| File name: | 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1 |
| Full analysis: | https://app.any.run/tasks/af39c055-6934-44c9-a810-3bb4692caae1 |
| Verdict: | Malicious activity |
| Analysis date: | November 17, 2024, 08:28:03 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | A30D57676E3B5452192B318ED181BAB0 |
| SHA1: | 81FC0B9236FF5C7B3C0255F7ACE9B5EBD98E856E |
| SHA256: | 8F542BFE4C5634B2E14D24D853AA0B304BF09B7A99792B005E534ADFABFE39F1 |
| SSDEEP: | 6144:ac371eTdkDo0A5AaF2+QiFfx5nBqlp8GB/LWyd3utk/8SwuwprAvEh9/iTrEsoha:akB6D0A5JFtVBM+a/6yd3ulx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe (PID: 5584)
- Unicorn-33595.exe (PID: 5276)
- Unicorn-1506.exe (PID: 5900)
- Unicorn-2378.exe (PID: 5356)
- Unicorn-15574.exe (PID: 3744)
- Unicorn-23078.exe (PID: 6180)
- Unicorn-1034.exe (PID: 7100)
- Unicorn-52273.exe (PID: 7120)
- Unicorn-23048.exe (PID: 7156)
- Unicorn-14386.exe (PID: 1784)
- Unicorn-59674.exe (PID: 7112)
- Unicorn-55419.exe (PID: 3156)
- Unicorn-32760.exe (PID: 4692)
- Unicorn-11729.exe (PID: 4684)
- Unicorn-31019.exe (PID: 6404)
- Unicorn-20390.exe (PID: 1712)
- Unicorn-46322.exe (PID: 6428)
- Unicorn-15835.exe (PID: 5824)
- Unicorn-34584.exe (PID: 6220)
- Unicorn-8745.exe (PID: 5172)
- Unicorn-50043.exe (PID: 6432)
- Unicorn-15835.exe (PID: 1332)
- Unicorn-46514.exe (PID: 6128)
- Unicorn-15835.exe (PID: 692)
- Unicorn-15752.exe (PID: 6260)
- Unicorn-8744.exe (PID: 3568)
- Unicorn-42560.exe (PID: 6216)
- Unicorn-4137.exe (PID: 6696)
- Unicorn-3758.exe (PID: 2236)
- Unicorn-15072.exe (PID: 2632)
- Unicorn-17872.exe (PID: 5828)
- Unicorn-9114.exe (PID: 5168)
- Unicorn-33811.exe (PID: 6824)
- Unicorn-13945.exe (PID: 1376)
- Unicorn-60545.exe (PID: 3912)
- Unicorn-23624.exe (PID: 2224)
- Unicorn-14137.exe (PID: 3848)
- Unicorn-6270.exe (PID: 5232)
- Unicorn-370.exe (PID: 6880)
- Unicorn-2482.exe (PID: 4228)
- Unicorn-5589.exe (PID: 3960)
- Unicorn-43899.exe (PID: 2444)
- Unicorn-34880.exe (PID: 4448)
- Unicorn-1522.exe (PID: 5588)
- Unicorn-59083.exe (PID: 7056)
- Unicorn-41793.exe (PID: 6996)
- Unicorn-2098.exe (PID: 6196)
- Unicorn-31433.exe (PID: 7236)
- Unicorn-63914.exe (PID: 2360)
- Unicorn-26603.exe (PID: 6784)
- Unicorn-51107.exe (PID: 5660)
- Unicorn-50945.exe (PID: 7260)
- Unicorn-51299.exe (PID: 7252)
- Unicorn-43131.exe (PID: 7208)
- Unicorn-47945.exe (PID: 7292)
- Unicorn-57075.exe (PID: 7272)
- Unicorn-7609.exe (PID: 7300)
- Unicorn-9986.exe (PID: 7356)
- Unicorn-40473.exe (PID: 7536)
- Unicorn-54017.exe (PID: 7448)
- Unicorn-46146.exe (PID: 7376)
- Unicorn-9218.exe (PID: 7400)
- Unicorn-15969.exe (PID: 7576)
- Unicorn-51979.exe (PID: 7492)
- Unicorn-51979.exe (PID: 7484)
- Unicorn-33915.exe (PID: 7412)
- Unicorn-35072.exe (PID: 7620)
- Unicorn-39705.exe (PID: 7740)
- Unicorn-10178.exe (PID: 7704)
- Unicorn-33738.exe (PID: 3852)
- Unicorn-51403.exe (PID: 7768)
- Unicorn-1138.exe (PID: 3732)
- Unicorn-11714.exe (PID: 7884)
- Unicorn-24905.exe (PID: 7904)
- Unicorn-10894.exe (PID: 7948)
- Unicorn-62569.exe (PID: 7628)
- Unicorn-50547.exe (PID: 8028)
- Unicorn-6369.exe (PID: 8056)
- Unicorn-12887.exe (PID: 8092)
- Unicorn-23665.exe (PID: 7752)
- Unicorn-35747.exe (PID: 7696)
- Unicorn-14423.exe (PID: 1344)
- Unicorn-28729.exe (PID: 1880)
- Unicorn-36987.exe (PID: 7928)
- Unicorn-43811.exe (PID: 7500)
- Unicorn-4728.exe (PID: 7796)
- Unicorn-23265.exe (PID: 7200)
- Unicorn-37001.exe (PID: 7192)
- Unicorn-45067.exe (PID: 8220)
- Unicorn-8760.exe (PID: 8404)
- Unicorn-53235.exe (PID: 8208)
- Unicorn-6530.exe (PID: 8384)
- Unicorn-59519.exe (PID: 8312)
- Unicorn-22016.exe (PID: 8296)
- Unicorn-51050.exe (PID: 8100)
- Unicorn-59275.exe (PID: 6420)
- Unicorn-18569.exe (PID: 8592)
- Unicorn-41921.exe (PID: 8280)
- Unicorn-22016.exe (PID: 8528)
- Unicorn-6490.exe (PID: 8412)
- Unicorn-24520.exe (PID: 8724)
- Unicorn-9061.exe (PID: 8680)
- Unicorn-6530.exe (PID: 8536)
- Unicorn-28279.exe (PID: 7552)
- Unicorn-31035.exe (PID: 8392)
- Unicorn-60562.exe (PID: 8420)
- Unicorn-52202.exe (PID: 8564)
- Unicorn-53235.exe (PID: 8204)
- Unicorn-37283.exe (PID: 8288)
- Unicorn-40281.exe (PID: 7456)
- Unicorn-39587.exe (PID: 8432)
- Unicorn-22976.exe (PID: 8556)
- Unicorn-5192.exe (PID: 8696)
- Unicorn-47682.exe (PID: 8496)
- Unicorn-36249.exe (PID: 8444)
- Unicorn-40665.exe (PID: 8664)
- Unicorn-57594.exe (PID: 8848)
- Unicorn-27875.exe (PID: 8812)
- Unicorn-38731.exe (PID: 8928)
- Unicorn-14034.exe (PID: 8904)
- Unicorn-22203.exe (PID: 8892)
- Unicorn-5591.exe (PID: 8940)
- Unicorn-26073.exe (PID: 9020)
- Unicorn-29411.exe (PID: 9012)
- Unicorn-21435.exe (PID: 9028)
- Unicorn-15186.exe (PID: 9192)
- Unicorn-29411.exe (PID: 9000)
- Unicorn-13458.exe (PID: 9120)
- Unicorn-29411.exe (PID: 8996)
- Unicorn-23931.exe (PID: 8764)
- Unicorn-64195.exe (PID: 9180)
- Unicorn-15487.exe (PID: 8084)
- Unicorn-15872.exe (PID: 7872)
- Unicorn-37579.exe (PID: 8984)
- Unicorn-2424.exe (PID: 7876)
- Unicorn-3297.exe (PID: 8024)
- Unicorn-505.exe (PID: 9296)
- Unicorn-22971.exe (PID: 7860)
- Unicorn-13385.exe (PID: 8868)
- Unicorn-53266.exe (PID: 9356)
- Unicorn-21553.exe (PID: 8844)
- Unicorn-22971.exe (PID: 7800)
- Unicorn-33178.exe (PID: 9276)
- Unicorn-8481.exe (PID: 6364)
- Unicorn-11168.exe (PID: 9316)
- Unicorn-10976.exe (PID: 9252)
- Unicorn-54418.exe (PID: 9232)
- Unicorn-2616.exe (PID: 9224)
- Unicorn-46442.exe (PID: 9304)
- Unicorn-59810.exe (PID: 9400)
- Unicorn-31433.exe (PID: 7244)
- Unicorn-35113.exe (PID: 9392)
- Unicorn-16152.exe (PID: 8760)
- Unicorn-65154.exe (PID: 7920)
- Unicorn-31243.exe (PID: 9536)
- Unicorn-45451.exe (PID: 8272)
- Unicorn-53562.exe (PID: 9516)
- Unicorn-47682.exe (PID: 8504)
- Unicorn-41139.exe (PID: 9652)
- Unicorn-60473.exe (PID: 9576)
- Unicorn-10303.exe (PID: 9588)
- Unicorn-16443.exe (PID: 9628)
- Unicorn-5394.exe (PID: 9488)
- Unicorn-3110.exe (PID: 8544)
- Unicorn-64802.exe (PID: 9748)
- Unicorn-45590.exe (PID: 9784)
- Unicorn-34048.exe (PID: 9852)
- Unicorn-31035.exe (PID: 8452)
- Unicorn-25506.exe (PID: 9912)
- Unicorn-25880.exe (PID: 9824)
- Unicorn-29128.exe (PID: 7816)
- Unicorn-27032.exe (PID: 9952)
- Unicorn-12537.exe (PID: 9888)
- Unicorn-51929.exe (PID: 10052)
- Unicorn-498.exe (PID: 10012)
- Unicorn-15801.exe (PID: 10084)
- Unicorn-4530.exe (PID: 10140)
- Unicorn-65382.exe (PID: 9040)
- Unicorn-51419.exe (PID: 9700)
- Unicorn-7241.exe (PID: 9716)
- Unicorn-797.exe (PID: 9684)
- Unicorn-55786.exe (PID: 1048)
- Unicorn-48495.exe (PID: 2796)
- Unicorn-47618.exe (PID: 6416)
- Unicorn-47042.exe (PID: 10252)
- Unicorn-65215.exe (PID: 6324)
- Unicorn-21005.exe (PID: 10348)
- Unicorn-21005.exe (PID: 10344)
- Unicorn-30513.exe (PID: 10268)
- Unicorn-33664.exe (PID: 10456)
- Unicorn-61131.exe (PID: 10220)
- Unicorn-55385.exe (PID: 6412)
- Unicorn-41265.exe (PID: 10212)
- Unicorn-36395.exe (PID: 10188)
- Unicorn-14177.exe (PID: 5048)
- Unicorn-44442.exe (PID: 10576)
- Unicorn-42138.exe (PID: 10312)
- Unicorn-30024.exe (PID: 10644)
- Unicorn-44814.exe (PID: 10696)
- Unicorn-32625.exe (PID: 10412)
- Unicorn-16289.exe (PID: 10628)
- Unicorn-30897.exe (PID: 10384)
- Unicorn-3409.exe (PID: 10492)
- Unicorn-16289.exe (PID: 10620)
- Unicorn-36273.exe (PID: 10320)
- Unicorn-39065.exe (PID: 10336)
- Unicorn-21632.exe (PID: 8236)
- Unicorn-46361.exe (PID: 10508)
- Unicorn-11577.exe (PID: 10536)
- Unicorn-12472.exe (PID: 10328)
- Unicorn-44249.exe (PID: 10244)
- Unicorn-30705.exe (PID: 10300)
- Unicorn-30897.exe (PID: 10376)
- Unicorn-54721.exe (PID: 10420)
- Unicorn-33664.exe (PID: 10396)
- Unicorn-9766.exe (PID: 10844)
- Unicorn-63378.exe (PID: 10260)
- Unicorn-28947.exe (PID: 10880)
- Unicorn-47395.exe (PID: 11040)
- Unicorn-20779.exe (PID: 10904)
- Unicorn-45667.exe (PID: 10988)
- Unicorn-45091.exe (PID: 10864)
- Unicorn-19361.exe (PID: 11004)
- Unicorn-4634.exe (PID: 10924)
- Unicorn-14722.exe (PID: 11060)
- Unicorn-11193.exe (PID: 11024)
- Unicorn-22808.exe (PID: 10760)
- Unicorn-21739.exe (PID: 10776)
- Unicorn-55297.exe (PID: 10828)
- Unicorn-42137.exe (PID: 10940)
- Unicorn-31251.exe (PID: 11080)
- Unicorn-42137.exe (PID: 10932)
- Unicorn-11769.exe (PID: 11272)
- Unicorn-39611.exe (PID: 11136)
- Unicorn-27913.exe (PID: 11236)
- Unicorn-27913.exe (PID: 11244)
- Unicorn-34929.exe (PID: 11376)
- Unicorn-51458.exe (PID: 11408)
- Unicorn-21931.exe (PID: 11328)
- Unicorn-39611.exe (PID: 11128)
- Unicorn-55179.exe (PID: 11516)
- Unicorn-3134.exe (PID: 11300)
- Unicorn-47779.exe (PID: 11192)
- Unicorn-19745.exe (PID: 11156)
- Unicorn-12454.exe (PID: 11164)
- Unicorn-64042.exe (PID: 11220)
- Unicorn-39611.exe (PID: 11148)
- Unicorn-64115.exe (PID: 11100)
- Unicorn-39803.exe (PID: 8800)
- Unicorn-13954.exe (PID: 11460)
- Unicorn-21931.exe (PID: 11332)
- Unicorn-41649.exe (PID: 11212)
- Unicorn-64307.exe (PID: 11280)
- Unicorn-23083.exe (PID: 11112)
- Unicorn-59071.exe (PID: 11552)
- Unicorn-56139.exe (PID: 11288)
- Unicorn-13015.exe (PID: 11536)
- Unicorn-59263.exe (PID: 11572)
- Unicorn-46627.exe (PID: 11396)
- Unicorn-47779.exe (PID: 11184)
- Unicorn-56139.exe (PID: 11356)
Starts itself from another location
- Unicorn-33595.exe (PID: 5276)
- 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe (PID: 5584)
- Unicorn-15574.exe (PID: 3744)
- Unicorn-23078.exe (PID: 6180)
- Unicorn-1506.exe (PID: 5900)
- Unicorn-2378.exe (PID: 5356)
- Unicorn-1034.exe (PID: 7100)
- Unicorn-52273.exe (PID: 7120)
- Unicorn-23048.exe (PID: 7156)
- Unicorn-59674.exe (PID: 7112)
- Unicorn-14386.exe (PID: 1784)
- Unicorn-31019.exe (PID: 6404)
- Unicorn-32760.exe (PID: 4692)
- Unicorn-55419.exe (PID: 3156)
- Unicorn-11729.exe (PID: 4684)
- Unicorn-23624.exe (PID: 2224)
- Unicorn-3758.exe (PID: 2236)
- Unicorn-20390.exe (PID: 1712)
- Unicorn-8744.exe (PID: 3568)
- Unicorn-50043.exe (PID: 6432)
- Unicorn-46322.exe (PID: 6428)
- Unicorn-42560.exe (PID: 6216)
- Unicorn-34584.exe (PID: 6220)
- Unicorn-8745.exe (PID: 5172)
- Unicorn-46514.exe (PID: 6128)
- Unicorn-15835.exe (PID: 1332)
- Unicorn-15752.exe (PID: 6260)
- Unicorn-15835.exe (PID: 5824)
- Unicorn-15835.exe (PID: 692)
- Unicorn-15072.exe (PID: 2632)
- Unicorn-4137.exe (PID: 6696)
- Unicorn-17872.exe (PID: 5828)
- Unicorn-9114.exe (PID: 5168)
- Unicorn-33811.exe (PID: 6824)
- Unicorn-13945.exe (PID: 1376)
- Unicorn-1138.exe (PID: 3732)
- Unicorn-60545.exe (PID: 3912)
- Unicorn-34880.exe (PID: 4448)
- Unicorn-14137.exe (PID: 3848)
- Unicorn-33738.exe (PID: 3852)
- Unicorn-370.exe (PID: 6880)
- Unicorn-6270.exe (PID: 5232)
- Unicorn-2482.exe (PID: 4228)
- Unicorn-5589.exe (PID: 3960)
- Unicorn-43899.exe (PID: 2444)
- Unicorn-1522.exe (PID: 5588)
- Unicorn-41793.exe (PID: 6996)
- Unicorn-59083.exe (PID: 7056)
- Unicorn-59275.exe (PID: 6420)
- Unicorn-2098.exe (PID: 6196)
- Unicorn-23265.exe (PID: 7200)
- Unicorn-31433.exe (PID: 7236)
- Unicorn-26603.exe (PID: 6784)
- Unicorn-63914.exe (PID: 2360)
- Unicorn-51107.exe (PID: 5660)
- Unicorn-50945.exe (PID: 7260)
- Unicorn-51299.exe (PID: 7252)
- Unicorn-47945.exe (PID: 7292)
- Unicorn-37001.exe (PID: 7192)
- Unicorn-7609.exe (PID: 7300)
- Unicorn-9986.exe (PID: 7356)
- Unicorn-43131.exe (PID: 7208)
- Unicorn-40473.exe (PID: 7536)
- Unicorn-43811.exe (PID: 7500)
- Unicorn-46146.exe (PID: 7376)
- Unicorn-9218.exe (PID: 7400)
- Unicorn-15969.exe (PID: 7576)
- Unicorn-40281.exe (PID: 7456)
- Unicorn-33915.exe (PID: 7412)
- Unicorn-35072.exe (PID: 7620)
- Unicorn-62569.exe (PID: 7628)
- Unicorn-39705.exe (PID: 7740)
- Unicorn-11714.exe (PID: 7884)
- Unicorn-10178.exe (PID: 7704)
- Unicorn-29128.exe (PID: 7816)
- Unicorn-51403.exe (PID: 7768)
- Unicorn-24905.exe (PID: 7904)
- Unicorn-54017.exe (PID: 7448)
- Unicorn-36987.exe (PID: 7928)
- Unicorn-50547.exe (PID: 8028)
- Unicorn-6369.exe (PID: 8056)
- Unicorn-12887.exe (PID: 8092)
- Unicorn-4728.exe (PID: 7796)
- Unicorn-23665.exe (PID: 7752)
- Unicorn-35747.exe (PID: 7696)
- Unicorn-14423.exe (PID: 1344)
- Unicorn-10894.exe (PID: 7948)
- Unicorn-57075.exe (PID: 7272)
- Unicorn-45067.exe (PID: 8220)
- Unicorn-31433.exe (PID: 7244)
- Unicorn-53235.exe (PID: 8208)
- Unicorn-6530.exe (PID: 8384)
- Unicorn-59519.exe (PID: 8312)
- Unicorn-8760.exe (PID: 8404)
- Unicorn-28729.exe (PID: 1880)
- Unicorn-51050.exe (PID: 8100)
- Unicorn-60562.exe (PID: 8420)
- Unicorn-18569.exe (PID: 8592)
- Unicorn-51979.exe (PID: 7492)
- Unicorn-41921.exe (PID: 8280)
- Unicorn-6490.exe (PID: 8412)
- Unicorn-9061.exe (PID: 8680)
- Unicorn-24520.exe (PID: 8724)
- Unicorn-6530.exe (PID: 8536)
- Unicorn-28279.exe (PID: 7552)
- Unicorn-22016.exe (PID: 8296)
- Unicorn-31035.exe (PID: 8392)
- Unicorn-51979.exe (PID: 7484)
- Unicorn-47682.exe (PID: 8504)
- Unicorn-39587.exe (PID: 8432)
- Unicorn-37283.exe (PID: 8288)
- Unicorn-31035.exe (PID: 8452)
- Unicorn-22976.exe (PID: 8556)
- Unicorn-53235.exe (PID: 8204)
- Unicorn-52202.exe (PID: 8564)
- Unicorn-3110.exe (PID: 8544)
- Unicorn-40665.exe (PID: 8664)
- Unicorn-27875.exe (PID: 8812)
- Unicorn-57594.exe (PID: 8848)
- Unicorn-14034.exe (PID: 8904)
- Unicorn-29411.exe (PID: 9012)
- Unicorn-5591.exe (PID: 8940)
- Unicorn-26073.exe (PID: 9020)
- Unicorn-36249.exe (PID: 8444)
- Unicorn-38731.exe (PID: 8928)
- Unicorn-13458.exe (PID: 9120)
- Unicorn-23931.exe (PID: 8764)
- Unicorn-64195.exe (PID: 9180)
- Unicorn-15487.exe (PID: 8084)
- Unicorn-15872.exe (PID: 7872)
- Unicorn-37579.exe (PID: 8984)
- Unicorn-15186.exe (PID: 9192)
- Unicorn-29411.exe (PID: 9000)
- Unicorn-2424.exe (PID: 7876)
- Unicorn-33178.exe (PID: 9276)
- Unicorn-505.exe (PID: 9296)
- Unicorn-22971.exe (PID: 7860)
- Unicorn-3297.exe (PID: 8024)
- Unicorn-13385.exe (PID: 8868)
- Unicorn-53266.exe (PID: 9356)
- Unicorn-22971.exe (PID: 7800)
- Unicorn-8481.exe (PID: 6364)
- Unicorn-65154.exe (PID: 7920)
- Unicorn-11168.exe (PID: 9316)
- Unicorn-10976.exe (PID: 9252)
- Unicorn-54418.exe (PID: 9232)
- Unicorn-46442.exe (PID: 9304)
- Unicorn-59810.exe (PID: 9400)
- Unicorn-21553.exe (PID: 8844)
- Unicorn-16152.exe (PID: 8760)
- Unicorn-31243.exe (PID: 9536)
- Unicorn-5394.exe (PID: 9488)
- Unicorn-45451.exe (PID: 8272)
- Unicorn-21632.exe (PID: 8236)
- Unicorn-47682.exe (PID: 8496)
- Unicorn-5192.exe (PID: 8696)
Executes application which crashes
- Unicorn-28544.exe (PID: 7560)
- Unicorn-28544.exe (PID: 7568)
- Unicorn-63530.exe (PID: 6760)
- Unicorn-10894.exe (PID: 7948)
INFO
Checks supported languages
- 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe (PID: 5584)
- Unicorn-33595.exe (PID: 5276)
Reads the computer name
- 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe (PID: 5584)
- Unicorn-33595.exe (PID: 5276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
577
Monitored processes
452
Malicious processes
70
Suspicious processes
52
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 692 | C:\Users\admin\Desktop\Unicorn-15835.exe | C:\Users\admin\Desktop\Unicorn-15835.exe | Unicorn-3758.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1048 | C:\Users\admin\Desktop\Unicorn-55786.exe | C:\Users\admin\Desktop\Unicorn-55786.exe | Unicorn-63914.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1332 | C:\Users\admin\Desktop\Unicorn-15835.exe | C:\Users\admin\Desktop\Unicorn-15835.exe | Unicorn-23624.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1344 | C:\Users\admin\Desktop\Unicorn-14423.exe | C:\Users\admin\Desktop\Unicorn-14423.exe | Unicorn-59083.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1376 | C:\Users\admin\Desktop\Unicorn-13945.exe | C:\Users\admin\Desktop\Unicorn-13945.exe | Unicorn-23048.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1712 | C:\Users\admin\Desktop\Unicorn-20390.exe | C:\Users\admin\Desktop\Unicorn-20390.exe | Unicorn-2378.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1784 | C:\Users\admin\Desktop\Unicorn-14386.exe | C:\Users\admin\Desktop\Unicorn-14386.exe | Unicorn-23078.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1880 | C:\Users\admin\Desktop\Unicorn-28729.exe | C:\Users\admin\Desktop\Unicorn-28729.exe | Unicorn-33595.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2224 | C:\Users\admin\Desktop\Unicorn-23624.exe | C:\Users\admin\Desktop\Unicorn-23624.exe | Unicorn-52273.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2236 | C:\Users\admin\Desktop\Unicorn-3758.exe | C:\Users\admin\Desktop\Unicorn-3758.exe | Unicorn-15574.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
29 722
Read events
29 722
Write events
0
Delete events
0
Modification events
Executable files
1 584
Suspicious files
7
Text files
8
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6180 | Unicorn-23078.exe | C:\Users\admin\Desktop\Unicorn-14386.exe | executable | |
MD5:D961203516354FB55F82D0D93EB85978 | SHA256:987DD1F20B920C682D70377E044E3F8FFF404AF40E78620F9E877375B7E79101 | |||
| 7100 | Unicorn-1034.exe | C:\Users\admin\Desktop\Unicorn-55419.exe | executable | |
MD5:8CAD1592C711410FA8F46C1B609E5863 | SHA256:D54EF0469A62CA92DA6B3FAE603296D93A6CB85BBF8751A3D00572AAF8458C7E | |||
| 3744 | Unicorn-15574.exe | C:\Users\admin\Desktop\Unicorn-1034.exe | executable | |
MD5:C860995A194E082E400BBC56DA0EE876 | SHA256:6304899608D82049D7977ED2AD28C2E21C0EFF12FE4F7798F223468135290289 | |||
| 5584 | 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe | C:\Users\admin\Desktop\Unicorn-52273.exe | executable | |
MD5:1B70FBFF3207F9A7D9435295548F3817 | SHA256:C86FA15357249E2BB38D7B8E87E8FDBACB2E6FFA6E9C27DC361F9E1BAE21AF6A | |||
| 5276 | Unicorn-33595.exe | C:\Users\admin\Desktop\Unicorn-23078.exe | executable | |
MD5:38DEEC1967565186D49518FC1E309682 | SHA256:8CDE46F8D9794E7F17D408936E63505966CA1EC4FF35A903FFCCE2B3CD8EB455 | |||
| 5900 | Unicorn-1506.exe | C:\Users\admin\Desktop\Unicorn-2378.exe | executable | |
MD5:63609D70D33A401ABAB3D8C00826769B | SHA256:00091264E2505BDBCC327E36144A39C5BA034932555AA681451695A9EBC61210 | |||
| 5276 | Unicorn-33595.exe | C:\Users\admin\Desktop\Unicorn-1506.exe | executable | |
MD5:8C0CF98E71B373A8E9929D36C2246E2E | SHA256:F88913F67B4E5ACFDE314B8AD72367AE5941748474E719DD382E23E3C6365A84 | |||
| 5584 | 8f542bfe4c5634b2e14d24d853aa0b304bf09b7a99792b005e534adfabfe39f1.exe | C:\Users\admin\Desktop\Unicorn-15574.exe | executable | |
MD5:B8836671E0778C9C0843786400C66A2C | SHA256:62D4B65890D199EA37F900D052A47828F271E73BC368018E6F3F75EEAE4D34A6 | |||
| 5900 | Unicorn-1506.exe | C:\Users\admin\Desktop\Unicorn-8744.exe | executable | |
MD5:5DDEC969011B0A220F298D2FD8516972 | SHA256:1CAC85BD5A72C86FCA16D3D00D66020A5EB7D5ACDCBBCBDD7F7CC8E8F2531681 | |||
| 3744 | Unicorn-15574.exe | C:\Users\admin\Desktop\Unicorn-3758.exe | executable | |
MD5:C4210B248840D98EC877CEF7FD772682 | SHA256:0A881E6C4A2A12E12F9017A8DD35CA0F795AB0C97E3061D98FAB2B04CFA5E81D | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
29
DNS requests
9
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5488 | MoUsoCoreWorker.exe | GET | 200 | 2.16.164.9:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
7036 | RUXIMICS.exe | GET | 200 | 2.16.164.9:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6944 | svchost.exe | GET | 200 | 2.16.164.9:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6944 | svchost.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
5488 | MoUsoCoreWorker.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
7036 | RUXIMICS.exe | GET | 200 | 95.101.149.131:80 | http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
6944 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7036 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
5488 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.23.209.193:443 | www.bing.com | Akamai International B.V. | GB | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
6944 | svchost.exe | 2.16.164.9:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
7036 | RUXIMICS.exe | 2.16.164.9:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
5488 | MoUsoCoreWorker.exe | 2.16.164.9:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
7036 | RUXIMICS.exe | 95.101.149.131:80 | www.microsoft.com | Akamai International B.V. | NL | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
watson.events.data.microsoft.com |
| whitelisted |
self.events.data.microsoft.com |
| whitelisted |