| File name: | 1 (1101) |
| Full analysis: | https://app.any.run/tasks/123b0b37-e119-4183-a6ab-892a3a90b41b |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 09:43:14 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 687813B9D17E5131860C9D523D6F7920 |
| SHA1: | B60C41F9D6E6E46B90F824BDFBBD54C2788A3BEF |
| SHA256: | B81DCCC7D5548BFC238165735A90E6BCFB9419491C832CB659B70F56E4BC81DD |
| SSDEEP: | 6144:jSN9UsItiDdoA5lHpSYQOofx5tBqZvJGBC/W0eelnk/8S3jwpyAAEgF6fH6peBmT:jkebWoA51pXGBghaCO0eel8u4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1101).exe (PID: 4208)
- Unicorn-31937.exe (PID: 4976)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-26582.exe (PID: 4068)
- Unicorn-4124.exe (PID: 632)
- Unicorn-21015.exe (PID: 2772)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-24627.exe (PID: 3008)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-44301.exe (PID: 4688)
- Unicorn-44301.exe (PID: 5380)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-18571.exe (PID: 7260)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-62941.exe (PID: 7296)
- Unicorn-3526.exe (PID: 7316)
- Unicorn-39397.exe (PID: 7412)
- Unicorn-55925.exe (PID: 7360)
- Unicorn-40143.exe (PID: 7388)
- Unicorn-55468.exe (PID: 7444)
- Unicorn-47565.exe (PID: 7472)
- Unicorn-22869.exe (PID: 7480)
- Unicorn-55733.exe (PID: 7436)
- Unicorn-21891.exe (PID: 7504)
- Unicorn-3003.exe (PID: 7516)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-22869.exe (PID: 7488)
- Unicorn-24213.exe (PID: 7844)
- Unicorn-16599.exe (PID: 7920)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-30142.exe (PID: 7988)
- Unicorn-4944.exe (PID: 8004)
- Unicorn-16931.exe (PID: 8048)
- Unicorn-860.exe (PID: 8024)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-10874.exe (PID: 8088)
- Unicorn-8644.exe (PID: 8120)
- Unicorn-46709.exe (PID: 8184)
- Unicorn-33703.exe (PID: 8148)
- Unicorn-44663.exe (PID: 7188)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-6039.exe (PID: 7292)
- Unicorn-33881.exe (PID: 7576)
- Unicorn-1208.exe (PID: 7348)
- Unicorn-18099.exe (PID: 7584)
- Unicorn-21629.exe (PID: 7408)
- Unicorn-54301.exe (PID: 6540)
- Unicorn-13268.exe (PID: 968)
- Unicorn-41347.exe (PID: 4996)
- Unicorn-54301.exe (PID: 7588)
- Unicorn-5655.exe (PID: 1764)
- Unicorn-63024.exe (PID: 6988)
- Unicorn-19443.exe (PID: 5176)
- Unicorn-54301.exe (PID: 7580)
- Unicorn-9184.exe (PID: 6712)
- Unicorn-22011.exe (PID: 7052)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-1784.exe (PID: 7668)
- Unicorn-2339.exe (PID: 7704)
- Unicorn-41923.exe (PID: 7908)
- Unicorn-18889.exe (PID: 8164)
- Unicorn-24317.exe (PID: 7888)
- Unicorn-15380.exe (PID: 7600)
- Unicorn-16149.exe (PID: 7840)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-37123.exe (PID: 7612)
- Unicorn-40653.exe (PID: 7864)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-315.exe (PID: 8320)
- Unicorn-175.exe (PID: 8216)
- Unicorn-28209.exe (PID: 8208)
- Unicorn-54751.exe (PID: 8248)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-44353.exe (PID: 8296)
- Unicorn-62033.exe (PID: 8352)
- Unicorn-36377.exe (PID: 8240)
- Unicorn-37891.exe (PID: 8396)
- Unicorn-53673.exe (PID: 8388)
- Unicorn-10402.exe (PID: 8456)
- Unicorn-10071.exe (PID: 8536)
- Unicorn-58525.exe (PID: 8572)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-34959.exe (PID: 8808)
- Unicorn-838.exe (PID: 8856)
- Unicorn-53539.exe (PID: 1852)
- Unicorn-1540.exe (PID: 8800)
- Unicorn-26429.exe (PID: 8768)
- Unicorn-6584.exe (PID: 8928)
- Unicorn-7139.exe (PID: 8948)
- Unicorn-35365.exe (PID: 8888)
- Unicorn-25059.exe (PID: 8912)
- Unicorn-3616.exe (PID: 9020)
- Unicorn-28420.exe (PID: 8984)
- Unicorn-34020.exe (PID: 8972)
- Unicorn-17714.exe (PID: 9112)
- Unicorn-56901.exe (PID: 9008)
- Unicorn-48904.exe (PID: 9140)
- Unicorn-3232.exe (PID: 9156)
- Unicorn-52241.exe (PID: 3332)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-52241.exe (PID: 8204)
- Unicorn-15484.exe (PID: 9196)
- Unicorn-57669.exe (PID: 7816)
- Unicorn-53585.exe (PID: 6964)
- Unicorn-4939.exe (PID: 8600)
- Unicorn-15292.exe (PID: 456)
- Unicorn-16637.exe (PID: 8648)
- Unicorn-33165.exe (PID: 5376)
- Unicorn-58032.exe (PID: 8844)
- Unicorn-4939.exe (PID: 8684)
- Unicorn-54005.exe (PID: 8840)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-49672.exe (PID: 6724)
- Unicorn-57285.exe (PID: 6516)
- Unicorn-10122.exe (PID: 9088)
- Unicorn-50963.exe (PID: 8516)
- Unicorn-16807.exe (PID: 8704)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-25381.exe (PID: 6240)
- Unicorn-4960.exe (PID: 8876)
- Unicorn-684.exe (PID: 9224)
- Unicorn-54524.exe (PID: 8380)
- Unicorn-26341.exe (PID: 9336)
- Unicorn-29968.exe (PID: 9380)
- Unicorn-43445.exe (PID: 9448)
- Unicorn-38955.exe (PID: 9400)
Executable content was dropped or overwritten
- Unicorn-31937.exe (PID: 4976)
- 1 (1101).exe (PID: 4208)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-4124.exe (PID: 632)
- Unicorn-21015.exe (PID: 2772)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-24627.exe (PID: 3008)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-44301.exe (PID: 4688)
- Unicorn-44301.exe (PID: 5380)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-18571.exe (PID: 7260)
- Unicorn-3526.exe (PID: 7316)
- Unicorn-62941.exe (PID: 7296)
- Unicorn-55733.exe (PID: 7436)
- Unicorn-55925.exe (PID: 7360)
- Unicorn-40143.exe (PID: 7388)
- Unicorn-39397.exe (PID: 7412)
- Unicorn-47565.exe (PID: 7472)
- Unicorn-21891.exe (PID: 7504)
- Unicorn-22869.exe (PID: 7480)
- Unicorn-55468.exe (PID: 7444)
- Unicorn-26582.exe (PID: 4068)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-16599.exe (PID: 7920)
- Unicorn-30142.exe (PID: 7988)
- Unicorn-24213.exe (PID: 7844)
- Unicorn-4944.exe (PID: 8004)
- Unicorn-860.exe (PID: 8024)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-16931.exe (PID: 8048)
- Unicorn-8644.exe (PID: 8120)
- Unicorn-33703.exe (PID: 8148)
- Unicorn-46709.exe (PID: 8184)
- Unicorn-10874.exe (PID: 8088)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-44663.exe (PID: 7188)
- Unicorn-6039.exe (PID: 7292)
- Unicorn-33881.exe (PID: 7576)
- Unicorn-53539.exe (PID: 1852)
- Unicorn-1208.exe (PID: 7348)
- Unicorn-21629.exe (PID: 7408)
- Unicorn-13268.exe (PID: 968)
- Unicorn-41347.exe (PID: 4996)
- Unicorn-9184.exe (PID: 6712)
- Unicorn-18099.exe (PID: 7584)
- Unicorn-5655.exe (PID: 1764)
- Unicorn-63024.exe (PID: 6988)
- Unicorn-19443.exe (PID: 5176)
- Unicorn-54301.exe (PID: 7580)
- Unicorn-3003.exe (PID: 7516)
- Unicorn-22011.exe (PID: 7052)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-22869.exe (PID: 7488)
- Unicorn-1784.exe (PID: 7668)
- Unicorn-2339.exe (PID: 7704)
- Unicorn-15380.exe (PID: 7600)
- Unicorn-41923.exe (PID: 7908)
- Unicorn-18889.exe (PID: 8164)
- Unicorn-24317.exe (PID: 7888)
- Unicorn-16149.exe (PID: 7840)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-37123.exe (PID: 7612)
- Unicorn-40653.exe (PID: 7864)
- Unicorn-54751.exe (PID: 8248)
- Unicorn-315.exe (PID: 8320)
- Unicorn-28209.exe (PID: 8208)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-44353.exe (PID: 8296)
- Unicorn-62033.exe (PID: 8352)
- Unicorn-36377.exe (PID: 8240)
- Unicorn-37891.exe (PID: 8396)
- Unicorn-53673.exe (PID: 8388)
- Unicorn-10402.exe (PID: 8456)
- Unicorn-58525.exe (PID: 8572)
- Unicorn-1540.exe (PID: 8800)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-10071.exe (PID: 8536)
- Unicorn-838.exe (PID: 8856)
- Unicorn-34959.exe (PID: 8808)
- Unicorn-26429.exe (PID: 8768)
- Unicorn-6584.exe (PID: 8928)
- Unicorn-7139.exe (PID: 8948)
- Unicorn-35365.exe (PID: 8888)
- Unicorn-34020.exe (PID: 8972)
- Unicorn-28420.exe (PID: 8984)
- Unicorn-25059.exe (PID: 8912)
- Unicorn-3616.exe (PID: 9020)
- Unicorn-56901.exe (PID: 9008)
- Unicorn-17714.exe (PID: 9112)
- Unicorn-52241.exe (PID: 3332)
- Unicorn-3232.exe (PID: 9156)
- Unicorn-15484.exe (PID: 9196)
- Unicorn-48904.exe (PID: 9140)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-52241.exe (PID: 8204)
- Unicorn-15292.exe (PID: 456)
- Unicorn-53585.exe (PID: 6964)
- Unicorn-4939.exe (PID: 8600)
- Unicorn-57669.exe (PID: 7816)
- Unicorn-33165.exe (PID: 5376)
- Unicorn-58032.exe (PID: 8844)
- Unicorn-54005.exe (PID: 8840)
- Unicorn-4939.exe (PID: 8684)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-49672.exe (PID: 6724)
- Unicorn-16807.exe (PID: 8704)
- Unicorn-10122.exe (PID: 9088)
- Unicorn-50963.exe (PID: 8516)
- Unicorn-175.exe (PID: 8216)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-8474.exe (PID: 8360)
- Unicorn-25381.exe (PID: 6240)
- Unicorn-684.exe (PID: 9224)
- Unicorn-54524.exe (PID: 8380)
- Unicorn-4960.exe (PID: 8876)
- Unicorn-26341.exe (PID: 9336)
- Unicorn-29968.exe (PID: 9380)
- Unicorn-38955.exe (PID: 9400)
- Unicorn-35395.exe (PID: 9248)
- Unicorn-43445.exe (PID: 9448)
- Unicorn-51421.exe (PID: 9476)
- Unicorn-6859.exe (PID: 9484)
- Unicorn-36237.exe (PID: 9524)
- Unicorn-27877.exe (PID: 9564)
- Unicorn-39745.exe (PID: 9708)
- Unicorn-60357.exe (PID: 9664)
- Unicorn-37699.exe (PID: 9716)
- Unicorn-56465.exe (PID: 9596)
- Unicorn-65188.exe (PID: 9632)
- Unicorn-54301.exe (PID: 6540)
- Unicorn-40875.exe (PID: 9536)
- Unicorn-48800.exe (PID: 9840)
- Unicorn-55187.exe (PID: 9824)
- Unicorn-24561.exe (PID: 9792)
- Unicorn-3948.exe (PID: 9880)
- Unicorn-8779.exe (PID: 9780)
- Unicorn-15048.exe (PID: 9744)
- Unicorn-24561.exe (PID: 9772)
- Unicorn-942.exe (PID: 9676)
- Unicorn-15246.exe (PID: 9912)
- Unicorn-8032.exe (PID: 9852)
- Unicorn-57285.exe (PID: 6516)
- Unicorn-31582.exe (PID: 9944)
- Unicorn-48681.exe (PID: 9976)
- Unicorn-13823.exe (PID: 10028)
- Unicorn-23985.exe (PID: 10004)
- Unicorn-16637.exe (PID: 8648)
- Unicorn-32345.exe (PID: 9952)
- Unicorn-29967.exe (PID: 10076)
- Unicorn-34382.exe (PID: 9936)
- Unicorn-32535.exe (PID: 10052)
- Unicorn-46304.exe (PID: 10092)
- Unicorn-26061.exe (PID: 10172)
- Unicorn-37389.exe (PID: 10112)
- Unicorn-20122.exe (PID: 10156)
- Unicorn-54301.exe (PID: 7588)
- Unicorn-8203.exe (PID: 10012)
- Unicorn-15152.exe (PID: 9888)
- Unicorn-54960.exe (PID: 7344)
- Unicorn-52101.exe (PID: 2332)
- Unicorn-25166.exe (PID: 6208)
- Unicorn-23710.exe (PID: 10296)
- Unicorn-6792.exe (PID: 9764)
- Unicorn-22147.exe (PID: 10236)
- Unicorn-47441.exe (PID: 9432)
- Unicorn-48188.exe (PID: 10276)
- Unicorn-37493.exe (PID: 10432)
- Unicorn-60653.exe (PID: 10424)
- Unicorn-544.exe (PID: 10472)
- Unicorn-41939.exe (PID: 10524)
- Unicorn-10558.exe (PID: 10536)
- Unicorn-16881.exe (PID: 10496)
- Unicorn-8063.exe (PID: 10588)
- Unicorn-18395.exe (PID: 10604)
- Unicorn-9459.exe (PID: 10448)
- Unicorn-42515.exe (PID: 10760)
- Unicorn-43999.exe (PID: 10692)
- Unicorn-42515.exe (PID: 10752)
- Unicorn-45813.exe (PID: 10704)
- Unicorn-12988.exe (PID: 10796)
- Unicorn-44191.exe (PID: 10664)
- Unicorn-51452.exe (PID: 11020)
- Unicorn-55152.exe (PID: 10640)
- Unicorn-42899.exe (PID: 10624)
- Unicorn-2635.exe (PID: 10872)
- Unicorn-30596.exe (PID: 10816)
- Unicorn-51281.exe (PID: 10832)
- Unicorn-53319.exe (PID: 10852)
Executes application which crashes
- Unicorn-28593.exe (PID: 8500)
INFO
Checks supported languages
- 1 (1101).exe (PID: 4208)
- Unicorn-31937.exe (PID: 4976)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-21015.exe (PID: 2772)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-55468.exe (PID: 7444)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-24213.exe (PID: 7844)
- Unicorn-16599.exe (PID: 7920)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-30142.exe (PID: 7988)
- Unicorn-4944.exe (PID: 8004)
- Unicorn-860.exe (PID: 8024)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-16931.exe (PID: 8048)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-6039.exe (PID: 7292)
- Unicorn-44663.exe (PID: 7188)
- Unicorn-5655.exe (PID: 1764)
- Unicorn-13268.exe (PID: 968)
- Unicorn-54301.exe (PID: 7588)
- Unicorn-54301.exe (PID: 6540)
- Unicorn-22011.exe (PID: 7052)
- Unicorn-41923.exe (PID: 7908)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-1784.exe (PID: 7668)
- Unicorn-28209.exe (PID: 8208)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-40653.exe (PID: 7864)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-37891.exe (PID: 8396)
- Unicorn-53673.exe (PID: 8388)
- Unicorn-10402.exe (PID: 8456)
- Unicorn-28593.exe (PID: 8500)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-1540.exe (PID: 8800)
- Unicorn-35365.exe (PID: 8888)
- Unicorn-25059.exe (PID: 8912)
- Unicorn-28420.exe (PID: 8984)
- Unicorn-34020.exe (PID: 8972)
- Unicorn-3616.exe (PID: 9020)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-56901.exe (PID: 9008)
- Unicorn-15292.exe (PID: 456)
- Unicorn-52241.exe (PID: 8204)
- Unicorn-52241.exe (PID: 3332)
- Unicorn-4939.exe (PID: 8600)
- Unicorn-58032.exe (PID: 8844)
- Unicorn-8474.exe (PID: 8360)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-10122.exe (PID: 9088)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-38955.exe (PID: 9400)
- Unicorn-43445.exe (PID: 9448)
- Unicorn-35395.exe (PID: 9248)
- Unicorn-56465.exe (PID: 9596)
- Unicorn-65188.exe (PID: 9632)
- Unicorn-942.exe (PID: 9676)
- Unicorn-24561.exe (PID: 9772)
- Unicorn-34382.exe (PID: 9936)
- Unicorn-23985.exe (PID: 10004)
- Unicorn-32535.exe (PID: 10052)
- Unicorn-8032.exe (PID: 9852)
- Unicorn-3948.exe (PID: 9880)
- Unicorn-13823.exe (PID: 10028)
- Unicorn-37389.exe (PID: 10112)
- Unicorn-22147.exe (PID: 10236)
- Unicorn-26061.exe (PID: 10172)
- Unicorn-47441.exe (PID: 9432)
- Unicorn-54960.exe (PID: 7344)
- Unicorn-15152.exe (PID: 9888)
- Unicorn-25166.exe (PID: 6208)
- Unicorn-23710.exe (PID: 10296)
- Unicorn-60653.exe (PID: 10424)
- Unicorn-8063.exe (PID: 10588)
- Unicorn-544.exe (PID: 10472)
- Unicorn-18395.exe (PID: 10604)
- Unicorn-16881.exe (PID: 10496)
- Unicorn-45813.exe (PID: 10704)
- Unicorn-42515.exe (PID: 10760)
- Unicorn-12988.exe (PID: 10796)
- Unicorn-55152.exe (PID: 10640)
- Unicorn-2635.exe (PID: 10872)
- Unicorn-31223.exe (PID: 10904)
- Unicorn-39391.exe (PID: 10932)
- Unicorn-31031.exe (PID: 10984)
- Unicorn-30596.exe (PID: 10816)
- Unicorn-9672.exe (PID: 11096)
- Unicorn-48659.exe (PID: 11064)
- Unicorn-48659.exe (PID: 11072)
- Unicorn-35713.exe (PID: 11136)
- Unicorn-50003.exe (PID: 11172)
- Unicorn-23269.exe (PID: 11232)
- Unicorn-37559.exe (PID: 5504)
- Unicorn-34178.exe (PID: 4868)
- Unicorn-63844.exe (PID: 4692)
- Unicorn-2827.exe (PID: 11308)
- Unicorn-58903.exe (PID: 11356)
- Unicorn-47203.exe (PID: 11180)
- Unicorn-44436.exe (PID: 11208)
- Unicorn-243.exe (PID: 11328)
- Unicorn-31904.exe (PID: 11412)
- Unicorn-48505.exe (PID: 11436)
- Unicorn-40145.exe (PID: 11468)
- Unicorn-40699.exe (PID: 11484)
- Unicorn-39953.exe (PID: 11528)
- Unicorn-19533.exe (PID: 11520)
- Unicorn-36450.exe (PID: 11596)
- Unicorn-57633.exe (PID: 11616)
- Unicorn-11940.exe (PID: 11748)
- Unicorn-15322.exe (PID: 11824)
- Unicorn-41681.exe (PID: 11872)
- Unicorn-29922.exe (PID: 11644)
- Unicorn-37597.exe (PID: 11892)
- Unicorn-13455.exe (PID: 11984)
- Unicorn-47803.exe (PID: 11912)
- Unicorn-12708.exe (PID: 12012)
- Unicorn-35219.exe (PID: 12056)
- Unicorn-5619.exe (PID: 12072)
- Unicorn-39111.exe (PID: 12120)
- Unicorn-26113.exe (PID: 12152)
- Unicorn-5500.exe (PID: 12244)
- Unicorn-22583.exe (PID: 12168)
- Unicorn-21837.exe (PID: 12284)
- Unicorn-4546.exe (PID: 6944)
- Unicorn-50980.exe (PID: 8056)
- Unicorn-12582.exe (PID: 12328)
- Unicorn-56216.exe (PID: 10204)
- Unicorn-53423.exe (PID: 12352)
- Unicorn-1992.exe (PID: 12408)
- Unicorn-42793.exe (PID: 12384)
- Unicorn-22391.exe (PID: 672)
- Unicorn-36127.exe (PID: 900)
- Unicorn-51312.exe (PID: 10228)
- Unicorn-43793.exe (PID: 12536)
- Unicorn-45137.exe (PID: 12588)
- Unicorn-12278.exe (PID: 12724)
- Unicorn-8380.exe (PID: 12784)
- Unicorn-29844.exe (PID: 12864)
- Unicorn-37139.exe (PID: 12676)
- Unicorn-39407.exe (PID: 13144)
- Unicorn-5286.exe (PID: 13216)
- Unicorn-64819.exe (PID: 12912)
- Unicorn-367.exe (PID: 12972)
- Unicorn-13580.exe (PID: 12964)
The sample compiled with chinese language support
- 1 (1101).exe (PID: 4208)
- Unicorn-31937.exe (PID: 4976)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-21015.exe (PID: 2772)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-4124.exe (PID: 632)
- Unicorn-24627.exe (PID: 3008)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-44301.exe (PID: 4688)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-44301.exe (PID: 5380)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-18571.exe (PID: 7260)
- Unicorn-62941.exe (PID: 7296)
- Unicorn-3526.exe (PID: 7316)
- Unicorn-39397.exe (PID: 7412)
- Unicorn-55733.exe (PID: 7436)
- Unicorn-55925.exe (PID: 7360)
- Unicorn-40143.exe (PID: 7388)
- Unicorn-47565.exe (PID: 7472)
- Unicorn-22869.exe (PID: 7480)
- Unicorn-21891.exe (PID: 7504)
- Unicorn-55468.exe (PID: 7444)
- Unicorn-26582.exe (PID: 4068)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-24213.exe (PID: 7844)
- Unicorn-16599.exe (PID: 7920)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-30142.exe (PID: 7988)
- Unicorn-4944.exe (PID: 8004)
- Unicorn-860.exe (PID: 8024)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-16931.exe (PID: 8048)
- Unicorn-10874.exe (PID: 8088)
- Unicorn-8644.exe (PID: 8120)
- Unicorn-33703.exe (PID: 8148)
- Unicorn-46709.exe (PID: 8184)
- Unicorn-44663.exe (PID: 7188)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-33881.exe (PID: 7576)
- Unicorn-1208.exe (PID: 7348)
- Unicorn-53539.exe (PID: 1852)
- Unicorn-6039.exe (PID: 7292)
- Unicorn-21629.exe (PID: 7408)
- Unicorn-13268.exe (PID: 968)
- Unicorn-41347.exe (PID: 4996)
- Unicorn-18099.exe (PID: 7584)
- Unicorn-63024.exe (PID: 6988)
- Unicorn-54301.exe (PID: 7580)
- Unicorn-19443.exe (PID: 5176)
- Unicorn-9184.exe (PID: 6712)
- Unicorn-5655.exe (PID: 1764)
- Unicorn-3003.exe (PID: 7516)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-22869.exe (PID: 7488)
- Unicorn-22011.exe (PID: 7052)
- Unicorn-1784.exe (PID: 7668)
- Unicorn-2339.exe (PID: 7704)
- Unicorn-41923.exe (PID: 7908)
- Unicorn-18889.exe (PID: 8164)
- Unicorn-24317.exe (PID: 7888)
- Unicorn-15380.exe (PID: 7600)
- Unicorn-16149.exe (PID: 7840)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-37123.exe (PID: 7612)
- Unicorn-40653.exe (PID: 7864)
- Unicorn-54751.exe (PID: 8248)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-315.exe (PID: 8320)
- Unicorn-28209.exe (PID: 8208)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-44353.exe (PID: 8296)
- Unicorn-62033.exe (PID: 8352)
- Unicorn-36377.exe (PID: 8240)
- Unicorn-53673.exe (PID: 8388)
- Unicorn-10402.exe (PID: 8456)
- Unicorn-37891.exe (PID: 8396)
- Unicorn-10071.exe (PID: 8536)
- Unicorn-58525.exe (PID: 8572)
- Unicorn-1540.exe (PID: 8800)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-26429.exe (PID: 8768)
- Unicorn-838.exe (PID: 8856)
- Unicorn-34959.exe (PID: 8808)
- Unicorn-6584.exe (PID: 8928)
- Unicorn-7139.exe (PID: 8948)
- Unicorn-25059.exe (PID: 8912)
- Unicorn-3616.exe (PID: 9020)
- Unicorn-34020.exe (PID: 8972)
- Unicorn-28420.exe (PID: 8984)
- Unicorn-17714.exe (PID: 9112)
- Unicorn-56901.exe (PID: 9008)
- Unicorn-3232.exe (PID: 9156)
- Unicorn-35365.exe (PID: 8888)
- Unicorn-48904.exe (PID: 9140)
- Unicorn-52241.exe (PID: 3332)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-52241.exe (PID: 8204)
- Unicorn-15484.exe (PID: 9196)
- Unicorn-15292.exe (PID: 456)
- Unicorn-53585.exe (PID: 6964)
- Unicorn-4939.exe (PID: 8600)
- Unicorn-57669.exe (PID: 7816)
- Unicorn-4939.exe (PID: 8684)
- Unicorn-33165.exe (PID: 5376)
- Unicorn-58032.exe (PID: 8844)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-49672.exe (PID: 6724)
- Unicorn-54005.exe (PID: 8840)
- Unicorn-16807.exe (PID: 8704)
- Unicorn-10122.exe (PID: 9088)
- Unicorn-175.exe (PID: 8216)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-50963.exe (PID: 8516)
- Unicorn-8474.exe (PID: 8360)
- Unicorn-4960.exe (PID: 8876)
- Unicorn-54524.exe (PID: 8380)
- Unicorn-684.exe (PID: 9224)
- Unicorn-25381.exe (PID: 6240)
- Unicorn-26341.exe (PID: 9336)
- Unicorn-29968.exe (PID: 9380)
- Unicorn-38955.exe (PID: 9400)
- Unicorn-35395.exe (PID: 9248)
- Unicorn-43445.exe (PID: 9448)
- Unicorn-6859.exe (PID: 9484)
- Unicorn-51421.exe (PID: 9476)
- Unicorn-40875.exe (PID: 9536)
- Unicorn-39745.exe (PID: 9708)
- Unicorn-37699.exe (PID: 9716)
- Unicorn-60357.exe (PID: 9664)
- Unicorn-56465.exe (PID: 9596)
- Unicorn-36237.exe (PID: 9524)
- Unicorn-54301.exe (PID: 6540)
- Unicorn-27877.exe (PID: 9564)
- Unicorn-24561.exe (PID: 9772)
- Unicorn-942.exe (PID: 9676)
- Unicorn-55187.exe (PID: 9824)
- Unicorn-24561.exe (PID: 9792)
- Unicorn-48800.exe (PID: 9840)
- Unicorn-8779.exe (PID: 9780)
- Unicorn-3948.exe (PID: 9880)
- Unicorn-65188.exe (PID: 9632)
- Unicorn-15048.exe (PID: 9744)
- Unicorn-8032.exe (PID: 9852)
- Unicorn-15246.exe (PID: 9912)
- Unicorn-57285.exe (PID: 6516)
- Unicorn-31582.exe (PID: 9944)
- Unicorn-13823.exe (PID: 10028)
- Unicorn-23985.exe (PID: 10004)
- Unicorn-48681.exe (PID: 9976)
- Unicorn-16637.exe (PID: 8648)
- Unicorn-32345.exe (PID: 9952)
- Unicorn-34382.exe (PID: 9936)
- Unicorn-32535.exe (PID: 10052)
- Unicorn-29967.exe (PID: 10076)
- Unicorn-46304.exe (PID: 10092)
- Unicorn-20122.exe (PID: 10156)
- Unicorn-37389.exe (PID: 10112)
- Unicorn-26061.exe (PID: 10172)
- Unicorn-54301.exe (PID: 7588)
- Unicorn-8203.exe (PID: 10012)
- Unicorn-52101.exe (PID: 2332)
- Unicorn-54960.exe (PID: 7344)
- Unicorn-47441.exe (PID: 9432)
- Unicorn-15152.exe (PID: 9888)
- Unicorn-25166.exe (PID: 6208)
- Unicorn-48188.exe (PID: 10276)
- Unicorn-6792.exe (PID: 9764)
- Unicorn-23710.exe (PID: 10296)
- Unicorn-22147.exe (PID: 10236)
- Unicorn-544.exe (PID: 10472)
- Unicorn-41939.exe (PID: 10524)
- Unicorn-8063.exe (PID: 10588)
- Unicorn-16881.exe (PID: 10496)
- Unicorn-10558.exe (PID: 10536)
- Unicorn-18395.exe (PID: 10604)
- Unicorn-9459.exe (PID: 10448)
- Unicorn-37493.exe (PID: 10432)
- Unicorn-60653.exe (PID: 10424)
- Unicorn-42515.exe (PID: 10752)
- Unicorn-43999.exe (PID: 10692)
- Unicorn-45813.exe (PID: 10704)
- Unicorn-44191.exe (PID: 10664)
- Unicorn-12988.exe (PID: 10796)
- Unicorn-51452.exe (PID: 11020)
- Unicorn-55152.exe (PID: 10640)
- Unicorn-42899.exe (PID: 10624)
- Unicorn-42515.exe (PID: 10760)
- Unicorn-53319.exe (PID: 10852)
- Unicorn-2635.exe (PID: 10872)
- Unicorn-30596.exe (PID: 10816)
- Unicorn-51281.exe (PID: 10832)
Reads the computer name
- 1 (1101).exe (PID: 4208)
- Unicorn-31937.exe (PID: 4976)
- Unicorn-4124.exe (PID: 632)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-26582.exe (PID: 4068)
- Unicorn-24627.exe (PID: 3008)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-44301.exe (PID: 4688)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-18571.exe (PID: 7260)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-62941.exe (PID: 7296)
- Unicorn-3526.exe (PID: 7316)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-10874.exe (PID: 8088)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-21629.exe (PID: 7408)
- Unicorn-54301.exe (PID: 7588)
- Unicorn-41347.exe (PID: 4996)
- Unicorn-9184.exe (PID: 6712)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-18889.exe (PID: 8164)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-16149.exe (PID: 7840)
- Unicorn-175.exe (PID: 8216)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-62033.exe (PID: 8352)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-6584.exe (PID: 8928)
- Unicorn-25059.exe (PID: 8912)
- Unicorn-48904.exe (PID: 9140)
- Unicorn-3232.exe (PID: 9156)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-15292.exe (PID: 456)
- Unicorn-4939.exe (PID: 8684)
- Unicorn-16637.exe (PID: 8648)
- Unicorn-54005.exe (PID: 8840)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-16807.exe (PID: 8704)
- Unicorn-57285.exe (PID: 6516)
- Unicorn-50963.exe (PID: 8516)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-8474.exe (PID: 8360)
- Unicorn-54524.exe (PID: 8380)
- Unicorn-26341.exe (PID: 9336)
- Unicorn-6859.exe (PID: 9484)
- Unicorn-36237.exe (PID: 9524)
Create files in a temporary directory
- 1 (1101).exe (PID: 4208)
- Unicorn-2012.exe (PID: 1228)
- Unicorn-21015.exe (PID: 2772)
- Unicorn-31937.exe (PID: 4976)
- Unicorn-4124.exe (PID: 632)
- Unicorn-32713.exe (PID: 1388)
- Unicorn-11820.exe (PID: 1040)
- Unicorn-44301.exe (PID: 5380)
- Unicorn-64020.exe (PID: 5640)
- Unicorn-46339.exe (PID: 1240)
- Unicorn-24627.exe (PID: 3008)
- Unicorn-55468.exe (PID: 7444)
- Unicorn-44301.exe (PID: 4688)
- Unicorn-21891.exe (PID: 7504)
- Unicorn-55733.exe (PID: 7436)
- Unicorn-19091.exe (PID: 7496)
- Unicorn-40771.exe (PID: 5968)
- Unicorn-18571.exe (PID: 7260)
- Unicorn-30142.exe (PID: 7988)
- Unicorn-4944.exe (PID: 8004)
- Unicorn-16599.exe (PID: 7920)
- Unicorn-5499.exe (PID: 8040)
- Unicorn-10874.exe (PID: 8088)
- Unicorn-8644.exe (PID: 8120)
- Unicorn-33703.exe (PID: 8148)
- Unicorn-55925.exe (PID: 7360)
- Unicorn-46709.exe (PID: 8184)
- Unicorn-40143.exe (PID: 7388)
- Unicorn-44663.exe (PID: 7188)
- Unicorn-50601.exe (PID: 7256)
- Unicorn-39397.exe (PID: 7412)
- Unicorn-6039.exe (PID: 7292)
- Unicorn-33881.exe (PID: 7576)
- Unicorn-53539.exe (PID: 1852)
- Unicorn-47565.exe (PID: 7472)
- Unicorn-63024.exe (PID: 6988)
- Unicorn-19443.exe (PID: 5176)
- Unicorn-47212.exe (PID: 1052)
- Unicorn-22869.exe (PID: 7488)
- Unicorn-22869.exe (PID: 7480)
- Unicorn-3003.exe (PID: 7516)
- Unicorn-1784.exe (PID: 7668)
- Unicorn-2339.exe (PID: 7704)
- Unicorn-24213.exe (PID: 7844)
- Unicorn-15380.exe (PID: 7600)
- Unicorn-60372.exe (PID: 1324)
- Unicorn-24317.exe (PID: 7888)
- Unicorn-16149.exe (PID: 7840)
- Unicorn-40653.exe (PID: 7864)
- Unicorn-62941.exe (PID: 7296)
- Unicorn-19937.exe (PID: 7960)
- Unicorn-860.exe (PID: 8024)
- Unicorn-315.exe (PID: 8320)
- Unicorn-28209.exe (PID: 8208)
- Unicorn-36377.exe (PID: 8240)
- Unicorn-16931.exe (PID: 8048)
- Unicorn-37891.exe (PID: 8396)
- Unicorn-62152.exe (PID: 8620)
- Unicorn-36133.exe (PID: 6080)
- Unicorn-58525.exe (PID: 8572)
- Unicorn-1208.exe (PID: 7348)
- Unicorn-6584.exe (PID: 8928)
- Unicorn-35365.exe (PID: 8888)
- Unicorn-21629.exe (PID: 7408)
- Unicorn-9184.exe (PID: 6712)
- Unicorn-5655.exe (PID: 1764)
- Unicorn-28420.exe (PID: 8984)
- Unicorn-13268.exe (PID: 968)
- Unicorn-41347.exe (PID: 4996)
- Unicorn-56901.exe (PID: 9008)
- Unicorn-26582.exe (PID: 4068)
- Unicorn-17714.exe (PID: 9112)
- Unicorn-22101.exe (PID: 7232)
- Unicorn-48904.exe (PID: 9140)
- Unicorn-52241.exe (PID: 3332)
- Unicorn-41923.exe (PID: 7908)
- Unicorn-3232.exe (PID: 9148)
- Unicorn-15292.exe (PID: 456)
- Unicorn-18889.exe (PID: 8164)
- Unicorn-4939.exe (PID: 8600)
- Unicorn-37123.exe (PID: 7612)
- Unicorn-33165.exe (PID: 5376)
- Unicorn-41399.exe (PID: 4228)
- Unicorn-10122.exe (PID: 8980)
- Unicorn-49672.exe (PID: 6724)
- Unicorn-44472.exe (PID: 7904)
- Unicorn-54751.exe (PID: 8248)
- Unicorn-50963.exe (PID: 8516)
- Unicorn-175.exe (PID: 8216)
- Unicorn-48693.exe (PID: 8760)
- Unicorn-60119.exe (PID: 8276)
- Unicorn-44353.exe (PID: 8296)
- Unicorn-3526.exe (PID: 7316)
- Unicorn-4960.exe (PID: 8876)
- Unicorn-684.exe (PID: 9224)
- Unicorn-54524.exe (PID: 8380)
- Unicorn-25381.exe (PID: 6240)
- Unicorn-29968.exe (PID: 9380)
- Unicorn-38955.exe (PID: 9400)
- Unicorn-1540.exe (PID: 8800)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 7608)
- BackgroundTransferHost.exe (PID: 7880)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 7608)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 7608)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 7608)
- WerFault.exe (PID: 8760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
457
Monitored processes
323
Malicious processes
46
Suspicious processes
46
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 456 | C:\Users\admin\AppData\Local\Temp\Unicorn-15292.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15292.exe | Unicorn-5655.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-4124.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4124.exe | Unicorn-2012.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 672 | C:\Users\admin\AppData\Local\Temp\Unicorn-22391.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22391.exe | — | Unicorn-175.exe | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 900 | C:\Users\admin\AppData\Local\Temp\Unicorn-36127.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36127.exe | — | Unicorn-860.exe | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 968 | C:\Users\admin\AppData\Local\Temp\Unicorn-13268.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13268.exe | Unicorn-19091.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-11820.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11820.exe | Unicorn-4124.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1052 | C:\Users\admin\AppData\Local\Temp\Unicorn-47212.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47212.exe | Unicorn-64020.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1228 | C:\Users\admin\AppData\Local\Temp\Unicorn-2012.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2012.exe | Unicorn-31937.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-46339.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46339.exe | Unicorn-31937.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-60372.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60372.exe | 1 (1101).exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
Total events
9 997
Read events
9 982
Write events
15
Delete events
0
Modification events
| (PID) Process: | (5084) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5084) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5084) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7608) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7608) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7608) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7880) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7880) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7880) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7212) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 017
Suspicious files
7
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4976 | Unicorn-31937.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2012.exe | executable | |
MD5:93A74C8EF001628EC7E1270D12555068 | SHA256:1A3F41BCB79E38A6F2A576A7DC70BE3375527C75F0E5290C1207B32D7631778D | |||
| 4208 | 1 (1101).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26582.exe | executable | |
MD5:76962BC7E271A5FB246DB55BD469B1D1 | SHA256:366EE8917961C99B279FEF5058E409E52441D168526BB432B6DAA910383E4D82 | |||
| 4208 | 1 (1101).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31937.exe | executable | |
MD5:62DA52855C2F09E7188B07AD3249B134 | SHA256:F6D88FECBE30E55BE5AC829262753D4326D9CAB5F3B75BC8CA0BFEE0639F11C5 | |||
| 4208 | 1 (1101).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64020.exe | executable | |
MD5:B1B8EDA210E09123E3FFA222DB42A9A7 | SHA256:29BAEAF39807880397F3DF4A1A23B2CF8B2BD038C4126CC808F978BD2D27D156 | |||
| 2772 | Unicorn-21015.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-36133.exe | executable | |
MD5:965D496814521BCD1F52E558FC453E96 | SHA256:A20BF245AF218C16C93E1E408FB53BE6A135D612C6283A9E16FF5A6AEB014902 | |||
| 1040 | Unicorn-11820.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22101.exe | executable | |
MD5:91D2517BBF7E03BC62FB0A19B27E37B6 | SHA256:651F0DFD4BF5A2477A8A53F39F680F90FB01C79F876348C16EE782CFB9A88521 | |||
| 4976 | Unicorn-31937.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21015.exe | executable | |
MD5:359971ED4046F397204CE0B366C76266 | SHA256:4071A9B2E058526F87F693DEE9E7FBB315523119DDA5DC27C1F73C75DBDDD2E7 | |||
| 6080 | Unicorn-36133.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-55925.exe | executable | |
MD5:432F6509F2618FA4892788EC44B4852C | SHA256:11F5D7245BE0B16D88004BE2CDBBCE91824B3B62DA7EEEF85FABD9855CE3D4FB | |||
| 3008 | Unicorn-24627.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-62941.exe | executable | |
MD5:1A26F774BB204ADE60D204AE8F772166 | SHA256:3A1BD93D4EA5D6639B62206E022FB6BD9682D6586B69E4165D0E881A922E6E1C | |||
| 2772 | Unicorn-21015.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40143.exe | executable | |
MD5:6FCB49F7A42C6456ABC4F0C0DFA9E484 | SHA256:E5036B696D81E82B93E5E36251D6CE92E7E1D2C7497E7CE6B8C03415392117A4 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
29
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
4220 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8312 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8312 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
7608 | BackgroundTransferHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | 4.231.128.59:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 20.190.160.66:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2112 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4220 | backgroundTaskHost.exe | 20.74.47.205:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |