| File name: | 1 (531) |
| Full analysis: | https://app.any.run/tasks/430c17d5-75a8-4807-8af6-5609cc1fae11 |
| Verdict: | Malicious activity |
| Analysis date: | March 25, 2025, 00:26:10 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 29C6749A3A598E2D4AB004DDE4037A90 |
| SHA1: | 9A03AB7EB1F7AB892DACD518081DEF857CDC7974 |
| SHA256: | 5AC1C579ED7759300FC4B896C835A497DF83A4F57948F3211547A8BC19F06A5A |
| SSDEEP: | 6144:V7t546NSNDvtO54/3NofMOEAD3qUp8GBs/+peOduk/vSwjwpyAvEhp+c7HkSmtxM:VRKMCtO5s3uH3d+asGpeOdEx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-54482.exe (PID: 7484)
- Unicorn-64869.exe (PID: 1348)
- 1 (531).exe (PID: 2136)
- Unicorn-44389.exe (PID: 7464)
- Unicorn-26859.exe (PID: 7948)
- Unicorn-7517.exe (PID: 7992)
- Unicorn-21252.exe (PID: 7984)
- Unicorn-60901.exe (PID: 7968)
- Unicorn-28532.exe (PID: 8048)
- Unicorn-49502.exe (PID: 8068)
- Unicorn-19316.exe (PID: 8084)
- Unicorn-8089.exe (PID: 8100)
- Unicorn-24862.exe (PID: 8108)
- Unicorn-44728.exe (PID: 8132)
- Unicorn-44728.exe (PID: 8116)
- Unicorn-13954.exe (PID: 8124)
- Unicorn-3303.exe (PID: 4268)
- Unicorn-30173.exe (PID: 6808)
- Unicorn-35146.exe (PID: 6404)
- Unicorn-28548.exe (PID: 1056)
- Unicorn-50932.exe (PID: 6240)
- Unicorn-25582.exe (PID: 5380)
- Unicorn-27994.exe (PID: 680)
- Unicorn-41451.exe (PID: 1168)
- Unicorn-37227.exe (PID: 1660)
- Unicorn-50932.exe (PID: 5416)
- Unicorn-50932.exe (PID: 6872)
- Unicorn-35586.exe (PID: 6272)
- Unicorn-53123.exe (PID: 4976)
- Unicorn-57231.exe (PID: 7436)
- Unicorn-54226.exe (PID: 7580)
- Unicorn-14665.exe (PID: 7524)
- Unicorn-56933.exe (PID: 7576)
- Unicorn-40956.exe (PID: 7684)
- Unicorn-11328.exe (PID: 7744)
- Unicorn-52206.exe (PID: 7748)
- Unicorn-21850.exe (PID: 5720)
- Unicorn-31447.exe (PID: 7412)
- Unicorn-55626.exe (PID: 7208)
- Unicorn-31607.exe (PID: 4120)
- Unicorn-40913.exe (PID: 7424)
- Unicorn-3367.exe (PID: 4164)
- Unicorn-52087.exe (PID: 6436)
- Unicorn-42330.exe (PID: 5156)
- Unicorn-5683.exe (PID: 7000)
- Unicorn-34765.exe (PID: 1616)
- Unicorn-54578.exe (PID: 7672)
- Unicorn-54578.exe (PID: 7656)
- Unicorn-45943.exe (PID: 7808)
- Unicorn-17425.exe (PID: 1388)
- Unicorn-900.exe (PID: 5756)
- Unicorn-50097.exe (PID: 7832)
- Unicorn-23284.exe (PID: 2268)
- Unicorn-52702.exe (PID: 5436)
- Unicorn-50097.exe (PID: 7844)
- Unicorn-4425.exe (PID: 5384)
- Unicorn-7497.exe (PID: 2420)
- Unicorn-42187.exe (PID: 5728)
- Unicorn-19569.exe (PID: 7848)
- Unicorn-11327.exe (PID: 4000)
- Unicorn-6765.exe (PID: 5228)
- Unicorn-1779.exe (PID: 7456)
- Unicorn-61644.exe (PID: 7776)
- Unicorn-10366.exe (PID: 7704)
- Unicorn-7669.exe (PID: 6148)
- Unicorn-15973.exe (PID: 7896)
- Unicorn-55028.exe (PID: 4428)
- Unicorn-51691.exe (PID: 7364)
- Unicorn-33158.exe (PID: 2516)
- Unicorn-59722.exe (PID: 7588)
- Unicorn-54190.exe (PID: 6228)
- Unicorn-30099.exe (PID: 6640)
- Unicorn-29847.exe (PID: 7036)
- Unicorn-23293.exe (PID: 5116)
- Unicorn-63116.exe (PID: 5740)
- Unicorn-50304.exe (PID: 3900)
- Unicorn-38767.exe (PID: 2504)
- Unicorn-10081.exe (PID: 5428)
- Unicorn-117.exe (PID: 6476)
- Unicorn-51140.exe (PID: 5072)
- Unicorn-54253.exe (PID: 5176)
- Unicorn-64029.exe (PID: 8224)
- Unicorn-25130.exe (PID: 8204)
- Unicorn-6768.exe (PID: 8256)
- Unicorn-49133.exe (PID: 8504)
- Unicorn-40588.exe (PID: 8240)
- Unicorn-3723.exe (PID: 8412)
- Unicorn-41850.exe (PID: 8424)
- Unicorn-35081.exe (PID: 8636)
- Unicorn-13030.exe (PID: 8496)
- Unicorn-56186.exe (PID: 8628)
- Unicorn-61282.exe (PID: 8776)
- Unicorn-22269.exe (PID: 8792)
- Unicorn-29779.exe (PID: 5360)
- Unicorn-8333.exe (PID: 8760)
- Unicorn-22918.exe (PID: 8820)
- Unicorn-33745.exe (PID: 8800)
- Unicorn-53166.exe (PID: 8784)
- Unicorn-43327.exe (PID: 8992)
- Unicorn-36605.exe (PID: 8928)
- Unicorn-28538.exe (PID: 8976)
- Unicorn-21831.exe (PID: 8960)
- Unicorn-55162.exe (PID: 8920)
- Unicorn-35296.exe (PID: 8936)
- Unicorn-6484.exe (PID: 9012)
- Unicorn-11633.exe (PID: 8984)
- Unicorn-8192.exe (PID: 9000)
- Unicorn-28390.exe (PID: 8468)
- Unicorn-7819.exe (PID: 8944)
- Unicorn-9542.exe (PID: 8968)
- Unicorn-8145.exe (PID: 9064)
- Unicorn-30109.exe (PID: 8536)
- Unicorn-51328.exe (PID: 9188)
- Unicorn-38754.exe (PID: 9164)
- Unicorn-21894.exe (PID: 5776)
- Unicorn-38852.exe (PID: 8952)
- Unicorn-40698.exe (PID: 8388)
- Unicorn-15753.exe (PID: 8696)
- Unicorn-4412.exe (PID: 9228)
- Unicorn-19701.exe (PID: 8700)
- Unicorn-48783.exe (PID: 8828)
- Unicorn-48259.exe (PID: 7860)
- Unicorn-29827.exe (PID: 9276)
- Unicorn-2940.exe (PID: 9316)
- Unicorn-29827.exe (PID: 9284)
- Unicorn-392.exe (PID: 9292)
- Unicorn-49136.exe (PID: 9256)
- Unicorn-32899.exe (PID: 9360)
- Unicorn-3199.exe (PID: 9248)
- Unicorn-36323.exe (PID: 9456)
- Unicorn-51538.exe (PID: 9404)
- Unicorn-23683.exe (PID: 9376)
- Unicorn-16998.exe (PID: 9412)
- Unicorn-27107.exe (PID: 9496)
- Unicorn-54534.exe (PID: 9544)
- Unicorn-54269.exe (PID: 9552)
- Unicorn-8608.exe (PID: 9424)
- Unicorn-18694.exe (PID: 9628)
Executable content was dropped or overwritten
- 1 (531).exe (PID: 2136)
- Unicorn-64869.exe (PID: 1348)
- Unicorn-44389.exe (PID: 7464)
- Unicorn-54482.exe (PID: 7484)
- Unicorn-26859.exe (PID: 7948)
- Unicorn-7517.exe (PID: 7992)
- Unicorn-60901.exe (PID: 7968)
- Unicorn-28532.exe (PID: 8048)
- Unicorn-49502.exe (PID: 8068)
- Unicorn-19316.exe (PID: 8084)
- Unicorn-44728.exe (PID: 8132)
- Unicorn-24862.exe (PID: 8108)
- Unicorn-44728.exe (PID: 8116)
- Unicorn-21252.exe (PID: 7984)
- Unicorn-3303.exe (PID: 4268)
- Unicorn-35146.exe (PID: 6404)
- Unicorn-28548.exe (PID: 1056)
- Unicorn-50932.exe (PID: 6240)
- Unicorn-25582.exe (PID: 5380)
- Unicorn-27994.exe (PID: 680)
- Unicorn-50932.exe (PID: 6872)
- Unicorn-13954.exe (PID: 8124)
- Unicorn-50932.exe (PID: 5416)
- Unicorn-41451.exe (PID: 1168)
- Unicorn-31607.exe (PID: 4120)
- Unicorn-42187.exe (PID: 5728)
- Unicorn-8089.exe (PID: 8100)
- Unicorn-21850.exe (PID: 5720)
- Unicorn-54226.exe (PID: 7580)
- Unicorn-57231.exe (PID: 7436)
- Unicorn-30173.exe (PID: 6808)
- Unicorn-40956.exe (PID: 7684)
- Unicorn-56933.exe (PID: 7576)
- Unicorn-31447.exe (PID: 7412)
- Unicorn-59722.exe (PID: 7588)
- Unicorn-14665.exe (PID: 7524)
- Unicorn-11328.exe (PID: 7744)
- Unicorn-52206.exe (PID: 7748)
- Unicorn-55626.exe (PID: 7208)
- Unicorn-40913.exe (PID: 7424)
- Unicorn-3367.exe (PID: 4164)
- Unicorn-52087.exe (PID: 6436)
- Unicorn-5683.exe (PID: 7000)
- Unicorn-42330.exe (PID: 5156)
- Unicorn-34765.exe (PID: 1616)
- Unicorn-54578.exe (PID: 7656)
- Unicorn-54578.exe (PID: 7672)
- Unicorn-37227.exe (PID: 1660)
- Unicorn-45943.exe (PID: 7808)
- Unicorn-29779.exe (PID: 5360)
- Unicorn-900.exe (PID: 5756)
- Unicorn-23284.exe (PID: 2268)
- Unicorn-50097.exe (PID: 7832)
- Unicorn-17425.exe (PID: 1388)
- Unicorn-50097.exe (PID: 7844)
- Unicorn-52702.exe (PID: 5436)
- Unicorn-53123.exe (PID: 4976)
- Unicorn-4425.exe (PID: 5384)
- Unicorn-7497.exe (PID: 2420)
- Unicorn-19569.exe (PID: 7848)
- Unicorn-11327.exe (PID: 4000)
- Unicorn-6765.exe (PID: 5228)
- Unicorn-7280.exe (PID: 7788)
- Unicorn-10366.exe (PID: 7704)
- Unicorn-1779.exe (PID: 7456)
- Unicorn-15973.exe (PID: 7896)
- Unicorn-55028.exe (PID: 4428)
- Unicorn-51691.exe (PID: 7364)
- Unicorn-7669.exe (PID: 6148)
- Unicorn-33158.exe (PID: 2516)
- Unicorn-30099.exe (PID: 6640)
- Unicorn-50304.exe (PID: 3900)
- Unicorn-23293.exe (PID: 5116)
- Unicorn-38767.exe (PID: 2504)
- Unicorn-10081.exe (PID: 5428)
- Unicorn-51140.exe (PID: 5072)
- Unicorn-117.exe (PID: 6476)
- Unicorn-54253.exe (PID: 5176)
- Unicorn-40588.exe (PID: 8240)
- Unicorn-25130.exe (PID: 8204)
- Unicorn-64029.exe (PID: 8224)
- Unicorn-6768.exe (PID: 8256)
- Unicorn-13030.exe (PID: 8496)
- Unicorn-49133.exe (PID: 8504)
- Unicorn-41850.exe (PID: 8424)
- Unicorn-35081.exe (PID: 8636)
- Unicorn-3723.exe (PID: 8412)
- Unicorn-56186.exe (PID: 8628)
- Unicorn-61282.exe (PID: 8776)
- Unicorn-22269.exe (PID: 8792)
- Unicorn-41702.exe (PID: 8808)
- Unicorn-8333.exe (PID: 8760)
- Unicorn-22918.exe (PID: 8820)
- Unicorn-33745.exe (PID: 8800)
- Unicorn-53166.exe (PID: 8784)
- Unicorn-43327.exe (PID: 8992)
- Unicorn-36605.exe (PID: 8928)
- Unicorn-12349.exe (PID: 9028)
- Unicorn-21831.exe (PID: 8960)
- Unicorn-35296.exe (PID: 8936)
- Unicorn-6484.exe (PID: 9012)
- Unicorn-29847.exe (PID: 7036)
- Unicorn-11633.exe (PID: 8984)
- Unicorn-28390.exe (PID: 8468)
- Unicorn-9542.exe (PID: 8968)
- Unicorn-8145.exe (PID: 9064)
- Unicorn-51328.exe (PID: 9188)
- Unicorn-38754.exe (PID: 9164)
- Unicorn-21894.exe (PID: 5776)
- Unicorn-19701.exe (PID: 8700)
- Unicorn-40698.exe (PID: 8388)
- Unicorn-38852.exe (PID: 8952)
- Unicorn-4412.exe (PID: 9228)
- Unicorn-15753.exe (PID: 8696)
- Unicorn-48783.exe (PID: 8828)
- Unicorn-49136.exe (PID: 9256)
- Unicorn-48259.exe (PID: 7860)
- Unicorn-29827.exe (PID: 9276)
- Unicorn-2940.exe (PID: 9316)
- Unicorn-29827.exe (PID: 9284)
- Unicorn-51538.exe (PID: 9404)
- Unicorn-392.exe (PID: 9292)
- Unicorn-3199.exe (PID: 9248)
- Unicorn-36323.exe (PID: 9456)
- Unicorn-32899.exe (PID: 9360)
- Unicorn-23683.exe (PID: 9376)
- Unicorn-3847.exe (PID: 9436)
- Unicorn-16998.exe (PID: 9412)
- Unicorn-54534.exe (PID: 9544)
- Unicorn-8608.exe (PID: 9424)
- Unicorn-54269.exe (PID: 9552)
- Unicorn-18694.exe (PID: 9628)
- Unicorn-35823.exe (PID: 9676)
- Unicorn-18694.exe (PID: 9612)
- Unicorn-18694.exe (PID: 9604)
- Unicorn-42612.exe (PID: 9724)
- Unicorn-12958.exe (PID: 9764)
- Unicorn-22466.exe (PID: 9736)
- Unicorn-33644.exe (PID: 9804)
- Unicorn-55162.exe (PID: 8920)
- Unicorn-8192.exe (PID: 9000)
- Unicorn-55355.exe (PID: 9844)
- Unicorn-2309.exe (PID: 9868)
- Unicorn-32268.exe (PID: 9876)
- Unicorn-28615.exe (PID: 9920)
- Unicorn-63116.exe (PID: 5740)
- Unicorn-7819.exe (PID: 8944)
- Unicorn-45818.exe (PID: 9960)
- Unicorn-30220.exe (PID: 9700)
- Unicorn-59160.exe (PID: 9756)
- Unicorn-28538.exe (PID: 8976)
- Unicorn-54190.exe (PID: 6228)
- Unicorn-20886.exe (PID: 9980)
- Unicorn-22880.exe (PID: 10020)
- Unicorn-27107.exe (PID: 9496)
- Unicorn-41074.exe (PID: 10076)
- Unicorn-60400.exe (PID: 10060)
- Unicorn-54286.exe (PID: 10108)
- Unicorn-38909.exe (PID: 10232)
- Unicorn-29065.exe (PID: 10184)
- Unicorn-48390.exe (PID: 10148)
- Unicorn-26006.exe (PID: 10128)
- Unicorn-30109.exe (PID: 8536)
- Unicorn-44794.exe (PID: 10212)
- Unicorn-35709.exe (PID: 9940)
- Unicorn-4095.exe (PID: 9996)
- Unicorn-20873.exe (PID: 10012)
- Unicorn-1037.exe (PID: 10028)
- Unicorn-18694.exe (PID: 9620)
- Unicorn-61644.exe (PID: 7776)
- Unicorn-10760.exe (PID: 7500)
- Unicorn-22650.exe (PID: 9536)
- Unicorn-48000.exe (PID: 2064)
- Unicorn-36250.exe (PID: 4172)
- Unicorn-37475.exe (PID: 10320)
- Unicorn-16370.exe (PID: 10308)
- Unicorn-8476.exe (PID: 10288)
- Unicorn-1669.exe (PID: 10268)
- Unicorn-51197.exe (PID: 10356)
- Unicorn-17769.exe (PID: 10500)
- Unicorn-17769.exe (PID: 10508)
- Unicorn-9399.exe (PID: 10480)
- Unicorn-48743.exe (PID: 6584)
- Unicorn-22444.exe (PID: 8608)
Executes application which crashes
- Unicorn-34942.exe (PID: 1040)
- Unicorn-35586.exe (PID: 6272)
- Unicorn-4425.exe (PID: 5384)
INFO
Reads the computer name
- 1 (531).exe (PID: 2136)
- Unicorn-64869.exe (PID: 1348)
- Unicorn-44389.exe (PID: 7464)
- Unicorn-54482.exe (PID: 7484)
- Unicorn-26859.exe (PID: 7948)
- Unicorn-60901.exe (PID: 7968)
- Unicorn-7517.exe (PID: 7992)
- Unicorn-21252.exe (PID: 7984)
- Unicorn-24862.exe (PID: 8108)
- Unicorn-28532.exe (PID: 8048)
- Unicorn-49502.exe (PID: 8068)
- Unicorn-19316.exe (PID: 8084)
- Unicorn-13954.exe (PID: 8124)
- Unicorn-44728.exe (PID: 8132)
- Unicorn-44728.exe (PID: 8116)
- Unicorn-8089.exe (PID: 8100)
- Unicorn-3303.exe (PID: 4268)
- Unicorn-30173.exe (PID: 6808)
- Unicorn-27994.exe (PID: 680)
- Unicorn-35146.exe (PID: 6404)
- Unicorn-25582.exe (PID: 5380)
- Unicorn-28548.exe (PID: 1056)
- Unicorn-50932.exe (PID: 6240)
- Unicorn-37227.exe (PID: 1660)
- Unicorn-50932.exe (PID: 5416)
- Unicorn-50932.exe (PID: 6872)
- Unicorn-41451.exe (PID: 1168)
- Unicorn-35586.exe (PID: 6272)
- Unicorn-21850.exe (PID: 5720)
- Unicorn-53123.exe (PID: 4976)
- Unicorn-31607.exe (PID: 4120)
- Unicorn-42187.exe (PID: 5728)
- Unicorn-57231.exe (PID: 7436)
- Unicorn-54226.exe (PID: 7580)
- Unicorn-59722.exe (PID: 7588)
- Unicorn-40956.exe (PID: 7684)
- Unicorn-11328.exe (PID: 7744)
- Unicorn-14665.exe (PID: 7524)
- Unicorn-56933.exe (PID: 7576)
- Unicorn-31447.exe (PID: 7412)
- Unicorn-52206.exe (PID: 7748)
- Unicorn-55626.exe (PID: 7208)
- Unicorn-40913.exe (PID: 7424)
- Unicorn-3367.exe (PID: 4164)
- Unicorn-34765.exe (PID: 1616)
- Unicorn-52087.exe (PID: 6436)
- Unicorn-42330.exe (PID: 5156)
- Unicorn-54578.exe (PID: 7672)
- Unicorn-5683.exe (PID: 7000)
- Unicorn-45943.exe (PID: 7808)
- Unicorn-29779.exe (PID: 5360)
- Unicorn-23284.exe (PID: 2268)
- Unicorn-17425.exe (PID: 1388)
- Unicorn-900.exe (PID: 5756)
- Unicorn-52702.exe (PID: 5436)
- Unicorn-54578.exe (PID: 7656)
- Unicorn-50097.exe (PID: 7844)
- Unicorn-50097.exe (PID: 7832)
- Unicorn-4425.exe (PID: 5384)
- Unicorn-6765.exe (PID: 5228)
- Unicorn-7497.exe (PID: 2420)
- Unicorn-11327.exe (PID: 4000)
- Unicorn-1779.exe (PID: 7456)
- Unicorn-10366.exe (PID: 7704)
- Unicorn-19569.exe (PID: 7848)
- Unicorn-61644.exe (PID: 7776)
- Unicorn-7280.exe (PID: 7788)
- Unicorn-15973.exe (PID: 7896)
- Unicorn-51691.exe (PID: 7364)
- Unicorn-7669.exe (PID: 6148)
- Unicorn-55028.exe (PID: 4428)
- Unicorn-33158.exe (PID: 2516)
- Unicorn-54190.exe (PID: 6228)
- Unicorn-29847.exe (PID: 7036)
- Unicorn-30099.exe (PID: 6640)
- Unicorn-63116.exe (PID: 5740)
- Unicorn-23293.exe (PID: 5116)
- Unicorn-117.exe (PID: 6476)
- Unicorn-50304.exe (PID: 3900)
- Unicorn-38767.exe (PID: 2504)
- Unicorn-51140.exe (PID: 5072)
- Unicorn-54253.exe (PID: 5176)
- Unicorn-25130.exe (PID: 8204)
- Unicorn-10081.exe (PID: 5428)
- Unicorn-64029.exe (PID: 8224)
- Unicorn-40588.exe (PID: 8240)
- Unicorn-6768.exe (PID: 8256)
- Unicorn-49133.exe (PID: 8504)
- Unicorn-13030.exe (PID: 8496)
- Unicorn-3723.exe (PID: 8412)
- Unicorn-35081.exe (PID: 8636)
- Unicorn-56186.exe (PID: 8628)
- Unicorn-41850.exe (PID: 8424)
- Unicorn-61282.exe (PID: 8776)
- Unicorn-22269.exe (PID: 8792)
- Unicorn-41702.exe (PID: 8808)
- Unicorn-22918.exe (PID: 8820)
- Unicorn-53166.exe (PID: 8784)
- Unicorn-8333.exe (PID: 8760)
- Unicorn-33745.exe (PID: 8800)
- Unicorn-43327.exe (PID: 8992)
- Unicorn-12349.exe (PID: 9028)
- Unicorn-28538.exe (PID: 8976)
- Unicorn-55162.exe (PID: 8920)
- Unicorn-21831.exe (PID: 8960)
- Unicorn-36605.exe (PID: 8928)
- Unicorn-35296.exe (PID: 8936)
- Unicorn-11633.exe (PID: 8984)
- Unicorn-28390.exe (PID: 8468)
- Unicorn-9542.exe (PID: 8968)
- Unicorn-8145.exe (PID: 9064)
- Unicorn-6484.exe (PID: 9012)
- Unicorn-7819.exe (PID: 8944)
- Unicorn-8192.exe (PID: 9000)
- Unicorn-51328.exe (PID: 9188)
- Unicorn-38754.exe (PID: 9164)
- Unicorn-21894.exe (PID: 5776)
- Unicorn-30109.exe (PID: 8536)
- Unicorn-38852.exe (PID: 8952)
- Unicorn-40698.exe (PID: 8388)
- Unicorn-19701.exe (PID: 8700)
- Unicorn-4412.exe (PID: 9228)
- Unicorn-15753.exe (PID: 8696)
- Unicorn-48783.exe (PID: 8828)
- Unicorn-48259.exe (PID: 7860)
- Unicorn-29827.exe (PID: 9276)
- Unicorn-2940.exe (PID: 9316)
- Unicorn-49136.exe (PID: 9256)
- Unicorn-29827.exe (PID: 9284)
- Unicorn-51538.exe (PID: 9404)
- Unicorn-16998.exe (PID: 9412)
- Unicorn-36323.exe (PID: 9456)
- Unicorn-32899.exe (PID: 9360)
- Unicorn-392.exe (PID: 9292)
- Unicorn-23683.exe (PID: 9376)
- Unicorn-3199.exe (PID: 9248)
- Unicorn-3847.exe (PID: 9436)
- Unicorn-27107.exe (PID: 9496)
- Unicorn-8608.exe (PID: 9424)
- Unicorn-54534.exe (PID: 9544)
- Unicorn-54269.exe (PID: 9552)
- Unicorn-18694.exe (PID: 9628)
- Unicorn-18694.exe (PID: 9612)
- Unicorn-18694.exe (PID: 9620)
- Unicorn-18694.exe (PID: 9604)
- Unicorn-35823.exe (PID: 9676)
- Unicorn-59160.exe (PID: 9756)
- Unicorn-30220.exe (PID: 9700)
Checks supported languages
- 1 (531).exe (PID: 2136)
- Unicorn-64869.exe (PID: 1348)
- Unicorn-44389.exe (PID: 7464)
- Unicorn-54482.exe (PID: 7484)
- Unicorn-7517.exe (PID: 7992)
- Unicorn-26859.exe (PID: 7948)
- Unicorn-60901.exe (PID: 7968)
- Unicorn-28532.exe (PID: 8048)
- Unicorn-49502.exe (PID: 8068)
- Unicorn-19316.exe (PID: 8084)
- Unicorn-21252.exe (PID: 7984)
- Unicorn-44728.exe (PID: 8132)
- Unicorn-44728.exe (PID: 8116)
- Unicorn-13954.exe (PID: 8124)
- Unicorn-3303.exe (PID: 4268)
- Unicorn-24862.exe (PID: 8108)
- Unicorn-8089.exe (PID: 8100)
- Unicorn-35146.exe (PID: 6404)
- Unicorn-27994.exe (PID: 680)
- Unicorn-28548.exe (PID: 1056)
- Unicorn-25582.exe (PID: 5380)
- Unicorn-30173.exe (PID: 6808)
- Unicorn-50932.exe (PID: 5416)
- Unicorn-37227.exe (PID: 1660)
- Unicorn-50932.exe (PID: 6240)
- Unicorn-21850.exe (PID: 5720)
- Unicorn-50932.exe (PID: 6872)
- Unicorn-31607.exe (PID: 4120)
- Unicorn-41451.exe (PID: 1168)
- Unicorn-53123.exe (PID: 4976)
- Unicorn-35586.exe (PID: 6272)
- Unicorn-42187.exe (PID: 5728)
- Unicorn-57231.exe (PID: 7436)
- Unicorn-54226.exe (PID: 7580)
- Unicorn-59722.exe (PID: 7588)
- Unicorn-40956.exe (PID: 7684)
- Unicorn-14665.exe (PID: 7524)
- Unicorn-56933.exe (PID: 7576)
- Unicorn-40913.exe (PID: 7424)
- Unicorn-55626.exe (PID: 7208)
- Unicorn-3367.exe (PID: 4164)
- Unicorn-31447.exe (PID: 7412)
- Unicorn-11328.exe (PID: 7744)
- Unicorn-52206.exe (PID: 7748)
- Unicorn-34765.exe (PID: 1616)
- Unicorn-52087.exe (PID: 6436)
- Unicorn-5683.exe (PID: 7000)
- Unicorn-42330.exe (PID: 5156)
- Unicorn-54578.exe (PID: 7672)
- Unicorn-54578.exe (PID: 7656)
- Unicorn-45943.exe (PID: 7808)
- Unicorn-4425.exe (PID: 5384)
- Unicorn-50097.exe (PID: 7832)
- Unicorn-23284.exe (PID: 2268)
- Unicorn-50097.exe (PID: 7844)
- Unicorn-29779.exe (PID: 5360)
- Unicorn-17425.exe (PID: 1388)
- Unicorn-7497.exe (PID: 2420)
- Unicorn-34942.exe (PID: 1040)
- Unicorn-6765.exe (PID: 5228)
- Unicorn-52702.exe (PID: 5436)
- Unicorn-19569.exe (PID: 7848)
- Unicorn-11327.exe (PID: 4000)
- Unicorn-1779.exe (PID: 7456)
- Unicorn-10366.exe (PID: 7704)
- Unicorn-900.exe (PID: 5756)
- Unicorn-7280.exe (PID: 7788)
- Unicorn-15973.exe (PID: 7896)
- Unicorn-61644.exe (PID: 7776)
- Unicorn-51691.exe (PID: 7364)
- Unicorn-55028.exe (PID: 4428)
- Unicorn-7669.exe (PID: 6148)
- Unicorn-33158.exe (PID: 2516)
- Unicorn-63116.exe (PID: 5740)
- Unicorn-54190.exe (PID: 6228)
- Unicorn-50304.exe (PID: 3900)
- Unicorn-30099.exe (PID: 6640)
- Unicorn-54253.exe (PID: 5176)
- Unicorn-23293.exe (PID: 5116)
- Unicorn-29847.exe (PID: 7036)
- Unicorn-25130.exe (PID: 8204)
- Unicorn-10081.exe (PID: 5428)
- Unicorn-64029.exe (PID: 8224)
- Unicorn-38767.exe (PID: 2504)
- Unicorn-117.exe (PID: 6476)
- Unicorn-51140.exe (PID: 5072)
- Unicorn-6768.exe (PID: 8256)
- Unicorn-40588.exe (PID: 8240)
- Unicorn-13030.exe (PID: 8496)
- Unicorn-41850.exe (PID: 8424)
- Unicorn-3723.exe (PID: 8412)
- Unicorn-49133.exe (PID: 8504)
- Unicorn-8333.exe (PID: 8760)
- Unicorn-35081.exe (PID: 8636)
- Unicorn-56186.exe (PID: 8628)
- Unicorn-41702.exe (PID: 8808)
- Unicorn-53166.exe (PID: 8784)
- Unicorn-22918.exe (PID: 8820)
- Unicorn-33745.exe (PID: 8800)
- Unicorn-61282.exe (PID: 8776)
- Unicorn-22269.exe (PID: 8792)
- Unicorn-35296.exe (PID: 8936)
- Unicorn-21831.exe (PID: 8960)
- Unicorn-11633.exe (PID: 8984)
- Unicorn-9542.exe (PID: 8968)
- Unicorn-28538.exe (PID: 8976)
- Unicorn-8192.exe (PID: 9000)
- Unicorn-7819.exe (PID: 8944)
- Unicorn-36605.exe (PID: 8928)
- Unicorn-55162.exe (PID: 8920)
- Unicorn-38852.exe (PID: 8952)
- Unicorn-12349.exe (PID: 9028)
- Unicorn-43327.exe (PID: 8992)
- Unicorn-6484.exe (PID: 9012)
- Unicorn-8145.exe (PID: 9064)
- Unicorn-38754.exe (PID: 9164)
- Unicorn-51328.exe (PID: 9188)
- Unicorn-28390.exe (PID: 8468)
- Unicorn-21894.exe (PID: 5776)
- Unicorn-30109.exe (PID: 8536)
- Unicorn-15753.exe (PID: 8696)
- Unicorn-40698.exe (PID: 8388)
- Unicorn-48259.exe (PID: 7860)
- Unicorn-19701.exe (PID: 8700)
- Unicorn-4412.exe (PID: 9228)
- Unicorn-49136.exe (PID: 9256)
- Unicorn-3199.exe (PID: 9248)
- Unicorn-48783.exe (PID: 8828)
- Unicorn-29827.exe (PID: 9276)
- Unicorn-392.exe (PID: 9292)
- Unicorn-2940.exe (PID: 9316)
- Unicorn-29827.exe (PID: 9284)
- Unicorn-51538.exe (PID: 9404)
- Unicorn-8608.exe (PID: 9424)
- Unicorn-16998.exe (PID: 9412)
- Unicorn-3847.exe (PID: 9436)
- Unicorn-36323.exe (PID: 9456)
- Unicorn-27107.exe (PID: 9496)
- Unicorn-54534.exe (PID: 9544)
- Unicorn-32899.exe (PID: 9360)
- Unicorn-23683.exe (PID: 9376)
- Unicorn-18694.exe (PID: 9620)
- Unicorn-18694.exe (PID: 9628)
- Unicorn-18694.exe (PID: 9612)
- Unicorn-18694.exe (PID: 9604)
- Unicorn-35823.exe (PID: 9676)
- Unicorn-54269.exe (PID: 9552)
- Unicorn-22466.exe (PID: 9736)
- Unicorn-42612.exe (PID: 9724)
- Unicorn-59160.exe (PID: 9756)
- Unicorn-33644.exe (PID: 9804)
- Unicorn-55355.exe (PID: 9844)
- Unicorn-30220.exe (PID: 9700)
- Unicorn-12958.exe (PID: 9764)
- Unicorn-28615.exe (PID: 9920)
- Unicorn-2309.exe (PID: 9868)
- Unicorn-32268.exe (PID: 9876)
- Unicorn-35709.exe (PID: 9940)
- Unicorn-4095.exe (PID: 9996)
- Unicorn-45818.exe (PID: 9960)
- Unicorn-20886.exe (PID: 9980)
- Unicorn-48390.exe (PID: 10148)
- Unicorn-22880.exe (PID: 10020)
- Unicorn-1037.exe (PID: 10028)
- Unicorn-20873.exe (PID: 10012)
- Unicorn-41074.exe (PID: 10076)
- Unicorn-54286.exe (PID: 10108)
- Unicorn-26006.exe (PID: 10128)
- Unicorn-60400.exe (PID: 10060)
- Unicorn-29065.exe (PID: 10184)
- Unicorn-44794.exe (PID: 10212)
- Unicorn-38909.exe (PID: 10232)
- Unicorn-48743.exe (PID: 6584)
- Unicorn-22444.exe (PID: 8608)
- Unicorn-10760.exe (PID: 7500)
- Unicorn-36250.exe (PID: 4172)
- Unicorn-8476.exe (PID: 10288)
- Unicorn-1669.exe (PID: 10268)
- Unicorn-16370.exe (PID: 10308)
- Unicorn-37475.exe (PID: 10320)
- Unicorn-22650.exe (PID: 9536)
- Unicorn-48000.exe (PID: 2064)
- Unicorn-9399.exe (PID: 10480)
- Unicorn-17769.exe (PID: 10508)
- Unicorn-41216.exe (PID: 10636)
- Unicorn-30956.exe (PID: 10656)
- Unicorn-19062.exe (PID: 10692)
- Unicorn-51197.exe (PID: 10356)
- Unicorn-17769.exe (PID: 10500)
- Unicorn-51471.exe (PID: 10816)
- Unicorn-18179.exe (PID: 10840)
- Unicorn-52086.exe (PID: 10940)
- Unicorn-7654.exe (PID: 10932)
- Unicorn-31754.exe (PID: 10668)
- Unicorn-64999.exe (PID: 10684)
- Unicorn-43894.exe (PID: 10708)
- Unicorn-63650.exe (PID: 10956)
- Unicorn-21913.exe (PID: 10972)
- Unicorn-21389.exe (PID: 10924)
- Unicorn-6706.exe (PID: 10984)
- Unicorn-1572.exe (PID: 11024)
- Unicorn-18828.exe (PID: 11044)
- Unicorn-5.exe (PID: 11080)
- Unicorn-1572.exe (PID: 11032)
- Unicorn-8178.exe (PID: 10964)
- Unicorn-63544.exe (PID: 11100)
- Unicorn-52086.exe (PID: 10948)
- Unicorn-29283.exe (PID: 10996)
- Unicorn-56877.exe (PID: 11088)
- Unicorn-49798.exe (PID: 11172)
- Unicorn-22025.exe (PID: 11236)
- Unicorn-2159.exe (PID: 11208)
- Unicorn-10851.exe (PID: 11216)
- Unicorn-15881.exe (PID: 10404)
- Unicorn-24981.exe (PID: 10444)
- Unicorn-61028.exe (PID: 10648)
- Unicorn-37894.exe (PID: 4284)
- Unicorn-24437.exe (PID: 632)
- Unicorn-2284.exe (PID: 3968)
- Unicorn-2284.exe (PID: 6816)
- Unicorn-18567.exe (PID: 2316)
- Unicorn-41245.exe (PID: 11260)
- Unicorn-56067.exe (PID: 10416)
- Unicorn-29978.exe (PID: 11284)
- Unicorn-16468.exe (PID: 11292)
- Unicorn-24487.exe (PID: 11332)
- Unicorn-41508.exe (PID: 11348)
- Unicorn-2443.exe (PID: 11356)
- Unicorn-51187.exe (PID: 11396)
- Unicorn-24487.exe (PID: 11340)
- Unicorn-43014.exe (PID: 11476)
- Unicorn-10496.exe (PID: 11512)
- Unicorn-39683.exe (PID: 11632)
- Unicorn-31800.exe (PID: 11520)
- Unicorn-5130.exe (PID: 11544)
- Unicorn-8202.exe (PID: 11564)
- Unicorn-5116.exe (PID: 11596)
- Unicorn-39683.exe (PID: 11624)
- Unicorn-24487.exe (PID: 11324)
- Unicorn-18343.exe (PID: 11452)
- Unicorn-26759.exe (PID: 11484)
- Unicorn-30467.exe (PID: 11684)
- Unicorn-30467.exe (PID: 11676)
- Unicorn-24847.exe (PID: 11712)
- Unicorn-65448.exe (PID: 11668)
- Unicorn-55579.exe (PID: 11692)
- Unicorn-21775.exe (PID: 11828)
- Unicorn-40332.exe (PID: 11756)
- Unicorn-41571.exe (PID: 11784)
- Unicorn-41571.exe (PID: 11792)
- Unicorn-21775.exe (PID: 11800)
- Unicorn-21775.exe (PID: 11808)
- Unicorn-2710.exe (PID: 11900)
- Unicorn-41571.exe (PID: 11776)
- Unicorn-5244.exe (PID: 11988)
- Unicorn-5244.exe (PID: 11980)
- Unicorn-39270.exe (PID: 11996)
- Unicorn-59136.exe (PID: 12024)
- Unicorn-56588.exe (PID: 11920)
- Unicorn-43407.exe (PID: 11940)
- Unicorn-41520.exe (PID: 12092)
- Unicorn-65161.exe (PID: 12144)
- Unicorn-9166.exe (PID: 12200)
- Unicorn-41228.exe (PID: 12236)
- Unicorn-30299.exe (PID: 12068)
- Unicorn-43790.exe (PID: 12084)
- Unicorn-49655.exe (PID: 12076)
- Unicorn-20798.exe (PID: 12252)
- Unicorn-20195.exe (PID: 5036)
- Unicorn-65395.exe (PID: 1764)
- Unicorn-25958.exe (PID: 12308)
- Unicorn-3756.exe (PID: 744)
- Unicorn-43657.exe (PID: 12268)
- Unicorn-53857.exe (PID: 12344)
- Unicorn-32062.exe (PID: 12364)
- Unicorn-12196.exe (PID: 12392)
- Unicorn-22581.exe (PID: 12420)
- Unicorn-20355.exe (PID: 12352)
- Unicorn-16742.exe (PID: 12460)
- Unicorn-64925.exe (PID: 12484)
- Unicorn-7526.exe (PID: 12520)
- Unicorn-27127.exe (PID: 12512)
- Unicorn-58502.exe (PID: 12640)
- Unicorn-58781.exe (PID: 12580)
- Unicorn-21248.exe (PID: 12588)
- Unicorn-61329.exe (PID: 12596)
- Unicorn-22846.exe (PID: 12428)
- Unicorn-64925.exe (PID: 12476)
- Unicorn-61574.exe (PID: 12656)
- Unicorn-58227.exe (PID: 12688)
- Unicorn-30345.exe (PID: 12676)
- Unicorn-49761.exe (PID: 12740)
- Unicorn-61839.exe (PID: 12664)
- Unicorn-23820.exe (PID: 12784)
- Unicorn-51208.exe (PID: 12820)
- Unicorn-28800.exe (PID: 12856)
- Unicorn-54552.exe (PID: 12768)
- Unicorn-43616.exe (PID: 12776)
- Unicorn-57743.exe (PID: 12896)
- Unicorn-59710.exe (PID: 12936)
- Unicorn-48122.exe (PID: 12920)
- Unicorn-898.exe (PID: 12864)
- Unicorn-5387.exe (PID: 12880)
- Unicorn-7935.exe (PID: 12996)
- Unicorn-44993.exe (PID: 13004)
- Unicorn-36239.exe (PID: 13040)
- Unicorn-62782.exe (PID: 12988)
- Unicorn-398.exe (PID: 13088)
- Unicorn-48037.exe (PID: 13112)
- Unicorn-13579.exe (PID: 13072)
- Unicorn-39463.exe (PID: 13096)
- Unicorn-13055.exe (PID: 13120)
- Unicorn-26630.exe (PID: 13192)
- Unicorn-6911.exe (PID: 13220)
- Unicorn-13579.exe (PID: 13064)
- Unicorn-59895.exe (PID: 13300)
- Unicorn-14825.exe (PID: 13340)
- Unicorn-51425.exe (PID: 4572)
- Unicorn-63113.exe (PID: 13396)
- Unicorn-47767.exe (PID: 13428)
- Unicorn-65526.exe (PID: 13416)
- Unicorn-47767.exe (PID: 13424)
- Unicorn-502.exe (PID: 13248)
- Unicorn-38353.exe (PID: 13284)
- Unicorn-46412.exe (PID: 7012)
- Unicorn-57629.exe (PID: 10716)
The sample compiled with chinese language support
- 1 (531).exe (PID: 2136)
- Unicorn-51691.exe (PID: 7364)
Create files in a temporary directory
- Unicorn-64869.exe (PID: 1348)
- Unicorn-54482.exe (PID: 7484)
- 1 (531).exe (PID: 2136)
- Unicorn-60901.exe (PID: 7968)
- Unicorn-7517.exe (PID: 7992)
- Unicorn-26859.exe (PID: 7948)
- Unicorn-44389.exe (PID: 7464)
- Unicorn-28532.exe (PID: 8048)
- Unicorn-19316.exe (PID: 8084)
- Unicorn-24862.exe (PID: 8108)
- Unicorn-44728.exe (PID: 8132)
- Unicorn-44728.exe (PID: 8116)
- Unicorn-3303.exe (PID: 4268)
- Unicorn-30173.exe (PID: 6808)
- Unicorn-35146.exe (PID: 6404)
- Unicorn-28548.exe (PID: 1056)
- Unicorn-50932.exe (PID: 6240)
- Unicorn-49502.exe (PID: 8068)
- Unicorn-25582.exe (PID: 5380)
- Unicorn-27994.exe (PID: 680)
- Unicorn-50932.exe (PID: 6872)
- Unicorn-13954.exe (PID: 8124)
- Unicorn-50932.exe (PID: 5416)
- Unicorn-41451.exe (PID: 1168)
- Unicorn-8089.exe (PID: 8100)
- Unicorn-42187.exe (PID: 5728)
- Unicorn-31607.exe (PID: 4120)
- Unicorn-21252.exe (PID: 7984)
- Unicorn-21850.exe (PID: 5720)
- Unicorn-57231.exe (PID: 7436)
- Unicorn-54226.exe (PID: 7580)
- Unicorn-59722.exe (PID: 7588)
- Unicorn-14665.exe (PID: 7524)
- Unicorn-56933.exe (PID: 7576)
- Unicorn-31447.exe (PID: 7412)
- Unicorn-40956.exe (PID: 7684)
- Unicorn-11328.exe (PID: 7744)
- Unicorn-52206.exe (PID: 7748)
- Unicorn-40913.exe (PID: 7424)
- Unicorn-3367.exe (PID: 4164)
- Unicorn-55626.exe (PID: 7208)
- Unicorn-52087.exe (PID: 6436)
- Unicorn-34765.exe (PID: 1616)
- Unicorn-42330.exe (PID: 5156)
- Unicorn-5683.exe (PID: 7000)
- Unicorn-54578.exe (PID: 7656)
- Unicorn-37227.exe (PID: 1660)
- Unicorn-54578.exe (PID: 7672)
- Unicorn-29779.exe (PID: 5360)
- Unicorn-50097.exe (PID: 7832)
- Unicorn-50097.exe (PID: 7844)
- Unicorn-23284.exe (PID: 2268)
- Unicorn-45943.exe (PID: 7808)
- Unicorn-17425.exe (PID: 1388)
- Unicorn-52702.exe (PID: 5436)
- Unicorn-53123.exe (PID: 4976)
- Unicorn-900.exe (PID: 5756)
- Unicorn-4425.exe (PID: 5384)
- Unicorn-7497.exe (PID: 2420)
- Unicorn-6765.exe (PID: 5228)
- Unicorn-19569.exe (PID: 7848)
- Unicorn-11327.exe (PID: 4000)
- Unicorn-1779.exe (PID: 7456)
- Unicorn-7280.exe (PID: 7788)
- Unicorn-10366.exe (PID: 7704)
- Unicorn-7669.exe (PID: 6148)
- Unicorn-55028.exe (PID: 4428)
- Unicorn-51691.exe (PID: 7364)
- Unicorn-33158.exe (PID: 2516)
- Unicorn-23293.exe (PID: 5116)
- Unicorn-30099.exe (PID: 6640)
- Unicorn-50304.exe (PID: 3900)
- Unicorn-117.exe (PID: 6476)
- Unicorn-10081.exe (PID: 5428)
- Unicorn-38767.exe (PID: 2504)
- Unicorn-51140.exe (PID: 5072)
- Unicorn-54253.exe (PID: 5176)
- Unicorn-64029.exe (PID: 8224)
- Unicorn-40588.exe (PID: 8240)
- Unicorn-25130.exe (PID: 8204)
- Unicorn-6768.exe (PID: 8256)
- Unicorn-49133.exe (PID: 8504)
- Unicorn-13030.exe (PID: 8496)
- Unicorn-3723.exe (PID: 8412)
- Unicorn-41850.exe (PID: 8424)
- Unicorn-35081.exe (PID: 8636)
- Unicorn-56186.exe (PID: 8628)
- Unicorn-22269.exe (PID: 8792)
- Unicorn-41702.exe (PID: 8808)
- Unicorn-61282.exe (PID: 8776)
- Unicorn-22918.exe (PID: 8820)
- Unicorn-33745.exe (PID: 8800)
- Unicorn-53166.exe (PID: 8784)
- Unicorn-8333.exe (PID: 8760)
- Unicorn-43327.exe (PID: 8992)
- Unicorn-15973.exe (PID: 7896)
- Unicorn-36605.exe (PID: 8928)
- Unicorn-12349.exe (PID: 9028)
- Unicorn-35296.exe (PID: 8936)
- Unicorn-6484.exe (PID: 9012)
- Unicorn-29847.exe (PID: 7036)
- Unicorn-21831.exe (PID: 8960)
- Unicorn-11633.exe (PID: 8984)
- Unicorn-28390.exe (PID: 8468)
- Unicorn-9542.exe (PID: 8968)
- Unicorn-51328.exe (PID: 9188)
- Unicorn-8145.exe (PID: 9064)
- Unicorn-40698.exe (PID: 8388)
- Unicorn-38754.exe (PID: 9164)
- Unicorn-21894.exe (PID: 5776)
- Unicorn-38852.exe (PID: 8952)
- Unicorn-19701.exe (PID: 8700)
- Unicorn-4412.exe (PID: 9228)
- Unicorn-15753.exe (PID: 8696)
- Unicorn-48783.exe (PID: 8828)
- Unicorn-48259.exe (PID: 7860)
- Unicorn-29827.exe (PID: 9276)
- Unicorn-49136.exe (PID: 9256)
- Unicorn-2940.exe (PID: 9316)
- Unicorn-29827.exe (PID: 9284)
- Unicorn-392.exe (PID: 9292)
- Unicorn-51538.exe (PID: 9404)
- Unicorn-32899.exe (PID: 9360)
- Unicorn-3199.exe (PID: 9248)
- Unicorn-16998.exe (PID: 9412)
- Unicorn-36323.exe (PID: 9456)
- Unicorn-3847.exe (PID: 9436)
- Unicorn-8608.exe (PID: 9424)
- Unicorn-23683.exe (PID: 9376)
- Unicorn-54534.exe (PID: 9544)
- Unicorn-54269.exe (PID: 9552)
- Unicorn-18694.exe (PID: 9628)
Creates files or folders in the user directory
- WerFault.exe (PID: 8704)
- WerFault.exe (PID: 8604)
- WerFault.exe (PID: 10436)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | DOS Executable Generic (100) |
|---|
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
470
Monitored processes
331
Malicious processes
47
Suspicious processes
46
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-24437.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24437.exe | — | Unicorn-11327.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 680 | C:\Users\admin\AppData\Local\Temp\Unicorn-27994.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27994.exe | Unicorn-60901.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 744 | C:\Users\admin\AppData\Local\Temp\Unicorn-3756.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-3756.exe | — | Unicorn-7517.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-34942.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34942.exe | Unicorn-7517.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Exit code: 0 Version: 1.00 Modules
| |||||||||||||||
| 1056 | C:\Users\admin\AppData\Local\Temp\Unicorn-28548.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28548.exe | Unicorn-44389.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1168 | C:\Users\admin\AppData\Local\Temp\Unicorn-41451.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41451.exe | Unicorn-64869.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1348 | C:\Users\admin\AppData\Local\Temp\Unicorn-64869.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64869.exe | 1 (531).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1388 | C:\Users\admin\AppData\Local\Temp\Unicorn-17425.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17425.exe | Unicorn-64869.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1616 | C:\Users\admin\AppData\Local\Temp\Unicorn-34765.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34765.exe | Unicorn-50932.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1660 | C:\Users\admin\AppData\Local\Temp\Unicorn-37227.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37227.exe | Unicorn-24862.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
11 970
Read events
11 970
Write events
0
Delete events
0
Modification events
Executable files
982
Suspicious files
9
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2136 | 1 (531).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13954.exe | executable | |
MD5:657B1C5510E50022AB746D93883676DA | SHA256:C2F446F7CDD058C9A9395A88F4AD41A0943CDEFB09E12DCDA6BEDA11679E9F59 | |||
| 2136 | 1 (531).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54482.exe | executable | |
MD5:B65531B2A46E8EDF80C1B6502EDFB9BB | SHA256:E5CA22DC8F2734B06BB488D7F83A9886EF02095C4733ED0025BC618202B62FB1 | |||
| 2136 | 1 (531).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64869.exe | executable | |
MD5:09DC7B00F4A793F5B8830F6C0C517EE3 | SHA256:1CD30712F86A62B35024DB96C90251C717601C7CDDA6F68A21ACABE24E8955C1 | |||
| 7464 | Unicorn-44389.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26859.exe | executable | |
MD5:5D5F63CAFF08855F5BF1910052D25973 | SHA256:4E7C22F9D90F33E4DE0B335BFFD3A3E4F3AEFEE40C184377FBF349D281952DD7 | |||
| 7948 | Unicorn-26859.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28532.exe | executable | |
MD5:5668DCDC515688C3BEBE47724FE0EE7E | SHA256:68118C87170EAE1E8D5AD9A797F2A925C255AAB9AD01C44DFC91A4AFE82D0BAA | |||
| 1348 | Unicorn-64869.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44389.exe | executable | |
MD5:2A7B8AB79B04D7E87FC64DF08225CE26 | SHA256:E015C2C222B1CEBE9AFB2769580DEB63107653247119D8F328413D1B3FDE0BB6 | |||
| 2136 | 1 (531).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21252.exe | executable | |
MD5:6B6A7F23B0ED05224377EB934E880FD4 | SHA256:E5CA22DC8F2734B06BB488D7F83A9886EF02095C4733ED0025BC618202B62FB1 | |||
| 7484 | Unicorn-54482.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24862.exe | executable | |
MD5:F7FC8536FA116AE2F104496973F18267 | SHA256:2360DF9C393B2FE8F904CBB91CDF2C6E4AF093D3059A6AC4C1221828DB55C6CA | |||
| 1348 | Unicorn-64869.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-7517.exe | executable | |
MD5:3C58325A02516B7BF60DC4F903DFAEDA | SHA256:24FAE9224EF2CBEBEC21AADEC802F8EC701D2E126664E0BB08620906A7E8D439 | |||
| 7968 | Unicorn-60901.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19316.exe | executable | |
MD5:1856BBCD49E55EB0B10090370DF6BA46 | SHA256:74F0B42A88E322C8DCE1DADDB8ECE38CE56BCD5A86ABA59C18AABFA0D97CF1BE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6876 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8360 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
8360 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.16.168.199:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1116 | RUXIMICS.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.16.168.199:80 | crl.microsoft.com | Akamai International B.V. | RU | whitelisted |
5496 | MoUsoCoreWorker.exe | 20.73.194.208:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.31.69:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
2112 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |