| File name: | 1 (1296) |
| Full analysis: | https://app.any.run/tasks/37e6f423-e0ce-490c-b5ae-362fbbe1079a |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 13:25:07 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | B3949D76DE8A69C66ECDE69C1396AD20 |
| SHA1: | 6A7FC627C00A620AC78DF8C46893356155F3D911 |
| SHA256: | 758349447E51272CBE84391CC84AADEEE7C81CAFA936E28D8921AE32A625CFEB |
| SSDEEP: | 6144:u7NgXWEt2DHHA5llYXYVhofxgyIqlvJGBC/cyeMdxk/8SwjwpyAvEh4dkChps77a:uh2jEHA5TYIuIMhaCEyeMdlx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1296).exe (PID: 1328)
- Unicorn-49760.exe (PID: 2240)
- Unicorn-21037.exe (PID: 6988)
- Unicorn-46288.exe (PID: 516)
- Unicorn-47461.exe (PID: 1052)
- Unicorn-23733.exe (PID: 2096)
- Unicorn-51223.exe (PID: 6876)
- Unicorn-18401.exe (PID: 5608)
- Unicorn-20299.exe (PID: 6248)
- Unicorn-34135.exe (PID: 6644)
- Unicorn-41788.exe (PID: 4436)
- Unicorn-9338.exe (PID: 1020)
- Unicorn-62266.exe (PID: 6540)
- Unicorn-55754.exe (PID: 4336)
- Unicorn-62531.exe (PID: 2244)
- Unicorn-50772.exe (PID: 4812)
- Unicorn-43969.exe (PID: 5756)
- Unicorn-47861.exe (PID: 6592)
- Unicorn-41731.exe (PID: 2284)
- Unicorn-58852.exe (PID: 3192)
- Unicorn-57736.exe (PID: 7020)
- Unicorn-8535.exe (PID: 6632)
- Unicorn-23147.exe (PID: 664)
- Unicorn-12064.exe (PID: 1188)
- Unicorn-27067.exe (PID: 5640)
- Unicorn-56112.exe (PID: 4016)
- Unicorn-20347.exe (PID: 6244)
- Unicorn-56112.exe (PID: 5800)
- Unicorn-21878.exe (PID: 7200)
- Unicorn-14648.exe (PID: 7252)
- Unicorn-20508.exe (PID: 7236)
- Unicorn-1094.exe (PID: 7436)
- Unicorn-61758.exe (PID: 4692)
- Unicorn-12510.exe (PID: 7180)
- Unicorn-14415.exe (PID: 7444)
- Unicorn-24613.exe (PID: 7488)
- Unicorn-24348.exe (PID: 7480)
- Unicorn-45780.exe (PID: 7520)
- Unicorn-32680.exe (PID: 7556)
- Unicorn-17383.exe (PID: 7472)
- Unicorn-50871.exe (PID: 7628)
- Unicorn-26673.exe (PID: 7664)
- Unicorn-29364.exe (PID: 7892)
- Unicorn-38629.exe (PID: 7736)
- Unicorn-985.exe (PID: 7616)
- Unicorn-38811.exe (PID: 7564)
- Unicorn-39771.exe (PID: 7848)
- Unicorn-53392.exe (PID: 7756)
- Unicorn-985.exe (PID: 7608)
- Unicorn-60392.exe (PID: 7600)
- Unicorn-19028.exe (PID: 7744)
- Unicorn-50871.exe (PID: 7692)
- Unicorn-24696.exe (PID: 7812)
- Unicorn-50824.exe (PID: 7784)
- Unicorn-5152.exe (PID: 7796)
- Unicorn-43964.exe (PID: 7592)
- Unicorn-50871.exe (PID: 7656)
- Unicorn-12806.exe (PID: 7856)
- Unicorn-24047.exe (PID: 7900)
- Unicorn-9821.exe (PID: 7980)
- Unicorn-29033.exe (PID: 8016)
- Unicorn-57861.exe (PID: 7940)
- Unicorn-19905.exe (PID: 7824)
- Unicorn-50352.exe (PID: 8096)
- Unicorn-4913.exe (PID: 8104)
- Unicorn-44685.exe (PID: 8144)
- Unicorn-2630.exe (PID: 7964)
- Unicorn-16803.exe (PID: 8076)
- Unicorn-11047.exe (PID: 7928)
- Unicorn-31105.exe (PID: 7468)
- Unicorn-55615.exe (PID: 8004)
- Unicorn-13298.exe (PID: 8132)
- Unicorn-35490.exe (PID: 7344)
- Unicorn-42864.exe (PID: 7232)
- Unicorn-6600.exe (PID: 6080)
- Unicorn-44710.exe (PID: 300)
- Unicorn-23736.exe (PID: 7536)
- Unicorn-48463.exe (PID: 6344)
- Unicorn-27296.exe (PID: 8232)
- Unicorn-51992.exe (PID: 5740)
- Unicorn-7487.exe (PID: 8212)
- Unicorn-63860.exe (PID: 8272)
- Unicorn-32257.exe (PID: 8320)
- Unicorn-32257.exe (PID: 8328)
- Unicorn-19128.exe (PID: 8252)
- Unicorn-32257.exe (PID: 8312)
- Unicorn-62132.exe (PID: 7316)
- Unicorn-30996.exe (PID: 8396)
- Unicorn-52485.exe (PID: 8380)
- Unicorn-40316.exe (PID: 8592)
- Unicorn-52163.exe (PID: 8416)
- Unicorn-32619.exe (PID: 8372)
- Unicorn-13957.exe (PID: 8508)
- Unicorn-20088.exe (PID: 8516)
- Unicorn-11157.exe (PID: 8500)
- Unicorn-31061.exe (PID: 8880)
- Unicorn-60736.exe (PID: 8544)
- Unicorn-11919.exe (PID: 8524)
- Unicorn-27294.exe (PID: 8452)
- Unicorn-51207.exe (PID: 8780)
- Unicorn-40051.exe (PID: 8568)
- Unicorn-222.exe (PID: 8492)
- Unicorn-37746.exe (PID: 8832)
- Unicorn-60352.exe (PID: 8756)
- Unicorn-27872.exe (PID: 8748)
- Unicorn-65432.exe (PID: 8684)
- Unicorn-33217.exe (PID: 8632)
- Unicorn-41638.exe (PID: 8944)
- Unicorn-22893.exe (PID: 8888)
- Unicorn-40316.exe (PID: 8584)
- Unicorn-64820.exe (PID: 8536)
- Unicorn-544.exe (PID: 8460)
- Unicorn-52376.exe (PID: 8676)
- Unicorn-33470.exe (PID: 8952)
- Unicorn-28261.exe (PID: 8872)
- Unicorn-41555.exe (PID: 8896)
- Unicorn-20450.exe (PID: 8576)
- Unicorn-56906.exe (PID: 9136)
- Unicorn-33662.exe (PID: 8848)
- Unicorn-26702.exe (PID: 9028)
- Unicorn-27872.exe (PID: 8740)
- Unicorn-9096.exe (PID: 9060)
- Unicorn-28832.exe (PID: 9228)
- Unicorn-20581.exe (PID: 8652)
- Unicorn-27680.exe (PID: 8800)
- Unicorn-25110.exe (PID: 9128)
- Unicorn-24748.exe (PID: 9020)
- Unicorn-40766.exe (PID: 9312)
- Unicorn-57612.exe (PID: 8840)
- Unicorn-36402.exe (PID: 8764)
- Unicorn-16506.exe (PID: 8904)
- Unicorn-9672.exe (PID: 9268)
- Unicorn-2089.exe (PID: 9144)
- Unicorn-46822.exe (PID: 2152)
- Unicorn-63542.exe (PID: 8928)
- Unicorn-40486.exe (PID: 8856)
- Unicorn-11303.exe (PID: 8732)
Executable content was dropped or overwritten
- 1 (1296).exe (PID: 1328)
- Unicorn-21037.exe (PID: 6988)
- Unicorn-46288.exe (PID: 516)
- Unicorn-49760.exe (PID: 2240)
- Unicorn-23733.exe (PID: 2096)
- Unicorn-51223.exe (PID: 6876)
- Unicorn-47461.exe (PID: 1052)
- Unicorn-29179.exe (PID: 4692)
- Unicorn-18401.exe (PID: 5608)
- Unicorn-20299.exe (PID: 6248)
- Unicorn-34135.exe (PID: 6644)
- Unicorn-41788.exe (PID: 4436)
- Unicorn-9338.exe (PID: 1020)
- Unicorn-55754.exe (PID: 4336)
- Unicorn-62531.exe (PID: 2244)
- Unicorn-41731.exe (PID: 2284)
- Unicorn-47861.exe (PID: 6592)
- Unicorn-50772.exe (PID: 4812)
- Unicorn-43969.exe (PID: 5756)
- Unicorn-58852.exe (PID: 3192)
- Unicorn-57736.exe (PID: 7020)
- Unicorn-8535.exe (PID: 6632)
- Unicorn-12064.exe (PID: 1188)
- Unicorn-27067.exe (PID: 5640)
- Unicorn-56112.exe (PID: 4016)
- Unicorn-62266.exe (PID: 6540)
- Unicorn-21878.exe (PID: 7200)
- Unicorn-61758.exe (PID: 4692)
- Unicorn-14648.exe (PID: 7252)
- Unicorn-20508.exe (PID: 7236)
- Unicorn-1094.exe (PID: 7436)
- Unicorn-12510.exe (PID: 7180)
- Unicorn-14415.exe (PID: 7444)
- Unicorn-24613.exe (PID: 7488)
- Unicorn-17383.exe (PID: 7472)
- Unicorn-45780.exe (PID: 7520)
- Unicorn-32680.exe (PID: 7556)
- Unicorn-23736.exe (PID: 7536)
- Unicorn-24348.exe (PID: 7480)
- Unicorn-38811.exe (PID: 7564)
- Unicorn-26673.exe (PID: 7664)
- Unicorn-38629.exe (PID: 7736)
- Unicorn-29364.exe (PID: 7892)
- Unicorn-50871.exe (PID: 7628)
- Unicorn-39771.exe (PID: 7848)
- Unicorn-23147.exe (PID: 664)
- Unicorn-53392.exe (PID: 7756)
- Unicorn-50871.exe (PID: 7656)
- Unicorn-43964.exe (PID: 7592)
- Unicorn-985.exe (PID: 7608)
- Unicorn-60392.exe (PID: 7600)
- Unicorn-50871.exe (PID: 7692)
- Unicorn-24696.exe (PID: 7812)
- Unicorn-50824.exe (PID: 7784)
- Unicorn-5152.exe (PID: 7796)
- Unicorn-12806.exe (PID: 7856)
- Unicorn-9821.exe (PID: 7980)
- Unicorn-57861.exe (PID: 7940)
- Unicorn-29033.exe (PID: 8016)
- Unicorn-20347.exe (PID: 6244)
- Unicorn-56112.exe (PID: 5800)
- Unicorn-19905.exe (PID: 7824)
- Unicorn-50352.exe (PID: 8096)
- Unicorn-4913.exe (PID: 8104)
- Unicorn-44685.exe (PID: 8144)
- Unicorn-11047.exe (PID: 7928)
- Unicorn-62132.exe (PID: 7316)
- Unicorn-31105.exe (PID: 7468)
- Unicorn-2630.exe (PID: 7964)
- Unicorn-16803.exe (PID: 8076)
- Unicorn-13298.exe (PID: 8132)
- Unicorn-35490.exe (PID: 7344)
- Unicorn-42864.exe (PID: 7232)
- Unicorn-55615.exe (PID: 8004)
- Unicorn-48463.exe (PID: 6344)
- Unicorn-27296.exe (PID: 8232)
- Unicorn-51992.exe (PID: 5740)
- Unicorn-6600.exe (PID: 6080)
- Unicorn-44710.exe (PID: 300)
- Unicorn-63860.exe (PID: 8272)
- Unicorn-985.exe (PID: 7616)
- Unicorn-32257.exe (PID: 8328)
- Unicorn-7487.exe (PID: 8212)
- Unicorn-32257.exe (PID: 8320)
- Unicorn-19128.exe (PID: 8252)
- Unicorn-44327.exe (PID: 7636)
- Unicorn-24047.exe (PID: 7900)
- Unicorn-32257.exe (PID: 8312)
- Unicorn-544.exe (PID: 8460)
- Unicorn-30996.exe (PID: 8396)
- Unicorn-40316.exe (PID: 8592)
- Unicorn-52485.exe (PID: 8380)
- Unicorn-11157.exe (PID: 8500)
- Unicorn-32619.exe (PID: 8372)
- Unicorn-20088.exe (PID: 8516)
- Unicorn-52163.exe (PID: 8416)
- Unicorn-13957.exe (PID: 8508)
- Unicorn-31061.exe (PID: 8880)
- Unicorn-37746.exe (PID: 8832)
- Unicorn-11919.exe (PID: 8524)
- Unicorn-27294.exe (PID: 8452)
- Unicorn-61421.exe (PID: 8772)
- Unicorn-222.exe (PID: 8492)
- Unicorn-40051.exe (PID: 8568)
- Unicorn-65432.exe (PID: 8684)
- Unicorn-51207.exe (PID: 8780)
- Unicorn-33217.exe (PID: 8632)
- Unicorn-22893.exe (PID: 8888)
- Unicorn-60352.exe (PID: 8756)
- Unicorn-27872.exe (PID: 8748)
- Unicorn-41638.exe (PID: 8944)
- Unicorn-63542.exe (PID: 8928)
- Unicorn-8411.exe (PID: 9036)
- Unicorn-52376.exe (PID: 8676)
- Unicorn-33470.exe (PID: 8952)
- Unicorn-28261.exe (PID: 8872)
- Unicorn-20450.exe (PID: 8576)
- Unicorn-9096.exe (PID: 9060)
- Unicorn-56906.exe (PID: 9136)
- Unicorn-27872.exe (PID: 8740)
- Unicorn-26702.exe (PID: 9028)
- Unicorn-28832.exe (PID: 9228)
- Unicorn-41555.exe (PID: 8896)
- Unicorn-20581.exe (PID: 8652)
- Unicorn-24748.exe (PID: 9020)
- Unicorn-25110.exe (PID: 9128)
- Unicorn-11303.exe (PID: 8732)
- Unicorn-36402.exe (PID: 8764)
- Unicorn-40766.exe (PID: 9312)
- Unicorn-57612.exe (PID: 8840)
- Unicorn-2089.exe (PID: 9144)
- Unicorn-46822.exe (PID: 2152)
- Unicorn-16506.exe (PID: 8904)
- Unicorn-40486.exe (PID: 8856)
- Unicorn-9672.exe (PID: 9268)
- Unicorn-28422.exe (PID: 9300)
- Unicorn-42537.exe (PID: 9292)
- Unicorn-22008.exe (PID: 9392)
- Unicorn-31654.exe (PID: 9456)
- Unicorn-31654.exe (PID: 9448)
- Unicorn-26822.exe (PID: 9504)
- Unicorn-65479.exe (PID: 9484)
- Unicorn-40316.exe (PID: 8584)
- Unicorn-64820.exe (PID: 8536)
- Unicorn-33662.exe (PID: 8848)
- Unicorn-27680.exe (PID: 8800)
- Unicorn-23051.exe (PID: 9520)
- Unicorn-40482.exe (PID: 9336)
- Unicorn-2464.exe (PID: 9364)
- Unicorn-22885.exe (PID: 9356)
- Unicorn-37414.exe (PID: 9416)
- Unicorn-6439.exe (PID: 9672)
- Unicorn-3855.exe (PID: 9572)
- Unicorn-6377.exe (PID: 9748)
- Unicorn-959.exe (PID: 9740)
- Unicorn-46211.exe (PID: 9720)
- Unicorn-19028.exe (PID: 7744)
- Unicorn-60736.exe (PID: 8544)
- Unicorn-17046.exe (PID: 9536)
- Unicorn-32444.exe (PID: 9556)
- Unicorn-45656.exe (PID: 9652)
- Unicorn-48462.exe (PID: 9804)
Executes application which crashes
- Unicorn-29179.exe (PID: 4692)
- Unicorn-35291.exe (PID: 7220)
- Unicorn-29024.exe (PID: 2904)
INFO
The sample compiled with chinese language support
- 1 (1296).exe (PID: 1328)
Reads the computer name
- 1 (1296).exe (PID: 1328)
- Unicorn-49760.exe (PID: 2240)
- Unicorn-21037.exe (PID: 6988)
- Unicorn-46288.exe (PID: 516)
- Unicorn-47461.exe (PID: 1052)
- Unicorn-23733.exe (PID: 2096)
- Unicorn-51223.exe (PID: 6876)
- Unicorn-29179.exe (PID: 4692)
- Unicorn-62266.exe (PID: 6540)
- Unicorn-43969.exe (PID: 5756)
- Unicorn-20299.exe (PID: 6248)
- Unicorn-62531.exe (PID: 2244)
- Unicorn-23147.exe (PID: 664)
- Unicorn-58852.exe (PID: 3192)
- Unicorn-47861.exe (PID: 6592)
- Unicorn-41731.exe (PID: 2284)
- Unicorn-35291.exe (PID: 7220)
- Unicorn-27067.exe (PID: 5640)
- Unicorn-21878.exe (PID: 7200)
- Unicorn-20508.exe (PID: 7236)
- Unicorn-14415.exe (PID: 7444)
- Unicorn-45780.exe (PID: 7520)
- Unicorn-24613.exe (PID: 7488)
- Unicorn-26673.exe (PID: 7664)
- Unicorn-44327.exe (PID: 7636)
- Unicorn-985.exe (PID: 7608)
- Unicorn-53392.exe (PID: 7756)
- Unicorn-2630.exe (PID: 7964)
- Unicorn-4913.exe (PID: 8104)
- Unicorn-24047.exe (PID: 7900)
- Unicorn-11047.exe (PID: 7928)
- Unicorn-31105.exe (PID: 7468)
- Unicorn-13298.exe (PID: 8132)
- Unicorn-48463.exe (PID: 6344)
- Unicorn-32257.exe (PID: 8328)
- Unicorn-32257.exe (PID: 8312)
- Unicorn-32619.exe (PID: 8372)
- Unicorn-20088.exe (PID: 8516)
- Unicorn-13957.exe (PID: 8508)
- Unicorn-29024.exe (PID: 2904)
- Unicorn-40051.exe (PID: 8568)
- Unicorn-41638.exe (PID: 8944)
- Unicorn-60352.exe (PID: 8756)
- Unicorn-64820.exe (PID: 8536)
- Unicorn-28261.exe (PID: 8872)
- Unicorn-41555.exe (PID: 8896)
- Unicorn-28832.exe (PID: 9228)
- Unicorn-25110.exe (PID: 9128)
- Unicorn-36402.exe (PID: 8764)
- Unicorn-42537.exe (PID: 9292)
Checks supported languages
- 1 (1296).exe (PID: 1328)
- Unicorn-49760.exe (PID: 2240)
- Unicorn-21037.exe (PID: 6988)
- Unicorn-46288.exe (PID: 516)
- Unicorn-47461.exe (PID: 1052)
- Unicorn-51223.exe (PID: 6876)
- Unicorn-29179.exe (PID: 4692)
- Unicorn-23733.exe (PID: 2096)
- Unicorn-62266.exe (PID: 6540)
- Unicorn-18401.exe (PID: 5608)
- Unicorn-20299.exe (PID: 6248)
- Unicorn-43969.exe (PID: 5756)
- Unicorn-9338.exe (PID: 1020)
- Unicorn-41788.exe (PID: 4436)
- Unicorn-41731.exe (PID: 2284)
- Unicorn-8535.exe (PID: 6632)
- Unicorn-12064.exe (PID: 1188)
- Unicorn-56112.exe (PID: 4016)
- Unicorn-12510.exe (PID: 7180)
- Unicorn-47861.exe (PID: 6592)
- Unicorn-21878.exe (PID: 7200)
- Unicorn-20508.exe (PID: 7236)
- Unicorn-1094.exe (PID: 7436)
- Unicorn-14415.exe (PID: 7444)
- Unicorn-17383.exe (PID: 7472)
- Unicorn-45780.exe (PID: 7520)
- Unicorn-32680.exe (PID: 7556)
- Unicorn-985.exe (PID: 7608)
- Unicorn-50871.exe (PID: 7656)
- Unicorn-60392.exe (PID: 7600)
- Unicorn-53392.exe (PID: 7756)
- Unicorn-5152.exe (PID: 7796)
- Unicorn-50824.exe (PID: 7784)
- Unicorn-24047.exe (PID: 7900)
- Unicorn-57861.exe (PID: 7940)
- Unicorn-9821.exe (PID: 7980)
- Unicorn-2630.exe (PID: 7964)
- Unicorn-16803.exe (PID: 8076)
- Unicorn-19905.exe (PID: 7824)
- Unicorn-4913.exe (PID: 8104)
- Unicorn-50352.exe (PID: 8096)
- Unicorn-31105.exe (PID: 7468)
- Unicorn-62132.exe (PID: 7316)
- Unicorn-13298.exe (PID: 8132)
- Unicorn-55615.exe (PID: 8004)
- Unicorn-42864.exe (PID: 7232)
- Unicorn-48463.exe (PID: 6344)
- Unicorn-7487.exe (PID: 8212)
- Unicorn-30996.exe (PID: 8396)
- Unicorn-52163.exe (PID: 8416)
- Unicorn-11157.exe (PID: 8500)
- Unicorn-20088.exe (PID: 8516)
- Unicorn-11919.exe (PID: 8524)
- Unicorn-40316.exe (PID: 8584)
- Unicorn-33217.exe (PID: 8632)
- Unicorn-40316.exe (PID: 8592)
- Unicorn-222.exe (PID: 8492)
- Unicorn-27680.exe (PID: 8800)
- Unicorn-51207.exe (PID: 8780)
- Unicorn-37746.exe (PID: 8832)
- Unicorn-57612.exe (PID: 8840)
- Unicorn-41638.exe (PID: 8944)
- Unicorn-40486.exe (PID: 8856)
- Unicorn-20581.exe (PID: 8652)
- Unicorn-2089.exe (PID: 9144)
- Unicorn-25110.exe (PID: 9128)
- Unicorn-8411.exe (PID: 9036)
- Unicorn-9672.exe (PID: 9268)
- Unicorn-28261.exe (PID: 8872)
- Unicorn-26702.exe (PID: 9028)
- Unicorn-63542.exe (PID: 8928)
- Unicorn-56906.exe (PID: 9136)
- Unicorn-42537.exe (PID: 9292)
- Unicorn-40482.exe (PID: 9336)
- Unicorn-31654.exe (PID: 9456)
- Unicorn-31654.exe (PID: 9448)
- Unicorn-26822.exe (PID: 9504)
- Unicorn-23051.exe (PID: 9520)
- Unicorn-3855.exe (PID: 9572)
- Unicorn-45656.exe (PID: 9652)
- Unicorn-6439.exe (PID: 9672)
- Unicorn-36201.exe (PID: 9856)
- Unicorn-48462.exe (PID: 9804)
- Unicorn-32444.exe (PID: 9556)
- Unicorn-47768.exe (PID: 10056)
- Unicorn-51852.exe (PID: 10304)
- Unicorn-35738.exe (PID: 10388)
- Unicorn-17131.exe (PID: 10404)
- Unicorn-20990.exe (PID: 10492)
- Unicorn-58951.exe (PID: 10412)
- Unicorn-16210.exe (PID: 10440)
- Unicorn-44783.exe (PID: 10456)
- Unicorn-54675.exe (PID: 10516)
- Unicorn-31322.exe (PID: 10592)
- Unicorn-50975.exe (PID: 10348)
- Unicorn-20361.exe (PID: 10712)
- Unicorn-18058.exe (PID: 10724)
- Unicorn-39490.exe (PID: 10776)
- Unicorn-22770.exe (PID: 10796)
- Unicorn-3833.exe (PID: 10856)
- Unicorn-3833.exe (PID: 10848)
- Unicorn-37782.exe (PID: 10888)
- Unicorn-62983.exe (PID: 10896)
- Unicorn-45551.exe (PID: 10940)
- Unicorn-29927.exe (PID: 10956)
- Unicorn-19070.exe (PID: 10600)
- Unicorn-60103.exe (PID: 10624)
- Unicorn-25149.exe (PID: 10696)
- Unicorn-11670.exe (PID: 11060)
- Unicorn-56787.exe (PID: 11092)
- Unicorn-52376.exe (PID: 11172)
- Unicorn-56616.exe (PID: 6816)
- Unicorn-11809.exe (PID: 10992)
- Unicorn-32775.exe (PID: 11180)
- Unicorn-12054.exe (PID: 5204)
- Unicorn-30057.exe (PID: 11396)
- Unicorn-64161.exe (PID: 11416)
- Unicorn-8930.exe (PID: 11444)
- Unicorn-12002.exe (PID: 11472)
- Unicorn-3751.exe (PID: 11316)
- Unicorn-53087.exe (PID: 11280)
- Unicorn-33351.exe (PID: 11340)
- Unicorn-51638.exe (PID: 11652)
- Unicorn-7991.exe (PID: 11560)
- Unicorn-1861.exe (PID: 11544)
- Unicorn-54945.exe (PID: 11636)
- Unicorn-51506.exe (PID: 11700)
- Unicorn-46786.exe (PID: 11516)
- Unicorn-48806.exe (PID: 11740)
- Unicorn-34315.exe (PID: 11816)
- Unicorn-24519.exe (PID: 11908)
- Unicorn-53513.exe (PID: 12048)
- Unicorn-1852.exe (PID: 12064)
- Unicorn-38246.exe (PID: 12028)
- Unicorn-20955.exe (PID: 12056)
- Unicorn-54089.exe (PID: 12168)
- Unicorn-12179.exe (PID: 12192)
- Unicorn-21116.exe (PID: 12276)
- Unicorn-18786.exe (PID: 1324)
- Unicorn-21801.exe (PID: 12332)
- Unicorn-21801.exe (PID: 12324)
- Unicorn-54473.exe (PID: 12316)
- Unicorn-17416.exe (PID: 12528)
- Unicorn-43949.exe (PID: 12720)
- Unicorn-46772.exe (PID: 12800)
- Unicorn-4077.exe (PID: 12740)
- Unicorn-35781.exe (PID: 12780)
- Unicorn-52776.exe (PID: 13216)
- Unicorn-55198.exe (PID: 13156)
- Unicorn-55198.exe (PID: 13168)
Create files in a temporary directory
- 1 (1296).exe (PID: 1328)
- Unicorn-46288.exe (PID: 516)
- Unicorn-21037.exe (PID: 6988)
- Unicorn-51223.exe (PID: 6876)
- Unicorn-29179.exe (PID: 4692)
- Unicorn-47461.exe (PID: 1052)
- Unicorn-18401.exe (PID: 5608)
- Unicorn-20299.exe (PID: 6248)
- Unicorn-9338.exe (PID: 1020)
- Unicorn-23733.exe (PID: 2096)
- Unicorn-41788.exe (PID: 4436)
- Unicorn-55754.exe (PID: 4336)
- Unicorn-62531.exe (PID: 2244)
- Unicorn-50772.exe (PID: 4812)
- Unicorn-34135.exe (PID: 6644)
- Unicorn-58852.exe (PID: 3192)
- Unicorn-57736.exe (PID: 7020)
- Unicorn-8535.exe (PID: 6632)
- Unicorn-12064.exe (PID: 1188)
- Unicorn-27067.exe (PID: 5640)
- Unicorn-49760.exe (PID: 2240)
- Unicorn-61758.exe (PID: 4692)
- Unicorn-62266.exe (PID: 6540)
- Unicorn-21878.exe (PID: 7200)
- Unicorn-14648.exe (PID: 7252)
- Unicorn-20508.exe (PID: 7236)
- Unicorn-1094.exe (PID: 7436)
- Unicorn-14415.exe (PID: 7444)
- Unicorn-41731.exe (PID: 2284)
- Unicorn-24613.exe (PID: 7488)
- Unicorn-24348.exe (PID: 7480)
- Unicorn-17383.exe (PID: 7472)
- Unicorn-45780.exe (PID: 7520)
- Unicorn-23736.exe (PID: 7536)
- Unicorn-50871.exe (PID: 7628)
- Unicorn-38811.exe (PID: 7564)
- Unicorn-38629.exe (PID: 7736)
- Unicorn-29364.exe (PID: 7892)
- Unicorn-985.exe (PID: 7608)
- Unicorn-53392.exe (PID: 7756)
- Unicorn-39771.exe (PID: 7848)
- Unicorn-50871.exe (PID: 7656)
- Unicorn-43964.exe (PID: 7592)
- Unicorn-23147.exe (PID: 664)
- Unicorn-50824.exe (PID: 7784)
- Unicorn-5152.exe (PID: 7796)
- Unicorn-19905.exe (PID: 7824)
- Unicorn-9821.exe (PID: 7980)
- Unicorn-20347.exe (PID: 6244)
- Unicorn-29033.exe (PID: 8016)
- Unicorn-57861.exe (PID: 7940)
- Unicorn-56112.exe (PID: 5800)
- Unicorn-16803.exe (PID: 8076)
- Unicorn-50352.exe (PID: 8096)
- Unicorn-44685.exe (PID: 8144)
- Unicorn-31105.exe (PID: 7468)
- Unicorn-47861.exe (PID: 6592)
- Unicorn-42864.exe (PID: 7232)
- Unicorn-13298.exe (PID: 8132)
- Unicorn-32680.exe (PID: 7556)
- Unicorn-63860.exe (PID: 8272)
- Unicorn-32257.exe (PID: 8320)
- Unicorn-32257.exe (PID: 8328)
- Unicorn-26673.exe (PID: 7664)
- Unicorn-60392.exe (PID: 7600)
- Unicorn-19128.exe (PID: 8252)
- Unicorn-44327.exe (PID: 7636)
- Unicorn-56112.exe (PID: 4016)
- Unicorn-43969.exe (PID: 5756)
- Unicorn-12510.exe (PID: 7180)
- Unicorn-55615.exe (PID: 8004)
- Unicorn-62132.exe (PID: 7316)
- Unicorn-4913.exe (PID: 8104)
- Unicorn-40316.exe (PID: 8592)
- Unicorn-11157.exe (PID: 8500)
- Unicorn-52485.exe (PID: 8380)
- Unicorn-35490.exe (PID: 7344)
- Unicorn-51992.exe (PID: 5740)
- Unicorn-6600.exe (PID: 6080)
- Unicorn-31061.exe (PID: 8880)
- Unicorn-222.exe (PID: 8492)
- Unicorn-65432.exe (PID: 8684)
- Unicorn-22893.exe (PID: 8888)
- Unicorn-60352.exe (PID: 8756)
- Unicorn-52376.exe (PID: 8676)
- Unicorn-27872.exe (PID: 8740)
- Unicorn-25110.exe (PID: 9128)
- Unicorn-46822.exe (PID: 2152)
Creates files or folders in the user directory
- WerFault.exe (PID: 6036)
- WerFault.exe (PID: 7972)
- WerFault.exe (PID: 12128)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
468
Monitored processes
334
Malicious processes
50
Suspicious processes
38
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 300 | C:\Users\admin\AppData\Local\Temp\Unicorn-44710.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44710.exe | Unicorn-62531.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 516 | C:\Users\admin\AppData\Local\Temp\Unicorn-46288.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46288.exe | 1 (1296).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 664 | C:\Users\admin\AppData\Local\Temp\Unicorn-23147.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23147.exe | Unicorn-46288.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1020 | C:\Users\admin\AppData\Local\Temp\Unicorn-9338.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9338.exe | Unicorn-49760.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\WINDOWS\system32\SppExtComObj.exe -Embedding | C:\Windows\System32\SppExtComObj.Exe | — | svchost.exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: KMS Connection Broker Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1052 | C:\Users\admin\AppData\Local\Temp\Unicorn-47461.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47461.exe | Unicorn-21037.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-12064.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12064.exe | Unicorn-41788.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-18786.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18786.exe | — | Unicorn-28261.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1328 | "C:\Users\admin\AppData\Local\Temp\1 (1296).exe" | C:\Users\admin\AppData\Local\Temp\1 (1296).exe | explorer.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2096 | C:\Users\admin\AppData\Local\Temp\Unicorn-23733.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23733.exe | 1 (1296).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
11 927
Read events
11 927
Write events
0
Delete events
0
Modification events
Executable files
762
Suspicious files
6
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2240 | Unicorn-49760.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-51223.exe | executable | |
MD5:E1DD741BF0A5A90D4805EBFBE38407D1 | SHA256:27D7794FDB1FC61589EE9D42A7CDC20BCBC788F62246C6F6A9EEDC31537D632F | |||
| 6036 | WerFault.exe | C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Unicorn-29179.ex_759c743db37a6c9981fba21638a9899fd94aa4_b87b4be7_e8942cc5-ace3-45dc-b38f-a29fe72c7ef1\Report.wer | — | |
MD5:— | SHA256:— | |||
| 1328 | 1 (1296).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49760.exe | executable | |
MD5:B85FB29884CC47078A29D79B910ADA5A | SHA256:D386D5900855C4548475F05EEA37582F80187A4A6BD5D19900017AB2116441B3 | |||
| 2240 | Unicorn-49760.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21037.exe | executable | |
MD5:7D445C3A2E1321546D0C0107F938C47C | SHA256:64F560440C7EACF1723CEB205843F60C24C77C68BFD15FCBA8A57C1CDAE0CC59 | |||
| 1328 | 1 (1296).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46288.exe | executable | |
MD5:45CAA01E79D85DD3E9CADDE3A6F1B495 | SHA256:E33B6AEB5B915F2CDD16AA7D7B1134D76C2FB26E5CFA98765F9E73512A7AE026 | |||
| 516 | Unicorn-46288.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29179.exe | executable | |
MD5:20C7B4A57808307F0A44C6680F622801 | SHA256:57A17EC4CAD261CC9AA5A98A8F04F0DE2652544C100D9F7A114A81FB181ED7B3 | |||
| 1328 | 1 (1296).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23733.exe | executable | |
MD5:A97DAA5E52BAE3606C3F2A955ACF39AB | SHA256:E33B6AEB5B915F2CDD16AA7D7B1134D76C2FB26E5CFA98765F9E73512A7AE026 | |||
| 516 | Unicorn-46288.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41788.exe | executable | |
MD5:2AE61E874D893220B8EB86A92866F709 | SHA256:DB035B5B296AF9432247D9E055E7A6A9CAC16B05EF10A56B94092E1DE3DA58FB | |||
| 6036 | WerFault.exe | C:\ProgramData\Microsoft\Windows\WER\Temp\WER34DA.tmp.xml | xml | |
MD5:3BA142212346B811F1B52A14F1595828 | SHA256:E4FE237025BC4E316A26B16DBABBAD0BA97B24E239F92DADB7879CB477960A01 | |||
| 5608 | Unicorn-18401.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-55754.exe | executable | |
MD5:9975FA56D89E7FE3A57144AEA6BBED39 | SHA256:247FDCD42AD2AC6A4409B6F23F8BE95A5AB0D158903979F20F6C371DAB650FC0 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
26
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5496 | MoUsoCoreWorker.exe | GET | 200 | 23.48.23.164:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
680 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 23.48.23.164:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7296 | SIHClient.exe | GET | 200 | 2.16.253.202:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
7296 | SIHClient.exe | GET | 200 | 2.16.253.202:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5496 | MoUsoCoreWorker.exe | 23.48.23.164:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
— | — | 23.48.23.164:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.159.4:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
5304 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
680 | backgroundTaskHost.exe | 20.31.169.57:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |