Malware analysis DigitalPulseService.exe Malicious activity

Add for printing

File name:	DigitalPulseService.exe
Full analysis:	https://app.any.run/tasks/3e0e6ee9-6e32-4041-867a-6ee88df7f8fb
Verdict:	Malicious activity
Analysis date:	October 22, 2024, 08:36:55
OS:	Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME:	application/x-dosexec
File info:	PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
MD5:	06780F1C48A54677B373D4DCDBC8BDE6
SHA1:	9152A43C9E4BD6D3E038A2D46C9FF36AFBDB72E8
SHA256:	D49AC298EB6FD619E9E209454762E4B73C76D9DEF3E47C6587288EE1C5490674
SSDEEP:	98304:4QM2d2lL1jLpdx8aOhmA+7vSH+WIJIoosgjeuIP3NXnubIZSCCJDM+xiHyRnjYsN:ye7xiHyRnE0

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

Launch configuration

Task duration:: 300 seconds
Heavy Evasion option:
Network geolocation:: off
Additional time used:: 240 seconds
MITM proxy:: off
Privacy:: Public submission
Fakenet option:: off
Route via Tor:: off
Autoconfirmation of UAC:: on
Network:: on

Software preset

Internet Explorer 11.3636.19041.0
Adobe Acrobat (64-bit) (23.001.20093)
Adobe Flash Player 32 NPAPI (32.0.0.465)
Adobe Flash Player 32 PPAPI (32.0.0.465)
CCleaner (6.20)
FileZilla 3.65.0 (3.65.0)
Google Chrome (122.0.6261.70)
Google Update Helper (1.3.36.51)
Java 8 Update 271 (64-bit) (8.0.2710.9)
Java Auto Updater (2.8.271.9)
Microsoft Edge (122.0.2365.59)
Microsoft Edge Update (1.3.185.17)
Microsoft Office Professional 2019 - de-de (16.0.16026.20146)
Microsoft Office Professional 2019 - en-us (16.0.16026.20146)
Microsoft Office Professional 2019 - es-es (16.0.16026.20146)
Microsoft Office Professional 2019 - it-it (16.0.16026.20146)
Microsoft Office Professional 2019 - ja-jp (16.0.16026.20146)
Microsoft Office Professional 2019 - ko-kr (16.0.16026.20146)
Microsoft Office Professional 2019 - pt-br (16.0.16026.20146)
Microsoft Office Professional 2019 - tr-tr (16.0.16026.20146)
Microsoft Office Professionnel 2019 - fr-fr (16.0.16026.20146)
Microsoft Office профессиональный 2019 - ru-ru (16.0.16026.20146)
Microsoft OneNote - en-us (16.0.16026.20146)
Microsoft Update Health Tools (3.74.0.0)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (12.0.30501.0)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (12.0.21005)
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 (14.36.32532.0)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 (14.36.32532)
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 (14.36.32532)
Mozilla Firefox (x64 en-US) (123.0)
Mozilla Maintenance Service (123.0)
Notepad++ (64-bit x64) (7.9.1)
Office 16 Click-to-Run Extensibility Component (16.0.15726.20202)
Office 16 Click-to-Run Licensing Component (16.0.16026.20146)
Office 16 Click-to-Run Localization Component (16.0.15726.20202)
Office 16 Click-to-Run Localization Component (16.0.15928.20198)
PowerShell 7-x64 (7.3.5.0)
Skype version 8.104 (8.104)
Update for Windows 10 for x64-based Systems (KB4023057) (2.59.0.0)
Update for Windows 10 for x64-based Systems (KB4023057) (2.63.0.0)
Update for Windows 10 for x64-based Systems (KB4480730) (2.55.0.0)
Update for Windows 10 for x64-based Systems (KB5001716) (8.93.0.0)
VLC media player (3.0.11)
WinRAR 5.91 (64-bit) (5.91.0)
Windows PC Health Check (3.6.2204.08001)

Hotfixes

Client LanguagePack Package
DotNetRollup
DotNetRollup 481
FodMetadata Package
Foundation Package
Hello Face Package
InternetExplorer Optional Package
KB5003791
KB5011048
KB5015684
KB5033052
LanguageFeatures Basic en us Package
LanguageFeatures Handwriting en us Package
LanguageFeatures OCR en us Package
LanguageFeatures Speech en us Package
LanguageFeatures TextToSpeech en us Package
MSPaint FoD Package
MediaPlayer Package
Microsoft OneCore ApplicationModel Sync Desktop FOD Package
Microsoft OneCore DirectX Database FOD Package
NetFx3 OnDemand Package
Notepad FoD Package
OpenSSH Client Package
PowerShell ISE FOD Package
Printing PMCPPC FoD Package
Printing WFS FoD Package
ProfessionalEdition
QuickAssist Package
RollupFix
ServicingStack
ServicingStack 3989
StepsRecorder Package
TabletPCMath Package
UserExperience Desktop Package
WordPad FoD Package

Add for printing

MALICIOUS
- Registers / Runs the DLL via REGSVR32.EXE
  - K-Lite_Codec_Pack_1860_Full.tmp (PID: 7796)
- Uses Task Scheduler to run other applications
  - K-Lite_Codec_Pack_1860_Full.tmp (PID: 7796)
SUSPICIOUS
- The process executes via Task Scheduler
  - mmc.exe (PID: 5524)
- Executable content was dropped or overwritten
  - K-Lite_Codec_Pack_1860_Full.exe (PID: 9804)
  - K-Lite_Codec_Pack_1860_Full.tmp (PID: 7796)
- Process drops legitimate windows executable
  - K-Lite_Codec_Pack_1860_Full.tmp (PID: 7796)
- Connects to unusual port
  - DigitalPulseService.exe (PID: 300)
INFO
- Reads the computer name
  - DigitalPulseService.exe (PID: 300)
- Reads product name
  - DigitalPulseService.exe (PID: 300)
- Checks supported languages
  - DigitalPulseService.exe (PID: 300)
- Reads the machine GUID from the registry
  - DigitalPulseService.exe (PID: 300)
- Manual execution by a user
  - mmc.exe (PID: 2784)
  - firefox.exe (PID: 6304)
  - mmc.exe (PID: 6408)
  - msedge.exe (PID: 2312)
- Reads Environment values
  - DigitalPulseService.exe (PID: 300)
- Reads the software policy settings
  - DigitalPulseService.exe (PID: 300)
- Application launched itself
  - firefox.exe (PID: 6304)
  - firefox.exe (PID: 764)
  - msedge.exe (PID: 2312)
- Executable content was dropped or overwritten
  - msedge.exe (PID: 2312)
  - msedge.exe (PID: 6884)
  - msedge.exe (PID: 8028)

Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

Add for printing

No Malware configuration.

Add for printing

TRiD

.exe	\|	Win64 Executable (generic) (87.3)
.exe	\|	Generic Win/DOS Executable (6.3)
.exe	\|	DOS Executable Generic (6.3)

EXIF

EXE

MachineType:	AMD AMD64
TimeStamp:	0000:00:00 00:00:00
ImageFileCharacteristics:	Executable, Large address aware, No debug
PEType:	PE32+
LinkerVersion:	3
CodeSize:	4929024
InitializedDataSize:	348160
UninitializedDataSize:	-
EntryPoint:	0x65580
OSVersion:	6.1
ImageVersion:	1
SubsystemVersion:	6.1
Subsystem:	Windows GUI

No data.

Add for printing

All screenshots are available in the full report

Add for printing

Total processes

385

Monitored processes

235

Malicious processes

Suspicious processes

Behavior graph

Click at the process to see the details

Process information

PID

CMD

Path

Indicators

Parent process

204

"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2508 -childID 5 -isForBrowser -prefsHandle 5864 -prefMapHandle 5856 -prefsLen 31169 -prefMapSize 244343 -jsInitHandle 1420 -jsInitLen 235124 -parentBuildID 20240213221259 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {85019871-06e6-430b-9794-87bdd924d8d3} 764 "\\.\pipe\gecko-crash-server-pipe.764" 1a3bedc54d0 tab

C:\Program Files\Mozilla Firefox\firefox.exe

—

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

LOW

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

300

"C:\Users\admin\AppData\Local\Temp\DigitalPulseService.exe"

C:\Users\admin\AppData\Local\Temp\DigitalPulseService.exe

explorer.exe

User:

admin

Integrity Level:

MEDIUM

Modules

Images
c:\users\admin\appdata\local\temp\digitalpulseservice.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\apphelp.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll

692

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=7004 --field-trial-handle=2312,i,11131393319876403516,10591689725675934244,262144 --variations-seed-version /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

692

"C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files (x86)\K-Lite Codec Pack\Icaros\64-bit\IcarosPropertyHandler.dll"

C:\Windows\System32\regsvr32.exe

—

K-Lite_Codec_Pack_1860_Full.tmp

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Microsoft(C) Register Server

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

696

"C:\Users\admin\AppData\Local\Temp\is-L5R5A.tmp\SetUserFTA.exe" .bik mplayerc64.bik

C:\Users\admin\AppData\Local\Temp\is-L5R5A.tmp\SetUserFTA.exe

—

K-Lite_Codec_Pack_1860_Full.tmp

User:

admin

Company:

Kolbi.cz

Integrity Level:

HIGH

Description:

SetUserFTA from http://kolbi.cz

Exit code:

Version:

1.7.1

764

"C:\Program Files\Mozilla Firefox\firefox.exe"

C:\Program Files\Mozilla Firefox\firefox.exe

firefox.exe

User:

admin

Company:

Mozilla Corporation

Integrity Level:

MEDIUM

Description:

Firefox

Version:

123.0

Modules

Images
c:\program files\mozilla firefox\firefox.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ucrtbase.dll
c:\program files\mozilla firefox\mozglue.dll
c:\windows\system32\crypt32.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\msvcp140.dll
c:\windows\system32\vcruntime140.dll

860

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

SetUserFTA.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

1048

\??\C:\WINDOWS\system32\conhost.exe 0xffffffff -ForceV1

C:\Windows\System32\conhost.exe

—

SetUserFTA.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

HIGH

Description:

Console Window Host

Exit code:

Version:

10.0.19041.1 (WinBuild.160101.0800)

1280

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6464 --field-trial-handle=2312,i,11131393319876403516,10591689725675934244,262144 --variations-seed-version /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

—

msedge.exe

User:

admin

Company:

Microsoft Corporation

Integrity Level:

LOW

Description:

Microsoft Edge

Exit code:

Version:

122.0.2365.59

Modules

Images
c:\program files (x86)\microsoft\edge\application\msedge.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\program files (x86)\microsoft\edge\application\122.0.2365.59\msedge_elf.dll
c:\windows\system32\oleaut32.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\rpcrt4.dll

1440

C:\WINDOWS\system32\SppExtComObj.exe -Embedding

C:\Windows\System32\SppExtComObj.Exe

—

svchost.exe

User:

NETWORK SERVICE

Company:

Microsoft Corporation

Integrity Level:

SYSTEM

Description:

KMS Connection Broker

Exit code:

Version:

10.0.19041.3996 (WinBuild.160101.0800)

Modules

Images
c:\windows\system32\sppextcomobj.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\oleaut32.dll

Add for printing

Total events

24 890

Read events

24 844

Write events

Delete events

Modification events


(PID) Process:	(300) DigitalPulseService.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\DigitalPulse
Operation:	write	Name:	Success
Value: 1
(PID) Process:	(6408) mmc.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}
Operation:	write	Name:	HelpTopic
Value: C:\WINDOWS\Help\taskscheduler.chm
(PID) Process:	(6408) mmc.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns\FX:{c7b8fb06-bfe1-4c2e-9217-7a69a95bbac4}
Operation:	write	Name:	LinkedHelpTopics
Value: C:\WINDOWS\Help\taskscheduler.chm
(PID) Process:	(764) firefox.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Mozilla\Firefox\DllPrefetchExperiment
Operation:	write	Name:	C:\Program Files\Mozilla Firefox\firefox.exe
Value: 0
(PID) Process:	(2312) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	failed_count
Value: 0
(PID) Process:	(2312) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 2
(PID) Process:	(2312) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\BLBeacon
Operation:	write	Name:	state
Value: 1
(PID) Process:	(2312) msedge.exe	Key:	HKEY_CURRENT_USER\SOFTWARE\Microsoft\Edge\StabilityMetrics
Operation:	write	Name:	user_experience_metrics.stability.exited_cleanly
Value: 0
(PID) Process:	(2312) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:	write	Name:	S-1-5-21-1693682860-607145093-2874071422-1001
Value: 28D422FFA2832F00
(PID) Process:	(2312) msedge.exe	Key:	HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\EdgeUpdate\ClientStateMedium\{56EB18F8-B008-4CBD-B6D2-8C97FE7E9062}\LastWasDefault
Operation:	write	Name:	S-1-5-21-1693682860-607145093-2874071422-1001
Value: 325128FFA2832F00

Add for printing

Executable files

262

Suspicious files

1 019

Text files

343

Unknown types

Dropped files

PID	Process	Filename		Type
764	firefox.exe	C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\scriptCache-current.bin		—
		MD5:—	SHA256:—
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cookies.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\sessionCheckpoints.json.tmp		binary
		MD5:EA8B62857DFDBD3D0BE7D7E4A954EC9A	SHA256:792955295AE9C382986222C6731C5870BD0E921E7F7E34CC4615F5CD67F225DA
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite		—
		MD5:—	SHA256:—
764	firefox.exe	C:\Users\admin\AppData\Local\Mozilla\Firefox\Profiles\9kie7cg6.default-release\startupCache\urlCache-current.bin		binary
		MD5:C09FF302D57C404B61E6A89B0B9F36E7	SHA256:6A5B4F82595799346D0E501FE6CC8629E0FD6ED27B74D0E6CB5073DDB2E3C40B
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs-1.js		text
		MD5:BAEB165B96C91D487FFE8B3A772A5641	SHA256:D2359F5E53D4691388A1003C2D0A7FBACC8A302E6FDACA3702B85194A17F0BCB
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\cert9.db		binary
		MD5:55F5FA6ABF46C72E0048D5ECBF8043E2	SHA256:0AF15246E0AE1AAC2FE48CF32AAE3ADA4FCD578B4A8D3D9F8730F438323D8CC4
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shm		binary
		MD5:B7C14EC6110FA820CA6B65F5AEC85911	SHA256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
764	firefox.exe	C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\9kie7cg6.default-release\prefs.js		text
		MD5:BAEB165B96C91D487FFE8B3A772A5641	SHA256:D2359F5E53D4691388A1003C2D0A7FBACC8A302E6FDACA3702B85194A17F0BCB

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Add for printing

HTTP(S) requests

TCP/UDP connections

578

DNS requests

681

Threats

HTTP requests

PID	Process	Method	HTTP Code	IP	URL	CN	Type	Size	Reputation
4360	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	23.52.120.96:80	http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl	unknown	—	—	whitelisted
6944	svchost.exe	GET	200	23.216.77.28:80	http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl	unknown	—	—	whitelisted
2588	SIHClient.exe	GET	200	23.52.120.96:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl	unknown	—	—	whitelisted
4360	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
2588	SIHClient.exe	GET	200	23.52.120.96:80	http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl	unknown	—	—	whitelisted
6384	svchost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D	unknown	—	—	whitelisted
4360	SearchApp.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D	unknown	—	—	whitelisted
3828	backgroundTaskHost.exe	GET	200	192.229.221.95:80	http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D	unknown	—	—	whitelisted
764	firefox.exe	GET	200	34.107.221.82:80	http://detectportal.firefox.com/success.txt?ipv4	unknown	—	—	whitelisted

Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID	Process	IP	Domain	ASN	CN	Reputation
4	System	192.168.100.255:137	—	—	—	whitelisted
5488	MoUsoCoreWorker.exe	51.124.78.146:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
1280	RUXIMICS.exe	51.124.78.146:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
6944	svchost.exe	51.124.78.146:443	—	MICROSOFT-CORP-MSN-AS-BLOCK	NL	whitelisted
4360	SearchApp.exe	2.23.209.133:443	www.bing.com	Akamai International B.V.	GB	whitelisted
4360	SearchApp.exe	192.229.221.95:80	ocsp.digicert.com	EDGECAST	US	whitelisted
4	System	192.168.100.255:138	—	—	—	whitelisted
300	DigitalPulseService.exe	15.156.162.186:443	bapp.digitalpulsedata.com	AMAZON-02	CA	unknown
6944	svchost.exe	40.127.240.158:443	settings-win.data.microsoft.com	MICROSOFT-CORP-MSN-AS-BLOCK	IE	whitelisted
6944	svchost.exe	23.216.77.28:80	crl.microsoft.com	Akamai International B.V.	DE	whitelisted

DNS requests

Domain	IP	Reputation
google.com	142.250.186.174	whitelisted
www.bing.com	2.23.209.133 2.23.209.140 2.23.209.132 2.23.209.139 2.23.209.192 2.23.209.130 2.23.209.191 2.23.209.137 2.23.209.136 2.16.110.123 2.16.110.170 2.16.110.121 2.16.110.195 2.16.110.168 2.16.110.171 2.16.110.176 2.16.110.136 2.16.110.200 104.126.37.155 104.126.37.153 104.126.37.160 104.126.37.146 104.126.37.161 104.126.37.145 104.126.37.144 104.126.37.139 104.126.37.162 104.126.37.130 104.126.37.154 104.126.37.123 104.126.37.128 104.126.37.171 104.126.37.170 104.126.37.169 104.126.37.168	whitelisted
ocsp.digicert.com	192.229.221.95	whitelisted
bapp.digitalpulsedata.com	15.156.162.186 15.157.15.142	unknown
settings-win.data.microsoft.com	40.127.240.158	whitelisted
crl.microsoft.com	23.216.77.28 23.216.77.6	whitelisted
www.microsoft.com	23.52.120.96	whitelisted
login.live.com	20.190.159.75 40.126.31.71 20.190.159.4 20.190.159.64 20.190.159.23 40.126.31.69 20.190.159.2 20.190.159.68 40.126.31.73 40.126.31.67 20.190.159.71 20.190.160.20 20.190.160.14 40.126.32.72 20.190.160.22 40.126.32.68 20.190.160.17 40.126.32.136 40.126.32.140	whitelisted
th.bing.com	2.16.110.170 2.16.110.121 2.16.110.195 2.16.110.168 2.16.110.171 2.16.110.176 2.16.110.136 2.16.110.200 2.16.110.123 104.126.37.153 104.126.37.160 104.126.37.146 104.126.37.161 104.126.37.145 104.126.37.144 104.126.37.139 104.126.37.162 104.126.37.155 104.126.37.123 104.126.37.128 104.126.37.130 104.126.37.154	whitelisted
go.microsoft.com	23.213.166.81 23.35.238.131	whitelisted

Threats

PID	Process	Class	Message
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Beacon
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Response
300	DigitalPulseService.exe	Potentially Bad Traffic	ET MALWARE MacOS/Adload Proxy Node Beacon
300	DigitalPulseService.exe	Potentially Bad Traffic	ET MALWARE MacOS/Adload Proxy Node Response
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Beacon
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Response
300	DigitalPulseService.exe	Potentially Bad Traffic	ET MALWARE MacOS/Adload Proxy Node Response
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Beacon
300	DigitalPulseService.exe	Potentially Bad Traffic	AV TROJAN AdLoad Proxy Node Response
300	DigitalPulseService.exe	Potentially Bad Traffic	ET MALWARE MacOS/Adload Proxy Node Response

Add for printing

Process	Message
mmc.exe	Constructor: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe	OnInitialize: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe	AddIcons: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn
mmc.exe	ProcessCommandLineArguments: Microsoft.TaskScheduler.SnapIn.TaskSchedulerSnapIn

General Info

DigitalPulseService.exe

06780F1C48A54677B373D4DCDBC8BDE6

9152A43C9E4BD6D3E038A2D46C9FF36AFBDB72E8

D49AC298EB6FD619E9E209454762E4B73C76D9DEF3E47C6587288EE1C5490674

98304:4QM2d2lL1jLpdx8aOhmA+7vSH+WIJIoosgjeuIP3NXnubIZSCCJDM+xiHyRnjYsN:ye7xiHyRnE0

Software environment set and analysis options

Launch configuration

Software preset

Hotfixes

Behavior activities

MALICIOUS

Registers / Runs the DLL via REGSVR32.EXE

Uses Task Scheduler to run other applications

SUSPICIOUS

The process executes via Task Scheduler

Executable content was dropped or overwritten

Process drops legitimate windows executable

Connects to unusual port

INFO

Reads the computer name

Reads product name

Checks supported languages

Reads the machine GUID from the registry

Manual execution by a user

Reads Environment values

Reads the software policy settings

Application launched itself

Executable content was dropped or overwritten

Malware configuration

Static information

TRiD

EXIF

EXE

Video and screenshots

Processes

Behavior graph

Specs description

Process information

Information

Modules

Information

Modules

Information

Modules

Information

Information

Information

Modules

Information

Information

Information

Modules

Information

Modules

Registry activity

Modification events

Files activity

Dropped files

Network activity

HTTP requests

Connections

DNS requests

Threats

Debug output strings