn-23975.exe (PID: 10808)
- Unicorn-47925.exe (PID: 10816)
- Unicorn-64453.exe (PID: 10888)
- Unicorn-40333.exe (PID: 10788)
- Unicorn-3155.exe (PID: 2908)
- Unicorn-40473.exe (PID: 9440)
- Unicorn-36825.exe (PID: 11048)
- Unicorn-8044.exe (PID: 11012)
- Unicorn-48117.exe (PID: 10928)
- Unicorn-11168.exe (PID: 10856)
- Unicorn-8044.exe (PID: 10996)
- Unicorn-53716.exe (PID: 10988)
- Unicorn-22526.exe (PID: 11080)
- Unicorn-16213.exe (PID: 10980)
- Unicorn-8044.exe (PID: 11004)
- Unicorn-28200.exe (PID: 10952)
- Unicorn-4707.exe (PID: 11124)
- Unicorn-19872.exe (PID: 11300)
- Unicorn-37017.exe (PID: 11216)
- Unicorn-49004.exe (PID: 11200)
- Unicorn-3191.exe (PID: 11088)
- Unicorn-32741.exe (PID: 11096)
- Unicorn-52704.exe (PID: 11444)
- Unicorn-48693.exe (PID: 11272)
- Unicorn-12299.exe (PID: 11236)
- Unicorn-18762.exe (PID: 4208)
- Unicorn-57416.exe (PID: 10580)
- Unicorn-8407.exe (PID: 11308)
- Unicorn-60183.exe (PID: 10616)
- Unicorn-58899.exe (PID: 10760)
- Unicorn-38671.exe (PID: 11508)
- Unicorn-40525.exe (PID: 11292)
- Unicorn-12875.exe (PID: 11104)
- Unicorn-37017.exe (PID: 11228)
- Unicorn-44609.exe (PID: 3768)
- Unicorn-11936.exe (PID: 11376)
- Unicorn-49248.exe (PID: 5588)
- Unicorn-24189.exe (PID: 11344)
- Unicorn-36995.exe (PID: 6800)
- Unicorn-44801.exe (PID: 11516)
- Unicorn-33317.exe (PID: 11588)
- Unicorn-28273.exe (PID: 11316)
- Unicorn-53524.exe (PID: 11416)
- Unicorn-59091.exe (PID: 11428)
- Unicorn-34586.exe (PID: 11540)
- Unicorn-58205.exe (PID: 11680)
- Unicorn-25341.exe (PID: 11644)
- Unicorn-12512.exe (PID: 11712)
- Unicorn-56182.exe (PID: 11572)
- Unicorn-7084.exe (PID: 10848)
- Unicorn-55875.exe (PID: 11580)
- Unicorn-54121.exe (PID: 11660)
- Unicorn-61713.exe (PID: 11732)
- Unicorn-11671.exe (PID: 11368)
- Unicorn-37977.exe (PID: 8688)
- Unicorn-17713.exe (PID: 11836)
- Unicorn-44993.exe (PID: 11024)
- Unicorn-57821.exe (PID: 11772)
- Unicorn-29403.exe (PID: 11208)
- Unicorn-21619.exe (PID: 11804)
- Unicorn-21418.exe (PID: 11924)
- Unicorn-54661.exe (PID: 11860)
- Unicorn-44639.exe (PID: 11904)
- Unicorn-13820.exe (PID: 11888)
- Unicorn-21605.exe (PID: 12000)
- Unicorn-40452.exe (PID: 11552)
- Unicorn-1184.exe (PID: 12016)
- Unicorn-30349.exe (PID: 11932)
- Unicorn-19750.exe (PID: 12104)
- Unicorn-25881.exe (PID: 12112)
- Unicorn-46996.exe (PID: 12196)
- Unicorn-29787.exe (PID: 11780)
- Unicorn-17713.exe (PID: 11828)
- Unicorn-37955.exe (PID: 11764)
- Unicorn-48008.exe (PID: 12236)
- Unicorn-4182.exe (PID: 12156)
- Unicorn-30519.exe (PID: 12040)
- Unicorn-30519.exe (PID: 12036)
- Unicorn-25881.exe (PID: 12120)
- Unicorn-43731.exe (PID: 12176)
- Unicorn-43369.exe (PID: 12256)
- Unicorn-27033.exe (PID: 12284)
Executes application which crashes
- Unicorn-63124.exe (PID: 7568)
- Unicorn-29409.exe (PID: 920)
- Unicorn-12408.exe (PID: 7344)
- Unicorn-39409.exe (PID: 7908)
- Unicorn-3207.exe (PID: 7928)
INFO
Checks supported languages
- 1 (301).exe (PID: 5968)
- Unicorn-28013.exe (PID: 6488)
- Unicorn-34593.exe (PID: 2148)
- Unicorn-15796.exe (PID: 2692)
- Unicorn-48573.exe (PID: 5244)
- Unicorn-36321.exe (PID: 5404)
- Unicorn-26106.exe (PID: 6872)
- Unicorn-12371.exe (PID: 3272)
- Unicorn-2024.exe (PID: 2600)
- Unicorn-2024.exe (PID: 4988)
- Unicorn-38764.exe (PID: 6184)
- Unicorn-41661.exe (PID: 2316)
- Unicorn-58744.exe (PID: 1512)
- Unicorn-47909.exe (PID: 4400)
- Unicorn-23470.exe (PID: 1040)
- Unicorn-17349.exe (PID: 5964)
- Unicorn-29278.exe (PID: 7184)
- Unicorn-50104.exe (PID: 7412)
- Unicorn-61417.exe (PID: 7460)
- Unicorn-41957.exe (PID: 7524)
- Unicorn-25621.exe (PID: 7552)
- Unicorn-26367.exe (PID: 7636)
- Unicorn-21537.exe (PID: 7544)
- Unicorn-54136.exe (PID: 7608)
- Unicorn-46233.exe (PID: 7644)
- Unicorn-16877.exe (PID: 7744)
- Unicorn-20638.exe (PID: 7796)
- Unicorn-23653.exe (PID: 7704)
- Unicorn-22497.exe (PID: 7960)
- Unicorn-14328.exe (PID: 7988)
- Unicorn-12282.exe (PID: 7996)
- Unicorn-35495.exe (PID: 8032)
- Unicorn-51277.exe (PID: 8064)
- Unicorn-42869.exe (PID: 3268)
- Unicorn-15673.exe (PID: 5304)
- Unicorn-3155.exe (PID: 2908)
- Unicorn-3399.exe (PID: 3332)
- Unicorn-45968.exe (PID: 8368)
- Unicorn-58211.exe (PID: 8564)
- Unicorn-50229.exe (PID: 8704)
- Unicorn-37977.exe (PID: 8688)
- Unicorn-41299.exe (PID: 8680)
- Unicorn-51149.exe (PID: 8832)
- Unicorn-48044.exe (PID: 8920)
- Unicorn-13663.exe (PID: 8860)
- Unicorn-56425.exe (PID: 9152)
- Unicorn-52459.exe (PID: 8744)
- Unicorn-55776.exe (PID: 1348)
- Unicorn-49580.exe (PID: 9260)
- Unicorn-40857.exe (PID: 9284)
- Unicorn-40473.exe (PID: 9440)
- Unicorn-52533.exe (PID: 9348)
- Unicorn-33270.exe (PID: 9728)
- Unicorn-18635.exe (PID: 9940)
- Unicorn-18635.exe (PID: 9932)
- Unicorn-33138.exe (PID: 10044)
- Unicorn-36071.exe (PID: 9744)
- Unicorn-20157.exe (PID: 10128)
- Unicorn-25179.exe (PID: 9292)
- Unicorn-40961.exe (PID: 10232)
- Unicorn-15423.exe (PID: 10432)
- Unicorn-10400.exe (PID: 10512)
- Unicorn-14463.exe (PID: 10384)
- Unicorn-21693.exe (PID: 10320)
- Unicorn-33945.exe (PID: 8204)
- Unicorn-40333.exe (PID: 10788)
- Unicorn-64453.exe (PID: 10888)
- Unicorn-954.exe (PID: 10840)
- Unicorn-8044.exe (PID: 10996)
- Unicorn-36825.exe (PID: 11048)
- Unicorn-22526.exe (PID: 11080)
- Unicorn-16213.exe (PID: 10980)
- Unicorn-37017.exe (PID: 11228)
- Unicorn-60183.exe (PID: 10616)
- Unicorn-11671.exe (PID: 11368)
- Unicorn-55875.exe (PID: 11580)
- Unicorn-34586.exe (PID: 11540)
- Unicorn-40525.exe (PID: 11292)
- Unicorn-54121.exe (PID: 11660)
- Unicorn-12512.exe (PID: 11712)
- Unicorn-33317.exe (PID: 11588)
- Unicorn-54661.exe (PID: 11860)
- Unicorn-21418.exe (PID: 11924)
- Unicorn-21619.exe (PID: 11804)
- Unicorn-25881.exe (PID: 12120)
- Unicorn-48008.exe (PID: 12236)
- Unicorn-63768.exe (PID: 3024)
- Unicorn-21605.exe (PID: 12000)
- Unicorn-30519.exe (PID: 12040)
- Unicorn-42985.exe (PID: 7920)
- Unicorn-12734.exe (PID: 2968)
- Unicorn-2263.exe (PID: 12312)
- Unicorn-2263.exe (PID: 12320)
- Unicorn-55740.exe (PID: 12404)
- Unicorn-5526.exe (PID: 12488)
- Unicorn-60857.exe (PID: 12508)
- Unicorn-37867.exe (PID: 12588)
- Unicorn-10762.exe (PID: 12616)
- Unicorn-24485.exe (PID: 12720)
- Unicorn-62585.exe (PID: 12852)
- Unicorn-13576.exe (PID: 12916)
- Unicorn-14152.exe (PID: 13080)
- Unicorn-65517.exe (PID: 12740)
- Unicorn-62896.exe (PID: 13212)
- Unicorn-32003.exe (PID: 13276)
- Unicorn-32003.exe (PID: 13264)
- Unicorn-20850.exe (PID: 13328)
- Unicorn-27173.exe (PID: 13232)
- Unicorn-2839.exe (PID: 2416)
- Unicorn-36819.exe (PID: 13420)
The sample compiled with chinese language support
- 1 (301).exe (PID: 5968)
Reads the computer name
- 1 (301).exe (PID: 5968)
- Unicorn-28013.exe (PID: 6488)
- Unicorn-34593.exe (PID: 2148)
- Unicorn-15796.exe (PID: 2692)
- Unicorn-48573.exe (PID: 5244)
- Unicorn-36321.exe (PID: 5404)
- Unicorn-12371.exe (PID: 3272)
- Unicorn-26106.exe (PID: 6872)
- Unicorn-2024.exe (PID: 2600)
- Unicorn-47909.exe (PID: 736)
- Unicorn-2024.exe (PID: 4988)
- Unicorn-43611.exe (PID: 7144)
- Unicorn-17349.exe (PID: 5964)
- Unicorn-54852.exe (PID: 1568)
- Unicorn-40214.exe (PID: 7176)
- Unicorn-49144.exe (PID: 7192)
- Unicorn-21537.exe (PID: 7544)
- Unicorn-54136.exe (PID: 7608)
- Unicorn-43519.exe (PID: 7728)
- Unicorn-16877.exe (PID: 7744)
- Unicorn-23653.exe (PID: 7704)
- Unicorn-51277.exe (PID: 8064)
- Unicorn-35495.exe (PID: 8032)
- Unicorn-40177.exe (PID: 5608)
- Unicorn-58744.exe (PID: 1512)
- Unicorn-45968.exe (PID: 8368)
- Unicorn-296.exe (PID: 8376)
- Unicorn-2673.exe (PID: 8588)
- Unicorn-46783.exe (PID: 8784)
- Unicorn-60680.exe (PID: 7568)
- Unicorn-14816.exe (PID: 9180)
- Unicorn-3140.exe (PID: 9188)
- Unicorn-49580.exe (PID: 9260)
- Unicorn-55776.exe (PID: 1348)
- Unicorn-45304.exe (PID: 9236)
- Unicorn-11884.exe (PID: 8020)
- Unicorn-60701.exe (PID: 9384)
- Unicorn-35111.exe (PID: 9656)
- Unicorn-29543.exe (PID: 9620)
- Unicorn-36071.exe (PID: 9744)
- Unicorn-21397.exe (PID: 9812)
- Unicorn-31271.exe (PID: 9836)
- Unicorn-48899.exe (PID: 9964)
- Unicorn-33138.exe (PID: 10044)
Create files in a temporary directory
- Unicorn-15796.exe (PID: 2692)
- 1 (301).exe (PID: 5968)
- Unicorn-26106.exe (PID: 6872)
- Unicorn-36321.exe (PID: 5404)
- Unicorn-43611.exe (PID: 7144)
- Unicorn-47909.exe (PID: 736)
- Unicorn-38764.exe (PID: 6184)
- Unicorn-44629.exe (PID: 1324)
- Unicorn-29409.exe (PID: 920)
- Unicorn-2024.exe (PID: 2600)
- Unicorn-58744.exe (PID: 1512)
- Unicorn-58189.exe (PID: 1020)
- Unicorn-58189.exe (PID: 6272)
- Unicorn-43611.exe (PID: 6080)
- Unicorn-25517.exe (PID: 5164)
- Unicorn-31638.exe (PID: 1096)
- Unicorn-34593.exe (PID: 2148)
- Unicorn-17349.exe (PID: 5964)
- Unicorn-12408.exe (PID: 7344)
- Unicorn-29491.exe (PID: 7368)
- Unicorn-41189.exe (PID: 7392)
- Unicorn-50104.exe (PID: 7412)
- Unicorn-12216.exe (PID: 7440)
- Unicorn-58744.exe (PID: 2852)
- Unicorn-2024.exe (PID: 4988)
- Unicorn-41661.exe (PID: 2316)
- Unicorn-47119.exe (PID: 7476)
- Unicorn-48573.exe (PID: 5244)
- Unicorn-41957.exe (PID: 7524)
- Unicorn-17453.exe (PID: 7576)
- Unicorn-25621.exe (PID: 7552)
- Unicorn-45968.exe (PID: 7624)
- Unicorn-46233.exe (PID: 7644)
- Unicorn-23470.exe (PID: 1040)
- Unicorn-41381.exe (PID: 7672)
- Unicorn-46212.exe (PID: 7776)
- Unicorn-43519.exe (PID: 7728)
- Unicorn-19221.exe (PID: 7200)
- Unicorn-20638.exe (PID: 7796)
- Unicorn-37389.exe (PID: 7712)
- Unicorn-31573.exe (PID: 7828)
- Unicorn-43519.exe (PID: 7720)
- Unicorn-47909.exe (PID: 4400)
- Unicorn-43519.exe (PID: 7736)
- Unicorn-28013.exe (PID: 6488)
- Unicorn-40214.exe (PID: 7176)
- Unicorn-49144.exe (PID: 7192)
- Unicorn-3207.exe (PID: 7928)
- Unicorn-34373.exe (PID: 7844)
- Unicorn-35495.exe (PID: 8032)
- Unicorn-36979.exe (PID: 8088)
- Unicorn-22497.exe (PID: 7960)
- Unicorn-35828.exe (PID: 6068)
- Unicorn-27466.exe (PID: 7496)
- Unicorn-61417.exe (PID: 7460)
- Unicorn-40177.exe (PID: 5608)
- Unicorn-15673.exe (PID: 5304)
- Unicorn-32947.exe (PID: 8212)
- Unicorn-44069.exe (PID: 8132)
- Unicorn-15865.exe (PID: 4200)
- Unicorn-54712.exe (PID: 8308)
- Unicorn-50073.exe (PID: 8328)
- Unicorn-21537.exe (PID: 7544)
- Unicorn-9580.exe (PID: 8520)
- Unicorn-54328.exe (PID: 8428)
- Unicorn-62865.exe (PID: 8528)
- Unicorn-54136.exe (PID: 7608)
- Unicorn-2673.exe (PID: 8580)
- Unicorn-2673.exe (PID: 8604)
- Unicorn-38723.exe (PID: 8760)
- Unicorn-10348.exe (PID: 8824)
- Unicorn-46783.exe (PID: 8784)
- Unicorn-54505.exe (PID: 8796)
- Unicorn-51149.exe (PID: 8832)
- Unicorn-21449.exe (PID: 8620)
- Unicorn-30769.exe (PID: 8752)
- Unicorn-16877.exe (PID: 7744)
- Unicorn-12371.exe (PID: 3272)
- Unicorn-40611.exe (PID: 7784)
- Unicorn-46337.exe (PID: 8816)
- Unicorn-13663.exe (PID: 8860)
- Unicorn-14328.exe (PID: 7988)
- Unicorn-60680.exe (PID: 7568)
- Unicorn-49580.exe (PID: 9260)
- Unicorn-35111.exe (PID: 9648)
- Unicorn-29543.exe (PID: 9620)
- Unicorn-33270.exe (PID: 9728)
- Unicorn-21397.exe (PID: 9812)
- Unicorn-45278.exe (PID: 9908)
- Unicorn-18635.exe (PID: 9932)
- Unicorn-18635.exe (PID: 9940)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 4896)
- WerFault.exe (PID: 8140)
- WerFault.exe (PID: 8476)
- WerFault.exe (PID: 7572)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 4896)
- BackgroundTransferHost.exe (PID: 2316)
- BackgroundTransferHost.exe (PID: 5056)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 4896)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 4896)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
488
Monitored processes
347
Malicious processes
57
Suspicious processes
72
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 736 | C:\Users\admin\AppData\Local\Temp\Unicorn-47909.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47909.exe | Unicorn-12371.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 920 | C:\Users\admin\AppData\Local\Temp\Unicorn-29409.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29409.exe | Unicorn-2024.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
| 1020 | C:\Users\admin\AppData\Local\Temp\Unicorn-58189.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58189.exe | Unicorn-43611.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-23470.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23470.exe | Unicorn-15796.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1096 | C:\Users\admin\AppData\Local\Temp\Unicorn-31638.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31638.exe | Unicorn-34593.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1312 | C:\Users\admin\AppData\Local\Temp\Unicorn-64292.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64292.exe | — | Unicorn-9580.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-44629.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44629.exe | 1 (301).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1348 | C:\Users\admin\AppData\Local\Temp\Unicorn-55776.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-55776.exe | Unicorn-2024.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1512 | C:\Users\admin\AppData\Local\Temp\Unicorn-58744.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58744.exe | Unicorn-36321.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1568 | C:\Users\admin\AppData\Local\Temp\Unicorn-54852.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54852.exe | Unicorn-12371.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
17 013
Read events
16 998
Write events
15
Delete events
0
Modification events
| (PID) Process: | (6240) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6240) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6240) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (4896) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (4896) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (4896) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (5436) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5436) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5436) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2316) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 236
Suspicious files
20
Text files
5
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4896 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\2ef55f59-913a-4c51-ac60-9afffc0c866f.down_data | — | |
MD5:— | SHA256:— | |||
| 6488 | Unicorn-28013.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34593.exe | executable | |
MD5:7BD78357E8E43AA9553381CA70B45D02 | SHA256:30F7931FF5BEAD1E34526E59796209651CA51EF73742B4FAC740DB01E19C030C | |||
| 5968 | 1 (301).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15796.exe | executable | |
MD5:9E39CBD960FE886DD08554D5AEA093A9 | SHA256:F769927EA11EA536B628B19EAFCBF671E8B1FA35B3011C9F981D6BEC8F3FDDBC | |||
| 4896 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D | binary | |
MD5:4872BABAF39AA62B8D32695EBB7E9173 | SHA256:2EE85DF86EE29BBEB3DCA81AA29B6DE204F605A2769B84C728A329178A2D0999 | |||
| 2692 | Unicorn-15796.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36321.exe | executable | |
MD5:A85ACB0AFCB0612825C12C342B3A4B88 | SHA256:019C1C5C1D232D0C587A32D7244C959C982368CEF02B4DDCF44EFBAA4A7DB3A9 | |||
| 6488 | Unicorn-28013.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12371.exe | executable | |
MD5:E3DE4DB5282DB817ECC042E871EEEA5E | SHA256:0B7A3A0E840A416F8F1ED252A0A18F079D0BA2D57FBD2599F9E6658C007F8E52 | |||
| 5968 | 1 (301).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26106.exe | executable | |
MD5:C5A1C6BB2B157F3D8BEF3DB6E51015B5 | SHA256:30F2C3ADC5FC1BEE3E84360D7AC66D910C9C2460FA0E99AF70ECE8EE6E58AC78 | |||
| 2148 | Unicorn-34593.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-48573.exe | executable | |
MD5:ADA53F04015B669D6F53DF8E38D684A0 | SHA256:3A713533C0057472186B1EB693F6DDD65F9CB3587295D1DCD4CC194E6C8CEC2A | |||
| 4896 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\7adfefe4-cfd8-4a29-a0cd-7525eec682cc.5a18eef2-f790-4a43-b0f9-5771deff6fcf.down_meta | binary | |
MD5:512347033A8DF2724F10AA4AE4BCC32E | SHA256:075CF90C556435DF32622767DCD24605640750F6E364B9E440F5E887C08AE259 | |||
| 5968 | 1 (301).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28013.exe | executable | |
MD5:1E4F67C3C5E2980426C54E8C2758173F | SHA256:B3766624EBAA6635A9593F5E300A8DD059CEDA100D65D2B352090B3675F6E031 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
26
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.164:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1056 | backgroundTaskHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
4896 | BackgroundTransferHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8596 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8596 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 23.48.23.164:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2104 | svchost.exe | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2112 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.32.72:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
1056 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |