| File name: | 1 (1278) |
| Full analysis: | https://app.any.run/tasks/dc96671c-2c0a-40b2-9a79-436a1ff3aada |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 09:39:46 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | B37AEEA05FA0B492C4848AAEEB898480 |
| SHA1: | 4944D4DEA17FB1DCA0F12A015EE327AA065A1FCB |
| SHA256: | 26F3A7182E85AAA350D07D04B328A13B9175B5020E2BD43763C62783F7EBE10A |
| SSDEEP: | 6144:xCHnNlIcDDdgK5VG8SeyV1fxytBulp8GBfLOydO/wk/8SwuwpyArEhHBbo5Dn18/:xeNWggK5I8t/BY+af6ydO/NxxDxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1278).exe (PID: 7652)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-38337.exe (PID: 3008)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-14190.exe (PID: 1132)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-35882.exe (PID: 3140)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-26395.exe (PID: 6272)
- Unicorn-41108.exe (PID: 3096)
- Unicorn-50245.exe (PID: 3888)
- Unicorn-6852.exe (PID: 5164)
- Unicorn-3282.exe (PID: 4652)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-20387.exe (PID: 7208)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-45768.exe (PID: 7244)
- Unicorn-31469.exe (PID: 5308)
- Unicorn-58534.exe (PID: 7916)
- Unicorn-20024.exe (PID: 8156)
- Unicorn-26718.exe (PID: 2564)
- Unicorn-52971.exe (PID: 536)
- Unicorn-47818.exe (PID: 896)
- Unicorn-47818.exe (PID: 2560)
- Unicorn-29344.exe (PID: 6392)
- Unicorn-5202.exe (PID: 2140)
- Unicorn-29344.exe (PID: 3884)
- Unicorn-45166.exe (PID: 7556)
- Unicorn-11662.exe (PID: 516)
- Unicorn-53848.exe (PID: 3676)
- Unicorn-43027.exe (PID: 6388)
- Unicorn-58901.exe (PID: 968)
- Unicorn-65031.exe (PID: 5548)
- Unicorn-40889.exe (PID: 7192)
- Unicorn-54625.exe (PID: 6192)
- Unicorn-3941.exe (PID: 3240)
- Unicorn-60755.exe (PID: 7184)
- Unicorn-37403.exe (PID: 2236)
- Unicorn-62462.exe (PID: 4980)
- Unicorn-20526.exe (PID: 5728)
- Unicorn-34004.exe (PID: 6148)
- Unicorn-35000.exe (PID: 1184)
- Unicorn-44018.exe (PID: 1188)
- Unicorn-5970.exe (PID: 6344)
- Unicorn-29134.exe (PID: 5008)
- Unicorn-41487.exe (PID: 6644)
- Unicorn-41487.exe (PID: 2800)
- Unicorn-50148.exe (PID: 7360)
- Unicorn-2597.exe (PID: 8044)
- Unicorn-10350.exe (PID: 4628)
- Unicorn-49608.exe (PID: 5084)
- Unicorn-15010.exe (PID: 7460)
- Unicorn-6074.exe (PID: 7152)
- Unicorn-33893.exe (PID: 7300)
- Unicorn-49183.exe (PID: 7872)
- Unicorn-12234.exe (PID: 7696)
- Unicorn-50615.exe (PID: 1764)
- Unicorn-14304.exe (PID: 2244)
- Unicorn-41700.exe (PID: 6040)
- Unicorn-41975.exe (PID: 872)
- Unicorn-50615.exe (PID: 5556)
- Unicorn-14455.exe (PID: 7484)
- Unicorn-7719.exe (PID: 3032)
- Unicorn-62950.exe (PID: 8128)
- Unicorn-46806.exe (PID: 2980)
- Unicorn-13002.exe (PID: 8232)
- Unicorn-55166.exe (PID: 8592)
- Unicorn-41975.exe (PID: 8168)
- Unicorn-7055.exe (PID: 8340)
- Unicorn-925.exe (PID: 8332)
- Unicorn-37699.exe (PID: 8216)
- Unicorn-11148.exe (PID: 2288)
- Unicorn-13647.exe (PID: 8280)
- Unicorn-45675.exe (PID: 8264)
- Unicorn-22048.exe (PID: 8288)
- Unicorn-39545.exe (PID: 8240)
- Unicorn-62011.exe (PID: 8252)
- Unicorn-18047.exe (PID: 8420)
- Unicorn-43812.exe (PID: 8364)
- Unicorn-26360.exe (PID: 8084)
- Unicorn-46635.exe (PID: 8440)
- Unicorn-24168.exe (PID: 8412)
- Unicorn-43511.exe (PID: 8668)
- Unicorn-46827.exe (PID: 8372)
- Unicorn-15146.exe (PID: 8476)
- Unicorn-58814.exe (PID: 8388)
- Unicorn-43297.exe (PID: 8396)
- Unicorn-14922.exe (PID: 8640)
- Unicorn-32394.exe (PID: 6816)
- Unicorn-17946.exe (PID: 8468)
- Unicorn-21254.exe (PID: 8380)
- Unicorn-36883.exe (PID: 8520)
- Unicorn-62779.exe (PID: 8576)
- Unicorn-14922.exe (PID: 8632)
- Unicorn-31813.exe (PID: 8740)
- Unicorn-30281.exe (PID: 8648)
- Unicorn-38550.exe (PID: 8624)
- Unicorn-47595.exe (PID: 8684)
- Unicorn-39789.exe (PID: 8812)
- Unicorn-18052.exe (PID: 8768)
- Unicorn-7117.exe (PID: 8776)
- Unicorn-63931.exe (PID: 8720)
- Unicorn-36412.exe (PID: 8660)
- Unicorn-2286.exe (PID: 8872)
- Unicorn-49441.exe (PID: 8840)
- Unicorn-34886.exe (PID: 8804)
- Unicorn-65171.exe (PID: 8888)
- Unicorn-23812.exe (PID: 8504)
- Unicorn-53194.exe (PID: 8964)
- Unicorn-54393.exe (PID: 9048)
- Unicorn-64424.exe (PID: 8920)
- Unicorn-41434.exe (PID: 9128)
- Unicorn-6946.exe (PID: 9172)
- Unicorn-52447.exe (PID: 9004)
- Unicorn-18966.exe (PID: 9188)
- Unicorn-11397.exe (PID: 6108)
- Unicorn-3822.exe (PID: 9220)
- Unicorn-9944.exe (PID: 8980)
- Unicorn-7667.exe (PID: 9272)
- Unicorn-28903.exe (PID: 9356)
- Unicorn-36141.exe (PID: 9412)
- Unicorn-9982.exe (PID: 9456)
- Unicorn-53351.exe (PID: 9484)
- Unicorn-314.exe (PID: 9500)
- Unicorn-44383.exe (PID: 9604)
- Unicorn-24517.exe (PID: 9612)
- Unicorn-40683.exe (PID: 9540)
- Unicorn-42437.exe (PID: 9572)
- Unicorn-22654.exe (PID: 9656)
- Unicorn-29884.exe (PID: 9716)
Executable content was dropped or overwritten
- 1 (1278).exe (PID: 7652)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-38337.exe (PID: 3008)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-14190.exe (PID: 1132)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-35882.exe (PID: 3140)
- Unicorn-41108.exe (PID: 3096)
- Unicorn-26718.exe (PID: 2564)
- Unicorn-6852.exe (PID: 5164)
- Unicorn-20387.exe (PID: 7208)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-45768.exe (PID: 7244)
- Unicorn-58534.exe (PID: 7916)
- Unicorn-20024.exe (PID: 8156)
- Unicorn-26360.exe (PID: 8084)
- Unicorn-2597.exe (PID: 8044)
- Unicorn-52971.exe (PID: 536)
- Unicorn-47818.exe (PID: 896)
- Unicorn-47818.exe (PID: 2560)
- Unicorn-29344.exe (PID: 6392)
- Unicorn-53848.exe (PID: 3676)
- Unicorn-29344.exe (PID: 3884)
- Unicorn-50245.exe (PID: 3888)
- Unicorn-45166.exe (PID: 7556)
- Unicorn-43027.exe (PID: 6388)
- Unicorn-3282.exe (PID: 4652)
- Unicorn-58901.exe (PID: 968)
- Unicorn-65031.exe (PID: 5548)
- Unicorn-40889.exe (PID: 7192)
- Unicorn-54625.exe (PID: 6192)
- Unicorn-20526.exe (PID: 5728)
- Unicorn-11662.exe (PID: 516)
- Unicorn-3941.exe (PID: 3240)
- Unicorn-60755.exe (PID: 7184)
- Unicorn-37403.exe (PID: 2236)
- Unicorn-62462.exe (PID: 4980)
- Unicorn-5970.exe (PID: 6344)
- Unicorn-29134.exe (PID: 5008)
- Unicorn-41487.exe (PID: 2800)
- Unicorn-34004.exe (PID: 6148)
- Unicorn-41487.exe (PID: 6644)
- Unicorn-44018.exe (PID: 1188)
- Unicorn-31469.exe (PID: 5308)
- Unicorn-50148.exe (PID: 7360)
- Unicorn-10350.exe (PID: 4628)
- Unicorn-6074.exe (PID: 7152)
- Unicorn-33893.exe (PID: 7300)
- Unicorn-49608.exe (PID: 5084)
- Unicorn-14304.exe (PID: 2244)
- Unicorn-32394.exe (PID: 6816)
- Unicorn-15010.exe (PID: 7460)
- Unicorn-49183.exe (PID: 7872)
- Unicorn-12234.exe (PID: 7696)
- Unicorn-50615.exe (PID: 1764)
- Unicorn-26395.exe (PID: 6272)
- Unicorn-41700.exe (PID: 6040)
- Unicorn-50615.exe (PID: 5556)
- Unicorn-41975.exe (PID: 872)
- Unicorn-7719.exe (PID: 3032)
- Unicorn-5202.exe (PID: 2140)
- Unicorn-14455.exe (PID: 7484)
- Unicorn-62950.exe (PID: 8128)
- Unicorn-13002.exe (PID: 8232)
- Unicorn-41975.exe (PID: 8168)
- Unicorn-55166.exe (PID: 8592)
- Unicorn-925.exe (PID: 8332)
- Unicorn-11148.exe (PID: 2288)
- Unicorn-62011.exe (PID: 8252)
- Unicorn-7055.exe (PID: 8340)
- Unicorn-45675.exe (PID: 8264)
- Unicorn-39545.exe (PID: 8240)
- Unicorn-24168.exe (PID: 8412)
- Unicorn-43511.exe (PID: 8668)
- Unicorn-22048.exe (PID: 8288)
- Unicorn-43812.exe (PID: 8364)
- Unicorn-46635.exe (PID: 8440)
- Unicorn-17946.exe (PID: 8468)
- Unicorn-23812.exe (PID: 8504)
- Unicorn-18047.exe (PID: 8420)
- Unicorn-15146.exe (PID: 8476)
- Unicorn-46827.exe (PID: 8372)
- Unicorn-43297.exe (PID: 8396)
- Unicorn-14922.exe (PID: 8640)
- Unicorn-62779.exe (PID: 8576)
- Unicorn-21254.exe (PID: 8380)
- Unicorn-14922.exe (PID: 8632)
- Unicorn-38550.exe (PID: 8624)
- Unicorn-31813.exe (PID: 8740)
- Unicorn-47595.exe (PID: 8684)
- Unicorn-39789.exe (PID: 8812)
- Unicorn-18052.exe (PID: 8768)
- Unicorn-7117.exe (PID: 8776)
- Unicorn-63931.exe (PID: 8720)
- Unicorn-2286.exe (PID: 8872)
- Unicorn-36412.exe (PID: 8660)
- Unicorn-34886.exe (PID: 8804)
- Unicorn-65171.exe (PID: 8888)
- Unicorn-53194.exe (PID: 8964)
- Unicorn-49441.exe (PID: 8840)
- Unicorn-54393.exe (PID: 9048)
- Unicorn-64424.exe (PID: 8920)
- Unicorn-11222.exe (PID: 9076)
- Unicorn-6946.exe (PID: 9172)
- Unicorn-18966.exe (PID: 9188)
- Unicorn-52447.exe (PID: 9004)
- Unicorn-11397.exe (PID: 6108)
- Unicorn-3822.exe (PID: 9220)
- Unicorn-9944.exe (PID: 8980)
- Unicorn-7667.exe (PID: 9272)
- Unicorn-35000.exe (PID: 1184)
- Unicorn-28903.exe (PID: 9356)
- Unicorn-46806.exe (PID: 2980)
- Unicorn-58814.exe (PID: 8388)
- Unicorn-36141.exe (PID: 9412)
- Unicorn-9982.exe (PID: 9456)
- Unicorn-314.exe (PID: 9500)
- Unicorn-53351.exe (PID: 9484)
- Unicorn-44383.exe (PID: 9604)
- Unicorn-40683.exe (PID: 9540)
- Unicorn-24517.exe (PID: 9612)
- Unicorn-42437.exe (PID: 9572)
- Unicorn-29884.exe (PID: 9716)
- Unicorn-54196.exe (PID: 9764)
- Unicorn-32113.exe (PID: 9688)
- Unicorn-36883.exe (PID: 8520)
- Unicorn-30281.exe (PID: 8648)
- Unicorn-22654.exe (PID: 9656)
- Unicorn-62810.exe (PID: 9868)
- Unicorn-41434.exe (PID: 9128)
- Unicorn-14398.exe (PID: 9956)
- Unicorn-50771.exe (PID: 10000)
- Unicorn-48394.exe (PID: 10060)
- Unicorn-61745.exe (PID: 10148)
- Unicorn-31673.exe (PID: 10124)
- Unicorn-13647.exe (PID: 8280)
- Unicorn-26057.exe (PID: 10100)
- Unicorn-39789.exe (PID: 9844)
- Unicorn-52582.exe (PID: 10192)
- Unicorn-18591.exe (PID: 10220)
- Unicorn-54279.exe (PID: 9068)
- Unicorn-55396.exe (PID: 6228)
- Unicorn-54279.exe (PID: 9100)
- Unicorn-65462.exe (PID: 4932)
- Unicorn-11357.exe (PID: 9092)
- Unicorn-52198.exe (PID: 3396)
- Unicorn-46717.exe (PID: 10204)
- Unicorn-57294.exe (PID: 9028)
- Unicorn-36489.exe (PID: 9952)
- Unicorn-15514.exe (PID: 9480)
- Unicorn-57434.exe (PID: 10324)
- Unicorn-44980.exe (PID: 10252)
- Unicorn-5108.exe (PID: 9996)
- Unicorn-65078.exe (PID: 10272)
- Unicorn-16069.exe (PID: 9640)
- Unicorn-32597.exe (PID: 5452)
- Unicorn-41642.exe (PID: 5036)
- Unicorn-15322.exe (PID: 10080)
- Unicorn-19141.exe (PID: 10280)
- Unicorn-37699.exe (PID: 8216)
- Unicorn-39125.exe (PID: 10380)
- Unicorn-32233.exe (PID: 10332)
- Unicorn-50963.exe (PID: 10420)
- Unicorn-49339.exe (PID: 10396)
- Unicorn-34818.exe (PID: 10308)
- Unicorn-63629.exe (PID: 10452)
- Unicorn-9375.exe (PID: 10428)
- Unicorn-61954.exe (PID: 10492)
- Unicorn-41591.exe (PID: 10536)
- Unicorn-61954.exe (PID: 10500)
- Unicorn-21990.exe (PID: 10528)
- Unicorn-16837.exe (PID: 10552)
- Unicorn-11820.exe (PID: 10360)
- Unicorn-45426.exe (PID: 10592)
- Unicorn-47425.exe (PID: 9860)
- Unicorn-49832.exe (PID: 10644)
- Unicorn-15514.exe (PID: 9452)
- Unicorn-23172.exe (PID: 10912)
- Unicorn-59161.exe (PID: 10600)
- Unicorn-63245.exe (PID: 10628)
- Unicorn-46215.exe (PID: 10708)
- Unicorn-46215.exe (PID: 10700)
- Unicorn-24366.exe (PID: 10652)
- Unicorn-16837.exe (PID: 10544)
- Unicorn-833.exe (PID: 10780)
- Unicorn-11112.exe (PID: 10840)
- Unicorn-31916.exe (PID: 10728)
- Unicorn-38047.exe (PID: 10744)
- Unicorn-37284.exe (PID: 10720)
- Unicorn-30564.exe (PID: 10828)
- Unicorn-49832.exe (PID: 10636)
- Unicorn-9821.exe (PID: 10792)
Executes application which crashes
- Unicorn-10189.exe (PID: 8852)
INFO
The sample compiled with chinese language support
- 1 (1278).exe (PID: 7652)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-38337.exe (PID: 3008)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-14190.exe (PID: 1132)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-35882.exe (PID: 3140)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-41108.exe (PID: 3096)
- Unicorn-26718.exe (PID: 2564)
- Unicorn-6852.exe (PID: 5164)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-20387.exe (PID: 7208)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-58534.exe (PID: 7916)
- Unicorn-20024.exe (PID: 8156)
- Unicorn-45768.exe (PID: 7244)
- Unicorn-2597.exe (PID: 8044)
- Unicorn-52971.exe (PID: 536)
- Unicorn-47818.exe (PID: 896)
- Unicorn-47818.exe (PID: 2560)
- Unicorn-29344.exe (PID: 6392)
- Unicorn-26360.exe (PID: 8084)
- Unicorn-3282.exe (PID: 4652)
- Unicorn-29344.exe (PID: 3884)
- Unicorn-50245.exe (PID: 3888)
- Unicorn-45166.exe (PID: 7556)
- Unicorn-11662.exe (PID: 516)
- Unicorn-53848.exe (PID: 3676)
- Unicorn-58901.exe (PID: 968)
- Unicorn-65031.exe (PID: 5548)
- Unicorn-54625.exe (PID: 6192)
- Unicorn-40889.exe (PID: 7192)
- Unicorn-43027.exe (PID: 6388)
- Unicorn-20526.exe (PID: 5728)
- Unicorn-3941.exe (PID: 3240)
- Unicorn-60755.exe (PID: 7184)
- Unicorn-37403.exe (PID: 2236)
- Unicorn-62462.exe (PID: 4980)
- Unicorn-34004.exe (PID: 6148)
- Unicorn-44018.exe (PID: 1188)
- Unicorn-5970.exe (PID: 6344)
- Unicorn-29134.exe (PID: 5008)
- Unicorn-41487.exe (PID: 6644)
- Unicorn-41487.exe (PID: 2800)
- Unicorn-31469.exe (PID: 5308)
- Unicorn-50148.exe (PID: 7360)
- Unicorn-10350.exe (PID: 4628)
- Unicorn-49608.exe (PID: 5084)
- Unicorn-15010.exe (PID: 7460)
- Unicorn-32394.exe (PID: 6816)
- Unicorn-6074.exe (PID: 7152)
- Unicorn-33893.exe (PID: 7300)
- Unicorn-41700.exe (PID: 6040)
- Unicorn-49183.exe (PID: 7872)
- Unicorn-50615.exe (PID: 1764)
- Unicorn-12234.exe (PID: 7696)
- Unicorn-26395.exe (PID: 6272)
- Unicorn-14304.exe (PID: 2244)
- Unicorn-41975.exe (PID: 872)
- Unicorn-14455.exe (PID: 7484)
- Unicorn-7719.exe (PID: 3032)
- Unicorn-5202.exe (PID: 2140)
- Unicorn-50615.exe (PID: 5556)
- Unicorn-55166.exe (PID: 8592)
- Unicorn-13002.exe (PID: 8232)
- Unicorn-41975.exe (PID: 8168)
- Unicorn-62950.exe (PID: 8128)
- Unicorn-7055.exe (PID: 8340)
- Unicorn-925.exe (PID: 8332)
- Unicorn-11148.exe (PID: 2288)
- Unicorn-45675.exe (PID: 8264)
- Unicorn-22048.exe (PID: 8288)
- Unicorn-39545.exe (PID: 8240)
- Unicorn-24168.exe (PID: 8412)
- Unicorn-43511.exe (PID: 8668)
- Unicorn-62011.exe (PID: 8252)
- Unicorn-18047.exe (PID: 8420)
- Unicorn-43812.exe (PID: 8364)
- Unicorn-46635.exe (PID: 8440)
- Unicorn-43297.exe (PID: 8396)
- Unicorn-14922.exe (PID: 8640)
- Unicorn-17946.exe (PID: 8468)
- Unicorn-23812.exe (PID: 8504)
- Unicorn-15146.exe (PID: 8476)
- Unicorn-46827.exe (PID: 8372)
- Unicorn-21254.exe (PID: 8380)
- Unicorn-14922.exe (PID: 8632)
- Unicorn-31813.exe (PID: 8740)
- Unicorn-38550.exe (PID: 8624)
- Unicorn-47595.exe (PID: 8684)
- Unicorn-62779.exe (PID: 8576)
- Unicorn-39789.exe (PID: 8812)
- Unicorn-36412.exe (PID: 8660)
- Unicorn-18052.exe (PID: 8768)
- Unicorn-7117.exe (PID: 8776)
- Unicorn-63931.exe (PID: 8720)
- Unicorn-49441.exe (PID: 8840)
- Unicorn-34886.exe (PID: 8804)
- Unicorn-65171.exe (PID: 8888)
- Unicorn-53194.exe (PID: 8964)
- Unicorn-2286.exe (PID: 8872)
- Unicorn-52447.exe (PID: 9004)
- Unicorn-54393.exe (PID: 9048)
- Unicorn-64424.exe (PID: 8920)
- Unicorn-11222.exe (PID: 9076)
- Unicorn-6946.exe (PID: 9172)
- Unicorn-18966.exe (PID: 9188)
- Unicorn-11397.exe (PID: 6108)
- Unicorn-3822.exe (PID: 9220)
- Unicorn-9944.exe (PID: 8980)
- Unicorn-7667.exe (PID: 9272)
- Unicorn-28903.exe (PID: 9356)
- Unicorn-46806.exe (PID: 2980)
- Unicorn-35000.exe (PID: 1184)
- Unicorn-58814.exe (PID: 8388)
- Unicorn-9982.exe (PID: 9456)
- Unicorn-36141.exe (PID: 9412)
- Unicorn-53351.exe (PID: 9484)
- Unicorn-314.exe (PID: 9500)
- Unicorn-40683.exe (PID: 9540)
- Unicorn-44383.exe (PID: 9604)
- Unicorn-24517.exe (PID: 9612)
- Unicorn-42437.exe (PID: 9572)
- Unicorn-22654.exe (PID: 9656)
- Unicorn-29884.exe (PID: 9716)
- Unicorn-54196.exe (PID: 9764)
- Unicorn-32113.exe (PID: 9688)
- Unicorn-36883.exe (PID: 8520)
- Unicorn-30281.exe (PID: 8648)
- Unicorn-14398.exe (PID: 9956)
- Unicorn-41434.exe (PID: 9128)
- Unicorn-50771.exe (PID: 10000)
- Unicorn-48394.exe (PID: 10060)
- Unicorn-13647.exe (PID: 8280)
- Unicorn-31673.exe (PID: 10124)
- Unicorn-26057.exe (PID: 10100)
- Unicorn-39789.exe (PID: 9844)
- Unicorn-62810.exe (PID: 9868)
- Unicorn-46717.exe (PID: 10204)
- Unicorn-52582.exe (PID: 10192)
- Unicorn-18591.exe (PID: 10220)
- Unicorn-54279.exe (PID: 9068)
- Unicorn-55396.exe (PID: 6228)
- Unicorn-65462.exe (PID: 4932)
- Unicorn-11357.exe (PID: 9092)
- Unicorn-54279.exe (PID: 9100)
- Unicorn-52198.exe (PID: 3396)
- Unicorn-61745.exe (PID: 10148)
- Unicorn-32597.exe (PID: 5452)
- Unicorn-36489.exe (PID: 9952)
- Unicorn-57294.exe (PID: 9028)
- Unicorn-57434.exe (PID: 10324)
- Unicorn-15514.exe (PID: 9480)
- Unicorn-5108.exe (PID: 9996)
- Unicorn-65078.exe (PID: 10272)
- Unicorn-44980.exe (PID: 10252)
- Unicorn-41642.exe (PID: 5036)
- Unicorn-37699.exe (PID: 8216)
- Unicorn-15322.exe (PID: 10080)
- Unicorn-19141.exe (PID: 10280)
- Unicorn-32233.exe (PID: 10332)
- Unicorn-47425.exe (PID: 9860)
- Unicorn-50963.exe (PID: 10420)
- Unicorn-39125.exe (PID: 10380)
- Unicorn-16069.exe (PID: 9640)
- Unicorn-34818.exe (PID: 10308)
- Unicorn-45426.exe (PID: 10592)
- Unicorn-61954.exe (PID: 10492)
- Unicorn-63629.exe (PID: 10452)
- Unicorn-9375.exe (PID: 10428)
- Unicorn-41591.exe (PID: 10536)
- Unicorn-61954.exe (PID: 10500)
- Unicorn-16837.exe (PID: 10552)
- Unicorn-49339.exe (PID: 10396)
- Unicorn-11820.exe (PID: 10360)
- Unicorn-16837.exe (PID: 10544)
- Unicorn-15514.exe (PID: 9452)
- Unicorn-49832.exe (PID: 10644)
- Unicorn-59161.exe (PID: 10600)
- Unicorn-63245.exe (PID: 10628)
- Unicorn-23172.exe (PID: 10912)
- Unicorn-24366.exe (PID: 10652)
- Unicorn-46215.exe (PID: 10708)
- Unicorn-46215.exe (PID: 10700)
- Unicorn-21990.exe (PID: 10528)
- Unicorn-11112.exe (PID: 10840)
- Unicorn-31916.exe (PID: 10728)
- Unicorn-833.exe (PID: 10780)
- Unicorn-37284.exe (PID: 10720)
- Unicorn-38047.exe (PID: 10744)
- Unicorn-9821.exe (PID: 10792)
- Unicorn-49832.exe (PID: 10636)
- Unicorn-30564.exe (PID: 10828)
Checks supported languages
- 1 (1278).exe (PID: 7652)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-14190.exe (PID: 1132)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-26395.exe (PID: 6272)
- Unicorn-6852.exe (PID: 5164)
- Unicorn-41108.exe (PID: 3096)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-50245.exe (PID: 3888)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-26718.exe (PID: 2564)
- Unicorn-31469.exe (PID: 5308)
- Unicorn-2597.exe (PID: 8044)
- Unicorn-65031.exe (PID: 5548)
- Unicorn-3941.exe (PID: 3240)
- Unicorn-29134.exe (PID: 5008)
- Unicorn-34004.exe (PID: 6148)
- Unicorn-50148.exe (PID: 7360)
- Unicorn-44018.exe (PID: 1188)
- Unicorn-41700.exe (PID: 6040)
- Unicorn-37699.exe (PID: 8216)
- Unicorn-45675.exe (PID: 8264)
- Unicorn-43812.exe (PID: 8364)
- Unicorn-43297.exe (PID: 8396)
- Unicorn-43511.exe (PID: 8668)
- Unicorn-64424.exe (PID: 8920)
- Unicorn-10189.exe (PID: 8852)
- Unicorn-65171.exe (PID: 8888)
- Unicorn-38550.exe (PID: 8624)
- Unicorn-3822.exe (PID: 9220)
- Unicorn-53351.exe (PID: 9484)
- Unicorn-9982.exe (PID: 9456)
- Unicorn-50771.exe (PID: 10000)
- Unicorn-61745.exe (PID: 10148)
- Unicorn-39125.exe (PID: 10380)
- Unicorn-18591.exe (PID: 10220)
- Unicorn-11357.exe (PID: 9092)
- Unicorn-15514.exe (PID: 9480)
- Unicorn-15322.exe (PID: 10080)
- Unicorn-9375.exe (PID: 10428)
- Unicorn-21990.exe (PID: 10528)
- Unicorn-49832.exe (PID: 10636)
- Unicorn-9821.exe (PID: 10792)
- Unicorn-38047.exe (PID: 10744)
- Unicorn-37471.exe (PID: 10980)
- Unicorn-4416.exe (PID: 11088)
- Unicorn-13542.exe (PID: 11176)
- Unicorn-15441.exe (PID: 10680)
- Unicorn-26947.exe (PID: 11028)
- Unicorn-42297.exe (PID: 11388)
- Unicorn-1740.exe (PID: 11660)
- Unicorn-50226.exe (PID: 11772)
- Unicorn-33081.exe (PID: 11940)
- Unicorn-18260.exe (PID: 11704)
- Unicorn-12425.exe (PID: 12500)
- Unicorn-63095.exe (PID: 13076)
- Unicorn-12909.exe (PID: 13880)
- Unicorn-35011.exe (PID: 13160)
- Unicorn-61871.exe (PID: 13196)
- Unicorn-12094.exe (PID: 13416)
- Unicorn-53366.exe (PID: 13596)
- Unicorn-49474.exe (PID: 14048)
- Unicorn-37890.exe (PID: 12836)
- Unicorn-47590.exe (PID: 12876)
- Unicorn-34865.exe (PID: 14412)
- Unicorn-2524.exe (PID: 14284)
- Unicorn-23631.exe (PID: 14496)
- Unicorn-32509.exe (PID: 14652)
- Unicorn-48099.exe (PID: 14680)
- Unicorn-59894.exe (PID: 14748)
- Unicorn-15488.exe (PID: 14880)
- Unicorn-49474.exe (PID: 14040)
- Unicorn-45722.exe (PID: 14152)
- Unicorn-63046.exe (PID: 13848)
- Unicorn-20501.exe (PID: 15688)
- Unicorn-48130.exe (PID: 15432)
- Unicorn-61334.exe (PID: 15840)
- Unicorn-16258.exe (PID: 15888)
- Unicorn-33906.exe (PID: 16008)
- Unicorn-32787.exe (PID: 15792)
Reads the computer name
- 1 (1278).exe (PID: 7652)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-38337.exe (PID: 3008)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-3282.exe (PID: 4652)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-31469.exe (PID: 5308)
- Unicorn-45768.exe (PID: 7244)
- Unicorn-35882.exe (PID: 3140)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-26360.exe (PID: 8084)
- Unicorn-44018.exe (PID: 1188)
- Unicorn-41975.exe (PID: 872)
- Unicorn-47595.exe (PID: 8684)
- Unicorn-40683.exe (PID: 9540)
Create files in a temporary directory
- 1 (1278).exe (PID: 7652)
- Unicorn-46886.exe (PID: 7716)
- Unicorn-32770.exe (PID: 7960)
- Unicorn-35951.exe (PID: 7444)
- Unicorn-34136.exe (PID: 7576)
- Unicorn-36174.exe (PID: 7600)
- Unicorn-59683.exe (PID: 1328)
- Unicorn-9556.exe (PID: 1096)
- Unicorn-13375.exe (PID: 6592)
- Unicorn-38337.exe (PID: 3008)
- Unicorn-14190.exe (PID: 1132)
- Unicorn-3370.exe (PID: 5380)
- Unicorn-9840.exe (PID: 1128)
- Unicorn-35882.exe (PID: 3140)
- Unicorn-8435.exe (PID: 6424)
- Unicorn-41108.exe (PID: 3096)
- Unicorn-26718.exe (PID: 2564)
- Unicorn-45768.exe (PID: 7244)
- Unicorn-2597.exe (PID: 8044)
- Unicorn-20024.exe (PID: 8156)
- Unicorn-47818.exe (PID: 2560)
- Unicorn-29344.exe (PID: 3884)
- Unicorn-43027.exe (PID: 6388)
- Unicorn-65031.exe (PID: 5548)
- Unicorn-41487.exe (PID: 6644)
- Unicorn-47445.exe (PID: 1276)
- Unicorn-29134.exe (PID: 5008)
- Unicorn-41487.exe (PID: 2800)
- Unicorn-6074.exe (PID: 7152)
- Unicorn-33893.exe (PID: 7300)
- Unicorn-29344.exe (PID: 6392)
- Unicorn-53848.exe (PID: 3676)
- Unicorn-50245.exe (PID: 3888)
- Unicorn-55228.exe (PID: 5360)
- Unicorn-23895.exe (PID: 5344)
- Unicorn-33193.exe (PID: 7228)
- Unicorn-43511.exe (PID: 8668)
- Unicorn-15146.exe (PID: 8476)
- Unicorn-47595.exe (PID: 8684)
- Unicorn-65171.exe (PID: 8888)
- Unicorn-53194.exe (PID: 8964)
- Unicorn-47818.exe (PID: 896)
- Unicorn-7667.exe (PID: 9272)
- Unicorn-5202.exe (PID: 2140)
- Unicorn-46806.exe (PID: 2980)
- Unicorn-14922.exe (PID: 8632)
- Unicorn-58814.exe (PID: 8388)
- Unicorn-39789.exe (PID: 8812)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 7152)
- BackgroundTransferHost.exe (PID: 6108)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 7152)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
616
Monitored processes
480
Malicious processes
66
Suspicious processes
62
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 516 | C:\Users\admin\AppData\Local\Temp\Unicorn-11662.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11662.exe | 1 (1278).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 536 | C:\Users\admin\AppData\Local\Temp\Unicorn-52971.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52971.exe | Unicorn-8435.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-41975.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41975.exe | Unicorn-29344.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 896 | C:\Users\admin\AppData\Local\Temp\Unicorn-47818.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47818.exe | Unicorn-26395.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 968 | C:\Users\admin\AppData\Local\Temp\Unicorn-58901.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58901.exe | Unicorn-34136.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1096 | C:\Users\admin\AppData\Local\Temp\Unicorn-9556.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9556.exe | Unicorn-36174.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1128 | C:\Users\admin\AppData\Local\Temp\Unicorn-9840.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9840.exe | Unicorn-46886.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1132 | C:\Users\admin\AppData\Local\Temp\Unicorn-14190.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14190.exe | Unicorn-59683.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1184 | C:\Users\admin\AppData\Local\Temp\Unicorn-35000.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35000.exe | Unicorn-35951.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-44018.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44018.exe | Unicorn-9840.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
13 099
Read events
13 084
Write events
15
Delete events
0
Modification events
| (PID) Process: | (2800) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2800) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2800) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7152) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7152) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7152) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (8000) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (8000) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (8000) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (6108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
892
Suspicious files
7
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7960 | Unicorn-32770.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34136.exe | executable | |
MD5:28E20354A58B94BAC3A096F25379EDBD | SHA256:6144B404E101DDA940E2C76B2436A97663EF5EE8A1C8E4D47EE6FB26065C20BB | |||
| 7576 | Unicorn-34136.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-38337.exe | executable | |
MD5:CBADC2C54E707311C27475F5644C2D2F | SHA256:444EF45D5CE2BC86786F74574F4237E481E6DBBE0604B1F28BCA203121016E97 | |||
| 7716 | Unicorn-46886.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9840.exe | executable | |
MD5:6786D05B54EC63ADDE0A47AC17DA81D0 | SHA256:F6E8423957B01CCB06F8E1B99D21F7B7D571D9532167E407462E94F4537CC8BF | |||
| 7444 | Unicorn-35951.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-59683.exe | executable | |
MD5:17E8DF664969F0781ABAD878D3E48907 | SHA256:B42A35A2D462D9BC2AF953A2F6B6E6C1CC291B4DC3E37B0D6AC3C6808A6F4F97 | |||
| 7716 | Unicorn-46886.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35951.exe | executable | |
MD5:861A2E540EBE12B6C27B41C57E7CD873 | SHA256:8A3BF5D217F56BA1A6F14289FD758CD5EFFEFC1E5AC36486EC4A804E09D313C1 | |||
| 7652 | 1 (1278).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36174.exe | executable | |
MD5:3EFCD11E1DE40BF0B143E3732B2F8F3E | SHA256:9D0672C8562DAB85CA4C3FAD6818B3B0842E79EA6529960EF7F892ECC45D5DE5 | |||
| 7716 | Unicorn-46886.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29611.exe | executable | |
MD5:497834CF69F94FFC653EBDF1C20CDAB5 | SHA256:5F6474E05F978A9E3207A26178518840B4C5038C53448C628D5767BEB157E90A | |||
| 7652 | 1 (1278).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46886.exe | executable | |
MD5:01B4F8E2D89C714368C83AD38D1B3BB2 | SHA256:AC23C4D20B56026F03B699B51ACE6C095308E29D4ECE8280FE97E3B85D27C26F | |||
| 7652 | 1 (1278).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-32770.exe | executable | |
MD5:AF41227DD828534444A3831E5E8CC531 | SHA256:552F703C065A4A2B701E14F1CA546289267654C44273C8C3DFFDCA2D235D6DA3 | |||
| 5360 | Unicorn-55228.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41108.exe | executable | |
MD5:30FCD88EE3BE84AA3EBFCA37E9E5C920 | SHA256:2E26EF1F28B996EEA3B2282662714D47DB1DDC58064DA661678E3778D9F55E69 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
29
DNS requests
18
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
2104 | svchost.exe | GET | 200 | 2.16.164.18:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2108 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7696 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
7696 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
7152 | BackgroundTransferHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 2.16.164.18:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
— | — | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 20.190.160.5:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
976 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 20.190.160.5:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |