| File name: | 1 (1325) |
| Full analysis: | https://app.any.run/tasks/59ffa409-54aa-4d25-962f-a33e8a7ed707 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 12:38:33 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections |
| MD5: | BF71C2C6A8DA429DE5D5620D4CA0A4E0 |
| SHA1: | B51C101131E54C2E1B5F37D4D9A3DB5DA9969AC8 |
| SHA256: | 0167676980616B1480A06E37D9E0B30936A07649F695FEAA0338556C880A49EA |
| SSDEEP: | 6144:k7KpOTIPvDcLA5XNI4eHUAfx/tWqlvJGBq/WyeoNTk/8SwjwpyAvEhDPO9N0siFa:k+YE4LA5dIzNWMhaqOyeoNDx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-41229.exe (PID: 2320)
- 1 (1325).exe (PID: 1276)
- Unicorn-559.exe (PID: 6184)
- Unicorn-6060.exe (PID: 6372)
- Unicorn-54855.exe (PID: 5548)
- Unicorn-60985.exe (PID: 920)
- Unicorn-60985.exe (PID: 5332)
- Unicorn-26149.exe (PID: 2096)
- Unicorn-53372.exe (PID: 4724)
- Unicorn-46569.exe (PID: 1812)
- Unicorn-62905.exe (PID: 5324)
- Unicorn-34871.exe (PID: 5512)
- Unicorn-50580.exe (PID: 4268)
- Unicorn-32729.exe (PID: 1660)
- Unicorn-40439.exe (PID: 6656)
- Unicorn-28261.exe (PID: 4120)
- Unicorn-8395.exe (PID: 6872)
- Unicorn-40705.exe (PID: 4244)
- Unicorn-50911.exe (PID: 5176)
- Unicorn-19330.exe (PID: 1188)
- Unicorn-57928.exe (PID: 5260)
- Unicorn-13076.exe (PID: 2240)
- Unicorn-52063.exe (PID: 5400)
- Unicorn-49428.exe (PID: 5392)
- Unicorn-5463.exe (PID: 2268)
- Unicorn-42328.exe (PID: 5384)
- Unicorn-19023.exe (PID: 664)
- Unicorn-22361.exe (PID: 5352)
- Unicorn-47247.exe (PID: 6248)
- Unicorn-64545.exe (PID: 2100)
- Unicorn-1940.exe (PID: 1240)
- Unicorn-35957.exe (PID: 2908)
- Unicorn-24067.exe (PID: 3332)
- Unicorn-18779.exe (PID: 4560)
- Unicorn-20306.exe (PID: 3300)
- Unicorn-14960.exe (PID: 5164)
- Unicorn-36429.exe (PID: 1328)
- Unicorn-40211.exe (PID: 4620)
- Unicorn-64524.exe (PID: 7208)
- Unicorn-32641.exe (PID: 7288)
- Unicorn-7752.exe (PID: 7300)
- Unicorn-470.exe (PID: 7200)
- Unicorn-33061.exe (PID: 7308)
- Unicorn-64161.exe (PID: 7176)
- Unicorn-26318.exe (PID: 7332)
- Unicorn-65121.exe (PID: 7324)
- Unicorn-14119.exe (PID: 7552)
- Unicorn-12723.exe (PID: 7596)
- Unicorn-45256.exe (PID: 7316)
- Unicorn-3476.exe (PID: 7360)
- Unicorn-7560.exe (PID: 7344)
- Unicorn-4052.exe (PID: 7488)
- Unicorn-35499.exe (PID: 7660)
- Unicorn-59257.exe (PID: 7688)
- Unicorn-42463.exe (PID: 7368)
- Unicorn-57337.exe (PID: 7480)
- Unicorn-14612.exe (PID: 7608)
- Unicorn-21135.exe (PID: 7496)
- Unicorn-59449.exe (PID: 7636)
- Unicorn-31878.exe (PID: 7276)
- Unicorn-1120.exe (PID: 7528)
- Unicorn-29901.exe (PID: 7544)
- Unicorn-6527.exe (PID: 7748)
- Unicorn-13076.exe (PID: 2420)
- Unicorn-43039.exe (PID: 7504)
- Unicorn-36895.exe (PID: 7352)
- Unicorn-6600.exe (PID: 7192)
- Unicorn-5780.exe (PID: 7732)
- Unicorn-62341.exe (PID: 7536)
- Unicorn-3860.exe (PID: 7268)
- Unicorn-63128.exe (PID: 7520)
- Unicorn-18555.exe (PID: 8008)
- Unicorn-19681.exe (PID: 8628)
- Unicorn-25516.exe (PID: 7700)
- Unicorn-35691.exe (PID: 7864)
- Unicorn-42345.exe (PID: 7512)
- Unicorn-52589.exe (PID: 7916)
- Unicorn-64877.exe (PID: 8720)
- Unicorn-23949.exe (PID: 8904)
- Unicorn-62485.exe (PID: 7796)
- Unicorn-47664.exe (PID: 8660)
- Unicorn-51287.exe (PID: 7780)
- Unicorn-14908.exe (PID: 7800)
- Unicorn-8816.exe (PID: 8264)
- Unicorn-31437.exe (PID: 7824)
- Unicorn-3943.exe (PID: 8040)
- Unicorn-4886.exe (PID: 7772)
- Unicorn-45552.exe (PID: 8152)
- Unicorn-36315.exe (PID: 7756)
- Unicorn-13476.exe (PID: 8512)
- Unicorn-27051.exe (PID: 8428)
- Unicorn-60876.exe (PID: 8992)
- Unicorn-27841.exe (PID: 8980)
- Unicorn-14052.exe (PID: 8376)
- Unicorn-54509.exe (PID: 8520)
- Unicorn-6055.exe (PID: 8532)
- Unicorn-44805.exe (PID: 1168)
- Unicorn-31712.exe (PID: 8028)
- Unicorn-7939.exe (PID: 8320)
- Unicorn-54571.exe (PID: 8436)
- Unicorn-51311.exe (PID: 8136)
- Unicorn-41835.exe (PID: 7788)
- Unicorn-46149.exe (PID: 1348)
- Unicorn-39517.exe (PID: 8568)
- Unicorn-52672.exe (PID: 8344)
- Unicorn-28342.exe (PID: 8420)
- Unicorn-14052.exe (PID: 8384)
- Unicorn-55469.exe (PID: 8620)
- Unicorn-48188.exe (PID: 8868)
- Unicorn-31785.exe (PID: 8060)
- Unicorn-39951.exe (PID: 8160)
- Unicorn-40891.exe (PID: 7932)
- Unicorn-32361.exe (PID: 7872)
- Unicorn-43248.exe (PID: 9436)
- Unicorn-40787.exe (PID: 8396)
- Unicorn-3196.exe (PID: 8000)
- Unicorn-44421.exe (PID: 7944)
- Unicorn-8690.exe (PID: 8540)
- Unicorn-30751.exe (PID: 8472)
- Unicorn-60684.exe (PID: 9084)
- Unicorn-23098.exe (PID: 8404)
- Unicorn-22657.exe (PID: 9952)
- Unicorn-60492.exe (PID: 8548)
- Unicorn-41908.exe (PID: 9944)
- Unicorn-522.exe (PID: 8560)
- Unicorn-6902.exe (PID: 7952)
- Unicorn-43513.exe (PID: 9444)
- Unicorn-49797.exe (PID: 8360)
- Unicorn-62063.exe (PID: 7808)
- Unicorn-48645.exe (PID: 9600)
- Unicorn-43113.exe (PID: 7648)
- Unicorn-15182.exe (PID: 9904)
- Unicorn-43195.exe (PID: 8412)
- Unicorn-33980.exe (PID: 11256)
- Unicorn-22994.exe (PID: 9872)
- Unicorn-50098.exe (PID: 9136)
- Unicorn-51224.exe (PID: 10092)
- Unicorn-39481.exe (PID: 872)
- Unicorn-37535.exe (PID: 924)
- Unicorn-5936.exe (PID: 9968)
- Unicorn-55054.exe (PID: 9880)
- Unicorn-13912.exe (PID: 10220)
- Unicorn-42323.exe (PID: 8876)
- Unicorn-7804.exe (PID: 9152)
- Unicorn-56791.exe (PID: 10124)
- Unicorn-36409.exe (PID: 10600)
- Unicorn-20737.exe (PID: 9712)
- Unicorn-26409.exe (PID: 9340)
- Unicorn-61193.exe (PID: 9472)
- Unicorn-25568.exe (PID: 9224)
- Unicorn-13995.exe (PID: 11044)
- Unicorn-50477.exe (PID: 9772)
- Unicorn-44067.exe (PID: 10996)
- Unicorn-18778.exe (PID: 8356)
- Unicorn-24878.exe (PID: 7904)
- Unicorn-42723.exe (PID: 10952)
- Unicorn-1276.exe (PID: 9744)
- Unicorn-22273.exe (PID: 10080)
- Unicorn-61384.exe (PID: 9896)
- Unicorn-41458.exe (PID: 9572)
- Unicorn-4083.exe (PID: 8896)
- Unicorn-32745.exe (PID: 8168)
- Unicorn-31209.exe (PID: 10532)
- Unicorn-4623.exe (PID: 11540)
- Unicorn-18625.exe (PID: 9324)
- Unicorn-51748.exe (PID: 10276)
- Unicorn-24964.exe (PID: 12452)
- Unicorn-25428.exe (PID: 11020)
- Unicorn-23049.exe (PID: 10248)
- Unicorn-5744.exe (PID: 10032)
- Unicorn-45192.exe (PID: 12504)
- Unicorn-19289.exe (PID: 9096)
- Unicorn-49635.exe (PID: 9452)
- Unicorn-17539.exe (PID: 8336)
- Unicorn-43055.exe (PID: 5112)
- Unicorn-23703.exe (PID: 12484)
- Unicorn-19651.exe (PID: 7976)
- Unicorn-2186.exe (PID: 8920)
- Unicorn-43055.exe (PID: 1532)
- Unicorn-7450.exe (PID: 9232)
- Unicorn-731.exe (PID: 11520)
- Unicorn-31816.exe (PID: 11360)
- Unicorn-52620.exe (PID: 11588)
- Unicorn-43376.exe (PID: 13144)
- Unicorn-49932.exe (PID: 11004)
- Unicorn-35378.exe (PID: 13288)
- Unicorn-63652.exe (PID: 6816)
- Unicorn-3352.exe (PID: 10836)
- Unicorn-7750.exe (PID: 14148)
- Unicorn-21485.exe (PID: 14132)
- Unicorn-21485.exe (PID: 14140)
- Unicorn-44312.exe (PID: 11468)
- Unicorn-48815.exe (PID: 10052)
- Unicorn-10895.exe (PID: 13128)
- Unicorn-55774.exe (PID: 15072)
- Unicorn-7420.exe (PID: 9196)
- Unicorn-31209.exe (PID: 10524)
- Unicorn-64125.exe (PID: 9400)
- Unicorn-12672.exe (PID: 10892)
- Unicorn-34914.exe (PID: 10312)
- Unicorn-48780.exe (PID: 10920)
- Unicorn-28915.exe (PID: 10160)
- Unicorn-58075.exe (PID: 10144)
- Unicorn-25973.exe (PID: 9780)
- Unicorn-30331.exe (PID: 11068)
- Unicorn-19842.exe (PID: 9788)
- Unicorn-3160.exe (PID: 10860)
- Unicorn-25950.exe (PID: 11348)
- Unicorn-43055.exe (PID: 10212)
Executable content was dropped or overwritten
- Unicorn-54855.exe (PID: 5548)
- Unicorn-41229.exe (PID: 2320)
- 1 (1325).exe (PID: 1276)
- Unicorn-6060.exe (PID: 6372)
- Unicorn-53372.exe (PID: 4724)
- Unicorn-60985.exe (PID: 5332)
- Unicorn-26149.exe (PID: 2096)
- Unicorn-62905.exe (PID: 5324)
- Unicorn-60985.exe (PID: 920)
- Unicorn-46569.exe (PID: 1812)
- Unicorn-34871.exe (PID: 5512)
- Unicorn-50580.exe (PID: 4268)
- Unicorn-19330.exe (PID: 1188)
- Unicorn-559.exe (PID: 6184)
- Unicorn-32729.exe (PID: 1660)
- Unicorn-28261.exe (PID: 4120)
- Unicorn-40705.exe (PID: 4244)
- Unicorn-49428.exe (PID: 5392)
- Unicorn-50911.exe (PID: 5176)
- Unicorn-8395.exe (PID: 6872)
- Unicorn-36429.exe (PID: 1328)
- Unicorn-57928.exe (PID: 5260)
- Unicorn-52063.exe (PID: 5400)
- Unicorn-13076.exe (PID: 2240)
- Unicorn-40439.exe (PID: 6656)
- Unicorn-13076.exe (PID: 2420)
- Unicorn-5463.exe (PID: 2268)
- Unicorn-42328.exe (PID: 5384)
- Unicorn-1940.exe (PID: 1240)
- Unicorn-19023.exe (PID: 664)
- Unicorn-47247.exe (PID: 6248)
- Unicorn-22361.exe (PID: 5352)
- Unicorn-64545.exe (PID: 2100)
- Unicorn-35957.exe (PID: 2908)
- Unicorn-24067.exe (PID: 3332)
- Unicorn-18779.exe (PID: 4560)
- Unicorn-6600.exe (PID: 7192)
- Unicorn-20306.exe (PID: 3300)
- Unicorn-14960.exe (PID: 5164)
- Unicorn-40211.exe (PID: 4620)
- Unicorn-64524.exe (PID: 7208)
- Unicorn-32641.exe (PID: 7288)
- Unicorn-470.exe (PID: 7200)
- Unicorn-31878.exe (PID: 7276)
- Unicorn-33061.exe (PID: 7308)
- Unicorn-45256.exe (PID: 7316)
- Unicorn-64161.exe (PID: 7176)
- Unicorn-26318.exe (PID: 7332)
- Unicorn-14119.exe (PID: 7552)
- Unicorn-65121.exe (PID: 7324)
- Unicorn-12723.exe (PID: 7596)
- Unicorn-7560.exe (PID: 7344)
- Unicorn-4052.exe (PID: 7488)
- Unicorn-35499.exe (PID: 7660)
- Unicorn-42463.exe (PID: 7368)
- Unicorn-3860.exe (PID: 7268)
- Unicorn-3476.exe (PID: 7360)
- Unicorn-57337.exe (PID: 7480)
- Unicorn-14612.exe (PID: 7608)
- Unicorn-59449.exe (PID: 7636)
- Unicorn-1120.exe (PID: 7528)
- Unicorn-29901.exe (PID: 7544)
- Unicorn-6527.exe (PID: 7748)
- Unicorn-62341.exe (PID: 7536)
- Unicorn-43039.exe (PID: 7504)
- Unicorn-5780.exe (PID: 7732)
- Unicorn-25516.exe (PID: 7700)
- Unicorn-36895.exe (PID: 7352)
- Unicorn-19681.exe (PID: 8628)
- Unicorn-18555.exe (PID: 8008)
- Unicorn-62485.exe (PID: 7796)
- Unicorn-35691.exe (PID: 7864)
- Unicorn-63128.exe (PID: 7520)
- Unicorn-42345.exe (PID: 7512)
- Unicorn-51287.exe (PID: 7780)
- Unicorn-23949.exe (PID: 8904)
- Unicorn-52589.exe (PID: 7916)
- Unicorn-47664.exe (PID: 8660)
- Unicorn-14908.exe (PID: 7800)
- Unicorn-31437.exe (PID: 7824)
- Unicorn-3943.exe (PID: 8040)
- Unicorn-8816.exe (PID: 8264)
- Unicorn-45552.exe (PID: 8152)
- Unicorn-59257.exe (PID: 7688)
- Unicorn-13476.exe (PID: 8512)
- Unicorn-36315.exe (PID: 7756)
- Unicorn-4886.exe (PID: 7772)
- Unicorn-27841.exe (PID: 8980)
- Unicorn-27051.exe (PID: 8428)
- Unicorn-14052.exe (PID: 8376)
- Unicorn-60876.exe (PID: 8992)
- Unicorn-31712.exe (PID: 8028)
- Unicorn-6055.exe (PID: 8532)
- Unicorn-54509.exe (PID: 8520)
- Unicorn-44805.exe (PID: 1168)
- Unicorn-51311.exe (PID: 8136)
- Unicorn-7939.exe (PID: 8320)
- Unicorn-54571.exe (PID: 8436)
- Unicorn-52672.exe (PID: 8344)
- Unicorn-46149.exe (PID: 1348)
- Unicorn-60492.exe (PID: 8548)
- Unicorn-39517.exe (PID: 8568)
- Unicorn-41835.exe (PID: 7788)
- Unicorn-7450.exe (PID: 9232)
- Unicorn-14052.exe (PID: 8384)
- Unicorn-21135.exe (PID: 7496)
- Unicorn-55469.exe (PID: 8620)
- Unicorn-48188.exe (PID: 8868)
- Unicorn-37135.exe (PID: 8176)
- Unicorn-39951.exe (PID: 8160)
- Unicorn-40891.exe (PID: 7932)
- Unicorn-32361.exe (PID: 7872)
- Unicorn-44421.exe (PID: 7944)
- Unicorn-40787.exe (PID: 8396)
- Unicorn-43248.exe (PID: 9436)
- Unicorn-3196.exe (PID: 8000)
- Unicorn-60684.exe (PID: 9084)
- Unicorn-8690.exe (PID: 8540)
- Unicorn-30751.exe (PID: 8472)
- Unicorn-23098.exe (PID: 8404)
- Unicorn-22657.exe (PID: 9952)
- Unicorn-5936.exe (PID: 9968)
- Unicorn-522.exe (PID: 8560)
- Unicorn-43113.exe (PID: 7648)
- Unicorn-6902.exe (PID: 7952)
- Unicorn-41908.exe (PID: 9944)
- Unicorn-62063.exe (PID: 7808)
- Unicorn-49797.exe (PID: 8360)
- Unicorn-48645.exe (PID: 9600)
- Unicorn-43513.exe (PID: 9444)
- Unicorn-15182.exe (PID: 9904)
- Unicorn-43195.exe (PID: 8412)
- Unicorn-33980.exe (PID: 11256)
- Unicorn-22994.exe (PID: 9872)
- Unicorn-64877.exe (PID: 8720)
- Unicorn-37535.exe (PID: 924)
- Unicorn-51224.exe (PID: 10092)
- Unicorn-48815.exe (PID: 10052)
- Unicorn-55054.exe (PID: 9880)
- Unicorn-50098.exe (PID: 9136)
- Unicorn-39481.exe (PID: 872)
- Unicorn-13912.exe (PID: 10220)
- Unicorn-42323.exe (PID: 8876)
- Unicorn-7804.exe (PID: 9152)
- Unicorn-56791.exe (PID: 10124)
- Unicorn-36409.exe (PID: 10600)
- Unicorn-26409.exe (PID: 9340)
- Unicorn-61193.exe (PID: 9472)
- Unicorn-25568.exe (PID: 9224)
- Unicorn-50477.exe (PID: 9772)
- Unicorn-13995.exe (PID: 11044)
- Unicorn-20737.exe (PID: 9712)
- Unicorn-42723.exe (PID: 10952)
- Unicorn-1276.exe (PID: 9744)
- Unicorn-61384.exe (PID: 9896)
- Unicorn-22273.exe (PID: 10080)
- Unicorn-18625.exe (PID: 9324)
- Unicorn-44067.exe (PID: 10996)
- Unicorn-18778.exe (PID: 8356)
- Unicorn-41458.exe (PID: 9572)
- Unicorn-4083.exe (PID: 8896)
- Unicorn-32745.exe (PID: 8168)
- Unicorn-31209.exe (PID: 10532)
- Unicorn-4623.exe (PID: 11540)
- Unicorn-51748.exe (PID: 10276)
- Unicorn-24964.exe (PID: 12452)
- Unicorn-25428.exe (PID: 11020)
- Unicorn-23049.exe (PID: 10248)
- Unicorn-31785.exe (PID: 8060)
- Unicorn-5744.exe (PID: 10032)
- Unicorn-23703.exe (PID: 12484)
- Unicorn-45192.exe (PID: 12504)
- Unicorn-49635.exe (PID: 9452)
- Unicorn-17539.exe (PID: 8336)
- Unicorn-43055.exe (PID: 5112)
- Unicorn-19289.exe (PID: 9096)
- Unicorn-52620.exe (PID: 11588)
- Unicorn-2186.exe (PID: 8920)
- Unicorn-43055.exe (PID: 1532)
- Unicorn-19651.exe (PID: 7976)
- Unicorn-35378.exe (PID: 13288)
- Unicorn-31816.exe (PID: 11360)
- Unicorn-3352.exe (PID: 10836)
- Unicorn-64265.exe (PID: 744)
- Unicorn-49932.exe (PID: 11004)
- Unicorn-43376.exe (PID: 13144)
- Unicorn-731.exe (PID: 11520)
- Unicorn-7752.exe (PID: 7300)
- Unicorn-63652.exe (PID: 6816)
- Unicorn-31451.exe (PID: 9516)
- Unicorn-21485.exe (PID: 14140)
- Unicorn-21485.exe (PID: 14132)
- Unicorn-44312.exe (PID: 11468)
- Unicorn-10895.exe (PID: 13128)
- Unicorn-31209.exe (PID: 10524)
- Unicorn-48780.exe (PID: 10920)
- Unicorn-64125.exe (PID: 9400)
- Unicorn-12672.exe (PID: 10892)
- Unicorn-19842.exe (PID: 9788)
- Unicorn-34914.exe (PID: 10312)
- Unicorn-7420.exe (PID: 9196)
- Unicorn-28915.exe (PID: 10160)
- Unicorn-58075.exe (PID: 10144)
- Unicorn-25950.exe (PID: 11348)
- Unicorn-30331.exe (PID: 11068)
- Unicorn-25973.exe (PID: 9780)
- Unicorn-3274.exe (PID: 1672)
- Unicorn-43055.exe (PID: 10212)
- Unicorn-14488.exe (PID: 10020)
- Unicorn-64033.exe (PID: 10256)
- Unicorn-10892.exe (PID: 10308)
- Unicorn-3251.exe (PID: 15064)
- Unicorn-58574.exe (PID: 15056)
- Unicorn-9314.exe (PID: 10192)
- Unicorn-26552.exe (PID: 12192)
- Unicorn-10683.exe (PID: 11608)
- Unicorn-27485.exe (PID: 5364)
- Unicorn-43269.exe (PID: 10580)
- Unicorn-11175.exe (PID: 12404)
- Unicorn-10334.exe (PID: 4868)
- Unicorn-47219.exe (PID: 11184)
- Unicorn-43461.exe (PID: 10544)
- Unicorn-17564.exe (PID: 12688)
- Unicorn-32150.exe (PID: 12256)
- Unicorn-52976.exe (PID: 12628)
- Unicorn-24386.exe (PID: 12724)
- Unicorn-43006.exe (PID: 13024)
- Unicorn-21313.exe (PID: 9912)
- Unicorn-55774.exe (PID: 15072)
- Unicorn-9911.exe (PID: 11060)
- Unicorn-22547.exe (PID: 11212)
- Unicorn-12306.exe (PID: 11848)
- Unicorn-28971.exe (PID: 9176)
- Unicorn-21866.exe (PID: 11368)
- Unicorn-36283.exe (PID: 11220)
- Unicorn-2464.exe (PID: 7836)
- Unicorn-30331.exe (PID: 11076)
- Unicorn-23259.exe (PID: 9864)
- Unicorn-43055.exe (PID: 10236)
- Unicorn-8463.exe (PID: 9528)
- Unicorn-62656.exe (PID: 10180)
- Unicorn-47279.exe (PID: 9696)
- Unicorn-29294.exe (PID: 9160)
- Unicorn-9911.exe (PID: 11052)
- Unicorn-17103.exe (PID: 9120)
- Unicorn-49709.exe (PID: 9624)
- Unicorn-42989.exe (PID: 11304)
- Unicorn-65329.exe (PID: 11528)
- Unicorn-51385.exe (PID: 11232)
- Unicorn-54670.exe (PID: 9660)
- Unicorn-46786.exe (PID: 4284)
- Unicorn-18625.exe (PID: 9316)
- Unicorn-18486.exe (PID: 14192)
- Unicorn-21101.exe (PID: 13112)
- Unicorn-46061.exe (PID: 9252)
- Unicorn-18677.exe (PID: 11272)
- Unicorn-43055.exe (PID: 516)
- Unicorn-12934.exe (PID: 11900)
- Unicorn-28691.exe (PID: 9552)
- Unicorn-43055.exe (PID: 2192)
- Unicorn-28241.exe (PID: 10616)
- Unicorn-65472.exe (PID: 11868)
- Unicorn-5360.exe (PID: 9752)
- Unicorn-49932.exe (PID: 11012)
- Unicorn-48526.exe (PID: 10228)
- Unicorn-12934.exe (PID: 11908)
- Unicorn-7750.exe (PID: 13912)
- Unicorn-26553.exe (PID: 12332)
- Unicorn-39791.exe (PID: 9272)
- Unicorn-36125.exe (PID: 12620)
- Unicorn-50041.exe (PID: 8208)
- Unicorn-7750.exe (PID: 14148)
- Unicorn-60591.exe (PID: 9824)
- Unicorn-61400.exe (PID: 900)
- Unicorn-43055.exe (PID: 536)
- Unicorn-56218.exe (PID: 12040)
- Unicorn-64106.exe (PID: 16276)
- Unicorn-23646.exe (PID: 11036)
- Unicorn-23049.exe (PID: 10488)
- Unicorn-28342.exe (PID: 8420)
- Unicorn-34554.exe (PID: 10940)
- Unicorn-24224.exe (PID: 11548)
- Unicorn-53168.exe (PID: 12564)
- Unicorn-23318.exe (PID: 13184)
- Unicorn-31889.exe (PID: 11420)
- Unicorn-45886.exe (PID: 12280)
- Unicorn-37300.exe (PID: 10300)
- Unicorn-52208.exe (PID: 12412)
- Unicorn-41267.exe (PID: 10988)
- Unicorn-22639.exe (PID: 14672)
- Unicorn-54784.exe (PID: 11672)
- Unicorn-28795.exe (PID: 10608)
- Unicorn-51157.exe (PID: 11296)
- Unicorn-31749.exe (PID: 10852)
- Unicorn-24878.exe (PID: 7904)
- Unicorn-14958.exe (PID: 13304)
- Unicorn-19702.exe (PID: 6644)
- Unicorn-20353.exe (PID: 9508)
Executes application which crashes
- Unicorn-29097.exe (PID: 9652)
INFO
The sample compiled with chinese language support
- 1 (1325).exe (PID: 1276)
Reads the computer name
- 1 (1325).exe (PID: 1276)
- Unicorn-559.exe (PID: 6184)
- Unicorn-6060.exe (PID: 6372)
- Unicorn-41229.exe (PID: 2320)
- Unicorn-60985.exe (PID: 920)
- Unicorn-40439.exe (PID: 6656)
- Unicorn-26149.exe (PID: 2096)
- Unicorn-19330.exe (PID: 1188)
- Unicorn-32729.exe (PID: 1660)
- Unicorn-50911.exe (PID: 5176)
- Unicorn-49428.exe (PID: 5392)
- Unicorn-13076.exe (PID: 2240)
- Unicorn-13076.exe (PID: 2420)
- Unicorn-42328.exe (PID: 5384)
- Unicorn-1940.exe (PID: 1240)
- Unicorn-5463.exe (PID: 2268)
- Unicorn-20306.exe (PID: 3300)
- Unicorn-6600.exe (PID: 7192)
- Unicorn-32641.exe (PID: 7288)
- Unicorn-7752.exe (PID: 7300)
- Unicorn-470.exe (PID: 7200)
- Unicorn-45256.exe (PID: 7316)
- Unicorn-7560.exe (PID: 7344)
- Unicorn-35499.exe (PID: 7660)
- Unicorn-21135.exe (PID: 7496)
- Unicorn-42463.exe (PID: 7368)
- Unicorn-57337.exe (PID: 7480)
- Unicorn-43039.exe (PID: 7504)
- Unicorn-62341.exe (PID: 7536)
- Unicorn-35691.exe (PID: 7864)
- Unicorn-63128.exe (PID: 7520)
- Unicorn-52589.exe (PID: 7916)
- Unicorn-13476.exe (PID: 8512)
- Unicorn-14052.exe (PID: 8376)
- Unicorn-8690.exe (PID: 8540)
- Unicorn-46149.exe (PID: 1348)
- Unicorn-28342.exe (PID: 8420)
- Unicorn-55469.exe (PID: 8620)
- Unicorn-39951.exe (PID: 8160)
- Unicorn-3196.exe (PID: 8000)
- Unicorn-43248.exe (PID: 9436)
- Unicorn-5936.exe (PID: 9968)
- Unicorn-43513.exe (PID: 9444)
- Unicorn-62063.exe (PID: 7808)
- Unicorn-33980.exe (PID: 11256)
- Unicorn-51224.exe (PID: 10092)
- Unicorn-25568.exe (PID: 9224)
- Unicorn-48815.exe (PID: 10052)
- Unicorn-43195.exe (PID: 8412)
- Unicorn-39481.exe (PID: 872)
- Unicorn-8588.exe (PID: 10884)
- Unicorn-7804.exe (PID: 9152)
- Unicorn-43055.exe (PID: 1532)
- Unicorn-50477.exe (PID: 9772)
- Unicorn-18778.exe (PID: 8356)
- Unicorn-24878.exe (PID: 7904)
- Unicorn-61384.exe (PID: 9896)
- Unicorn-5744.exe (PID: 10032)
- Unicorn-51748.exe (PID: 10276)
- Unicorn-19289.exe (PID: 9096)
- Unicorn-35378.exe (PID: 13288)
- Unicorn-31451.exe (PID: 9516)
- Unicorn-7750.exe (PID: 14148)
- Unicorn-10895.exe (PID: 13128)
- Unicorn-43055.exe (PID: 10212)
- Unicorn-62656.exe (PID: 10180)
- Unicorn-43269.exe (PID: 10580)
- Unicorn-30331.exe (PID: 11068)
- Unicorn-7420.exe (PID: 9196)
- Unicorn-11066.exe (PID: 12644)
- Unicorn-12672.exe (PID: 10892)
- Unicorn-9911.exe (PID: 11052)
Checks supported languages
- Unicorn-6060.exe (PID: 6372)
- 1 (1325).exe (PID: 1276)
- Unicorn-41229.exe (PID: 2320)
- Unicorn-559.exe (PID: 6184)
- Unicorn-60985.exe (PID: 920)
- Unicorn-46569.exe (PID: 1812)
- Unicorn-50580.exe (PID: 4268)
- Unicorn-34871.exe (PID: 5512)
- Unicorn-8395.exe (PID: 6872)
- Unicorn-28261.exe (PID: 4120)
- Unicorn-19330.exe (PID: 1188)
- Unicorn-36429.exe (PID: 1328)
- Unicorn-52063.exe (PID: 5400)
- Unicorn-40705.exe (PID: 4244)
- Unicorn-5463.exe (PID: 2268)
- Unicorn-47247.exe (PID: 6248)
- Unicorn-24067.exe (PID: 3332)
- Unicorn-22361.exe (PID: 5352)
- Unicorn-64161.exe (PID: 7176)
- Unicorn-31878.exe (PID: 7276)
- Unicorn-26318.exe (PID: 7332)
- Unicorn-36895.exe (PID: 7352)
- Unicorn-7560.exe (PID: 7344)
- Unicorn-3476.exe (PID: 7360)
- Unicorn-42463.exe (PID: 7368)
- Unicorn-1120.exe (PID: 7528)
- Unicorn-14119.exe (PID: 7552)
- Unicorn-12723.exe (PID: 7596)
- Unicorn-5780.exe (PID: 7732)
- Unicorn-43113.exe (PID: 7648)
- Unicorn-3196.exe (PID: 8000)
- Unicorn-52589.exe (PID: 7916)
- Unicorn-29045.exe (PID: 8112)
- Unicorn-18555.exe (PID: 8008)
- Unicorn-31712.exe (PID: 8028)
- Unicorn-45552.exe (PID: 8152)
- Unicorn-37135.exe (PID: 8176)
- Unicorn-50041.exe (PID: 8208)
- Unicorn-19681.exe (PID: 8628)
- Unicorn-17539.exe (PID: 8336)
- Unicorn-14052.exe (PID: 8384)
- Unicorn-43195.exe (PID: 8412)
- Unicorn-40787.exe (PID: 8396)
- Unicorn-39517.exe (PID: 8568)
- Unicorn-60876.exe (PID: 8992)
- Unicorn-4083.exe (PID: 8896)
- Unicorn-52672.exe (PID: 8344)
- Unicorn-13476.exe (PID: 8512)
- Unicorn-48188.exe (PID: 8868)
- Unicorn-28971.exe (PID: 9176)
- Unicorn-7804.exe (PID: 9152)
- Unicorn-19289.exe (PID: 9096)
- Unicorn-61400.exe (PID: 900)
- Unicorn-18778.exe (PID: 8356)
- Unicorn-19702.exe (PID: 6644)
- Unicorn-39791.exe (PID: 9272)
- Unicorn-47981.exe (PID: 9368)
- Unicorn-26409.exe (PID: 9340)
- Unicorn-43513.exe (PID: 9444)
- Unicorn-5360.exe (PID: 9752)
- Unicorn-31451.exe (PID: 9516)
- Unicorn-41908.exe (PID: 9944)
- Unicorn-8463.exe (PID: 9528)
- Unicorn-28691.exe (PID: 9552)
- Unicorn-23049.exe (PID: 10248)
- Unicorn-47279.exe (PID: 9696)
- Unicorn-43055.exe (PID: 536)
- Unicorn-25973.exe (PID: 9780)
- Unicorn-19842.exe (PID: 9788)
- Unicorn-50477.exe (PID: 9772)
- Unicorn-15182.exe (PID: 9904)
- Unicorn-9314.exe (PID: 10192)
- Unicorn-62656.exe (PID: 10180)
- Unicorn-13912.exe (PID: 10220)
- Unicorn-43055.exe (PID: 5112)
- Unicorn-43055.exe (PID: 2192)
- Unicorn-60591.exe (PID: 9824)
- Unicorn-28795.exe (PID: 10608)
- Unicorn-31209.exe (PID: 10532)
- Unicorn-56791.exe (PID: 10124)
- Unicorn-58075.exe (PID: 10144)
- Unicorn-22273.exe (PID: 10080)
- Unicorn-3714.exe (PID: 10204)
- Unicorn-43055.exe (PID: 516)
- Unicorn-43269.exe (PID: 10580)
- Unicorn-64033.exe (PID: 10256)
- Unicorn-3352.exe (PID: 10836)
- Unicorn-14488.exe (PID: 10020)
- Unicorn-4208.exe (PID: 9680)
- Unicorn-33980.exe (PID: 11256)
- Unicorn-39481.exe (PID: 872)
- Unicorn-34554.exe (PID: 10940)
- Unicorn-12672.exe (PID: 10892)
- Unicorn-20841.exe (PID: 10876)
- Unicorn-24930.exe (PID: 11028)
- Unicorn-23646.exe (PID: 11036)
- Unicorn-9911.exe (PID: 11052)
- Unicorn-30331.exe (PID: 11068)
- Unicorn-31784.exe (PID: 11248)
- Unicorn-48526.exe (PID: 10228)
- Unicorn-8951.exe (PID: 10172)
- Unicorn-56585.exe (PID: 11328)
- Unicorn-31889.exe (PID: 11420)
- Unicorn-44312.exe (PID: 11468)
- Unicorn-65329.exe (PID: 11528)
- Unicorn-27618.exe (PID: 11596)
- Unicorn-24964.exe (PID: 12452)
- Unicorn-45192.exe (PID: 12504)
- Unicorn-45628.exe (PID: 11748)
- Unicorn-38255.exe (PID: 11640)
- Unicorn-12934.exe (PID: 11908)
- Unicorn-12306.exe (PID: 11848)
- Unicorn-6131.exe (PID: 12136)
- Unicorn-32150.exe (PID: 12240)
- Unicorn-32150.exe (PID: 12248)
- Unicorn-32150.exe (PID: 12256)
- Unicorn-22660.exe (PID: 12164)
- Unicorn-56271.exe (PID: 1600)
- Unicorn-10334.exe (PID: 4868)
- Unicorn-26553.exe (PID: 12332)
- Unicorn-52208.exe (PID: 12412)
- Unicorn-54784.exe (PID: 11656)
- Unicorn-11066.exe (PID: 12644)
- Unicorn-63652.exe (PID: 6816)
- Unicorn-24224.exe (PID: 11548)
- Unicorn-35378.exe (PID: 13280)
- Unicorn-50812.exe (PID: 12936)
- Unicorn-17180.exe (PID: 12764)
- Unicorn-35378.exe (PID: 13288)
- Unicorn-24386.exe (PID: 12724)
- Unicorn-21101.exe (PID: 13112)
- Unicorn-53168.exe (PID: 12564)
- Unicorn-10895.exe (PID: 13128)
- Unicorn-41492.exe (PID: 12820)
- Unicorn-22416.exe (PID: 12876)
- Unicorn-1035.exe (PID: 12664)
- Unicorn-14958.exe (PID: 13304)
- Unicorn-54979.exe (PID: 13272)
- Unicorn-25924.exe (PID: 13068)
- Unicorn-4543.exe (PID: 12780)
- Unicorn-7750.exe (PID: 14208)
- Unicorn-7750.exe (PID: 13912)
- Unicorn-52976.exe (PID: 12628)
- Unicorn-7750.exe (PID: 14176)
- Unicorn-7750.exe (PID: 14216)
- Unicorn-3251.exe (PID: 15064)
- Unicorn-35378.exe (PID: 13600)
- Unicorn-15813.exe (PID: 14380)
- Unicorn-22468.exe (PID: 12184)
- Unicorn-17435.exe (PID: 14436)
- Unicorn-39602.exe (PID: 15020)
- Unicorn-58766.exe (PID: 14996)
- Unicorn-44978.exe (PID: 14892)
- Unicorn-1035.exe (PID: 12656)
- Unicorn-21678.exe (PID: 14388)
- Unicorn-16905.exe (PID: 14508)
- Unicorn-58766.exe (PID: 14980)
- Unicorn-40922.exe (PID: 12732)
- Unicorn-50724.exe (PID: 14088)
- Unicorn-370.exe (PID: 14452)
- Unicorn-19705.exe (PID: 14492)
- Unicorn-16905.exe (PID: 14500)
- Unicorn-16905.exe (PID: 14516)
- Unicorn-27351.exe (PID: 14164)
- Unicorn-8545.exe (PID: 14600)
- Unicorn-56323.exe (PID: 14608)
- Unicorn-49062.exe (PID: 14916)
- Unicorn-58139.exe (PID: 13428)
- Unicorn-18169.exe (PID: 13920)
- Unicorn-24248.exe (PID: 14972)
Create files in a temporary directory
- Unicorn-60985.exe (PID: 5332)
- Unicorn-54855.exe (PID: 5548)
- Unicorn-50580.exe (PID: 4268)
- 1 (1325).exe (PID: 1276)
- Unicorn-46569.exe (PID: 1812)
- Unicorn-41229.exe (PID: 2320)
- Unicorn-32729.exe (PID: 1660)
- Unicorn-559.exe (PID: 6184)
- Unicorn-28261.exe (PID: 4120)
- Unicorn-8395.exe (PID: 6872)
- Unicorn-40705.exe (PID: 4244)
- Unicorn-49428.exe (PID: 5392)
- Unicorn-19330.exe (PID: 1188)
- Unicorn-6060.exe (PID: 6372)
- Unicorn-53372.exe (PID: 4724)
- Unicorn-40439.exe (PID: 6656)
- Unicorn-5463.exe (PID: 2268)
- Unicorn-34871.exe (PID: 5512)
- Unicorn-42328.exe (PID: 5384)
- Unicorn-60985.exe (PID: 920)
- Unicorn-1940.exe (PID: 1240)
- Unicorn-19023.exe (PID: 664)
- Unicorn-47247.exe (PID: 6248)
- Unicorn-22361.exe (PID: 5352)
- Unicorn-50911.exe (PID: 5176)
- Unicorn-18779.exe (PID: 4560)
- Unicorn-20306.exe (PID: 3300)
- Unicorn-35957.exe (PID: 2908)
- Unicorn-24067.exe (PID: 3332)
- Unicorn-32641.exe (PID: 7288)
- Unicorn-40211.exe (PID: 4620)
- Unicorn-62905.exe (PID: 5324)
- Unicorn-64524.exe (PID: 7208)
- Unicorn-64161.exe (PID: 7176)
- Unicorn-36429.exe (PID: 1328)
- Unicorn-52063.exe (PID: 5400)
- Unicorn-470.exe (PID: 7200)
- Unicorn-33061.exe (PID: 7308)
- Unicorn-13076.exe (PID: 2240)
- Unicorn-45256.exe (PID: 7316)
- Unicorn-65121.exe (PID: 7324)
- Unicorn-26318.exe (PID: 7332)
- Unicorn-14119.exe (PID: 7552)
- Unicorn-12723.exe (PID: 7596)
- Unicorn-3476.exe (PID: 7360)
- Unicorn-4052.exe (PID: 7488)
- Unicorn-35499.exe (PID: 7660)
- Unicorn-57337.exe (PID: 7480)
- Unicorn-7560.exe (PID: 7344)
- Unicorn-13076.exe (PID: 2420)
- Unicorn-1120.exe (PID: 7528)
- Unicorn-57928.exe (PID: 5260)
- Unicorn-14612.exe (PID: 7608)
- Unicorn-29901.exe (PID: 7544)
- Unicorn-14960.exe (PID: 5164)
- Unicorn-6527.exe (PID: 7748)
- Unicorn-64545.exe (PID: 2100)
- Unicorn-43039.exe (PID: 7504)
- Unicorn-42345.exe (PID: 7512)
- Unicorn-6600.exe (PID: 7192)
- Unicorn-25516.exe (PID: 7700)
- Unicorn-18555.exe (PID: 8008)
- Unicorn-36315.exe (PID: 7756)
- Unicorn-51287.exe (PID: 7780)
- Unicorn-23949.exe (PID: 8904)
- Unicorn-8816.exe (PID: 8264)
- Unicorn-31437.exe (PID: 7824)
- Unicorn-3943.exe (PID: 8040)
- Unicorn-14908.exe (PID: 7800)
- Unicorn-27841.exe (PID: 8980)
- Unicorn-4886.exe (PID: 7772)
- Unicorn-45552.exe (PID: 8152)
- Unicorn-59257.exe (PID: 7688)
- Unicorn-60876.exe (PID: 8992)
- Unicorn-3860.exe (PID: 7268)
- Unicorn-31712.exe (PID: 8028)
- Unicorn-27051.exe (PID: 8428)
- Unicorn-14052.exe (PID: 8376)
- Unicorn-54571.exe (PID: 8436)
- Unicorn-44805.exe (PID: 1168)
- Unicorn-31878.exe (PID: 7276)
- Unicorn-46149.exe (PID: 1348)
- Unicorn-39517.exe (PID: 8568)
- Unicorn-60492.exe (PID: 8548)
- Unicorn-41835.exe (PID: 7788)
- Unicorn-52672.exe (PID: 8344)
- Unicorn-42463.exe (PID: 7368)
- Unicorn-26149.exe (PID: 2096)
- Unicorn-31785.exe (PID: 8060)
- Unicorn-44421.exe (PID: 7944)
- Unicorn-23098.exe (PID: 8404)
- Unicorn-5936.exe (PID: 9968)
- Unicorn-522.exe (PID: 8560)
- Unicorn-49797.exe (PID: 8360)
- Unicorn-48645.exe (PID: 9600)
- Unicorn-64877.exe (PID: 8720)
- Unicorn-15182.exe (PID: 9904)
- Unicorn-39481.exe (PID: 872)
- Unicorn-20737.exe (PID: 9712)
- Unicorn-62341.exe (PID: 7536)
- Unicorn-18625.exe (PID: 9324)
- Unicorn-55469.exe (PID: 8620)
- Unicorn-52589.exe (PID: 7916)
- Unicorn-23049.exe (PID: 10248)
- Unicorn-41908.exe (PID: 9944)
- Unicorn-23703.exe (PID: 12484)
- Unicorn-19681.exe (PID: 8628)
- Unicorn-17539.exe (PID: 8336)
- Unicorn-2186.exe (PID: 8920)
- Unicorn-59449.exe (PID: 7636)
- Unicorn-35378.exe (PID: 13288)
- Unicorn-22657.exe (PID: 9952)
- Unicorn-43513.exe (PID: 9444)
- Unicorn-7752.exe (PID: 7300)
- Unicorn-51748.exe (PID: 10276)
- Unicorn-10895.exe (PID: 13128)
- Unicorn-6055.exe (PID: 8532)
- Unicorn-41458.exe (PID: 9572)
- Unicorn-63128.exe (PID: 7520)
- Unicorn-61193.exe (PID: 9472)
- Unicorn-29045.exe (PID: 8112)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug, Removable run from swap, Net run from swap, Uniprocessor only, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
661
Monitored processes
526
Malicious processes
84
Suspicious processes
66
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 516 | C:\Users\admin\AppData\Local\Temp\Unicorn-43055.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43055.exe | Unicorn-4052.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 536 | C:\Users\admin\AppData\Local\Temp\Unicorn-43055.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43055.exe | Unicorn-57337.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 664 | C:\Users\admin\AppData\Local\Temp\Unicorn-19023.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19023.exe | Unicorn-26149.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 744 | C:\Users\admin\AppData\Local\Temp\Unicorn-64265.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64265.exe | Unicorn-48188.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-39481.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-39481.exe | Unicorn-22657.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 900 | C:\Users\admin\AppData\Local\Temp\Unicorn-61400.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61400.exe | Unicorn-60985.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 920 | C:\Users\admin\AppData\Local\Temp\Unicorn-60985.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60985.exe | Unicorn-559.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 924 | C:\Users\admin\AppData\Local\Temp\Unicorn-37535.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37535.exe | Unicorn-5936.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1056 | C:\Users\admin\AppData\Local\Temp\Unicorn-64106.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64106.exe | — | Unicorn-14052.exe | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1168 | C:\Users\admin\AppData\Local\Temp\Unicorn-44805.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44805.exe | Unicorn-3476.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
Total events
11 848
Read events
11 848
Write events
0
Delete events
0
Modification events
Executable files
850
Suspicious files
3
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 1276 | 1 (1325).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-6060.exe | executable | |
MD5:DC40A41A27250123FBF18290E48A8B36 | SHA256:50A8043BFDEC02AE37DB3275DFA1B198097241BC9A7C86EB46B06191E8E57C26 | |||
| 1276 | 1 (1325).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-50580.exe | executable | |
MD5:66646FA9081A0D4F97F00ADBF1B9E472 | SHA256:D1350F88DB73DE49EBC70C87B8BEB86200E819804AAFD3649D50DC500B79C20D | |||
| 5548 | Unicorn-54855.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26149.exe | executable | |
MD5:4B55E8A39C037486CDD4F1D501ED955A | SHA256:DA7A7C478D91E99503E87B371564D2A03613A7F4C86992DD44DAA46698EA3598 | |||
| 5324 | Unicorn-62905.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40705.exe | executable | |
MD5:C528B8AADDBAB5522DD699D39AC69F84 | SHA256:8A43E52BCB7FC58382B84B049E1E3DBA892E46DE460CC66DD6EACA6A00BEE502 | |||
| 5548 | Unicorn-54855.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-8395.exe | executable | |
MD5:8362E7F6BCF20FDF97190FB714224B6D | SHA256:B15DBE9441146B2923B1064F62E17F0519E489450D370BB460E274BB08E47E83 | |||
| 4724 | Unicorn-53372.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-62905.exe | executable | |
MD5:59292A52035B19F0DE2EFE0193C046CF | SHA256:2058A9C9CAF310EF1F2A03931B0C3445A64FC535A5212A6C6987BCAD5F94ECEA | |||
| 2320 | Unicorn-41229.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60985.exe | executable | |
MD5:F6B5AE6EC7DB7D2BE65262A15AD4F8ED | SHA256:5FDCB3F6B512190B4ABB768A4B2E03A12E7376795A51CB55D3D8ED39888CC775 | |||
| 2320 | Unicorn-41229.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34871.exe | executable | |
MD5:EE9BEB0FE19E02814E7F0E22A3AA939E | SHA256:F002E2FCB2C52850411B6D6334A03FC2F95602A0B6FEFBF174EF4C8849C2C909 | |||
| 5332 | Unicorn-60985.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46569.exe | executable | |
MD5:40CC6BC3B4872C02C896F8C8A9279611 | SHA256:4A2C35DADB364DAB31145666BBB97DD7B72DC53DC636882E7152573AE3C7DD33 | |||
| 1276 | 1 (1325).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54855.exe | executable | |
MD5:B03FE5DC3AA853ADEEF40B47BD021005 | SHA256:B429F23DC226BD55F5B13F7CDAD86D5E8CE09583F3557ADFE608F9FC0CA63D2E | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
15
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
7684 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
6112 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7684 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 23.48.23.137:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 23.48.23.137:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2104 | svchost.exe | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2112 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.159.4:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
6112 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |