| File name: | 1 (1109) |
| Full analysis: | https://app.any.run/tasks/33564977-10cc-40da-876a-105e8a6a6bdb |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 09:35:13 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 852928EBD4021DD4F088529B085707B0 |
| SHA1: | C53CB0FFD10B03B475B67F80E434F02AD4243FEF |
| SHA256: | BE63991641B77BC98130006A0557787EE536F8DEBA4B774FABA6F0964F60E1CB |
| SSDEEP: | 6144:EE+ASnI5jDuHAxFSjseQfmxxltBqnvJGBC/xyeQmmk/8SwjwpyAvEhF4P4BrZZob:E13IgHAxcjPpBqhaCJyeQmhx4DemDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1109).exe (PID: 2656)
- Unicorn-248.exe (PID: 3020)
- Unicorn-58172.exe (PID: 3900)
- Unicorn-22641.exe (PID: 920)
- Unicorn-63149.exe (PID: 2420)
- Unicorn-18225.exe (PID: 6740)
- Unicorn-26947.exe (PID: 1328)
- Unicorn-53061.exe (PID: 1228)
- Unicorn-48977.exe (PID: 6184)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-37279.exe (PID: 660)
- Unicorn-9864.exe (PID: 5964)
- Unicorn-35173.exe (PID: 6752)
- Unicorn-29307.exe (PID: 6592)
- Unicorn-59620.exe (PID: 3008)
- Unicorn-9864.exe (PID: 6080)
- Unicorn-37383.exe (PID: 1912)
- Unicorn-40019.exe (PID: 4608)
- Unicorn-54872.exe (PID: 6516)
- Unicorn-40913.exe (PID: 6392)
- Unicorn-5116.exe (PID: 5556)
- Unicorn-37789.exe (PID: 7144)
- Unicorn-33705.exe (PID: 3896)
- Unicorn-50041.exe (PID: 4976)
- Unicorn-41873.exe (PID: 1164)
- Unicorn-30175.exe (PID: 4920)
- Unicorn-42427.exe (PID: 6480)
- Unicorn-61531.exe (PID: 5344)
- Unicorn-43911.exe (PID: 672)
- Unicorn-22605.exe (PID: 7272)
- Unicorn-62293.exe (PID: 4980)
- Unicorn-4659.exe (PID: 7172)
- Unicorn-57315.exe (PID: 7316)
- Unicorn-51193.exe (PID: 7308)
- Unicorn-19075.exe (PID: 7292)
- Unicorn-61260.exe (PID: 7356)
- Unicorn-7420.exe (PID: 7348)
- Unicorn-29813.exe (PID: 7052)
- Unicorn-40093.exe (PID: 7380)
- Unicorn-56164.exe (PID: 7400)
- Unicorn-47877.exe (PID: 7432)
- Unicorn-44348.exe (PID: 7448)
- Unicorn-8188.exe (PID: 7468)
- Unicorn-53113.exe (PID: 7504)
- Unicorn-6142.exe (PID: 7484)
- Unicorn-49584.exe (PID: 7520)
- Unicorn-65173.exe (PID: 7604)
- Unicorn-7804.exe (PID: 7620)
- Unicorn-28971.exe (PID: 7564)
- Unicorn-28417.exe (PID: 7548)
- Unicorn-6843.exe (PID: 7704)
- Unicorn-32501.exe (PID: 7540)
- Unicorn-9842.exe (PID: 7628)
- Unicorn-7804.exe (PID: 7640)
- Unicorn-18010.exe (PID: 7676)
- Unicorn-32044.exe (PID: 7696)
- Unicorn-48837.exe (PID: 7576)
- Unicorn-7804.exe (PID: 7660)
- Unicorn-7804.exe (PID: 7648)
- Unicorn-48837.exe (PID: 7592)
- Unicorn-53476.exe (PID: 7684)
- Unicorn-7642.exe (PID: 7896)
- Unicorn-50721.exe (PID: 7880)
- Unicorn-55552.exe (PID: 7860)
- Unicorn-42361.exe (PID: 7916)
- Unicorn-47000.exe (PID: 7948)
- Unicorn-8359.exe (PID: 7732)
- Unicorn-1063.exe (PID: 7956)
- Unicorn-19294.exe (PID: 7720)
- Unicorn-5220.exe (PID: 7980)
- Unicorn-23455.exe (PID: 8140)
- Unicorn-9859.exe (PID: 8024)
- Unicorn-37893.exe (PID: 8040)
- Unicorn-33809.exe (PID: 8064)
- Unicorn-13943.exe (PID: 8056)
- Unicorn-15417.exe (PID: 6564)
- Unicorn-23594.exe (PID: 8016)
- Unicorn-55573.exe (PID: 8132)
- Unicorn-41215.exe (PID: 8096)
- Unicorn-3803.exe (PID: 8248)
- Unicorn-42672.exe (PID: 6300)
- Unicorn-26985.exe (PID: 8112)
- Unicorn-55936.exe (PID: 4620)
- Unicorn-57611.exe (PID: 8152)
- Unicorn-10264.exe (PID: 2644)
- Unicorn-58187.exe (PID: 8292)
- Unicorn-42745.exe (PID: 8216)
- Unicorn-19393.exe (PID: 8264)
- Unicorn-20353.exe (PID: 8376)
- Unicorn-57877.exe (PID: 8576)
- Unicorn-7332.exe (PID: 8508)
- Unicorn-49709.exe (PID: 8568)
- Unicorn-21121.exe (PID: 8540)
- Unicorn-45433.exe (PID: 8668)
- Unicorn-33159.exe (PID: 8416)
- Unicorn-37139.exe (PID: 7584)
- Unicorn-57685.exe (PID: 8680)
- Unicorn-12760.exe (PID: 8632)
- Unicorn-3248.exe (PID: 8516)
- Unicorn-53793.exe (PID: 8584)
- Unicorn-37457.exe (PID: 8560)
- Unicorn-57685.exe (PID: 8676)
- Unicorn-61504.exe (PID: 8732)
- Unicorn-55639.exe (PID: 8740)
- Unicorn-24396.exe (PID: 8840)
- Unicorn-22582.exe (PID: 8856)
- Unicorn-53601.exe (PID: 8712)
- Unicorn-53601.exe (PID: 8700)
- Unicorn-32797.exe (PID: 8864)
- Unicorn-35987.exe (PID: 8996)
- Unicorn-8847.exe (PID: 8848)
- Unicorn-57685.exe (PID: 8692)
- Unicorn-14275.exe (PID: 8904)
- Unicorn-33378.exe (PID: 8912)
- Unicorn-34695.exe (PID: 8936)
- Unicorn-22443.exe (PID: 8980)
- Unicorn-49325.exe (PID: 8824)
- Unicorn-10191.exe (PID: 8944)
- Unicorn-22443.exe (PID: 8928)
- Unicorn-36179.exe (PID: 8916)
- Unicorn-61665.exe (PID: 7844)
- Unicorn-2900.exe (PID: 8960)
- Unicorn-30669.exe (PID: 8968)
- Unicorn-10191.exe (PID: 8952)
- Unicorn-41347.exe (PID: 9048)
- Unicorn-42361.exe (PID: 7924)
- Unicorn-10020.exe (PID: 9104)
- Unicorn-44539.exe (PID: 9188)
- Unicorn-47332.exe (PID: 9156)
- Unicorn-34525.exe (PID: 9116)
- Unicorn-16051.exe (PID: 9148)
- Unicorn-23041.exe (PID: 9244)
- Unicorn-23041.exe (PID: 9236)
- Unicorn-35485.exe (PID: 8480)
- Unicorn-35485.exe (PID: 8356)
- Unicorn-48100.exe (PID: 9276)
- Unicorn-1136.exe (PID: 7988)
- Unicorn-1468.exe (PID: 9200)
- Unicorn-30803.exe (PID: 1132)
- Unicorn-59916.exe (PID: 8504)
- Unicorn-31571.exe (PID: 9308)
- Unicorn-61835.exe (PID: 9268)
- Unicorn-10950.exe (PID: 9384)
- Unicorn-23965.exe (PID: 9376)
- Unicorn-38032.exe (PID: 9344)
- Unicorn-22110.exe (PID: 9336)
- Unicorn-44193.exe (PID: 9472)
- Unicorn-36579.exe (PID: 9480)
- Unicorn-35833.exe (PID: 9552)
- Unicorn-60721.exe (PID: 9420)
- Unicorn-15967.exe (PID: 9544)
- Unicorn-30854.exe (PID: 9600)
- Unicorn-53129.exe (PID: 9704)
- Unicorn-4120.exe (PID: 9656)
- Unicorn-29179.exe (PID: 9688)
- Unicorn-30078.exe (PID: 9576)
- Unicorn-2074.exe (PID: 9640)
- Unicorn-33861.exe (PID: 9756)
- Unicorn-37945.exe (PID: 9788)
- Unicorn-19370.exe (PID: 9832)
- Unicorn-50752.exe (PID: 9812)
- Unicorn-9719.exe (PID: 9852)
- Unicorn-49548.exe (PID: 9888)
- Unicorn-57021.exe (PID: 9720)
- Unicorn-33861.exe (PID: 9760)
- Unicorn-25117.exe (PID: 9976)
- Unicorn-7819.exe (PID: 10000)
- Unicorn-62620.exe (PID: 9936)
- Unicorn-54452.exe (PID: 9912)
- Unicorn-8780.exe (PID: 9920)
Executable content was dropped or overwritten
- Unicorn-53061.exe (PID: 1228)
- 1 (1109).exe (PID: 2656)
- Unicorn-22641.exe (PID: 920)
- Unicorn-58172.exe (PID: 3900)
- Unicorn-248.exe (PID: 3020)
- Unicorn-18225.exe (PID: 6740)
- Unicorn-26947.exe (PID: 1328)
- Unicorn-63149.exe (PID: 2420)
- Unicorn-59620.exe (PID: 3008)
- Unicorn-48977.exe (PID: 6184)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-35173.exe (PID: 6752)
- Unicorn-37279.exe (PID: 660)
- Unicorn-9864.exe (PID: 6080)
- Unicorn-9864.exe (PID: 5964)
- Unicorn-29307.exe (PID: 6592)
- Unicorn-37383.exe (PID: 1912)
- Unicorn-40019.exe (PID: 4608)
- Unicorn-5116.exe (PID: 5556)
- Unicorn-54872.exe (PID: 6516)
- Unicorn-40913.exe (PID: 6392)
- Unicorn-29813.exe (PID: 7052)
- Unicorn-50041.exe (PID: 4976)
- Unicorn-33705.exe (PID: 3896)
- Unicorn-42427.exe (PID: 6480)
- Unicorn-61531.exe (PID: 5344)
- Unicorn-37789.exe (PID: 7144)
- Unicorn-41873.exe (PID: 1164)
- Unicorn-19075.exe (PID: 7292)
- Unicorn-22605.exe (PID: 7272)
- Unicorn-51193.exe (PID: 7308)
- Unicorn-7420.exe (PID: 7348)
- Unicorn-61260.exe (PID: 7356)
- Unicorn-40093.exe (PID: 7380)
- Unicorn-56164.exe (PID: 7400)
- Unicorn-47877.exe (PID: 7432)
- Unicorn-44348.exe (PID: 7448)
- Unicorn-8188.exe (PID: 7468)
- Unicorn-6142.exe (PID: 7484)
- Unicorn-53113.exe (PID: 7504)
- Unicorn-49584.exe (PID: 7520)
- Unicorn-65173.exe (PID: 7604)
- Unicorn-7804.exe (PID: 7620)
- Unicorn-28417.exe (PID: 7548)
- Unicorn-28971.exe (PID: 7564)
- Unicorn-6843.exe (PID: 7704)
- Unicorn-32501.exe (PID: 7540)
- Unicorn-37139.exe (PID: 7584)
- Unicorn-9842.exe (PID: 7628)
- Unicorn-18010.exe (PID: 7676)
- Unicorn-7804.exe (PID: 7648)
- Unicorn-48837.exe (PID: 7592)
- Unicorn-19294.exe (PID: 7720)
- Unicorn-7804.exe (PID: 7640)
- Unicorn-32044.exe (PID: 7696)
- Unicorn-62293.exe (PID: 4980)
- Unicorn-30175.exe (PID: 4920)
- Unicorn-4659.exe (PID: 7172)
- Unicorn-61665.exe (PID: 7844)
- Unicorn-50721.exe (PID: 7880)
- Unicorn-55552.exe (PID: 7860)
- Unicorn-7642.exe (PID: 7896)
- Unicorn-42361.exe (PID: 7916)
- Unicorn-42361.exe (PID: 7924)
- Unicorn-13943.exe (PID: 8056)
- Unicorn-5220.exe (PID: 7980)
- Unicorn-57315.exe (PID: 7316)
- Unicorn-1136.exe (PID: 7988)
- Unicorn-23455.exe (PID: 8140)
- Unicorn-33809.exe (PID: 8064)
- Unicorn-37893.exe (PID: 8040)
- Unicorn-9859.exe (PID: 8024)
- Unicorn-55936.exe (PID: 4620)
- Unicorn-23594.exe (PID: 8016)
- Unicorn-15417.exe (PID: 6564)
- Unicorn-41215.exe (PID: 8096)
- Unicorn-3803.exe (PID: 8248)
- Unicorn-42672.exe (PID: 6300)
- Unicorn-26985.exe (PID: 8112)
- Unicorn-10264.exe (PID: 2644)
- Unicorn-58187.exe (PID: 8292)
- Unicorn-42745.exe (PID: 8216)
- Unicorn-19393.exe (PID: 8264)
- Unicorn-20353.exe (PID: 8376)
- Unicorn-57611.exe (PID: 8152)
- Unicorn-7332.exe (PID: 8508)
- Unicorn-57877.exe (PID: 8576)
- Unicorn-49709.exe (PID: 8568)
- Unicorn-45433.exe (PID: 8668)
- Unicorn-21121.exe (PID: 8540)
- Unicorn-33159.exe (PID: 8416)
- Unicorn-12760.exe (PID: 8632)
- Unicorn-37457.exe (PID: 8560)
- Unicorn-3248.exe (PID: 8516)
- Unicorn-53793.exe (PID: 8584)
- Unicorn-7804.exe (PID: 7660)
- Unicorn-53601.exe (PID: 8700)
- Unicorn-53601.exe (PID: 8712)
- Unicorn-57685.exe (PID: 8680)
- Unicorn-61504.exe (PID: 8732)
- Unicorn-55639.exe (PID: 8740)
- Unicorn-8359.exe (PID: 7732)
- Unicorn-24396.exe (PID: 8840)
- Unicorn-22582.exe (PID: 8856)
- Unicorn-8847.exe (PID: 8848)
- Unicorn-49325.exe (PID: 8824)
- Unicorn-57685.exe (PID: 8692)
- Unicorn-35987.exe (PID: 8996)
- Unicorn-33378.exe (PID: 8912)
- Unicorn-34695.exe (PID: 8936)
- Unicorn-10191.exe (PID: 8944)
- Unicorn-32797.exe (PID: 8864)
- Unicorn-10191.exe (PID: 8952)
- Unicorn-22443.exe (PID: 8928)
- Unicorn-34525.exe (PID: 9116)
- Unicorn-30669.exe (PID: 8968)
- Unicorn-36179.exe (PID: 8916)
- Unicorn-2900.exe (PID: 8960)
- Unicorn-1063.exe (PID: 7956)
- Unicorn-10020.exe (PID: 9104)
- Unicorn-47332.exe (PID: 9156)
- Unicorn-47000.exe (PID: 7948)
- Unicorn-44539.exe (PID: 9188)
- Unicorn-35485.exe (PID: 8356)
- Unicorn-35485.exe (PID: 8480)
- Unicorn-23041.exe (PID: 9244)
- Unicorn-6704.exe (PID: 9220)
- Unicorn-48100.exe (PID: 9276)
- Unicorn-1468.exe (PID: 9200)
- Unicorn-59916.exe (PID: 8504)
- Unicorn-31571.exe (PID: 9308)
- Unicorn-55573.exe (PID: 8132)
- Unicorn-22110.exe (PID: 9336)
- Unicorn-38032.exe (PID: 9344)
- Unicorn-23965.exe (PID: 9376)
- Unicorn-61835.exe (PID: 9268)
- Unicorn-10950.exe (PID: 9384)
- Unicorn-30078.exe (PID: 9576)
- Unicorn-36579.exe (PID: 9480)
- Unicorn-15967.exe (PID: 9544)
- Unicorn-35833.exe (PID: 9552)
- Unicorn-60721.exe (PID: 9420)
- Unicorn-44193.exe (PID: 9472)
- Unicorn-30854.exe (PID: 9600)
- Unicorn-53129.exe (PID: 9704)
- Unicorn-2074.exe (PID: 9640)
- Unicorn-4120.exe (PID: 9656)
- Unicorn-29179.exe (PID: 9688)
- Unicorn-8204.exe (PID: 9648)
- Unicorn-33861.exe (PID: 9760)
- Unicorn-37945.exe (PID: 9788)
- Unicorn-33861.exe (PID: 9756)
- Unicorn-19370.exe (PID: 9832)
- Unicorn-49548.exe (PID: 9888)
- Unicorn-8780.exe (PID: 9920)
- Unicorn-50752.exe (PID: 9812)
- Unicorn-9719.exe (PID: 9852)
- Unicorn-57021.exe (PID: 9720)
- Unicorn-7819.exe (PID: 10000)
- Unicorn-62620.exe (PID: 9936)
- Unicorn-54452.exe (PID: 9912)
- Unicorn-48837.exe (PID: 7576)
- Unicorn-1002.exe (PID: 10056)
- Unicorn-43911.exe (PID: 672)
- Unicorn-11970.exe (PID: 10076)
- Unicorn-14275.exe (PID: 8904)
- Unicorn-22443.exe (PID: 8980)
- Unicorn-41347.exe (PID: 9048)
- Unicorn-25117.exe (PID: 9976)
- Unicorn-54473.exe (PID: 10156)
- Unicorn-3279.exe (PID: 10184)
- Unicorn-30803.exe (PID: 1132)
- Unicorn-11255.exe (PID: 10224)
- Unicorn-23041.exe (PID: 9236)
- Unicorn-22688.exe (PID: 10212)
- Unicorn-19231.exe (PID: 8244)
- Unicorn-53476.exe (PID: 7684)
- Unicorn-56201.exe (PID: 5408)
- Unicorn-57685.exe (PID: 8676)
- Unicorn-53824.exe (PID: 10244)
- Unicorn-34746.exe (PID: 10552)
- Unicorn-44525.exe (PID: 10344)
- Unicorn-14325.exe (PID: 10532)
- Unicorn-4452.exe (PID: 10444)
- Unicorn-1307.exe (PID: 10100)
- Unicorn-34245.exe (PID: 10124)
- Unicorn-16051.exe (PID: 9148)
- Unicorn-50389.exe (PID: 10148)
- Unicorn-27037.exe (PID: 10204)
- Unicorn-47715.exe (PID: 10420)
- Unicorn-11372.exe (PID: 10468)
- Unicorn-47190.exe (PID: 10512)
- Unicorn-4696.exe (PID: 9928)
- Unicorn-28476.exe (PID: 10608)
- Unicorn-56318.exe (PID: 10724)
- Unicorn-27922.exe (PID: 10584)
- Unicorn-7309.exe (PID: 10636)
INFO
Reads the computer name
- 1 (1109).exe (PID: 2656)
- Unicorn-22641.exe (PID: 920)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-53061.exe (PID: 1228)
- Unicorn-41873.exe (PID: 1164)
- Unicorn-7804.exe (PID: 7620)
- Unicorn-8359.exe (PID: 7732)
- Unicorn-21121.exe (PID: 8540)
- Unicorn-49325.exe (PID: 8824)
- Unicorn-22443.exe (PID: 8928)
- Unicorn-3248.exe (PID: 8516)
- Unicorn-48100.exe (PID: 9276)
- Unicorn-15967.exe (PID: 9544)
- Unicorn-2074.exe (PID: 9640)
- Unicorn-50752.exe (PID: 9812)
The sample compiled with chinese language support
- 1 (1109).exe (PID: 2656)
- Unicorn-37279.exe (PID: 660)
- Unicorn-53793.exe (PID: 8584)
- Unicorn-57685.exe (PID: 8676)
- Unicorn-11372.exe (PID: 10468)
- Unicorn-32044.exe (PID: 7696)
- Unicorn-9864.exe (PID: 5964)
- Unicorn-9864.exe (PID: 6080)
- Unicorn-53601.exe (PID: 8700)
- Unicorn-54452.exe (PID: 9912)
- Unicorn-7804.exe (PID: 7648)
- Unicorn-7804.exe (PID: 7660)
- Unicorn-8359.exe (PID: 7732)
- Unicorn-61504.exe (PID: 8732)
- Unicorn-41873.exe (PID: 1164)
- Unicorn-7819.exe (PID: 10000)
- Unicorn-4696.exe (PID: 9928)
- Unicorn-35173.exe (PID: 6752)
- Unicorn-49325.exe (PID: 8824)
- Unicorn-43911.exe (PID: 672)
- Unicorn-35987.exe (PID: 8996)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-34695.exe (PID: 8936)
- Unicorn-11970.exe (PID: 10076)
- Unicorn-22641.exe (PID: 920)
- Unicorn-61531.exe (PID: 5344)
- Unicorn-30669.exe (PID: 8968)
- Unicorn-34245.exe (PID: 10124)
- Unicorn-50721.exe (PID: 7880)
- Unicorn-22605.exe (PID: 7272)
- Unicorn-24396.exe (PID: 8840)
- Unicorn-58172.exe (PID: 3900)
- Unicorn-33378.exe (PID: 8912)
- Unicorn-7642.exe (PID: 7896)
- Unicorn-18225.exe (PID: 6740)
- Unicorn-34525.exe (PID: 9116)
- Unicorn-51193.exe (PID: 7308)
- Unicorn-42361.exe (PID: 7916)
- Unicorn-18010.exe (PID: 7676)
- Unicorn-30175.exe (PID: 4920)
- Unicorn-10020.exe (PID: 9104)
- Unicorn-40019.exe (PID: 4608)
- Unicorn-50389.exe (PID: 10148)
- Unicorn-19294.exe (PID: 7720)
- Unicorn-47332.exe (PID: 9156)
- Unicorn-37383.exe (PID: 1912)
- Unicorn-40913.exe (PID: 6392)
- Unicorn-1307.exe (PID: 10100)
- Unicorn-2900.exe (PID: 8960)
- Unicorn-19075.exe (PID: 7292)
- Unicorn-8780.exe (PID: 9920)
- Unicorn-53061.exe (PID: 1228)
- Unicorn-5220.exe (PID: 7980)
- Unicorn-30803.exe (PID: 1132)
- Unicorn-3279.exe (PID: 10184)
- Unicorn-9859.exe (PID: 8024)
- Unicorn-23041.exe (PID: 9236)
- Unicorn-61260.exe (PID: 7356)
- Unicorn-5116.exe (PID: 5556)
- Unicorn-31571.exe (PID: 9308)
- Unicorn-27037.exe (PID: 10204)
- Unicorn-29813.exe (PID: 7052)
- Unicorn-56164.exe (PID: 7400)
- Unicorn-54473.exe (PID: 10156)
- Unicorn-48837.exe (PID: 7592)
- Unicorn-1468.exe (PID: 9200)
- Unicorn-61835.exe (PID: 9268)
- Unicorn-26985.exe (PID: 8112)
- Unicorn-44348.exe (PID: 7448)
- Unicorn-55573.exe (PID: 8132)
- Unicorn-54872.exe (PID: 6516)
- Unicorn-23594.exe (PID: 8016)
- Unicorn-22688.exe (PID: 10212)
- Unicorn-26947.exe (PID: 1328)
- Unicorn-23965.exe (PID: 9376)
- Unicorn-248.exe (PID: 3020)
- Unicorn-41215.exe (PID: 8096)
- Unicorn-8188.exe (PID: 7468)
- Unicorn-57611.exe (PID: 8152)
- Unicorn-22110.exe (PID: 9336)
- Unicorn-16051.exe (PID: 9148)
- Unicorn-55936.exe (PID: 4620)
- Unicorn-1136.exe (PID: 7988)
- Unicorn-47877.exe (PID: 7432)
- Unicorn-10950.exe (PID: 9384)
- Unicorn-30078.exe (PID: 9576)
- Unicorn-30854.exe (PID: 9600)
- Unicorn-37893.exe (PID: 8040)
- Unicorn-53824.exe (PID: 10244)
- Unicorn-32501.exe (PID: 7540)
- Unicorn-20353.exe (PID: 8376)
- Unicorn-19393.exe (PID: 8264)
- Unicorn-29179.exe (PID: 9688)
- Unicorn-42672.exe (PID: 6300)
- Unicorn-48977.exe (PID: 6184)
- Unicorn-13943.exe (PID: 8056)
- Unicorn-3803.exe (PID: 8248)
- Unicorn-11255.exe (PID: 10224)
- Unicorn-40093.exe (PID: 7380)
- Unicorn-19231.exe (PID: 8244)
- Unicorn-10264.exe (PID: 2644)
- Unicorn-63149.exe (PID: 2420)
- Unicorn-6142.exe (PID: 7484)
- Unicorn-44525.exe (PID: 10344)
- Unicorn-37789.exe (PID: 7144)
- Unicorn-53129.exe (PID: 9704)
- Unicorn-19370.exe (PID: 9832)
- Unicorn-33159.exe (PID: 8416)
- Unicorn-33861.exe (PID: 9756)
- Unicorn-33705.exe (PID: 3896)
- Unicorn-37945.exe (PID: 9788)
- Unicorn-7332.exe (PID: 8508)
- Unicorn-56201.exe (PID: 5408)
- Unicorn-37139.exe (PID: 7584)
- Unicorn-1063.exe (PID: 7956)
- Unicorn-59620.exe (PID: 3008)
- Unicorn-49584.exe (PID: 7520)
- Unicorn-36579.exe (PID: 9480)
- Unicorn-58187.exe (PID: 8292)
- Unicorn-15967.exe (PID: 9544)
- Unicorn-14325.exe (PID: 10532)
- Unicorn-49709.exe (PID: 8568)
- Unicorn-25117.exe (PID: 9976)
- Unicorn-47715.exe (PID: 10420)
- Unicorn-45433.exe (PID: 8668)
- Unicorn-21121.exe (PID: 8540)
- Unicorn-49548.exe (PID: 9888)
- Unicorn-28971.exe (PID: 7564)
- Unicorn-4452.exe (PID: 10444)
- Unicorn-57685.exe (PID: 8680)
- Unicorn-4120.exe (PID: 9656)
- Unicorn-44193.exe (PID: 9472)
- Unicorn-12760.exe (PID: 8632)
- Unicorn-7804.exe (PID: 7620)
- Unicorn-28417.exe (PID: 7548)
- Unicorn-50752.exe (PID: 9812)
- Unicorn-65173.exe (PID: 7604)
- Unicorn-22443.exe (PID: 8980)
- Unicorn-57685.exe (PID: 8692)
- Unicorn-62620.exe (PID: 9936)
- Unicorn-29307.exe (PID: 6592)
- Unicorn-4659.exe (PID: 7172)
- Unicorn-55552.exe (PID: 7860)
- Unicorn-44539.exe (PID: 9188)
- Unicorn-22443.exe (PID: 8928)
- Unicorn-8847.exe (PID: 8848)
- Unicorn-6704.exe (PID: 9220)
- Unicorn-42361.exe (PID: 7924)
- Unicorn-53476.exe (PID: 7684)
- Unicorn-7420.exe (PID: 7348)
- Unicorn-3248.exe (PID: 8516)
- Unicorn-9842.exe (PID: 7628)
- Unicorn-6843.exe (PID: 7704)
- Unicorn-47190.exe (PID: 10512)
- Unicorn-7804.exe (PID: 7640)
- Unicorn-32797.exe (PID: 8864)
- Unicorn-59916.exe (PID: 8504)
- Unicorn-61665.exe (PID: 7844)
- Unicorn-10191.exe (PID: 8944)
- Unicorn-38032.exe (PID: 9344)
- Unicorn-35833.exe (PID: 9552)
- Unicorn-47000.exe (PID: 7948)
- Unicorn-53113.exe (PID: 7504)
- Unicorn-57021.exe (PID: 9720)
- Unicorn-33861.exe (PID: 9760)
- Unicorn-53601.exe (PID: 8712)
- Unicorn-34746.exe (PID: 10552)
- Unicorn-15417.exe (PID: 6564)
- Unicorn-37457.exe (PID: 8560)
- Unicorn-14275.exe (PID: 8904)
- Unicorn-28476.exe (PID: 10608)
- Unicorn-48100.exe (PID: 9276)
- Unicorn-41347.exe (PID: 9048)
- Unicorn-42745.exe (PID: 8216)
- Unicorn-7309.exe (PID: 10636)
- Unicorn-27922.exe (PID: 10584)
- Unicorn-62293.exe (PID: 4980)
- Unicorn-10191.exe (PID: 8952)
- Unicorn-56318.exe (PID: 10724)
- Unicorn-48837.exe (PID: 7576)
- Unicorn-33809.exe (PID: 8064)
- Unicorn-23455.exe (PID: 8140)
- Unicorn-23041.exe (PID: 9244)
- Unicorn-50041.exe (PID: 4976)
Checks supported languages
- 1 (1109).exe (PID: 2656)
- Unicorn-22641.exe (PID: 920)
- Unicorn-248.exe (PID: 3020)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-33705.exe (PID: 3896)
- Unicorn-7420.exe (PID: 7348)
- Unicorn-4659.exe (PID: 7172)
- Unicorn-6142.exe (PID: 7484)
- Unicorn-48837.exe (PID: 7592)
- Unicorn-13943.exe (PID: 8056)
- Unicorn-15417.exe (PID: 6564)
- Unicorn-57877.exe (PID: 8576)
- Unicorn-49709.exe (PID: 8568)
- Unicorn-57685.exe (PID: 8680)
- Unicorn-45433.exe (PID: 8668)
- Unicorn-2900.exe (PID: 8960)
- Unicorn-32797.exe (PID: 8864)
- Unicorn-30803.exe (PID: 1132)
- Unicorn-23041.exe (PID: 9236)
- Unicorn-50752.exe (PID: 9812)
- Unicorn-34245.exe (PID: 10124)
- Unicorn-19231.exe (PID: 8244)
- Unicorn-62620.exe (PID: 9936)
- Unicorn-27922.exe (PID: 10584)
- Unicorn-7309.exe (PID: 10636)
- Unicorn-60402.exe (PID: 10696)
- Unicorn-48705.exe (PID: 10708)
- Unicorn-19178.exe (PID: 10864)
- Unicorn-24149.exe (PID: 11140)
- Unicorn-16992.exe (PID: 11008)
- Unicorn-42596.exe (PID: 1532)
- Unicorn-58932.exe (PID: 6148)
- Unicorn-36017.exe (PID: 6208)
- Unicorn-33520.exe (PID: 10956)
- Unicorn-21098.exe (PID: 11356)
- Unicorn-37050.exe (PID: 11476)
- Unicorn-50838.exe (PID: 11540)
- Unicorn-51222.exe (PID: 12112)
- Unicorn-9997.exe (PID: 12240)
- Unicorn-22036.exe (PID: 11808)
- Unicorn-5648.exe (PID: 12212)
- Unicorn-15425.exe (PID: 12312)
- Unicorn-10765.exe (PID: 12560)
- Unicorn-23402.exe (PID: 12404)
- Unicorn-2597.exe (PID: 12548)
- Unicorn-24518.exe (PID: 13132)
- Unicorn-51636.exe (PID: 12944)
- Unicorn-4481.exe (PID: 12976)
- Unicorn-36962.exe (PID: 13068)
- Unicorn-1357.exe (PID: 13160)
- Unicorn-43734.exe (PID: 13428)
- Unicorn-5057.exe (PID: 13280)
- Unicorn-58705.exe (PID: 13316)
- Unicorn-57449.exe (PID: 13860)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 5244)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 3768)
Create files in a temporary directory
- 1 (1109).exe (PID: 2656)
- Unicorn-248.exe (PID: 3020)
- Unicorn-58172.exe (PID: 3900)
- Unicorn-22641.exe (PID: 920)
- Unicorn-59620.exe (PID: 3008)
- Unicorn-26947.exe (PID: 1328)
- Unicorn-37279.exe (PID: 660)
- Unicorn-35173.exe (PID: 6752)
- Unicorn-51015.exe (PID: 1180)
- Unicorn-9864.exe (PID: 5964)
- Unicorn-29307.exe (PID: 6592)
- Unicorn-18225.exe (PID: 6740)
- Unicorn-37383.exe (PID: 1912)
- Unicorn-29813.exe (PID: 7052)
- Unicorn-40019.exe (PID: 4608)
- Unicorn-33705.exe (PID: 3896)
- Unicorn-50041.exe (PID: 4976)
- Unicorn-42427.exe (PID: 6480)
- Unicorn-61531.exe (PID: 5344)
- Unicorn-37789.exe (PID: 7144)
- Unicorn-22605.exe (PID: 7272)
- Unicorn-40913.exe (PID: 6392)
- Unicorn-61260.exe (PID: 7356)
- Unicorn-47877.exe (PID: 7432)
- Unicorn-8188.exe (PID: 7468)
- Unicorn-48977.exe (PID: 6184)
- Unicorn-54872.exe (PID: 6516)
- Unicorn-63149.exe (PID: 2420)
- Unicorn-65173.exe (PID: 7604)
- Unicorn-7804.exe (PID: 7620)
- Unicorn-28417.exe (PID: 7548)
- Unicorn-32044.exe (PID: 7696)
- Unicorn-7804.exe (PID: 7648)
- Unicorn-4659.exe (PID: 7172)
- Unicorn-50721.exe (PID: 7880)
- Unicorn-5220.exe (PID: 7980)
- Unicorn-23455.exe (PID: 8140)
- Unicorn-26985.exe (PID: 8112)
- Unicorn-57611.exe (PID: 8152)
- Unicorn-19393.exe (PID: 8264)
- Unicorn-33159.exe (PID: 8416)
- Unicorn-28971.exe (PID: 7564)
- Unicorn-9864.exe (PID: 6080)
- Unicorn-32797.exe (PID: 8864)
- Unicorn-49325.exe (PID: 8824)
- Unicorn-10191.exe (PID: 8944)
- Unicorn-53061.exe (PID: 1228)
- Unicorn-23965.exe (PID: 9376)
- Unicorn-8204.exe (PID: 9648)
- Unicorn-57021.exe (PID: 9720)
- Unicorn-53113.exe (PID: 7504)
- Unicorn-37139.exe (PID: 7584)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
526
Monitored processes
395
Malicious processes
59
Suspicious processes
49
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-37279.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37279.exe | Unicorn-22641.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 672 | C:\Users\admin\AppData\Local\Temp\Unicorn-43911.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43911.exe | Unicorn-58172.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 920 | C:\Users\admin\AppData\Local\Temp\Unicorn-22641.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22641.exe | 1 (1109).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1132 | C:\Users\admin\AppData\Local\Temp\Unicorn-30803.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-30803.exe | Unicorn-19075.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1164 | C:\Users\admin\AppData\Local\Temp\Unicorn-41873.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41873.exe | Unicorn-9864.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1180 | C:\Users\admin\AppData\Local\Temp\Unicorn-51015.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-51015.exe | 1 (1109).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1228 | C:\Users\admin\AppData\Local\Temp\Unicorn-53061.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-53061.exe | Unicorn-248.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1328 | C:\Users\admin\AppData\Local\Temp\Unicorn-26947.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26947.exe | Unicorn-248.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1532 | C:\Users\admin\AppData\Local\Temp\Unicorn-42596.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42596.exe | — | Unicorn-41873.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1912 | C:\Users\admin\AppData\Local\Temp\Unicorn-37383.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37383.exe | Unicorn-53061.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
9 332
Read events
9 317
Write events
15
Delete events
0
Modification events
| (PID) Process: | (7144) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7144) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7144) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (5244) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5244) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5244) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (3768) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
Executable files
1 042
Suspicious files
5
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 5244 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\10732c3f-ec7e-4428-885a-2a2229fec81e.down_data | — | |
MD5:— | SHA256:— | |||
| 2656 | 1 (1109).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22641.exe | executable | |
MD5:88601A0E862FD91714D3169C49EC7A99 | SHA256:84DE4A93EA3763D97775D078ED9C4B5DF63FBE6652D1F253063B85FB24E2C888 | |||
| 2656 | 1 (1109).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58172.exe | executable | |
MD5:00A4957BC7932CCDD7A8FD6EFDE4D886 | SHA256:8E78771D5AF945E178C187C0AE6B9EDC6981E8AFBF291ECC65D7CAF1BF34472A | |||
| 3020 | Unicorn-248.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26947.exe | executable | |
MD5:A6FAD2A6C014D5111A3D0356EC929EB2 | SHA256:69F7CCD86989E77FE5B7F4EAED9A514ED9FCC092AE6278AB5C25379906DB62FC | |||
| 5244 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\afc1fccb-2e3f-4153-b189-d3317312eba2.up_meta_secure | binary | |
MD5:64331478507B6A2D5C4C64A29485BB11 | SHA256:07F6AD4DFBFA63768042E39B51F7338E48C4CD0119282304BD428F897C3D61CE | |||
| 5244 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\MetaData\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D | binary | |
MD5:2CB8A0F69256D0E2D1B5A4E0A4104698 | SHA256:82CE77618D4FE9C8C5EF330598293192855382B7431D2DC21BEB0A5DDDB23832 | |||
| 920 | Unicorn-22641.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-248.exe | executable | |
MD5:8927F78ED92A7D1E089B08E0E8639101 | SHA256:31D22361CCA7F69D34BA5F98F11363CA1099718E502C83C00EF0870B05960B65 | |||
| 5244 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10D | binary | |
MD5:4872BABAF39AA62B8D32695EBB7E9173 | SHA256:2EE85DF86EE29BBEB3DCA81AA29B6DE204F605A2769B84C728A329178A2D0999 | |||
| 6184 | Unicorn-48977.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-63149.exe | executable | |
MD5:13FF6500B4F50F795864E83594B66732 | SHA256:658D705C26FC3BFDCC60652608BD80D1974618E3804EF43B2F2306A3AE029119 | |||
| 5244 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\afc1fccb-2e3f-4153-b189-d3317312eba2.e19e8eb5-d967-4b2f-bd1c-b3ef188771df.down_meta | binary | |
MD5:6AAB7911644210FBF7DC29D623FC0779 | SHA256:3A0CC50B778F8470714251C298DB990B6E735028C45EBA6DC052B6F0DC106131 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.156:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
3888 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
5244 | BackgroundTransferHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
8344 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8344 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 23.48.23.156:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
— | — | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.159.64:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
2104 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3888 | backgroundTaskHost.exe | 20.103.156.88:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3888 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |