File name:

1 (1109)

Full analysis: https://app.any.run/tasks/33564977-10cc-40da-876a-105e8a6a6bdb
Verdict: Malicious activity
Analysis date: March 24, 2025, 09:35:13
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

852928EBD4021DD4F088529B085707B0

SHA1:

C53CB0FFD10B03B475B67F80E434F02AD4243FEF

SHA256:

BE63991641B77BC98130006A0557787EE536F8DEBA4B774FABA6F0964F60E1CB

SSDEEP:

6144:EE+ASnI5jDuHAxFSjseQfmxxltBqnvJGBC/xyeQmmk/8SwjwpyAvEhF4P4BrZZob:E13IgHAxcjPpBqhaCJyeQmhx4DemDsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts itself from another location

      • Unicorn-22641.exe (PID: 920)
      • Unicorn-58172.exe (PID: 3900)
      • 1 (1109).exe (PID: 2656)
      • Unicorn-248.exe (PID: 3020)
      • Unicorn-48977.exe (PID: 6184)
      • Unicorn-53061.exe (PID: 1228)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-37279.exe (PID: 660)
      • Unicorn-18225.exe (PID: 6740)
      • Unicorn-63149.exe (PID: 2420)
      • Unicorn-26947.exe (PID: 1328)
      • Unicorn-9864.exe (PID: 6080)
      • Unicorn-9864.exe (PID: 5964)
      • Unicorn-35173.exe (PID: 6752)
      • Unicorn-29307.exe (PID: 6592)
      • Unicorn-40913.exe (PID: 6392)
      • Unicorn-59620.exe (PID: 3008)
      • Unicorn-37383.exe (PID: 1912)
      • Unicorn-54872.exe (PID: 6516)
      • Unicorn-5116.exe (PID: 5556)
      • Unicorn-40019.exe (PID: 4608)
      • Unicorn-37789.exe (PID: 7144)
      • Unicorn-50041.exe (PID: 4976)
      • Unicorn-41873.exe (PID: 1164)
      • Unicorn-61531.exe (PID: 5344)
      • Unicorn-30175.exe (PID: 4920)
      • Unicorn-42427.exe (PID: 6480)
      • Unicorn-43911.exe (PID: 672)
      • Unicorn-4659.exe (PID: 7172)
      • Unicorn-62293.exe (PID: 4980)
      • Unicorn-33705.exe (PID: 3896)
      • Unicorn-22605.exe (PID: 7272)
      • Unicorn-51193.exe (PID: 7308)
      • Unicorn-19075.exe (PID: 7292)
      • Unicorn-57315.exe (PID: 7316)
      • Unicorn-61260.exe (PID: 7356)
      • Unicorn-7420.exe (PID: 7348)
      • Unicorn-29813.exe (PID: 7052)
      • Unicorn-56164.exe (PID: 7400)
      • Unicorn-47877.exe (PID: 7432)
      • Unicorn-44348.exe (PID: 7448)
      • Unicorn-40093.exe (PID: 7380)
      • Unicorn-8188.exe (PID: 7468)
      • Unicorn-6142.exe (PID: 7484)
      • Unicorn-53113.exe (PID: 7504)
      • Unicorn-49584.exe (PID: 7520)
      • Unicorn-32501.exe (PID: 7540)
      • Unicorn-28417.exe (PID: 7548)
      • Unicorn-65173.exe (PID: 7604)
      • Unicorn-6843.exe (PID: 7704)
      • Unicorn-28971.exe (PID: 7564)
      • Unicorn-7804.exe (PID: 7620)
      • Unicorn-9842.exe (PID: 7628)
      • Unicorn-18010.exe (PID: 7676)
      • Unicorn-48837.exe (PID: 7592)
      • Unicorn-53476.exe (PID: 7684)
      • Unicorn-48837.exe (PID: 7576)
      • Unicorn-32044.exe (PID: 7696)
      • Unicorn-7804.exe (PID: 7660)
      • Unicorn-7804.exe (PID: 7648)
      • Unicorn-8359.exe (PID: 7732)
      • Unicorn-7804.exe (PID: 7640)
      • Unicorn-7642.exe (PID: 7896)
      • Unicorn-50721.exe (PID: 7880)
      • Unicorn-55552.exe (PID: 7860)
      • Unicorn-47000.exe (PID: 7948)
      • Unicorn-42361.exe (PID: 7916)
      • Unicorn-1063.exe (PID: 7956)
      • Unicorn-19294.exe (PID: 7720)
      • Unicorn-23455.exe (PID: 8140)
      • Unicorn-9859.exe (PID: 8024)
      • Unicorn-33809.exe (PID: 8064)
      • Unicorn-37893.exe (PID: 8040)
      • Unicorn-13943.exe (PID: 8056)
      • Unicorn-5220.exe (PID: 7980)
      • Unicorn-26985.exe (PID: 8112)
      • Unicorn-23594.exe (PID: 8016)
      • Unicorn-55936.exe (PID: 4620)
      • Unicorn-41215.exe (PID: 8096)
      • Unicorn-55573.exe (PID: 8132)
      • Unicorn-15417.exe (PID: 6564)
      • Unicorn-42672.exe (PID: 6300)
      • Unicorn-3803.exe (PID: 8248)
      • Unicorn-57611.exe (PID: 8152)
      • Unicorn-42745.exe (PID: 8216)
      • Unicorn-58187.exe (PID: 8292)
      • Unicorn-19393.exe (PID: 8264)
      • Unicorn-20353.exe (PID: 8376)
      • Unicorn-10264.exe (PID: 2644)
      • Unicorn-7332.exe (PID: 8508)
      • Unicorn-37139.exe (PID: 7584)
      • Unicorn-57877.exe (PID: 8576)
      • Unicorn-49709.exe (PID: 8568)
      • Unicorn-45433.exe (PID: 8668)
      • Unicorn-33159.exe (PID: 8416)
      • Unicorn-21121.exe (PID: 8540)
      • Unicorn-12760.exe (PID: 8632)
      • Unicorn-3248.exe (PID: 8516)
      • Unicorn-53793.exe (PID: 8584)
      • Unicorn-37457.exe (PID: 8560)
      • Unicorn-57685.exe (PID: 8676)
      • Unicorn-53601.exe (PID: 8700)
      • Unicorn-53601.exe (PID: 8712)
      • Unicorn-57685.exe (PID: 8680)
      • Unicorn-55639.exe (PID: 8740)
      • Unicorn-24396.exe (PID: 8840)
      • Unicorn-22582.exe (PID: 8856)
      • Unicorn-61504.exe (PID: 8732)
      • Unicorn-57685.exe (PID: 8692)
      • Unicorn-8847.exe (PID: 8848)
      • Unicorn-35987.exe (PID: 8996)
      • Unicorn-33378.exe (PID: 8912)
      • Unicorn-32797.exe (PID: 8864)
      • Unicorn-49325.exe (PID: 8824)
      • Unicorn-14275.exe (PID: 8904)
      • Unicorn-22443.exe (PID: 8980)
      • Unicorn-10191.exe (PID: 8944)
      • Unicorn-10191.exe (PID: 8952)
      • Unicorn-36179.exe (PID: 8916)
      • Unicorn-34695.exe (PID: 8936)
      • Unicorn-22443.exe (PID: 8928)
      • Unicorn-41347.exe (PID: 9048)
      • Unicorn-61665.exe (PID: 7844)
      • Unicorn-16051.exe (PID: 9148)
      • Unicorn-42361.exe (PID: 7924)
      • Unicorn-44539.exe (PID: 9188)
      • Unicorn-10020.exe (PID: 9104)
      • Unicorn-47332.exe (PID: 9156)
      • Unicorn-2900.exe (PID: 8960)
      • Unicorn-30669.exe (PID: 8968)
      • Unicorn-34525.exe (PID: 9116)
      • Unicorn-1136.exe (PID: 7988)
      • Unicorn-30803.exe (PID: 1132)
      • Unicorn-1468.exe (PID: 9200)
      • Unicorn-35485.exe (PID: 8480)
      • Unicorn-35485.exe (PID: 8356)
      • Unicorn-23041.exe (PID: 9236)
      • Unicorn-23041.exe (PID: 9244)
      • Unicorn-59916.exe (PID: 8504)
      • Unicorn-61835.exe (PID: 9268)
      • Unicorn-31571.exe (PID: 9308)
      • Unicorn-10950.exe (PID: 9384)
      • Unicorn-22110.exe (PID: 9336)
      • Unicorn-38032.exe (PID: 9344)
      • Unicorn-23965.exe (PID: 9376)
      • Unicorn-48100.exe (PID: 9276)
      • Unicorn-60721.exe (PID: 9420)
      • Unicorn-36579.exe (PID: 9480)
      • Unicorn-44193.exe (PID: 9472)
      • Unicorn-15967.exe (PID: 9544)
      • Unicorn-35833.exe (PID: 9552)
      • Unicorn-30078.exe (PID: 9576)
      • Unicorn-4120.exe (PID: 9656)
      • Unicorn-53129.exe (PID: 9704)
      • Unicorn-2074.exe (PID: 9640)
      • Unicorn-29179.exe (PID: 9688)
      • Unicorn-30854.exe (PID: 9600)
      • Unicorn-33861.exe (PID: 9756)
      • Unicorn-19370.exe (PID: 9832)
      • Unicorn-9719.exe (PID: 9852)
      • Unicorn-50752.exe (PID: 9812)
      • Unicorn-49548.exe (PID: 9888)
      • Unicorn-57021.exe (PID: 9720)
      • Unicorn-33861.exe (PID: 9760)
      • Unicorn-37945.exe (PID: 9788)
      • Unicorn-62620.exe (PID: 9936)
      • Unicorn-54452.exe (PID: 9912)
      • Unicorn-8780.exe (PID: 9920)
      • Unicorn-25117.exe (PID: 9976)
      • Unicorn-7819.exe (PID: 10000)

    • Executable content was dropped or overwritten

      • Unicorn-248.exe (PID: 3020)
      • 1 (1109).exe (PID: 2656)
      • Unicorn-58172.exe (PID: 3900)
      • Unicorn-22641.exe (PID: 920)
      • Unicorn-53061.exe (PID: 1228)
      • Unicorn-48977.exe (PID: 6184)
      • Unicorn-18225.exe (PID: 6740)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-26947.exe (PID: 1328)
      • Unicorn-63149.exe (PID: 2420)
      • Unicorn-59620.exe (PID: 3008)
      • Unicorn-9864.exe (PID: 6080)
      • Unicorn-9864.exe (PID: 5964)
      • Unicorn-37279.exe (PID: 660)
      • Unicorn-35173.exe (PID: 6752)
      • Unicorn-29307.exe (PID: 6592)
      • Unicorn-40913.exe (PID: 6392)
      • Unicorn-37383.exe (PID: 1912)
      • Unicorn-29813.exe (PID: 7052)
      • Unicorn-40019.exe (PID: 4608)
      • Unicorn-5116.exe (PID: 5556)
      • Unicorn-54872.exe (PID: 6516)
      • Unicorn-37789.exe (PID: 7144)
      • Unicorn-33705.exe (PID: 3896)
      • Unicorn-41873.exe (PID: 1164)
      • Unicorn-50041.exe (PID: 4976)
      • Unicorn-42427.exe (PID: 6480)
      • Unicorn-61531.exe (PID: 5344)
      • Unicorn-22605.exe (PID: 7272)
      • Unicorn-19075.exe (PID: 7292)
      • Unicorn-51193.exe (PID: 7308)
      • Unicorn-7420.exe (PID: 7348)
      • Unicorn-61260.exe (PID: 7356)
      • Unicorn-40093.exe (PID: 7380)
      • Unicorn-56164.exe (PID: 7400)
      • Unicorn-47877.exe (PID: 7432)
      • Unicorn-44348.exe (PID: 7448)
      • Unicorn-8188.exe (PID: 7468)
      • Unicorn-6142.exe (PID: 7484)
      • Unicorn-53113.exe (PID: 7504)
      • Unicorn-49584.exe (PID: 7520)
      • Unicorn-32501.exe (PID: 7540)
      • Unicorn-65173.exe (PID: 7604)
      • Unicorn-7804.exe (PID: 7620)
      • Unicorn-28417.exe (PID: 7548)
      • Unicorn-28971.exe (PID: 7564)
      • Unicorn-6843.exe (PID: 7704)
      • Unicorn-7804.exe (PID: 7640)
      • Unicorn-37139.exe (PID: 7584)
      • Unicorn-9842.exe (PID: 7628)
      • Unicorn-18010.exe (PID: 7676)
      • Unicorn-32044.exe (PID: 7696)
      • Unicorn-7804.exe (PID: 7648)
      • Unicorn-48837.exe (PID: 7592)
      • Unicorn-19294.exe (PID: 7720)
      • Unicorn-61665.exe (PID: 7844)
      • Unicorn-4659.exe (PID: 7172)
      • Unicorn-50721.exe (PID: 7880)
      • Unicorn-7642.exe (PID: 7896)
      • Unicorn-13943.exe (PID: 8056)
      • Unicorn-42361.exe (PID: 7916)
      • Unicorn-42361.exe (PID: 7924)
      • Unicorn-62293.exe (PID: 4980)
      • Unicorn-30175.exe (PID: 4920)
      • Unicorn-55552.exe (PID: 7860)
      • Unicorn-57315.exe (PID: 7316)
      • Unicorn-1136.exe (PID: 7988)
      • Unicorn-5220.exe (PID: 7980)
      • Unicorn-23455.exe (PID: 8140)
      • Unicorn-9859.exe (PID: 8024)
      • Unicorn-33809.exe (PID: 8064)
      • Unicorn-37893.exe (PID: 8040)
      • Unicorn-23594.exe (PID: 8016)
      • Unicorn-15417.exe (PID: 6564)
      • Unicorn-41215.exe (PID: 8096)
      • Unicorn-3803.exe (PID: 8248)
      • Unicorn-42672.exe (PID: 6300)
      • Unicorn-26985.exe (PID: 8112)
      • Unicorn-55936.exe (PID: 4620)
      • Unicorn-58187.exe (PID: 8292)
      • Unicorn-42745.exe (PID: 8216)
      • Unicorn-19393.exe (PID: 8264)
      • Unicorn-20353.exe (PID: 8376)
      • Unicorn-57611.exe (PID: 8152)
      • Unicorn-10264.exe (PID: 2644)
      • Unicorn-7332.exe (PID: 8508)
      • Unicorn-57877.exe (PID: 8576)
      • Unicorn-49709.exe (PID: 8568)
      • Unicorn-21121.exe (PID: 8540)
      • Unicorn-33159.exe (PID: 8416)
      • Unicorn-45433.exe (PID: 8668)
      • Unicorn-12760.exe (PID: 8632)
      • Unicorn-3248.exe (PID: 8516)
      • Unicorn-53793.exe (PID: 8584)
      • Unicorn-37457.exe (PID: 8560)
      • Unicorn-7804.exe (PID: 7660)
      • Unicorn-53601.exe (PID: 8700)
      • Unicorn-53601.exe (PID: 8712)
      • Unicorn-57685.exe (PID: 8680)
      • Unicorn-61504.exe (PID: 8732)
      • Unicorn-55639.exe (PID: 8740)
      • Unicorn-8359.exe (PID: 7732)
      • Unicorn-24396.exe (PID: 8840)
      • Unicorn-22582.exe (PID: 8856)
      • Unicorn-49325.exe (PID: 8824)
      • Unicorn-8847.exe (PID: 8848)
      • Unicorn-57685.exe (PID: 8692)
      • Unicorn-33378.exe (PID: 8912)
      • Unicorn-35987.exe (PID: 8996)
      • Unicorn-34695.exe (PID: 8936)
      • Unicorn-32797.exe (PID: 8864)
      • Unicorn-22443.exe (PID: 8928)
      • Unicorn-10191.exe (PID: 8952)
      • Unicorn-36179.exe (PID: 8916)
      • Unicorn-2900.exe (PID: 8960)
      • Unicorn-10191.exe (PID: 8944)
      • Unicorn-34525.exe (PID: 9116)
      • Unicorn-10020.exe (PID: 9104)
      • Unicorn-1063.exe (PID: 7956)
      • Unicorn-44539.exe (PID: 9188)
      • Unicorn-47332.exe (PID: 9156)
      • Unicorn-30669.exe (PID: 8968)
      • Unicorn-47000.exe (PID: 7948)
      • Unicorn-1468.exe (PID: 9200)
      • Unicorn-59916.exe (PID: 8504)
      • Unicorn-35485.exe (PID: 8480)
      • Unicorn-35485.exe (PID: 8356)
      • Unicorn-23041.exe (PID: 9244)
      • Unicorn-6704.exe (PID: 9220)
      • Unicorn-48100.exe (PID: 9276)
      • Unicorn-61835.exe (PID: 9268)
      • Unicorn-31571.exe (PID: 9308)
      • Unicorn-55573.exe (PID: 8132)
      • Unicorn-10950.exe (PID: 9384)
      • Unicorn-22110.exe (PID: 9336)
      • Unicorn-38032.exe (PID: 9344)
      • Unicorn-23965.exe (PID: 9376)
      • Unicorn-60721.exe (PID: 9420)
      • Unicorn-44193.exe (PID: 9472)
      • Unicorn-36579.exe (PID: 9480)
      • Unicorn-15967.exe (PID: 9544)
      • Unicorn-35833.exe (PID: 9552)
      • Unicorn-30078.exe (PID: 9576)
      • Unicorn-30854.exe (PID: 9600)
      • Unicorn-53129.exe (PID: 9704)
      • Unicorn-2074.exe (PID: 9640)
      • Unicorn-4120.exe (PID: 9656)
      • Unicorn-29179.exe (PID: 9688)
      • Unicorn-8204.exe (PID: 9648)
      • Unicorn-37945.exe (PID: 9788)
      • Unicorn-33861.exe (PID: 9756)
      • Unicorn-19370.exe (PID: 9832)
      • Unicorn-9719.exe (PID: 9852)
      • Unicorn-49548.exe (PID: 9888)
      • Unicorn-8780.exe (PID: 9920)
      • Unicorn-33861.exe (PID: 9760)
      • Unicorn-57021.exe (PID: 9720)
      • Unicorn-50752.exe (PID: 9812)
      • Unicorn-25117.exe (PID: 9976)
      • Unicorn-7819.exe (PID: 10000)
      • Unicorn-62620.exe (PID: 9936)
      • Unicorn-54452.exe (PID: 9912)
      • Unicorn-1002.exe (PID: 10056)
      • Unicorn-43911.exe (PID: 672)
      • Unicorn-14275.exe (PID: 8904)
      • Unicorn-11970.exe (PID: 10076)
      • Unicorn-34245.exe (PID: 10124)
      • Unicorn-22443.exe (PID: 8980)
      • Unicorn-41347.exe (PID: 9048)
      • Unicorn-1307.exe (PID: 10100)
      • Unicorn-48837.exe (PID: 7576)
      • Unicorn-54473.exe (PID: 10156)
      • Unicorn-30803.exe (PID: 1132)
      • Unicorn-3279.exe (PID: 10184)
      • Unicorn-27037.exe (PID: 10204)
      • Unicorn-22688.exe (PID: 10212)
      • Unicorn-11255.exe (PID: 10224)
      • Unicorn-53476.exe (PID: 7684)
      • Unicorn-19231.exe (PID: 8244)
      • Unicorn-56201.exe (PID: 5408)
      • Unicorn-57685.exe (PID: 8676)
      • Unicorn-44525.exe (PID: 10344)
      • Unicorn-53824.exe (PID: 10244)
      • Unicorn-34746.exe (PID: 10552)
      • Unicorn-14325.exe (PID: 10532)
      • Unicorn-4452.exe (PID: 10444)
      • Unicorn-16051.exe (PID: 9148)
      • Unicorn-50389.exe (PID: 10148)
      • Unicorn-23041.exe (PID: 9236)
      • Unicorn-11372.exe (PID: 10468)
      • Unicorn-47715.exe (PID: 10420)
      • Unicorn-47190.exe (PID: 10512)
      • Unicorn-4696.exe (PID: 9928)
      • Unicorn-28476.exe (PID: 10608)
      • Unicorn-7309.exe (PID: 10636)
      • Unicorn-56318.exe (PID: 10724)
      • Unicorn-27922.exe (PID: 10584)

  • INFO

    • Create files in a temporary directory

      • 1 (1109).exe (PID: 2656)
      • Unicorn-58172.exe (PID: 3900)
      • Unicorn-248.exe (PID: 3020)
      • Unicorn-22641.exe (PID: 920)
      • Unicorn-26947.exe (PID: 1328)
      • Unicorn-59620.exe (PID: 3008)
      • Unicorn-37279.exe (PID: 660)
      • Unicorn-35173.exe (PID: 6752)
      • Unicorn-29307.exe (PID: 6592)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-9864.exe (PID: 5964)
      • Unicorn-29813.exe (PID: 7052)
      • Unicorn-40019.exe (PID: 4608)
      • Unicorn-37789.exe (PID: 7144)
      • Unicorn-33705.exe (PID: 3896)
      • Unicorn-18225.exe (PID: 6740)
      • Unicorn-37383.exe (PID: 1912)
      • Unicorn-50041.exe (PID: 4976)
      • Unicorn-42427.exe (PID: 6480)
      • Unicorn-61531.exe (PID: 5344)
      • Unicorn-22605.exe (PID: 7272)
      • Unicorn-40913.exe (PID: 6392)
      • Unicorn-61260.exe (PID: 7356)
      • Unicorn-47877.exe (PID: 7432)
      • Unicorn-63149.exe (PID: 2420)
      • Unicorn-54872.exe (PID: 6516)
      • Unicorn-8188.exe (PID: 7468)
      • Unicorn-48977.exe (PID: 6184)
      • Unicorn-28417.exe (PID: 7548)
      • Unicorn-7804.exe (PID: 7620)
      • Unicorn-65173.exe (PID: 7604)
      • Unicorn-32044.exe (PID: 7696)
      • Unicorn-7804.exe (PID: 7648)
      • Unicorn-50721.exe (PID: 7880)
      • Unicorn-4659.exe (PID: 7172)
      • Unicorn-5220.exe (PID: 7980)
      • Unicorn-23455.exe (PID: 8140)
      • Unicorn-57611.exe (PID: 8152)
      • Unicorn-26985.exe (PID: 8112)
      • Unicorn-19393.exe (PID: 8264)
      • Unicorn-33159.exe (PID: 8416)
      • Unicorn-28971.exe (PID: 7564)
      • Unicorn-9864.exe (PID: 6080)
      • Unicorn-32797.exe (PID: 8864)
      • Unicorn-49325.exe (PID: 8824)
      • Unicorn-10191.exe (PID: 8944)
      • Unicorn-53061.exe (PID: 1228)
      • Unicorn-23965.exe (PID: 9376)
      • Unicorn-57021.exe (PID: 9720)
      • Unicorn-53113.exe (PID: 7504)
      • Unicorn-8204.exe (PID: 9648)
      • Unicorn-37139.exe (PID: 7584)

    • The sample compiled with chinese language support

      • 1 (1109).exe (PID: 2656)
      • Unicorn-37279.exe (PID: 660)
      • Unicorn-7819.exe (PID: 10000)
      • Unicorn-57685.exe (PID: 8676)
      • Unicorn-24396.exe (PID: 8840)
      • Unicorn-41873.exe (PID: 1164)
      • Unicorn-11372.exe (PID: 10468)
      • Unicorn-32044.exe (PID: 7696)
      • Unicorn-53601.exe (PID: 8700)
      • Unicorn-9864.exe (PID: 6080)
      • Unicorn-9864.exe (PID: 5964)
      • Unicorn-7804.exe (PID: 7660)
      • Unicorn-7804.exe (PID: 7648)
      • Unicorn-54452.exe (PID: 9912)
      • Unicorn-8359.exe (PID: 7732)
      • Unicorn-61504.exe (PID: 8732)
      • Unicorn-53793.exe (PID: 8584)
      • Unicorn-35173.exe (PID: 6752)
      • Unicorn-4696.exe (PID: 9928)
      • Unicorn-43911.exe (PID: 672)
      • Unicorn-49325.exe (PID: 8824)
      • Unicorn-33378.exe (PID: 8912)
      • Unicorn-35987.exe (PID: 8996)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-34695.exe (PID: 8936)
      • Unicorn-22641.exe (PID: 920)
      • Unicorn-61531.exe (PID: 5344)
      • Unicorn-11970.exe (PID: 10076)
      • Unicorn-22605.exe (PID: 7272)
      • Unicorn-30669.exe (PID: 8968)
      • Unicorn-34245.exe (PID: 10124)
      • Unicorn-50721.exe (PID: 7880)
      • Unicorn-40913.exe (PID: 6392)
      • Unicorn-58172.exe (PID: 3900)
      • Unicorn-7642.exe (PID: 7896)
      • Unicorn-19075.exe (PID: 7292)
      • Unicorn-18010.exe (PID: 7676)
      • Unicorn-8780.exe (PID: 9920)
      • Unicorn-18225.exe (PID: 6740)
      • Unicorn-42361.exe (PID: 7916)
      • Unicorn-30175.exe (PID: 4920)
      • Unicorn-19294.exe (PID: 7720)
      • Unicorn-50389.exe (PID: 10148)
      • Unicorn-10020.exe (PID: 9104)
      • Unicorn-37383.exe (PID: 1912)
      • Unicorn-51193.exe (PID: 7308)
      • Unicorn-47332.exe (PID: 9156)
      • Unicorn-54473.exe (PID: 10156)
      • Unicorn-53061.exe (PID: 1228)
      • Unicorn-48837.exe (PID: 7592)
      • Unicorn-1307.exe (PID: 10100)
      • Unicorn-2900.exe (PID: 8960)
      • Unicorn-34525.exe (PID: 9116)
      • Unicorn-40019.exe (PID: 4608)
      • Unicorn-1468.exe (PID: 9200)
      • Unicorn-3279.exe (PID: 10184)
      • Unicorn-61260.exe (PID: 7356)
      • Unicorn-30803.exe (PID: 1132)
      • Unicorn-47877.exe (PID: 7432)
      • Unicorn-61835.exe (PID: 9268)
      • Unicorn-23041.exe (PID: 9236)
      • Unicorn-26985.exe (PID: 8112)
      • Unicorn-31571.exe (PID: 9308)
      • Unicorn-5116.exe (PID: 5556)
      • Unicorn-27037.exe (PID: 10204)
      • Unicorn-29813.exe (PID: 7052)
      • Unicorn-56164.exe (PID: 7400)
      • Unicorn-55936.exe (PID: 4620)
      • Unicorn-1136.exe (PID: 7988)
      • Unicorn-44348.exe (PID: 7448)
      • Unicorn-5220.exe (PID: 7980)
      • Unicorn-9859.exe (PID: 8024)
      • Unicorn-22688.exe (PID: 10212)
      • Unicorn-26947.exe (PID: 1328)
      • Unicorn-23965.exe (PID: 9376)
      • Unicorn-248.exe (PID: 3020)
      • Unicorn-41215.exe (PID: 8096)
      • Unicorn-54872.exe (PID: 6516)
      • Unicorn-11255.exe (PID: 10224)
      • Unicorn-22110.exe (PID: 9336)
      • Unicorn-57611.exe (PID: 8152)
      • Unicorn-16051.exe (PID: 9148)
      • Unicorn-40093.exe (PID: 7380)
      • Unicorn-19231.exe (PID: 8244)
      • Unicorn-30078.exe (PID: 9576)
      • Unicorn-37893.exe (PID: 8040)
      • Unicorn-30854.exe (PID: 9600)
      • Unicorn-55573.exe (PID: 8132)
      • Unicorn-10950.exe (PID: 9384)
      • Unicorn-23594.exe (PID: 8016)
      • Unicorn-8188.exe (PID: 7468)
      • Unicorn-13943.exe (PID: 8056)
      • Unicorn-32501.exe (PID: 7540)
      • Unicorn-48977.exe (PID: 6184)
      • Unicorn-42672.exe (PID: 6300)
      • Unicorn-29179.exe (PID: 9688)
      • Unicorn-3803.exe (PID: 8248)
      • Unicorn-59620.exe (PID: 3008)
      • Unicorn-19393.exe (PID: 8264)
      • Unicorn-1063.exe (PID: 7956)
      • Unicorn-58187.exe (PID: 8292)
      • Unicorn-49584.exe (PID: 7520)
      • Unicorn-36579.exe (PID: 9480)
      • Unicorn-63149.exe (PID: 2420)
      • Unicorn-6142.exe (PID: 7484)
      • Unicorn-15967.exe (PID: 9544)
      • Unicorn-53824.exe (PID: 10244)
      • Unicorn-10264.exe (PID: 2644)
      • Unicorn-20353.exe (PID: 8376)
      • Unicorn-53129.exe (PID: 9704)
      • Unicorn-33159.exe (PID: 8416)
      • Unicorn-33861.exe (PID: 9756)
      • Unicorn-33705.exe (PID: 3896)
      • Unicorn-37945.exe (PID: 9788)
      • Unicorn-56201.exe (PID: 5408)
      • Unicorn-19370.exe (PID: 9832)
      • Unicorn-37139.exe (PID: 7584)
      • Unicorn-50752.exe (PID: 9812)
      • Unicorn-14325.exe (PID: 10532)
      • Unicorn-49709.exe (PID: 8568)
      • Unicorn-47715.exe (PID: 10420)
      • Unicorn-21121.exe (PID: 8540)
      • Unicorn-49548.exe (PID: 9888)
      • Unicorn-45433.exe (PID: 8668)
      • Unicorn-4452.exe (PID: 10444)
      • Unicorn-44525.exe (PID: 10344)
      • Unicorn-37789.exe (PID: 7144)
      • Unicorn-7332.exe (PID: 8508)
      • Unicorn-44193.exe (PID: 9472)
      • Unicorn-12760.exe (PID: 8632)
      • Unicorn-57685.exe (PID: 8680)
      • Unicorn-25117.exe (PID: 9976)
      • Unicorn-28417.exe (PID: 7548)
      • Unicorn-4659.exe (PID: 7172)
      • Unicorn-3248.exe (PID: 8516)
      • Unicorn-9842.exe (PID: 7628)
      • Unicorn-6843.exe (PID: 7704)
      • Unicorn-47190.exe (PID: 10512)
      • Unicorn-7804.exe (PID: 7640)
      • Unicorn-29307.exe (PID: 6592)
      • Unicorn-32797.exe (PID: 8864)
      • Unicorn-57685.exe (PID: 8692)
      • Unicorn-28971.exe (PID: 7564)
      • Unicorn-4120.exe (PID: 9656)
      • Unicorn-7804.exe (PID: 7620)
      • Unicorn-62620.exe (PID: 9936)
      • Unicorn-22443.exe (PID: 8928)
      • Unicorn-8847.exe (PID: 8848)
      • Unicorn-6704.exe (PID: 9220)
      • Unicorn-53476.exe (PID: 7684)
      • Unicorn-42361.exe (PID: 7924)
      • Unicorn-7420.exe (PID: 7348)
      • Unicorn-47000.exe (PID: 7948)
      • Unicorn-59916.exe (PID: 8504)
      • Unicorn-48100.exe (PID: 9276)
      • Unicorn-41347.exe (PID: 9048)
      • Unicorn-10191.exe (PID: 8944)
      • Unicorn-35833.exe (PID: 9552)
      • Unicorn-55552.exe (PID: 7860)
      • Unicorn-22443.exe (PID: 8980)
      • Unicorn-44539.exe (PID: 9188)
      • Unicorn-65173.exe (PID: 7604)
      • Unicorn-38032.exe (PID: 9344)
      • Unicorn-14275.exe (PID: 8904)
      • Unicorn-33861.exe (PID: 9760)
      • Unicorn-28476.exe (PID: 10608)
      • Unicorn-53601.exe (PID: 8712)
      • Unicorn-37457.exe (PID: 8560)
      • Unicorn-7309.exe (PID: 10636)
      • Unicorn-50041.exe (PID: 4976)
      • Unicorn-10191.exe (PID: 8952)
      • Unicorn-62293.exe (PID: 4980)
      • Unicorn-61665.exe (PID: 7844)
      • Unicorn-53113.exe (PID: 7504)
      • Unicorn-42745.exe (PID: 8216)
      • Unicorn-57021.exe (PID: 9720)
      • Unicorn-34746.exe (PID: 10552)
      • Unicorn-15417.exe (PID: 6564)
      • Unicorn-27922.exe (PID: 10584)
      • Unicorn-48837.exe (PID: 7576)
      • Unicorn-23455.exe (PID: 8140)
      • Unicorn-23041.exe (PID: 9244)
      • Unicorn-33809.exe (PID: 8064)
      • Unicorn-56318.exe (PID: 10724)

    • Reads the computer name

      • 1 (1109).exe (PID: 2656)
      • Unicorn-22641.exe (PID: 920)
      • Unicorn-53061.exe (PID: 1228)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-41873.exe (PID: 1164)
      • Unicorn-8359.exe (PID: 7732)
      • Unicorn-7804.exe (PID: 7620)
      • Unicorn-21121.exe (PID: 8540)
      • Unicorn-3248.exe (PID: 8516)
      • Unicorn-49325.exe (PID: 8824)
      • Unicorn-22443.exe (PID: 8928)
      • Unicorn-48100.exe (PID: 9276)
      • Unicorn-15967.exe (PID: 9544)
      • Unicorn-2074.exe (PID: 9640)
      • Unicorn-50752.exe (PID: 9812)

    • Checks supported languages

      • 1 (1109).exe (PID: 2656)
      • Unicorn-22641.exe (PID: 920)
      • Unicorn-248.exe (PID: 3020)
      • Unicorn-51015.exe (PID: 1180)
      • Unicorn-33705.exe (PID: 3896)
      • Unicorn-4659.exe (PID: 7172)
      • Unicorn-7420.exe (PID: 7348)
      • Unicorn-6142.exe (PID: 7484)
      • Unicorn-48837.exe (PID: 7592)
      • Unicorn-13943.exe (PID: 8056)
      • Unicorn-15417.exe (PID: 6564)
      • Unicorn-57877.exe (PID: 8576)
      • Unicorn-49709.exe (PID: 8568)
      • Unicorn-57685.exe (PID: 8680)
      • Unicorn-45433.exe (PID: 8668)
      • Unicorn-32797.exe (PID: 8864)
      • Unicorn-2900.exe (PID: 8960)
      • Unicorn-30803.exe (PID: 1132)
      • Unicorn-23041.exe (PID: 9236)
      • Unicorn-50752.exe (PID: 9812)
      • Unicorn-34245.exe (PID: 10124)
      • Unicorn-19231.exe (PID: 8244)
      • Unicorn-62620.exe (PID: 9936)
      • Unicorn-27922.exe (PID: 10584)
      • Unicorn-60402.exe (PID: 10696)
      • Unicorn-48705.exe (PID: 10708)
      • Unicorn-19178.exe (PID: 10864)
      • Unicorn-7309.exe (PID: 10636)
      • Unicorn-24149.exe (PID: 11140)
      • Unicorn-42596.exe (PID: 1532)
      • Unicorn-36017.exe (PID: 6208)
      • Unicorn-58932.exe (PID: 6148)
      • Unicorn-16992.exe (PID: 11008)
      • Unicorn-33520.exe (PID: 10956)
      • Unicorn-21098.exe (PID: 11356)
      • Unicorn-37050.exe (PID: 11476)
      • Unicorn-50838.exe (PID: 11540)
      • Unicorn-51222.exe (PID: 12112)
      • Unicorn-22036.exe (PID: 11808)
      • Unicorn-5648.exe (PID: 12212)
      • Unicorn-15425.exe (PID: 12312)
      • Unicorn-23402.exe (PID: 12404)
      • Unicorn-9997.exe (PID: 12240)
      • Unicorn-10765.exe (PID: 12560)
      • Unicorn-2597.exe (PID: 12548)
      • Unicorn-51636.exe (PID: 12944)
      • Unicorn-36962.exe (PID: 13068)
      • Unicorn-24518.exe (PID: 13132)
      • Unicorn-1357.exe (PID: 13160)
      • Unicorn-5057.exe (PID: 13280)
      • Unicorn-4481.exe (PID: 12976)
      • Unicorn-43734.exe (PID: 13428)
      • Unicorn-58705.exe (PID: 13316)
      • Unicorn-57449.exe (PID: 13860)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 5244)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 3768)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (90.6)
.exe | Win32 Executable (generic) (4.9)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:19 13:34:56+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 176128
InitializedDataSize: 299008
UninitializedDataSize: -
EntryPoint: 0x13d4
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: UEFI
ProductName: Kawaii-Unicorn
FileVersion: 1
ProductVersion: 1
InternalName: Kawaii-Unicorn
OriginalFileName: Kawaii-Unicorn.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
526
Monitored processes
395
Malicious processes
59
Suspicious processes
49

Behavior graph

Click at the process to see the details
start 1 (1109).exe sppextcomobj.exe no specs slui.exe no specs unicorn-22641.exe backgroundtransferhost.exe no specs unicorn-248.exe unicorn-58172.exe backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs unicorn-53061.exe unicorn-48977.exe unicorn-37279.exe unicorn-51015.exe backgroundtransferhost.exe no specs unicorn-18225.exe unicorn-26947.exe unicorn-63149.exe unicorn-59620.exe unicorn-9864.exe unicorn-9864.exe unicorn-35173.exe unicorn-29307.exe unicorn-40913.exe unicorn-37383.exe unicorn-29813.exe unicorn-40019.exe unicorn-5116.exe unicorn-54872.exe unicorn-37789.exe unicorn-33705.exe unicorn-41873.exe unicorn-50041.exe unicorn-30175.exe unicorn-42427.exe unicorn-43911.exe unicorn-62293.exe unicorn-61531.exe unicorn-4659.exe unicorn-22605.exe unicorn-19075.exe unicorn-51193.exe unicorn-57315.exe unicorn-7420.exe unicorn-61260.exe unicorn-40093.exe unicorn-56164.exe unicorn-47877.exe unicorn-44348.exe unicorn-8188.exe unicorn-6142.exe unicorn-53113.exe unicorn-49584.exe unicorn-32501.exe unicorn-28417.exe unicorn-28971.exe unicorn-48837.exe unicorn-37139.exe unicorn-48837.exe unicorn-65173.exe unicorn-7804.exe unicorn-9842.exe unicorn-7804.exe unicorn-7804.exe unicorn-7804.exe unicorn-18010.exe unicorn-53476.exe unicorn-32044.exe unicorn-6843.exe unicorn-19294.exe unicorn-8359.exe unicorn-61665.exe unicorn-55552.exe unicorn-50721.exe unicorn-7642.exe unicorn-42361.exe unicorn-42361.exe unicorn-47000.exe unicorn-1063.exe unicorn-5220.exe unicorn-1136.exe unicorn-23594.exe unicorn-9859.exe unicorn-37893.exe unicorn-13943.exe unicorn-33809.exe unicorn-41215.exe unicorn-26985.exe unicorn-55573.exe unicorn-23455.exe unicorn-57611.exe unicorn-15417.exe unicorn-55936.exe unicorn-10264.exe unicorn-42672.exe unicorn-42745.exe unicorn-3803.exe unicorn-19393.exe unicorn-58187.exe unicorn-20353.exe unicorn-33159.exe unicorn-7332.exe unicorn-3248.exe unicorn-21121.exe unicorn-37457.exe unicorn-49709.exe unicorn-57877.exe unicorn-53793.exe unicorn-12760.exe unicorn-45433.exe unicorn-57685.exe unicorn-57685.exe unicorn-57685.exe unicorn-53601.exe unicorn-53601.exe unicorn-61504.exe unicorn-55639.exe unicorn-49325.exe unicorn-24396.exe unicorn-8847.exe unicorn-22582.exe unicorn-32797.exe unicorn-14275.exe unicorn-33378.exe unicorn-36179.exe unicorn-22443.exe unicorn-34695.exe unicorn-10191.exe unicorn-10191.exe unicorn-2900.exe unicorn-30669.exe unicorn-22443.exe unicorn-35987.exe unicorn-41347.exe unicorn-10020.exe unicorn-34525.exe unicorn-16051.exe unicorn-47332.exe unicorn-44539.exe unicorn-1468.exe unicorn-30803.exe unicorn-59916.exe unicorn-35485.exe unicorn-35485.exe unicorn-6704.exe unicorn-23041.exe unicorn-23041.exe unicorn-61835.exe unicorn-48100.exe unicorn-31571.exe unicorn-22110.exe unicorn-38032.exe unicorn-23965.exe unicorn-10950.exe unicorn-60721.exe unicorn-44193.exe unicorn-36579.exe unicorn-15967.exe unicorn-35833.exe unicorn-30078.exe unicorn-30854.exe unicorn-2074.exe unicorn-8204.exe unicorn-4120.exe unicorn-29179.exe unicorn-53129.exe unicorn-57021.exe unicorn-33861.exe unicorn-33861.exe unicorn-37945.exe unicorn-50752.exe unicorn-19370.exe unicorn-9719.exe unicorn-49548.exe unicorn-54452.exe unicorn-8780.exe unicorn-4696.exe unicorn-62620.exe unicorn-25117.exe unicorn-7819.exe unicorn-1002.exe unicorn-11970.exe unicorn-1307.exe unicorn-34245.exe unicorn-50389.exe unicorn-54473.exe unicorn-3279.exe unicorn-27037.exe unicorn-22688.exe unicorn-11255.exe unicorn-19231.exe unicorn-56201.exe unicorn-53824.exe unicorn-44525.exe unicorn-47715.exe unicorn-4452.exe unicorn-11372.exe unicorn-47190.exe unicorn-14325.exe unicorn-34746.exe unicorn-27922.exe unicorn-28476.exe unicorn-7309.exe unicorn-20116.exe no specs unicorn-60402.exe no specs unicorn-48705.exe no specs unicorn-36452.exe no specs unicorn-56318.exe unicorn-24008.exe no specs unicorn-43874.exe no specs unicorn-32176.exe no specs unicorn-40344.exe no specs unicorn-36260.exe no specs unicorn-19178.exe no specs unicorn-33520.exe no specs unicorn-33520.exe no specs unicorn-53386.exe no specs unicorn-52624.exe no specs unicorn-61289.exe no specs unicorn-41688.exe no specs unicorn-33520.exe no specs unicorn-33520.exe no specs unicorn-61554.exe no specs unicorn-61554.exe no specs unicorn-16992.exe no specs unicorn-61362.exe no specs unicorn-47767.exe no specs unicorn-10115.exe no specs unicorn-24149.exe no specs unicorn-40942.exe no specs unicorn-20884.exe no specs unicorn-57086.exe no specs unicorn-22175.exe no specs unicorn-30343.exe no specs unicorn-19176.exe no specs unicorn-44377.exe no specs unicorn-42596.exe no specs unicorn-58932.exe no specs unicorn-56132.exe no specs unicorn-58932.exe no specs unicorn-36017.exe no specs unicorn-54154.exe no specs unicorn-9037.exe no specs unicorn-12889.exe no specs unicorn-58046.exe no specs unicorn-677.exe no specs unicorn-21098.exe no specs unicorn-45410.exe no specs unicorn-45410.exe no specs unicorn-53578.exe no specs unicorn-293.exe no specs unicorn-37050.exe no specs unicorn-37050.exe no specs unicorn-54922.exe no specs unicorn-50838.exe no specs unicorn-50838.exe no specs unicorn-33987.exe no specs unicorn-53853.exe no specs unicorn-9805.exe no specs unicorn-2192.exe no specs unicorn-22058.exe no specs unicorn-18528.exe no specs unicorn-48600.exe no specs unicorn-42021.exe no specs unicorn-34672.exe no specs unicorn-35087.exe no specs unicorn-49500.exe no specs unicorn-22036.exe no specs unicorn-55690.exe no specs unicorn-55690.exe no specs unicorn-52161.exe no specs unicorn-2960.exe no specs unicorn-15212.exe no specs unicorn-23380.exe no specs unicorn-10116.exe no specs unicorn-12419.exe no specs unicorn-55306.exe no specs unicorn-51222.exe no specs unicorn-4059.exe no specs unicorn-46681.exe no specs unicorn-48984.exe no specs unicorn-5648.exe no specs unicorn-5648.exe no specs unicorn-9997.exe no specs unicorn-13120.exe no specs unicorn-14636.exe no specs unicorn-48845.exe no specs unicorn-15425.exe no specs unicorn-15425.exe no specs unicorn-50136.exe no specs unicorn-36400.exe no specs unicorn-23402.exe no specs unicorn-29523.exe no specs unicorn-15788.exe no specs unicorn-47906.exe no specs unicorn-3344.exe no specs unicorn-23210.exe no specs unicorn-27294.exe no specs unicorn-2597.exe no specs unicorn-2597.exe no specs unicorn-10765.exe no specs unicorn-47522.exe no specs unicorn-47257.exe no specs unicorn-65394.exe no specs unicorn-7760.exe no specs unicorn-53697.exe no specs unicorn-61865.exe no specs unicorn-38652.exe no specs unicorn-53505.exe no specs unicorn-32892.exe no specs unicorn-16364.exe no specs unicorn-16364.exe no specs unicorn-28616.exe no specs unicorn-48482.exe no specs unicorn-62772.exe no specs unicorn-23521.exe no specs unicorn-29907.exe no specs unicorn-57958.exe no specs unicorn-24331.exe no specs unicorn-49598.exe no specs unicorn-51636.exe no specs unicorn-63888.exe no specs unicorn-50153.exe no specs unicorn-4481.exe no specs unicorn-50153.exe no specs unicorn-58321.exe no specs unicorn-12417.exe no specs unicorn-36962.exe no specs unicorn-44168.exe no specs unicorn-16084.exe no specs unicorn-24518.exe no specs unicorn-57964.exe no specs unicorn-1357.exe no specs unicorn-63365.exe no specs unicorn-37922.exe no specs unicorn-42560.exe no specs unicorn-42560.exe no specs unicorn-5057.exe no specs unicorn-973.exe no specs unicorn-7095.exe no specs unicorn-4103.exe no specs unicorn-58705.exe no specs unicorn-31407.exe no specs unicorn-20499.exe no specs unicorn-13801.exe no specs unicorn-43734.exe no specs unicorn-44289.exe no specs unicorn-6785.exe no specs unicorn-2701.exe no specs unicorn-63962.exe no specs unicorn-18846.exe no specs unicorn-8439.exe no specs unicorn-40418.exe no specs unicorn-24444.exe no specs unicorn-49546.exe no specs unicorn-57449.exe no specs unicorn-37102.exe no specs unicorn-8321.exe no specs unicorn-62161.exe no specs unicorn-55092.exe no specs unicorn-12021.exe no specs unicorn-1113.exe no specs unicorn-9281.exe no specs unicorn-62929.exe no specs unicorn-4491.exe no specs unicorn-34148.exe no specs unicorn-29872.exe no specs unicorn-10743.exe no specs unicorn-12789.exe no specs unicorn-9260.exe no specs unicorn-37294.exe no specs unicorn-57204.exe no specs unicorn-5965.exe no specs unicorn-59805.exe no specs unicorn-28423.exe no specs unicorn-28423.exe no specs unicorn-14688.exe no specs unicorn-65180.exe no specs unicorn-7811.exe no specs unicorn-7811.exe no specs unicorn-59613.exe no specs unicorn-7811.exe no specs unicorn-30832.exe no specs unicorn-44476.exe no specs unicorn-21918.exe no specs unicorn-10220.exe no specs unicorn-10220.exe no specs unicorn-23955.exe no specs unicorn-16872.exe no specs unicorn-36208.exe no specs unicorn-42338.exe no specs unicorn-23955.exe no specs unicorn-44376.exe no specs unicorn-44376.exe no specs unicorn-30640.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
660C:\Users\admin\AppData\Local\Temp\Unicorn-37279.exeC:\Users\admin\AppData\Local\Temp\Unicorn-37279.exe
Unicorn-22641.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-37279.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
672C:\Users\admin\AppData\Local\Temp\Unicorn-43911.exeC:\Users\admin\AppData\Local\Temp\Unicorn-43911.exe
Unicorn-58172.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-43911.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
920C:\Users\admin\AppData\Local\Temp\Unicorn-22641.exeC:\Users\admin\AppData\Local\Temp\Unicorn-22641.exe
1 (1109).exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-22641.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1132C:\Users\admin\AppData\Local\Temp\Unicorn-30803.exeC:\Users\admin\AppData\Local\Temp\Unicorn-30803.exe
Unicorn-19075.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-30803.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1164C:\Users\admin\AppData\Local\Temp\Unicorn-41873.exeC:\Users\admin\AppData\Local\Temp\Unicorn-41873.exe
Unicorn-9864.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-41873.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1180C:\Users\admin\AppData\Local\Temp\Unicorn-51015.exeC:\Users\admin\AppData\Local\Temp\Unicorn-51015.exe
1 (1109).exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-51015.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1228C:\Users\admin\AppData\Local\Temp\Unicorn-53061.exeC:\Users\admin\AppData\Local\Temp\Unicorn-53061.exe
Unicorn-248.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-53061.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1328C:\Users\admin\AppData\Local\Temp\Unicorn-26947.exeC:\Users\admin\AppData\Local\Temp\Unicorn-26947.exe
Unicorn-248.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-26947.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1532C:\Users\admin\AppData\Local\Temp\Unicorn-42596.exeC:\Users\admin\AppData\Local\Temp\Unicorn-42596.exeUnicorn-41873.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-42596.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1912C:\Users\admin\AppData\Local\Temp\Unicorn-37383.exeC:\Users\admin\AppData\Local\Temp\Unicorn-37383.exe
Unicorn-53061.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-37383.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
9 332
Read events
9 317
Write events
15
Delete events
0

Modification events

(PID) Process:(7144) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7144) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7144) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6108) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6108) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6108) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5244) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5244) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5244) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(3768) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
Executable files
1 042
Suspicious files
5
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
5244BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\10732c3f-ec7e-4428-885a-2a2229fec81e.down_data
MD5:
SHA256:
26561 (1109).exeC:\Users\admin\AppData\Local\Temp\Unicorn-58172.exeexecutable
MD5:00A4957BC7932CCDD7A8FD6EFDE4D886
SHA256:8E78771D5AF945E178C187C0AE6B9EDC6981E8AFBF291ECC65D7CAF1BF34472A
5244BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\Microsoft\CryptnetUrlCache\Content\26C212D9399727259664BDFCA073966E_F9F7D6A7ECE73106D2A8C63168CDA10Dbinary
MD5:4872BABAF39AA62B8D32695EBB7E9173
SHA256:2EE85DF86EE29BBEB3DCA81AA29B6DE204F605A2769B84C728A329178A2D0999
26561 (1109).exeC:\Users\admin\AppData\Local\Temp\Unicorn-22641.exeexecutable
MD5:88601A0E862FD91714D3169C49EC7A99
SHA256:84DE4A93EA3763D97775D078ED9C4B5DF63FBE6652D1F253063B85FB24E2C888
920Unicorn-22641.exeC:\Users\admin\AppData\Local\Temp\Unicorn-248.exeexecutable
MD5:8927F78ED92A7D1E089B08E0E8639101
SHA256:31D22361CCA7F69D34BA5F98F11363CA1099718E502C83C00EF0870B05960B65
3900Unicorn-58172.exeC:\Users\admin\AppData\Local\Temp\Unicorn-59620.exeexecutable
MD5:DC51E93A50B9F0CFBD696BD8E45065C7
SHA256:2A882EACC826A48D4AD5EEE4A586CBEB2466D1A4C451F4955E30738CC00B4C51
6184Unicorn-48977.exeC:\Users\admin\AppData\Local\Temp\Unicorn-63149.exeexecutable
MD5:13FF6500B4F50F795864E83594B66732
SHA256:658D705C26FC3BFDCC60652608BD80D1974618E3804EF43B2F2306A3AE029119
1180Unicorn-51015.exeC:\Users\admin\AppData\Local\Temp\Unicorn-9864.exeexecutable
MD5:DE76206F9B23A51D432697BC54DAB354
SHA256:79651068567E2D1CA1C3B4A14457B51E0EE1365FF77BECA79C73E9EA2088FBF9
6740Unicorn-18225.exeC:\Users\admin\AppData\Local\Temp\Unicorn-40913.exeexecutable
MD5:39CBBBEF45F171ED764B5D5F7BA507EF
SHA256:D1E45973A91D797BBE669842CE74C89D824143D015CAB90A9AC84FA2AE3A8057
26561 (1109).exeC:\Users\admin\AppData\Local\Temp\Unicorn-35173.exeexecutable
MD5:79C4DCE895C4863CE453DE1EB71CC60F
SHA256:94DDC3583F5326EC6E63A36210BD46E94505CD404CFA54C349FE3702BFE62CDD
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.48.23.156:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
3888
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
5244
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
8344
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
8344
SIHClient.exe
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
23.48.23.156:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
51.104.136.2:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
3216
svchost.exe
40.113.110.67:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.159.64:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
2104
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
backgroundTaskHost.exe
20.103.156.88:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3888
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 23.48.23.156
  • 23.48.23.143
whitelisted
google.com
  • 142.250.186.78
whitelisted
client.wns.windows.com
  • 40.113.110.67
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.64
  • 40.126.31.2
  • 40.126.31.131
  • 20.190.159.4
  • 20.190.159.2
  • 20.190.159.73
  • 20.190.159.71
  • 20.190.159.129
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
settings-win.data.microsoft.com
  • 40.127.240.158
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
www.bing.com
  • 104.126.37.123
  • 104.126.37.139
  • 104.126.37.144
  • 104.126.37.131
  • 104.126.37.185
  • 104.126.37.137
  • 104.126.37.128
  • 104.126.37.186
  • 104.126.37.130
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (1109)