| File name: | 1 (129) |
| Full analysis: | https://app.any.run/tasks/4b742f43-e3d7-4f5d-a779-b6dcd811bcad |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 13:27:43 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 2F94994EF40D663078FE8B070CE3A650 |
| SHA1: | BE383C86C369CF49B6B45250E72F232D1260CD84 |
| SHA256: | 9CD2E03F81271976D4B0A735878F42421AC70CFB4D52999B8C0B19989E119F35 |
| SSDEEP: | 6144:ACHQieIVDDFPA5vQU1eWKCfxOtBulp8GBsLWOdOYwk/hSwuwpyAvEhXobMOQkfn/:AeXFzPA54UsdBY+as6OdOYZxxDxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-60370.exe (PID: 1228)
- 1 (129).exe (PID: 4776)
- Unicorn-25918.exe (PID: 2148)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-23474.exe (PID: 4220)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-4641.exe (PID: 780)
- Unicorn-11584.exe (PID: 6028)
- Unicorn-27101.exe (PID: 6032)
- Unicorn-35534.exe (PID: 4988)
- Unicorn-35534.exe (PID: 4736)
- Unicorn-25319.exe (PID: 2392)
- Unicorn-56893.exe (PID: 2096)
- Unicorn-1600.exe (PID: 4068)
- Unicorn-25550.exe (PID: 2268)
- Unicorn-37610.exe (PID: 6576)
- Unicorn-15143.exe (PID: 4464)
- Unicorn-42248.exe (PID: 5260)
- Unicorn-46930.exe (PID: 208)
- Unicorn-46930.exe (PID: 736)
- Unicorn-46930.exe (PID: 1240)
- Unicorn-46930.exe (PID: 2616)
- Unicorn-46930.exe (PID: 6080)
- Unicorn-6644.exe (PID: 2600)
- Unicorn-22160.exe (PID: 6264)
- Unicorn-6644.exe (PID: 1532)
- Unicorn-19494.exe (PID: 7224)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-16295.exe (PID: 5968)
- Unicorn-48829.exe (PID: 7244)
- Unicorn-53510.exe (PID: 7260)
- Unicorn-35128.exe (PID: 7280)
- Unicorn-24922.exe (PID: 7300)
- Unicorn-6539.exe (PID: 7316)
- Unicorn-33.exe (PID: 7332)
- Unicorn-57402.exe (PID: 7352)
- Unicorn-48969.exe (PID: 7372)
- Unicorn-29368.exe (PID: 7380)
- Unicorn-58170.exe (PID: 7436)
- Unicorn-50002.exe (PID: 7476)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-58170.exe (PID: 7444)
- Unicorn-17884.exe (PID: 7504)
- Unicorn-9716.exe (PID: 7532)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-5632.exe (PID: 7548)
- Unicorn-25498.exe (PID: 7556)
- Unicorn-17330.exe (PID: 7580)
- Unicorn-5077.exe (PID: 7624)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-51848.exe (PID: 7664)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-9161.exe (PID: 7600)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-9161.exe (PID: 7608)
- Unicorn-43680.exe (PID: 7712)
- Unicorn-40880.exe (PID: 7720)
- Unicorn-24344.exe (PID: 7704)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-39058.exe (PID: 7832)
- Unicorn-39442.exe (PID: 7788)
- Unicorn-15706.exe (PID: 8020)
- Unicorn-12507.exe (PID: 7848)
- Unicorn-27693.exe (PID: 7980)
- Unicorn-28049.exe (PID: 8072)
- Unicorn-19790.exe (PID: 8000)
- Unicorn-48378.exe (PID: 7952)
- Unicorn-42073.exe (PID: 7928)
- Unicorn-25249.exe (PID: 8080)
- Unicorn-27958.exe (PID: 7992)
- Unicorn-5928.exe (PID: 7920)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-14314.exe (PID: 8112)
- Unicorn-28512.exe (PID: 7944)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-6748.exe (PID: 7900)
- Unicorn-24450.exe (PID: 8164)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-41532.exe (PID: 8184)
- Unicorn-49509.exe (PID: 7212)
- Unicorn-32426.exe (PID: 4200)
- Unicorn-36318.exe (PID: 672)
- Unicorn-49317.exe (PID: 4740)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-49914.exe (PID: 8224)
- Unicorn-41746.exe (PID: 8240)
- Unicorn-39508.exe (PID: 8284)
- Unicorn-713.exe (PID: 8372)
- Unicorn-905.exe (PID: 8276)
- Unicorn-60312.exe (PID: 8268)
- Unicorn-33386.exe (PID: 8316)
- Unicorn-32871.exe (PID: 8500)
- Unicorn-60120.exe (PID: 8364)
- Unicorn-45638.exe (PID: 8308)
- Unicorn-29110.exe (PID: 8436)
- Unicorn-52737.exe (PID: 8516)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-10396.exe (PID: 8688)
- Unicorn-9052.exe (PID: 8564)
- Unicorn-47484.exe (PID: 8384)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-41170.exe (PID: 8548)
- Unicorn-50085.exe (PID: 8616)
- Unicorn-29997.exe (PID: 8680)
- Unicorn-54766.exe (PID: 8640)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-48636.exe (PID: 8632)
- Unicorn-21828.exe (PID: 8704)
- Unicorn-50066.exe (PID: 8784)
- Unicorn-38600.exe (PID: 8792)
- Unicorn-34922.exe (PID: 8968)
- Unicorn-33000.exe (PID: 8800)
- Unicorn-18778.exe (PID: 8932)
- Unicorn-41044.exe (PID: 8960)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-51066.exe (PID: 8992)
- Unicorn-31008.exe (PID: 9028)
- Unicorn-48134.exe (PID: 9084)
- Unicorn-6836.exe (PID: 9100)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-45550.exe (PID: 9176)
- Unicorn-53910.exe (PID: 9036)
- Unicorn-8601.exe (PID: 9280)
- Unicorn-29384.exe (PID: 9324)
- Unicorn-62078.exe (PID: 8840)
- Unicorn-65208.exe (PID: 9272)
- Unicorn-12493.exe (PID: 9392)
- Unicorn-45358.exe (PID: 9224)
- Unicorn-53526.exe (PID: 9428)
- Unicorn-16386.exe (PID: 9444)
- Unicorn-20662.exe (PID: 9372)
- Unicorn-33468.exe (PID: 9492)
- Unicorn-8409.exe (PID: 9400)
- Unicorn-33468.exe (PID: 9496)
- Unicorn-53889.exe (PID: 9456)
- Unicorn-13645.exe (PID: 9544)
- Unicorn-41636.exe (PID: 9476)
- Unicorn-53069.exe (PID: 9508)
Executable content was dropped or overwritten
- Unicorn-25918.exe (PID: 2148)
- 1 (129).exe (PID: 4776)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-56893.exe (PID: 2096)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-23474.exe (PID: 4220)
- Unicorn-4641.exe (PID: 780)
- Unicorn-11584.exe (PID: 6028)
- Unicorn-25550.exe (PID: 2268)
- Unicorn-1600.exe (PID: 4068)
- Unicorn-42248.exe (PID: 5260)
- Unicorn-37610.exe (PID: 6576)
- Unicorn-15143.exe (PID: 4464)
- Unicorn-46930.exe (PID: 736)
- Unicorn-46930.exe (PID: 1240)
- Unicorn-25319.exe (PID: 2392)
- Unicorn-27101.exe (PID: 6032)
- Unicorn-35534.exe (PID: 4736)
- Unicorn-46930.exe (PID: 6080)
- Unicorn-6644.exe (PID: 2600)
- Unicorn-6644.exe (PID: 1532)
- Unicorn-16295.exe (PID: 5968)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-19494.exe (PID: 7224)
- Unicorn-48829.exe (PID: 7244)
- Unicorn-53510.exe (PID: 7260)
- Unicorn-35128.exe (PID: 7280)
- Unicorn-24922.exe (PID: 7300)
- Unicorn-6539.exe (PID: 7316)
- Unicorn-33.exe (PID: 7332)
- Unicorn-29368.exe (PID: 7380)
- Unicorn-58170.exe (PID: 7436)
- Unicorn-46930.exe (PID: 208)
- Unicorn-48969.exe (PID: 7372)
- Unicorn-58170.exe (PID: 7444)
- Unicorn-46930.exe (PID: 2616)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-50002.exe (PID: 7476)
- Unicorn-9716.exe (PID: 7532)
- Unicorn-35534.exe (PID: 4988)
- Unicorn-17884.exe (PID: 7504)
- Unicorn-17330.exe (PID: 7580)
- Unicorn-9161.exe (PID: 7600)
- Unicorn-25498.exe (PID: 7556)
- Unicorn-5632.exe (PID: 7548)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-9161.exe (PID: 7608)
- Unicorn-22160.exe (PID: 6264)
- Unicorn-24344.exe (PID: 7704)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-60370.exe (PID: 1228)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-39442.exe (PID: 7788)
- Unicorn-39058.exe (PID: 7832)
- Unicorn-15706.exe (PID: 8020)
- Unicorn-48378.exe (PID: 7952)
- Unicorn-12507.exe (PID: 7848)
- Unicorn-42073.exe (PID: 7928)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-19790.exe (PID: 8000)
- Unicorn-28049.exe (PID: 8072)
- Unicorn-5928.exe (PID: 7920)
- Unicorn-27958.exe (PID: 7992)
- Unicorn-25249.exe (PID: 8080)
- Unicorn-14314.exe (PID: 8112)
- Unicorn-28512.exe (PID: 7944)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-6748.exe (PID: 7900)
- Unicorn-24450.exe (PID: 8164)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-32426.exe (PID: 4200)
- Unicorn-49509.exe (PID: 7212)
- Unicorn-41532.exe (PID: 8184)
- Unicorn-49317.exe (PID: 4740)
- Unicorn-49914.exe (PID: 8224)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-36318.exe (PID: 672)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-41746.exe (PID: 8240)
- Unicorn-713.exe (PID: 8372)
- Unicorn-45638.exe (PID: 8308)
- Unicorn-60312.exe (PID: 8268)
- Unicorn-39508.exe (PID: 8284)
- Unicorn-905.exe (PID: 8276)
- Unicorn-32871.exe (PID: 8500)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-33386.exe (PID: 8316)
- Unicorn-29110.exe (PID: 8436)
- Unicorn-52737.exe (PID: 8516)
- Unicorn-47484.exe (PID: 8384)
- Unicorn-10396.exe (PID: 8688)
- Unicorn-9052.exe (PID: 8564)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-52737.exe (PID: 8508)
- Unicorn-41170.exe (PID: 8548)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-29997.exe (PID: 8680)
- Unicorn-54766.exe (PID: 8640)
- Unicorn-5077.exe (PID: 7624)
- Unicorn-50085.exe (PID: 8616)
- Unicorn-51848.exe (PID: 7664)
- Unicorn-48636.exe (PID: 8632)
- Unicorn-21828.exe (PID: 8704)
- Unicorn-50066.exe (PID: 8784)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-34922.exe (PID: 8968)
- Unicorn-38600.exe (PID: 8792)
- Unicorn-33000.exe (PID: 8800)
- Unicorn-18778.exe (PID: 8932)
- Unicorn-51066.exe (PID: 8992)
- Unicorn-27693.exe (PID: 7980)
- Unicorn-31008.exe (PID: 9028)
- Unicorn-27116.exe (PID: 9000)
- Unicorn-6836.exe (PID: 9100)
- Unicorn-48134.exe (PID: 9084)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-8793.exe (PID: 3956)
- Unicorn-53910.exe (PID: 9036)
- Unicorn-62078.exe (PID: 8840)
- Unicorn-65208.exe (PID: 9272)
- Unicorn-12493.exe (PID: 9392)
- Unicorn-16386.exe (PID: 9444)
- Unicorn-8601.exe (PID: 9280)
- Unicorn-29384.exe (PID: 9324)
- Unicorn-53526.exe (PID: 9428)
- Unicorn-8409.exe (PID: 9400)
- Unicorn-33468.exe (PID: 9496)
- Unicorn-20662.exe (PID: 9372)
- Unicorn-53889.exe (PID: 9456)
- Unicorn-60120.exe (PID: 8364)
- Unicorn-53069.exe (PID: 9508)
- Unicorn-41636.exe (PID: 9476)
- Unicorn-13645.exe (PID: 9544)
- Unicorn-29790.exe (PID: 9564)
- Unicorn-20468.exe (PID: 9600)
- Unicorn-41850.exe (PID: 9608)
- Unicorn-43680.exe (PID: 7712)
- Unicorn-40880.exe (PID: 7720)
- Unicorn-13261.exe (PID: 9648)
- Unicorn-34620.exe (PID: 9592)
- Unicorn-45556.exe (PID: 9584)
- Unicorn-17708.exe (PID: 9688)
- Unicorn-32787.exe (PID: 9736)
- Unicorn-2855.exe (PID: 9704)
- Unicorn-2716.exe (PID: 9752)
- Unicorn-57402.exe (PID: 7352)
- Unicorn-45550.exe (PID: 9176)
- Unicorn-44538.exe (PID: 9864)
- Unicorn-43696.exe (PID: 9668)
- Unicorn-56140.exe (PID: 9720)
- Unicorn-36540.exe (PID: 9968)
- Unicorn-4465.exe (PID: 10008)
- Unicorn-56406.exe (PID: 9976)
- Unicorn-40070.exe (PID: 9928)
- Unicorn-51620.exe (PID: 10016)
- Unicorn-20418.exe (PID: 10112)
- Unicorn-35476.exe (PID: 8220)
- Unicorn-22534.exe (PID: 9896)
- Unicorn-23926.exe (PID: 9904)
- Unicorn-26016.exe (PID: 9048)
- Unicorn-8720.exe (PID: 10096)
- Unicorn-26347.exe (PID: 10164)
- Unicorn-12057.exe (PID: 10196)
- Unicorn-62602.exe (PID: 8872)
- Unicorn-38268.exe (PID: 5576)
- Unicorn-41044.exe (PID: 8960)
- Unicorn-62227.exe (PID: 10184)
- Unicorn-30506.exe (PID: 10252)
- Unicorn-37330.exe (PID: 1188)
- Unicorn-48705.exe (PID: 728)
- Unicorn-46842.exe (PID: 5936)
- Unicorn-14724.exe (PID: 10244)
- Unicorn-50049.exe (PID: 10280)
- Unicorn-45358.exe (PID: 9224)
- Unicorn-41606.exe (PID: 8356)
- Unicorn-53282.exe (PID: 10032)
- Unicorn-1725.exe (PID: 10408)
- Unicorn-25773.exe (PID: 10488)
- Unicorn-5809.exe (PID: 10380)
- Unicorn-13593.exe (PID: 10604)
- Unicorn-52309.exe (PID: 10644)
- Unicorn-45389.exe (PID: 10624)
- Unicorn-9628.exe (PID: 10372)
- Unicorn-46266.exe (PID: 10576)
- Unicorn-46458.exe (PID: 10420)
- Unicorn-26400.exe (PID: 10568)
- Unicorn-35418.exe (PID: 10704)
- Unicorn-59922.exe (PID: 10660)
- Unicorn-6172.exe (PID: 10480)
- Unicorn-33468.exe (PID: 9492)
- Unicorn-46458.exe (PID: 10428)
- Unicorn-54434.exe (PID: 10552)
- Unicorn-6253.exe (PID: 10752)
- Unicorn-5988.exe (PID: 10744)
- Unicorn-14805.exe (PID: 10732)
- Unicorn-65521.exe (PID: 10904)
- Unicorn-41156.exe (PID: 10800)
- Unicorn-18698.exe (PID: 10836)
- Unicorn-41156.exe (PID: 10792)
- Unicorn-61437.exe (PID: 10920)
- Unicorn-51925.exe (PID: 10772)
- Unicorn-23144.exe (PID: 10856)
- Unicorn-51261.exe (PID: 10936)
- Unicorn-40632.exe (PID: 10944)
- Unicorn-9443.exe (PID: 11068)
- Unicorn-61437.exe (PID: 10952)
- Unicorn-61245.exe (PID: 11076)
- Unicorn-55268.exe (PID: 11236)
- Unicorn-15500.exe (PID: 10912)
- Unicorn-60690.exe (PID: 10876)
- Unicorn-3876.exe (PID: 11048)
- Unicorn-61458.exe (PID: 10468)
- Unicorn-24104.exe (PID: 11176)
- Unicorn-37840.exe (PID: 11152)
Executes application which crashes
- Unicorn-28918.exe (PID: 8580)
- Unicorn-28918.exe (PID: 8572)
INFO
The sample compiled with chinese language support
- 1 (129).exe (PID: 4776)
- Unicorn-60370.exe (PID: 1228)
- Unicorn-25918.exe (PID: 2148)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-23474.exe (PID: 4220)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-11584.exe (PID: 6028)
- Unicorn-4641.exe (PID: 780)
- Unicorn-56893.exe (PID: 2096)
- Unicorn-25550.exe (PID: 2268)
- Unicorn-1600.exe (PID: 4068)
- Unicorn-42248.exe (PID: 5260)
- Unicorn-37610.exe (PID: 6576)
- Unicorn-15143.exe (PID: 4464)
- Unicorn-46930.exe (PID: 736)
- Unicorn-46930.exe (PID: 1240)
- Unicorn-25319.exe (PID: 2392)
- Unicorn-27101.exe (PID: 6032)
- Unicorn-35534.exe (PID: 4736)
- Unicorn-46930.exe (PID: 6080)
- Unicorn-6644.exe (PID: 2600)
- Unicorn-16295.exe (PID: 5968)
- Unicorn-6644.exe (PID: 1532)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-19494.exe (PID: 7224)
- Unicorn-48829.exe (PID: 7244)
- Unicorn-53510.exe (PID: 7260)
- Unicorn-35128.exe (PID: 7280)
- Unicorn-24922.exe (PID: 7300)
- Unicorn-6539.exe (PID: 7316)
- Unicorn-29368.exe (PID: 7380)
- Unicorn-33.exe (PID: 7332)
- Unicorn-48969.exe (PID: 7372)
- Unicorn-58170.exe (PID: 7436)
- Unicorn-58170.exe (PID: 7444)
- Unicorn-46930.exe (PID: 208)
- Unicorn-50002.exe (PID: 7476)
- Unicorn-46930.exe (PID: 2616)
- Unicorn-9716.exe (PID: 7532)
- Unicorn-35534.exe (PID: 4988)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-17884.exe (PID: 7504)
- Unicorn-25498.exe (PID: 7556)
- Unicorn-5632.exe (PID: 7548)
- Unicorn-17330.exe (PID: 7580)
- Unicorn-9161.exe (PID: 7600)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-9161.exe (PID: 7608)
- Unicorn-22160.exe (PID: 6264)
- Unicorn-24344.exe (PID: 7704)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-39058.exe (PID: 7832)
- Unicorn-39442.exe (PID: 7788)
- Unicorn-12507.exe (PID: 7848)
- Unicorn-15706.exe (PID: 8020)
- Unicorn-42073.exe (PID: 7928)
- Unicorn-19790.exe (PID: 8000)
- Unicorn-48378.exe (PID: 7952)
- Unicorn-28049.exe (PID: 8072)
- Unicorn-25249.exe (PID: 8080)
- Unicorn-27958.exe (PID: 7992)
- Unicorn-5928.exe (PID: 7920)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-14314.exe (PID: 8112)
- Unicorn-28512.exe (PID: 7944)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-6748.exe (PID: 7900)
- Unicorn-24450.exe (PID: 8164)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-32426.exe (PID: 4200)
- Unicorn-49509.exe (PID: 7212)
- Unicorn-41532.exe (PID: 8184)
- Unicorn-36318.exe (PID: 672)
- Unicorn-49317.exe (PID: 4740)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-49914.exe (PID: 8224)
- Unicorn-41746.exe (PID: 8240)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-39508.exe (PID: 8284)
- Unicorn-905.exe (PID: 8276)
- Unicorn-713.exe (PID: 8372)
- Unicorn-60312.exe (PID: 8268)
- Unicorn-33386.exe (PID: 8316)
- Unicorn-32871.exe (PID: 8500)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-45638.exe (PID: 8308)
- Unicorn-29110.exe (PID: 8436)
- Unicorn-52737.exe (PID: 8516)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-10396.exe (PID: 8688)
- Unicorn-9052.exe (PID: 8564)
- Unicorn-47484.exe (PID: 8384)
- Unicorn-52737.exe (PID: 8508)
- Unicorn-41170.exe (PID: 8548)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-50085.exe (PID: 8616)
- Unicorn-51848.exe (PID: 7664)
- Unicorn-29997.exe (PID: 8680)
- Unicorn-54766.exe (PID: 8640)
- Unicorn-5077.exe (PID: 7624)
- Unicorn-48636.exe (PID: 8632)
- Unicorn-21828.exe (PID: 8704)
- Unicorn-50066.exe (PID: 8784)
- Unicorn-38600.exe (PID: 8792)
- Unicorn-33000.exe (PID: 8800)
- Unicorn-34922.exe (PID: 8968)
- Unicorn-18778.exe (PID: 8932)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-27693.exe (PID: 7980)
- Unicorn-31008.exe (PID: 9028)
- Unicorn-27116.exe (PID: 9000)
- Unicorn-51066.exe (PID: 8992)
- Unicorn-6836.exe (PID: 9100)
- Unicorn-48134.exe (PID: 9084)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-8793.exe (PID: 3956)
- Unicorn-53910.exe (PID: 9036)
- Unicorn-29384.exe (PID: 9324)
- Unicorn-8601.exe (PID: 9280)
- Unicorn-62078.exe (PID: 8840)
- Unicorn-65208.exe (PID: 9272)
- Unicorn-12493.exe (PID: 9392)
- Unicorn-53526.exe (PID: 9428)
- Unicorn-16386.exe (PID: 9444)
- Unicorn-20662.exe (PID: 9372)
- Unicorn-8409.exe (PID: 9400)
- Unicorn-33468.exe (PID: 9496)
- Unicorn-41636.exe (PID: 9476)
- Unicorn-13645.exe (PID: 9544)
- Unicorn-60120.exe (PID: 8364)
- Unicorn-53069.exe (PID: 9508)
- Unicorn-53889.exe (PID: 9456)
- Unicorn-29790.exe (PID: 9564)
- Unicorn-45556.exe (PID: 9584)
- Unicorn-43680.exe (PID: 7712)
- Unicorn-41850.exe (PID: 9608)
- Unicorn-40880.exe (PID: 7720)
- Unicorn-13261.exe (PID: 9648)
- Unicorn-20468.exe (PID: 9600)
- Unicorn-2855.exe (PID: 9704)
- Unicorn-17708.exe (PID: 9688)
- Unicorn-32787.exe (PID: 9736)
- Unicorn-45550.exe (PID: 9176)
- Unicorn-2716.exe (PID: 9752)
- Unicorn-57402.exe (PID: 7352)
- Unicorn-34620.exe (PID: 9592)
- Unicorn-43696.exe (PID: 9668)
- Unicorn-56140.exe (PID: 9720)
- Unicorn-51620.exe (PID: 10016)
- Unicorn-4465.exe (PID: 10008)
- Unicorn-40070.exe (PID: 9928)
- Unicorn-56406.exe (PID: 9976)
- Unicorn-20418.exe (PID: 10112)
- Unicorn-44538.exe (PID: 9864)
- Unicorn-22534.exe (PID: 9896)
- Unicorn-36540.exe (PID: 9968)
- Unicorn-23926.exe (PID: 9904)
- Unicorn-26347.exe (PID: 10164)
- Unicorn-8720.exe (PID: 10096)
- Unicorn-62602.exe (PID: 8872)
- Unicorn-12057.exe (PID: 10196)
- Unicorn-38268.exe (PID: 5576)
- Unicorn-35476.exe (PID: 8220)
- Unicorn-62227.exe (PID: 10184)
- Unicorn-26016.exe (PID: 9048)
- Unicorn-53282.exe (PID: 10032)
- Unicorn-37330.exe (PID: 1188)
- Unicorn-48705.exe (PID: 728)
- Unicorn-46842.exe (PID: 5936)
- Unicorn-14724.exe (PID: 10244)
- Unicorn-30506.exe (PID: 10252)
- Unicorn-50049.exe (PID: 10280)
- Unicorn-41044.exe (PID: 8960)
- Unicorn-41606.exe (PID: 8356)
- Unicorn-1725.exe (PID: 10408)
- Unicorn-25773.exe (PID: 10488)
- Unicorn-5809.exe (PID: 10380)
- Unicorn-13593.exe (PID: 10604)
- Unicorn-46266.exe (PID: 10576)
- Unicorn-52309.exe (PID: 10644)
- Unicorn-45389.exe (PID: 10624)
- Unicorn-45358.exe (PID: 9224)
- Unicorn-9628.exe (PID: 10372)
- Unicorn-54434.exe (PID: 10552)
- Unicorn-46458.exe (PID: 10420)
- Unicorn-26400.exe (PID: 10568)
- Unicorn-35418.exe (PID: 10704)
- Unicorn-59922.exe (PID: 10660)
- Unicorn-6172.exe (PID: 10480)
- Unicorn-6253.exe (PID: 10752)
- Unicorn-46458.exe (PID: 10428)
- Unicorn-5988.exe (PID: 10744)
- Unicorn-14805.exe (PID: 10732)
- Unicorn-18698.exe (PID: 10836)
- Unicorn-23144.exe (PID: 10856)
- Unicorn-41156.exe (PID: 10792)
- Unicorn-65521.exe (PID: 10904)
- Unicorn-61437.exe (PID: 10920)
- Unicorn-33468.exe (PID: 9492)
- Unicorn-51925.exe (PID: 10772)
- Unicorn-41156.exe (PID: 10800)
- Unicorn-15500.exe (PID: 10912)
- Unicorn-51261.exe (PID: 10936)
- Unicorn-60690.exe (PID: 10876)
- Unicorn-40632.exe (PID: 10944)
- Unicorn-61437.exe (PID: 10952)
- Unicorn-9443.exe (PID: 11068)
- Unicorn-3876.exe (PID: 11048)
- Unicorn-61245.exe (PID: 11076)
- Unicorn-55268.exe (PID: 11236)
- Unicorn-24104.exe (PID: 11176)
- Unicorn-61458.exe (PID: 10468)
- Unicorn-37840.exe (PID: 11152)
Checks supported languages
- Unicorn-60370.exe (PID: 1228)
- 1 (129).exe (PID: 4776)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-25918.exe (PID: 2148)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-4641.exe (PID: 780)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-25550.exe (PID: 2268)
- Unicorn-35534.exe (PID: 4736)
- Unicorn-37610.exe (PID: 6576)
- Unicorn-46930.exe (PID: 208)
- Unicorn-46930.exe (PID: 736)
- Unicorn-46930.exe (PID: 6080)
- Unicorn-6644.exe (PID: 2600)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-57402.exe (PID: 7352)
- Unicorn-50002.exe (PID: 7476)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-5632.exe (PID: 7548)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-5077.exe (PID: 7624)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-43680.exe (PID: 7712)
- Unicorn-24344.exe (PID: 7704)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-39442.exe (PID: 7788)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-19790.exe (PID: 8000)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-24450.exe (PID: 8164)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-32426.exe (PID: 4200)
- Unicorn-36318.exe (PID: 672)
- Unicorn-905.exe (PID: 8276)
- Unicorn-49914.exe (PID: 8224)
- Unicorn-45638.exe (PID: 8308)
- Unicorn-33386.exe (PID: 8316)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-32871.exe (PID: 8500)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-60120.exe (PID: 8364)
- Unicorn-41170.exe (PID: 8548)
- Unicorn-28918.exe (PID: 8572)
- Unicorn-28918.exe (PID: 8580)
- Unicorn-52737.exe (PID: 8508)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-50066.exe (PID: 8784)
- Unicorn-29997.exe (PID: 8680)
- Unicorn-21828.exe (PID: 8704)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-33000.exe (PID: 8800)
- Unicorn-38600.exe (PID: 8792)
- Unicorn-41044.exe (PID: 8960)
- Unicorn-18778.exe (PID: 8932)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-31008.exe (PID: 9028)
- Unicorn-6836.exe (PID: 9100)
- Unicorn-45358.exe (PID: 9224)
- Unicorn-8793.exe (PID: 3956)
- Unicorn-20662.exe (PID: 9372)
- Unicorn-12493.exe (PID: 9392)
- Unicorn-65208.exe (PID: 9272)
- Unicorn-53526.exe (PID: 9428)
- Unicorn-53889.exe (PID: 9456)
- Unicorn-33468.exe (PID: 9492)
- Unicorn-33468.exe (PID: 9496)
- Unicorn-13645.exe (PID: 9544)
- Unicorn-8409.exe (PID: 9400)
- Unicorn-29790.exe (PID: 9564)
- Unicorn-34620.exe (PID: 9592)
- Unicorn-41850.exe (PID: 9608)
- Unicorn-20468.exe (PID: 9600)
- Unicorn-17708.exe (PID: 9688)
- Unicorn-45556.exe (PID: 9584)
- Unicorn-2716.exe (PID: 9752)
- Unicorn-22534.exe (PID: 9896)
- Unicorn-2855.exe (PID: 9704)
- Unicorn-36540.exe (PID: 9968)
- Unicorn-40070.exe (PID: 9928)
- Unicorn-4465.exe (PID: 10008)
- Unicorn-51620.exe (PID: 10016)
- Unicorn-53282.exe (PID: 10032)
- Unicorn-12057.exe (PID: 10196)
- Unicorn-26347.exe (PID: 10164)
- Unicorn-62227.exe (PID: 10184)
- Unicorn-62602.exe (PID: 8872)
- Unicorn-26016.exe (PID: 9048)
- Unicorn-35476.exe (PID: 8220)
- Unicorn-41606.exe (PID: 8356)
- Unicorn-38268.exe (PID: 5576)
- Unicorn-48705.exe (PID: 728)
- Unicorn-9628.exe (PID: 10372)
- Unicorn-5809.exe (PID: 10380)
- Unicorn-14724.exe (PID: 10244)
- Unicorn-46266.exe (PID: 10576)
- Unicorn-26400.exe (PID: 10568)
- Unicorn-1725.exe (PID: 10408)
- Unicorn-46458.exe (PID: 10420)
- Unicorn-13593.exe (PID: 10604)
- Unicorn-45389.exe (PID: 10624)
- Unicorn-59922.exe (PID: 10660)
- Unicorn-35418.exe (PID: 10704)
- Unicorn-6253.exe (PID: 10752)
- Unicorn-5988.exe (PID: 10744)
- Unicorn-23144.exe (PID: 10856)
- Unicorn-61437.exe (PID: 10952)
- Unicorn-65521.exe (PID: 10904)
- Unicorn-61245.exe (PID: 11076)
- Unicorn-26739.exe (PID: 10892)
- Unicorn-40197.exe (PID: 11272)
- Unicorn-36762.exe (PID: 10540)
- Unicorn-61458.exe (PID: 10468)
- Unicorn-2939.exe (PID: 10692)
- Unicorn-27507.exe (PID: 11376)
- Unicorn-12833.exe (PID: 11400)
- Unicorn-47736.exe (PID: 11424)
- Unicorn-41806.exe (PID: 11368)
- Unicorn-2309.exe (PID: 11684)
- Unicorn-51681.exe (PID: 11764)
- Unicorn-59294.exe (PID: 11796)
- Unicorn-51489.exe (PID: 11860)
- Unicorn-51489.exe (PID: 11868)
- Unicorn-5817.exe (PID: 11872)
- Unicorn-52641.exe (PID: 12048)
- Unicorn-8815.exe (PID: 12112)
- Unicorn-14945.exe (PID: 12104)
- Unicorn-33180.exe (PID: 12260)
- Unicorn-44646.exe (PID: 12268)
- Unicorn-15500.exe (PID: 12236)
- Unicorn-48505.exe (PID: 5588)
- Unicorn-35152.exe (PID: 11912)
- Unicorn-52086.exe (PID: 12072)
- Unicorn-30195.exe (PID: 12348)
- Unicorn-54717.exe (PID: 12668)
- Unicorn-14089.exe (PID: 12792)
- Unicorn-64649.exe (PID: 12300)
- Unicorn-44001.exe (PID: 13060)
- Unicorn-50389.exe (PID: 12808)
- Unicorn-16010.exe (PID: 13276)
- Unicorn-3373.exe (PID: 13304)
- Unicorn-16180.exe (PID: 13380)
- Unicorn-19710.exe (PID: 13416)
- Unicorn-36408.exe (PID: 13452)
- Unicorn-64832.exe (PID: 13588)
- Unicorn-23986.exe (PID: 5232)
Reads the computer name
- Unicorn-60370.exe (PID: 1228)
- Unicorn-25918.exe (PID: 2148)
- 1 (129).exe (PID: 4776)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-4641.exe (PID: 780)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-56893.exe (PID: 2096)
- Unicorn-25319.exe (PID: 2392)
- Unicorn-11584.exe (PID: 6028)
- Unicorn-27101.exe (PID: 6032)
- Unicorn-1600.exe (PID: 4068)
- Unicorn-15143.exe (PID: 4464)
- Unicorn-42248.exe (PID: 5260)
- Unicorn-22160.exe (PID: 6264)
- Unicorn-46930.exe (PID: 1240)
- Unicorn-6644.exe (PID: 1532)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-19494.exe (PID: 7224)
- Unicorn-48829.exe (PID: 7244)
- Unicorn-53510.exe (PID: 7260)
- Unicorn-33.exe (PID: 7332)
- Unicorn-29368.exe (PID: 7380)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-58170.exe (PID: 7436)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-25498.exe (PID: 7556)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-5077.exe (PID: 7624)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-27693.exe (PID: 7980)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-5928.exe (PID: 7920)
- Unicorn-27958.exe (PID: 7992)
- Unicorn-25249.exe (PID: 8080)
- Unicorn-28049.exe (PID: 8072)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-14314.exe (PID: 8112)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-41532.exe (PID: 8184)
- Unicorn-49509.exe (PID: 7212)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-60312.exe (PID: 8268)
- Unicorn-905.exe (PID: 8276)
- Unicorn-39508.exe (PID: 8284)
- Unicorn-45638.exe (PID: 8308)
- Unicorn-49317.exe (PID: 4740)
- Unicorn-32871.exe (PID: 8500)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-60120.exe (PID: 8364)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-41170.exe (PID: 8548)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-29997.exe (PID: 8680)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-33468.exe (PID: 9492)
- Unicorn-29384.exe (PID: 9324)
- Unicorn-53069.exe (PID: 9508)
- Unicorn-13261.exe (PID: 9648)
Create files in a temporary directory
- Unicorn-60370.exe (PID: 1228)
- Unicorn-25918.exe (PID: 2148)
- Unicorn-61522.exe (PID: 2692)
- Unicorn-21362.exe (PID: 1324)
- Unicorn-50313.exe (PID: 3140)
- Unicorn-11584.exe (PID: 6028)
- 1 (129).exe (PID: 4776)
- Unicorn-25550.exe (PID: 2268)
- Unicorn-42248.exe (PID: 5260)
- Unicorn-37610.exe (PID: 6576)
- Unicorn-56893.exe (PID: 2096)
- Unicorn-46930.exe (PID: 736)
- Unicorn-35534.exe (PID: 4736)
- Unicorn-46930.exe (PID: 6080)
- Unicorn-6644.exe (PID: 2600)
- Unicorn-16295.exe (PID: 5968)
- Unicorn-51796.exe (PID: 5720)
- Unicorn-48829.exe (PID: 7244)
- Unicorn-53510.exe (PID: 7260)
- Unicorn-1600.exe (PID: 4068)
- Unicorn-35128.exe (PID: 7280)
- Unicorn-23474.exe (PID: 4220)
- Unicorn-24922.exe (PID: 7300)
- Unicorn-6539.exe (PID: 7316)
- Unicorn-33.exe (PID: 7332)
- Unicorn-46930.exe (PID: 208)
- Unicorn-58170.exe (PID: 7444)
- Unicorn-50002.exe (PID: 7468)
- Unicorn-46930.exe (PID: 2616)
- Unicorn-17884.exe (PID: 7500)
- Unicorn-25319.exe (PID: 2392)
- Unicorn-35534.exe (PID: 4988)
- Unicorn-5632.exe (PID: 7548)
- Unicorn-25498.exe (PID: 7556)
- Unicorn-17884.exe (PID: 7504)
- Unicorn-27101.exe (PID: 6032)
- Unicorn-9161.exe (PID: 7600)
- Unicorn-38112.exe (PID: 7672)
- Unicorn-9161.exe (PID: 7616)
- Unicorn-24344.exe (PID: 7704)
- Unicorn-49545.exe (PID: 7728)
- Unicorn-22160.exe (PID: 6264)
- Unicorn-13495.exe (PID: 1272)
- Unicorn-4641.exe (PID: 780)
- Unicorn-6644.exe (PID: 1532)
- Unicorn-39058.exe (PID: 7832)
- Unicorn-19494.exe (PID: 7224)
- Unicorn-12507.exe (PID: 7848)
- Unicorn-42073.exe (PID: 7928)
- Unicorn-22530.exe (PID: 7908)
- Unicorn-28049.exe (PID: 8072)
- Unicorn-48969.exe (PID: 7372)
- Unicorn-25249.exe (PID: 8080)
- Unicorn-27958.exe (PID: 7992)
- Unicorn-38866.exe (PID: 7892)
- Unicorn-14314.exe (PID: 8112)
- Unicorn-28512.exe (PID: 7944)
- Unicorn-15143.exe (PID: 4464)
- Unicorn-19790.exe (PID: 8008)
- Unicorn-29368.exe (PID: 7380)
- Unicorn-32426.exe (PID: 4200)
- Unicorn-49509.exe (PID: 7212)
- Unicorn-49317.exe (PID: 1088)
- Unicorn-41532.exe (PID: 8184)
- Unicorn-36318.exe (PID: 672)
- Unicorn-49317.exe (PID: 4740)
- Unicorn-49914.exe (PID: 8224)
- Unicorn-41746.exe (PID: 8240)
- Unicorn-60312.exe (PID: 8268)
- Unicorn-46930.exe (PID: 1240)
- Unicorn-905.exe (PID: 8276)
- Unicorn-713.exe (PID: 8372)
- Unicorn-33386.exe (PID: 8316)
- Unicorn-29664.exe (PID: 8392)
- Unicorn-17330.exe (PID: 7580)
- Unicorn-52737.exe (PID: 8516)
- Unicorn-10396.exe (PID: 8688)
- Unicorn-20942.exe (PID: 8476)
- Unicorn-20942.exe (PID: 8468)
- Unicorn-52737.exe (PID: 8508)
- Unicorn-54766.exe (PID: 8648)
- Unicorn-54766.exe (PID: 8640)
- Unicorn-60609.exe (PID: 7804)
- Unicorn-4803.exe (PID: 8756)
- Unicorn-15706.exe (PID: 8020)
- Unicorn-31008.exe (PID: 9028)
- Unicorn-27116.exe (PID: 9000)
- Unicorn-61377.exe (PID: 8028)
- Unicorn-5928.exe (PID: 7920)
- Unicorn-48134.exe (PID: 9084)
- Unicorn-45550.exe (PID: 9184)
- Unicorn-36318.exe (PID: 6712)
- Unicorn-50002.exe (PID: 7476)
- Unicorn-33468.exe (PID: 9496)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
489
Monitored processes
350
Malicious processes
52
Suspicious processes
57
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 208 | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | Unicorn-35534.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 672 | C:\Users\admin\AppData\Local\Temp\Unicorn-36318.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36318.exe | Unicorn-50002.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 728 | C:\Users\admin\AppData\Local\Temp\Unicorn-48705.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-48705.exe | Unicorn-39508.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 736 | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | Unicorn-25319.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 780 | C:\Users\admin\AppData\Local\Temp\Unicorn-4641.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4641.exe | Unicorn-61522.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1088 | C:\Users\admin\AppData\Local\Temp\Unicorn-49317.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49317.exe | Unicorn-46930.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-37330.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37330.exe | Unicorn-60312.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1228 | C:\Users\admin\AppData\Local\Temp\Unicorn-60370.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60370.exe | 1 (129).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46930.exe | Unicorn-27101.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1272 | C:\Users\admin\AppData\Local\Temp\Unicorn-13495.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13495.exe | 1 (129).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
10 599
Read events
10 599
Write events
0
Delete events
0
Modification events
Executable files
1 064
Suspicious files
4
Text files
4
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2148 | Unicorn-25918.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21362.exe | executable | |
MD5:1F16CA7DC3D9CC383248038E5224015E | SHA256:F9D3191FA9D9D14569FFABA0C8599B9D681CC10E136BD2386B8BA4AD7104DF88 | |||
| 1228 | Unicorn-60370.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25918.exe | executable | |
MD5:AE592AE37C04AFC0568E53281447E1F6 | SHA256:FCBF66B3D45E8F61783935862FA806DCEF8DD5B3FFF01D3B414739E3445CE18A | |||
| 4776 | 1 (129).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61522.exe | executable | |
MD5:4F3BAEDAD07BE73E819F7FE449AE02FC | SHA256:DEC5E0E3D8F3B7F748D8EF2497C3B84297FA535BB5078F5CB5EAA8195B176F48 | |||
| 1228 | Unicorn-60370.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25319.exe | executable | |
MD5:369C6940E0963F5A2A782127CF6F185E | SHA256:1A38A7126E405B385161953FCB0BE3FFEE870ADC2F74733509CBEE7D8EA5C9EC | |||
| 2148 | Unicorn-25918.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-56893.exe | executable | |
MD5:D049A567371CA7E0FE0EB0A04A86CC63 | SHA256:2096375DCE519D0827E4368ED3262FA56244FBACDB6D3EB17EDDC0DB4D04D1DE | |||
| 4776 | 1 (129).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-51796.exe | executable | |
MD5:72E7908B0D7F20C632AFE91372E185FB | SHA256:C0A589BCE10DD57188076C8E2BA157C1BEB55BE21CCFE79A93AC0D55F5830945 | |||
| 2692 | Unicorn-61522.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4641.exe | executable | |
MD5:99182BD35796E5B7376065F77CC10932 | SHA256:DEFC4160F00AA84B8ECD7A1039D478274790F99BBA0D3C222ADFE68C25481DBD | |||
| 2692 | Unicorn-61522.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11584.exe | executable | |
MD5:01E67CF6A79235F5A57C2D8A63EE68D7 | SHA256:A889B3F5549D07C74365AD012525B451B988F745E53B1FF261C032356FA9328D | |||
| 1324 | Unicorn-21362.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23474.exe | executable | |
MD5:36004D5EB03C33FC7BA5004C73F9637D | SHA256:6049160B650F364BAAEE45AE2B92154BC5F56082ACFAC582F4806BA4A428ABC9 | |||
| 3140 | Unicorn-50313.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35534.exe | executable | |
MD5:FAB52255A1EEA8D16B6A0707F079A138 | SHA256:7EB0F258CADDCD86565E853717DA9FA21457011C7ADE71920AA0107033B7E576 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
22
DNS requests
14
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
732 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8832 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8832 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.104.136.2:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
6488 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.31.2:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
732 | backgroundTaskHost.exe | 20.199.58.43:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |
nexusrules.officeapps.live.com |
| whitelisted |