| File name: | 1 (345) |
| Full analysis: | https://app.any.run/tasks/054f47e8-8632-491d-bea7-f9bd3e26be25 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 20:41:18 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 7B5F1D2848EFA06A6B7C4D5A6667BB20 |
| SHA1: | 530624A698EC9A82C312EF1AF9D4DF8955BFAB15 |
| SHA256: | DD268705BE3D1724EB418940D6A4F181D3206F17C5AF10DB4D03E1E0079ECA13 |
| SSDEEP: | 6144:V7agl6NvNDatO54/rNo9MjeAD3qRp8GBa/+weOpuk/vSwjwpyAvEhXbRkGNSLlxM:VuYMMtO5sruS3M+aaGweOpmx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (345).exe (PID: 7000)
- Unicorn-63313.exe (PID: 7396)
- Unicorn-52213.exe (PID: 7828)
- Unicorn-43059.exe (PID: 7868)
- Unicorn-62088.exe (PID: 7888)
- Unicorn-38377.exe (PID: 7848)
- Unicorn-20400.exe (PID: 7920)
- Unicorn-20501.exe (PID: 7904)
- Unicorn-16045.exe (PID: 8000)
- Unicorn-50109.exe (PID: 8016)
- Unicorn-25605.exe (PID: 7980)
- Unicorn-48063.exe (PID: 8032)
- Unicorn-60150.exe (PID: 8096)
- Unicorn-58277.exe (PID: 8056)
- Unicorn-3601.exe (PID: 8048)
- Unicorn-54193.exe (PID: 8040)
- Unicorn-20535.exe (PID: 8144)
- Unicorn-4753.exe (PID: 8164)
- Unicorn-43093.exe (PID: 8184)
- Unicorn-43761.exe (PID: 5680)
- Unicorn-60005.exe (PID: 5728)
- Unicorn-31417.exe (PID: 5376)
- Unicorn-31417.exe (PID: 1180)
- Unicorn-46362.exe (PID: 660)
- Unicorn-19719.exe (PID: 5056)
- Unicorn-690.exe (PID: 1660)
- Unicorn-2728.exe (PID: 5640)
- Unicorn-65465.exe (PID: 3240)
- Unicorn-690.exe (PID: 2108)
- Unicorn-4509.exe (PID: 5608)
- Unicorn-4774.exe (PID: 5556)
- Unicorn-33638.exe (PID: 7232)
- Unicorn-28485.exe (PID: 7452)
- Unicorn-21940.exe (PID: 732)
- Unicorn-4857.exe (PID: 7336)
- Unicorn-32660.exe (PID: 6584)
- Unicorn-60892.exe (PID: 7524)
- Unicorn-50851.exe (PID: 2516)
- Unicorn-21748.exe (PID: 6656)
- Unicorn-37207.exe (PID: 7332)
- Unicorn-57073.exe (PID: 7208)
- Unicorn-50166.exe (PID: 7760)
- Unicorn-14540.exe (PID: 7660)
- Unicorn-46658.exe (PID: 632)
- Unicorn-46658.exe (PID: 1388)
- Unicorn-2702.exe (PID: 5984)
- Unicorn-54504.exe (PID: 4068)
- Unicorn-2610.exe (PID: 856)
- Unicorn-6694.exe (PID: 5800)
- Unicorn-54530.exe (PID: 1052)
- Unicorn-2610.exe (PID: 5228)
- Unicorn-61925.exe (PID: 6080)
- Unicorn-57841.exe (PID: 4188)
- Unicorn-62994.exe (PID: 6228)
- Unicorn-59879.exe (PID: 7288)
- Unicorn-564.exe (PID: 5552)
- Unicorn-46144.exe (PID: 1132)
- Unicorn-38605.exe (PID: 7284)
- Unicorn-62994.exe (PID: 7020)
- Unicorn-61925.exe (PID: 2040)
- Unicorn-46144.exe (PID: 7424)
- Unicorn-61432.exe (PID: 976)
- Unicorn-42443.exe (PID: 5380)
- Unicorn-207.exe (PID: 7428)
- Unicorn-57327.exe (PID: 668)
- Unicorn-41204.exe (PID: 7640)
- Unicorn-42173.exe (PID: 7960)
- Unicorn-55594.exe (PID: 7948)
- Unicorn-31967.exe (PID: 7212)
- Unicorn-23607.exe (PID: 7384)
- Unicorn-43954.exe (PID: 7552)
- Unicorn-61110.exe (PID: 5324)
- Unicorn-35728.exe (PID: 7816)
- Unicorn-33097.exe (PID: 8252)
- Unicorn-36051.exe (PID: 7216)
- Unicorn-42081.exe (PID: 8208)
- Unicorn-14461.exe (PID: 7600)
- Unicorn-37997.exe (PID: 7584)
- Unicorn-23607.exe (PID: 2100)
- Unicorn-15438.exe (PID: 4336)
- Unicorn-22215.exe (PID: 8200)
- Unicorn-46833.exe (PID: 8240)
- Unicorn-33150.exe (PID: 7480)
- Unicorn-42657.exe (PID: 8280)
- Unicorn-61494.exe (PID: 8312)
- Unicorn-5992.exe (PID: 8440)
- Unicorn-57815.exe (PID: 8452)
- Unicorn-62454.exe (PID: 8488)
- Unicorn-41479.exe (PID: 8480)
- Unicorn-20675.exe (PID: 8604)
- Unicorn-25335.exe (PID: 8748)
- Unicorn-54286.exe (PID: 8532)
- Unicorn-16975.exe (PID: 8864)
- Unicorn-41598.exe (PID: 8692)
- Unicorn-15568.exe (PID: 8940)
- Unicorn-53072.exe (PID: 8912)
- Unicorn-32459.exe (PID: 9012)
- Unicorn-13430.exe (PID: 8976)
- Unicorn-64769.exe (PID: 8960)
- Unicorn-13430.exe (PID: 8984)
- Unicorn-5817.exe (PID: 9064)
- Unicorn-42019.exe (PID: 9048)
- Unicorn-5070.exe (PID: 9112)
- Unicorn-48796.exe (PID: 9096)
- Unicorn-64577.exe (PID: 9084)
- Unicorn-50742.exe (PID: 9104)
- Unicorn-9154.exe (PID: 9128)
- Unicorn-34427.exe (PID: 8736)
- Unicorn-13238.exe (PID: 9136)
- Unicorn-9154.exe (PID: 9120)
- Unicorn-14561.exe (PID: 8644)
- Unicorn-25297.exe (PID: 8304)
- Unicorn-13906.exe (PID: 6156)
- Unicorn-171.exe (PID: 8332)
- Unicorn-50498.exe (PID: 8296)
- Unicorn-14369.exe (PID: 7316)
- Unicorn-21909.exe (PID: 8476)
- Unicorn-24121.exe (PID: 8956)
- Unicorn-34134.exe (PID: 9220)
- Unicorn-28013.exe (PID: 9260)
- Unicorn-17707.exe (PID: 9240)
- Unicorn-62637.exe (PID: 9308)
- Unicorn-49101.exe (PID: 9344)
- Unicorn-20320.exe (PID: 9408)
- Unicorn-49009.exe (PID: 9328)
- Unicorn-24867.exe (PID: 9460)
- Unicorn-40156.exe (PID: 9600)
- Unicorn-12755.exe (PID: 9704)
- Unicorn-4852.exe (PID: 9744)
- Unicorn-40156.exe (PID: 9592)
- Unicorn-58692.exe (PID: 9712)
- Unicorn-4852.exe (PID: 9756)
- Unicorn-19010.exe (PID: 9728)
- Unicorn-44987.exe (PID: 8420)
- Unicorn-9491.exe (PID: 9840)
- Unicorn-51915.exe (PID: 9720)
- Unicorn-49777.exe (PID: 9808)
- Unicorn-768.exe (PID: 9800)
- Unicorn-27773.exe (PID: 9920)
- Unicorn-62029.exe (PID: 9952)
- Unicorn-39471.exe (PID: 9884)
- Unicorn-23689.exe (PID: 9900)
- Unicorn-25081.exe (PID: 10076)
- Unicorn-33441.exe (PID: 9856)
- Unicorn-576.exe (PID: 9968)
- Unicorn-49320.exe (PID: 10024)
- Unicorn-41509.exe (PID: 9936)
- Unicorn-14774.exe (PID: 10016)
- Unicorn-43455.exe (PID: 10032)
- Unicorn-57183.exe (PID: 9960)
- Unicorn-49585.exe (PID: 10068)
- Unicorn-28349.exe (PID: 10184)
- Unicorn-60559.exe (PID: 10228)
- Unicorn-37525.exe (PID: 9868)
- Unicorn-5215.exe (PID: 10088)
- Unicorn-576.exe (PID: 9988)
Executable content was dropped or overwritten
- Unicorn-63313.exe (PID: 7396)
- 1 (345).exe (PID: 7000)
- Unicorn-38377.exe (PID: 7848)
- Unicorn-52213.exe (PID: 7828)
- Unicorn-43059.exe (PID: 7868)
- Unicorn-62088.exe (PID: 7888)
- Unicorn-20501.exe (PID: 7904)
- Unicorn-20400.exe (PID: 7920)
- Unicorn-16045.exe (PID: 8000)
- Unicorn-50109.exe (PID: 8016)
- Unicorn-25605.exe (PID: 7980)
- Unicorn-3601.exe (PID: 8048)
- Unicorn-60150.exe (PID: 8096)
- Unicorn-48063.exe (PID: 8032)
- Unicorn-20535.exe (PID: 8144)
- Unicorn-4753.exe (PID: 8164)
- Unicorn-43093.exe (PID: 8184)
- Unicorn-43761.exe (PID: 5680)
- Unicorn-31417.exe (PID: 5376)
- Unicorn-60005.exe (PID: 5728)
- Unicorn-54193.exe (PID: 8040)
- Unicorn-19719.exe (PID: 5056)
- Unicorn-690.exe (PID: 1660)
- Unicorn-2728.exe (PID: 5640)
- Unicorn-46362.exe (PID: 660)
- Unicorn-54530.exe (PID: 1052)
- Unicorn-690.exe (PID: 2108)
- Unicorn-33638.exe (PID: 7232)
- Unicorn-58277.exe (PID: 8056)
- Unicorn-21940.exe (PID: 732)
- Unicorn-4857.exe (PID: 7336)
- Unicorn-32660.exe (PID: 6584)
- Unicorn-28485.exe (PID: 7452)
- Unicorn-57073.exe (PID: 7208)
- Unicorn-50851.exe (PID: 2516)
- Unicorn-21748.exe (PID: 6656)
- Unicorn-37207.exe (PID: 7332)
- Unicorn-50166.exe (PID: 7760)
- Unicorn-14540.exe (PID: 7660)
- Unicorn-46658.exe (PID: 632)
- Unicorn-31417.exe (PID: 1180)
- Unicorn-2702.exe (PID: 5984)
- Unicorn-54504.exe (PID: 4068)
- Unicorn-46658.exe (PID: 1388)
- Unicorn-4774.exe (PID: 5556)
- Unicorn-6694.exe (PID: 5800)
- Unicorn-2610.exe (PID: 856)
- Unicorn-2610.exe (PID: 5228)
- Unicorn-4509.exe (PID: 5608)
- Unicorn-61925.exe (PID: 6080)
- Unicorn-57841.exe (PID: 4188)
- Unicorn-564.exe (PID: 5552)
- Unicorn-59879.exe (PID: 7288)
- Unicorn-46144.exe (PID: 1132)
- Unicorn-62994.exe (PID: 7020)
- Unicorn-65465.exe (PID: 3240)
- Unicorn-61925.exe (PID: 2040)
- Unicorn-46144.exe (PID: 7424)
- Unicorn-207.exe (PID: 7428)
- Unicorn-61432.exe (PID: 976)
- Unicorn-42443.exe (PID: 5380)
- Unicorn-57327.exe (PID: 668)
- Unicorn-41204.exe (PID: 7640)
- Unicorn-55594.exe (PID: 7948)
- Unicorn-35728.exe (PID: 7816)
- Unicorn-23607.exe (PID: 7384)
- Unicorn-43954.exe (PID: 7552)
- Unicorn-61110.exe (PID: 5324)
- Unicorn-60892.exe (PID: 7524)
- Unicorn-36051.exe (PID: 7216)
- Unicorn-42081.exe (PID: 8208)
- Unicorn-15438.exe (PID: 4336)
- Unicorn-33097.exe (PID: 8252)
- Unicorn-14461.exe (PID: 7600)
- Unicorn-37997.exe (PID: 7584)
- Unicorn-22215.exe (PID: 8200)
- Unicorn-33150.exe (PID: 7480)
- Unicorn-46833.exe (PID: 8240)
- Unicorn-5992.exe (PID: 8440)
- Unicorn-61494.exe (PID: 8312)
- Unicorn-44987.exe (PID: 8420)
- Unicorn-42657.exe (PID: 8280)
- Unicorn-57815.exe (PID: 8452)
- Unicorn-62454.exe (PID: 8488)
- Unicorn-41479.exe (PID: 8480)
- Unicorn-54286.exe (PID: 8532)
- Unicorn-20675.exe (PID: 8604)
- Unicorn-25335.exe (PID: 8748)
- Unicorn-16975.exe (PID: 8864)
- Unicorn-12982.exe (PID: 8788)
- Unicorn-41598.exe (PID: 8692)
- Unicorn-15568.exe (PID: 8940)
- Unicorn-53072.exe (PID: 8912)
- Unicorn-32459.exe (PID: 9012)
- Unicorn-13430.exe (PID: 8976)
- Unicorn-64769.exe (PID: 8960)
- Unicorn-13430.exe (PID: 8984)
- Unicorn-42019.exe (PID: 9048)
- Unicorn-62994.exe (PID: 6228)
- Unicorn-48796.exe (PID: 9096)
- Unicorn-5070.exe (PID: 9112)
- Unicorn-5817.exe (PID: 9064)
- Unicorn-64577.exe (PID: 9084)
- Unicorn-50742.exe (PID: 9104)
- Unicorn-9154.exe (PID: 9128)
- Unicorn-34427.exe (PID: 8736)
- Unicorn-13238.exe (PID: 9136)
- Unicorn-9154.exe (PID: 9120)
- Unicorn-13906.exe (PID: 6156)
- Unicorn-171.exe (PID: 8332)
- Unicorn-14561.exe (PID: 8644)
- Unicorn-50498.exe (PID: 8296)
- Unicorn-38605.exe (PID: 7284)
- Unicorn-21909.exe (PID: 8476)
- Unicorn-17707.exe (PID: 9240)
- Unicorn-14369.exe (PID: 7316)
- Unicorn-24121.exe (PID: 8956)
- Unicorn-34134.exe (PID: 9220)
- Unicorn-28013.exe (PID: 9260)
- Unicorn-49009.exe (PID: 9328)
- Unicorn-20320.exe (PID: 9408)
- Unicorn-24867.exe (PID: 9460)
- Unicorn-62637.exe (PID: 9308)
- Unicorn-49101.exe (PID: 9344)
- Unicorn-42173.exe (PID: 7960)
- Unicorn-31967.exe (PID: 7212)
- Unicorn-23607.exe (PID: 2100)
- Unicorn-40156.exe (PID: 9592)
- Unicorn-12755.exe (PID: 9704)
- Unicorn-4852.exe (PID: 9744)
- Unicorn-19010.exe (PID: 9728)
- Unicorn-40156.exe (PID: 9600)
- Unicorn-58692.exe (PID: 9712)
- Unicorn-4852.exe (PID: 9756)
- Unicorn-768.exe (PID: 9800)
- Unicorn-9491.exe (PID: 9840)
- Unicorn-33441.exe (PID: 9856)
- Unicorn-49777.exe (PID: 9808)
- Unicorn-576.exe (PID: 9968)
- Unicorn-62029.exe (PID: 9952)
- Unicorn-39471.exe (PID: 9884)
- Unicorn-23689.exe (PID: 9900)
- Unicorn-25081.exe (PID: 10076)
- Unicorn-27773.exe (PID: 9920)
- Unicorn-43455.exe (PID: 10032)
- Unicorn-14774.exe (PID: 10016)
- Unicorn-5215.exe (PID: 10088)
- Unicorn-49320.exe (PID: 10024)
- Unicorn-28349.exe (PID: 10184)
- Unicorn-37525.exe (PID: 9868)
- Unicorn-60559.exe (PID: 10228)
- Unicorn-576.exe (PID: 9988)
- Unicorn-54992.exe (PID: 10148)
- Unicorn-48215.exe (PID: 10176)
- Unicorn-20611.exe (PID: 8592)
- Unicorn-37909.exe (PID: 9296)
- Unicorn-30103.exe (PID: 9524)
- Unicorn-29476.exe (PID: 8900)
- Unicorn-9704.exe (PID: 8380)
- Unicorn-47639.exe (PID: 9928)
- Unicorn-1436.exe (PID: 9640)
- Unicorn-5428.exe (PID: 8904)
- Unicorn-60659.exe (PID: 9680)
- Unicorn-26979.exe (PID: 9368)
- Unicorn-65319.exe (PID: 9668)
- Unicorn-12013.exe (PID: 10220)
- Unicorn-4560.exe (PID: 10004)
- Unicorn-28349.exe (PID: 10168)
- Unicorn-21525.exe (PID: 10500)
- Unicorn-7758.exe (PID: 10256)
- Unicorn-14456.exe (PID: 10316)
- Unicorn-55489.exe (PID: 10328)
- Unicorn-45838.exe (PID: 10336)
- Unicorn-6751.exe (PID: 10408)
- Unicorn-23109.exe (PID: 10428)
- Unicorn-2667.exe (PID: 10384)
- Unicorn-6772.exe (PID: 10452)
- Unicorn-12802.exe (PID: 10464)
- Unicorn-32958.exe (PID: 10524)
- Unicorn-51505.exe (PID: 10560)
- Unicorn-59103.exe (PID: 10532)
- Unicorn-54219.exe (PID: 10588)
- Unicorn-51915.exe (PID: 9720)
- Unicorn-26787.exe (PID: 10272)
- Unicorn-24287.exe (PID: 6876)
- Unicorn-24022.exe (PID: 7764)
- Unicorn-41509.exe (PID: 9936)
- Unicorn-49585.exe (PID: 10068)
- Unicorn-40021.exe (PID: 10880)
- Unicorn-57183.exe (PID: 9960)
- Unicorn-54603.exe (PID: 10740)
- Unicorn-6279.exe (PID: 10792)
- Unicorn-42713.exe (PID: 10856)
- Unicorn-61235.exe (PID: 9684)
- Unicorn-34929.exe (PID: 10952)
- Unicorn-25297.exe (PID: 8304)
- Unicorn-11816.exe (PID: 10936)
- Unicorn-3840.exe (PID: 10900)
- Unicorn-53404.exe (PID: 11012)
- Unicorn-50611.exe (PID: 11068)
- Unicorn-40405.exe (PID: 11088)
- Unicorn-52657.exe (PID: 11048)
- Unicorn-14338.exe (PID: 11136)
- Unicorn-35645.exe (PID: 10660)
- Unicorn-18017.exe (PID: 10604)
- Unicorn-6170.exe (PID: 11204)
- Unicorn-61401.exe (PID: 11252)
- Unicorn-61301.exe (PID: 8808)
- Unicorn-46845.exe (PID: 9364)
- Unicorn-40981.exe (PID: 11224)
- Unicorn-38843.exe (PID: 10308)
- Unicorn-38350.exe (PID: 11108)
- Unicorn-41535.exe (PID: 11244)
- Unicorn-4032.exe (PID: 11260)
- Unicorn-20923.exe (PID: 9092)
- Unicorn-42111.exe (PID: 11116)
- Unicorn-29204.exe (PID: 924)
- Unicorn-20753.exe (PID: 11392)
- Unicorn-9247.exe (PID: 11312)
- Unicorn-44058.exe (PID: 11320)
- Unicorn-47587.exe (PID: 4996)
- Unicorn-15085.exe (PID: 11120)
- Unicorn-49149.exe (PID: 11144)
- Unicorn-63539.exe (PID: 11180)
- Unicorn-35889.exe (PID: 872)
- Unicorn-40789.exe (PID: 6592)
- Unicorn-61785.exe (PID: 11420)
- Unicorn-3025.exe (PID: 11304)
- Unicorn-24928.exe (PID: 11428)
- Unicorn-61023.exe (PID: 11488)
- Unicorn-47971.exe (PID: 11616)
- Unicorn-35719.exe (PID: 11652)
- Unicorn-16669.exe (PID: 11376)
- Unicorn-17223.exe (PID: 11596)
- Unicorn-13715.exe (PID: 11752)
- Unicorn-53736.exe (PID: 11692)
- Unicorn-23829.exe (PID: 11800)
- Unicorn-8976.exe (PID: 11672)
- Unicorn-64307.exe (PID: 11732)
- Unicorn-63823.exe (PID: 11472)
- Unicorn-38350.exe (PID: 6268)
- Unicorn-4151.exe (PID: 11496)
- Unicorn-61023.exe (PID: 11480)
- Unicorn-59070.exe (PID: 11836)
- Unicorn-61100.exe (PID: 11792)
- Unicorn-33124.exe (PID: 11876)
Executes application which crashes
- Unicorn-40543.exe (PID: 1300)
- Unicorn-28589.exe (PID: 9364)
INFO
The sample compiled with chinese language support
- 1 (345).exe (PID: 7000)
Checks supported languages
- 1 (345).exe (PID: 7000)
- Unicorn-52213.exe (PID: 7828)
- Unicorn-63313.exe (PID: 7396)
- Unicorn-38377.exe (PID: 7848)
- Unicorn-43059.exe (PID: 7868)
- Unicorn-62088.exe (PID: 7888)
- Unicorn-20501.exe (PID: 7904)
- Unicorn-20400.exe (PID: 7920)
- Unicorn-25605.exe (PID: 7980)
- Unicorn-16045.exe (PID: 8000)
- Unicorn-54193.exe (PID: 8040)
- Unicorn-48063.exe (PID: 8032)
- Unicorn-58277.exe (PID: 8056)
- Unicorn-50109.exe (PID: 8016)
- Unicorn-3601.exe (PID: 8048)
- Unicorn-60150.exe (PID: 8096)
- Unicorn-4753.exe (PID: 8164)
- Unicorn-43093.exe (PID: 8184)
- Unicorn-43761.exe (PID: 5680)
- Unicorn-60005.exe (PID: 5728)
- Unicorn-20535.exe (PID: 8144)
- Unicorn-31417.exe (PID: 5376)
- Unicorn-31417.exe (PID: 1180)
- Unicorn-4509.exe (PID: 5608)
- Unicorn-4774.exe (PID: 5556)
- Unicorn-690.exe (PID: 1660)
- Unicorn-19719.exe (PID: 5056)
- Unicorn-54530.exe (PID: 1052)
- Unicorn-690.exe (PID: 2108)
- Unicorn-2728.exe (PID: 5640)
- Unicorn-46362.exe (PID: 660)
- Unicorn-65465.exe (PID: 3240)
- Unicorn-28485.exe (PID: 7452)
- Unicorn-21940.exe (PID: 732)
- Unicorn-32660.exe (PID: 6584)
- Unicorn-4857.exe (PID: 7336)
- Unicorn-37207.exe (PID: 7332)
- Unicorn-60892.exe (PID: 7524)
- Unicorn-50851.exe (PID: 2516)
- Unicorn-46658.exe (PID: 1388)
- Unicorn-54504.exe (PID: 4068)
- Unicorn-57841.exe (PID: 4188)
- Unicorn-50166.exe (PID: 7760)
- Unicorn-61925.exe (PID: 6080)
- Unicorn-2610.exe (PID: 5228)
- Unicorn-61925.exe (PID: 2040)
- Unicorn-6694.exe (PID: 5800)
- Unicorn-2610.exe (PID: 856)
- Unicorn-46144.exe (PID: 7424)
- Unicorn-57327.exe (PID: 668)
- Unicorn-61432.exe (PID: 976)
- Unicorn-207.exe (PID: 7428)
- Unicorn-59879.exe (PID: 7288)
- Unicorn-38605.exe (PID: 7284)
- Unicorn-62994.exe (PID: 7020)
- Unicorn-46144.exe (PID: 1132)
- Unicorn-41204.exe (PID: 7640)
- Unicorn-35728.exe (PID: 7816)
- Unicorn-31967.exe (PID: 7212)
- Unicorn-36051.exe (PID: 7216)
- Unicorn-43954.exe (PID: 7552)
- Unicorn-23607.exe (PID: 7384)
- Unicorn-15438.exe (PID: 4336)
- Unicorn-14461.exe (PID: 7600)
- Unicorn-42081.exe (PID: 8208)
- Unicorn-22215.exe (PID: 8200)
- Unicorn-61110.exe (PID: 5324)
- Unicorn-61494.exe (PID: 8312)
- Unicorn-44987.exe (PID: 8420)
- Unicorn-5992.exe (PID: 8440)
- Unicorn-57815.exe (PID: 8452)
- Unicorn-46833.exe (PID: 8240)
- Unicorn-33097.exe (PID: 8252)
- Unicorn-41479.exe (PID: 8480)
- Unicorn-54286.exe (PID: 8532)
- Unicorn-41598.exe (PID: 8692)
- Unicorn-25335.exe (PID: 8748)
- Unicorn-12982.exe (PID: 8788)
- Unicorn-16975.exe (PID: 8864)
- Unicorn-53072.exe (PID: 8912)
- Unicorn-15568.exe (PID: 8940)
- Unicorn-32459.exe (PID: 9012)
- Unicorn-42019.exe (PID: 9048)
- Unicorn-64769.exe (PID: 8960)
- Unicorn-13430.exe (PID: 8976)
- Unicorn-13430.exe (PID: 8984)
- Unicorn-5817.exe (PID: 9064)
- Unicorn-64577.exe (PID: 9084)
- Unicorn-50742.exe (PID: 9104)
- Unicorn-9154.exe (PID: 9120)
- Unicorn-13238.exe (PID: 9136)
- Unicorn-9154.exe (PID: 9128)
- Unicorn-50498.exe (PID: 8296)
- Unicorn-21909.exe (PID: 8476)
- Unicorn-13906.exe (PID: 6156)
- Unicorn-171.exe (PID: 8332)
- Unicorn-34427.exe (PID: 8736)
- Unicorn-25297.exe (PID: 8304)
- Unicorn-24121.exe (PID: 8956)
- Unicorn-34134.exe (PID: 9220)
- Unicorn-14369.exe (PID: 7316)
- Unicorn-49101.exe (PID: 9344)
- Unicorn-62637.exe (PID: 9308)
- Unicorn-28589.exe (PID: 9364)
- Unicorn-49009.exe (PID: 9328)
- Unicorn-17707.exe (PID: 9240)
- Unicorn-28013.exe (PID: 9260)
- Unicorn-40156.exe (PID: 9592)
- Unicorn-40156.exe (PID: 9600)
- Unicorn-58692.exe (PID: 9712)
- Unicorn-12755.exe (PID: 9704)
- Unicorn-20320.exe (PID: 9408)
- Unicorn-24867.exe (PID: 9460)
- Unicorn-49777.exe (PID: 9808)
- Unicorn-19010.exe (PID: 9728)
- Unicorn-4852.exe (PID: 9756)
- Unicorn-4852.exe (PID: 9744)
- Unicorn-768.exe (PID: 9800)
- Unicorn-9491.exe (PID: 9840)
- Unicorn-51915.exe (PID: 9720)
- Unicorn-33441.exe (PID: 9856)
- Unicorn-37525.exe (PID: 9868)
- Unicorn-47639.exe (PID: 9928)
- Unicorn-62029.exe (PID: 9952)
- Unicorn-57183.exe (PID: 9960)
- Unicorn-576.exe (PID: 9968)
- Unicorn-576.exe (PID: 9988)
- Unicorn-27773.exe (PID: 9920)
- Unicorn-49585.exe (PID: 10068)
- Unicorn-4560.exe (PID: 10004)
- Unicorn-25081.exe (PID: 10076)
- Unicorn-54992.exe (PID: 10148)
- Unicorn-48215.exe (PID: 10176)
- Unicorn-28349.exe (PID: 10184)
- Unicorn-12013.exe (PID: 10220)
- Unicorn-60559.exe (PID: 10228)
- Unicorn-14774.exe (PID: 10016)
- Unicorn-41509.exe (PID: 9936)
- Unicorn-49320.exe (PID: 10024)
- Unicorn-43455.exe (PID: 10032)
- Unicorn-29476.exe (PID: 8900)
- Unicorn-37909.exe (PID: 9296)
- Unicorn-30103.exe (PID: 9524)
- Unicorn-1436.exe (PID: 9640)
- Unicorn-5428.exe (PID: 8904)
- Unicorn-20611.exe (PID: 8592)
- Unicorn-46845.exe (PID: 9364)
- Unicorn-65319.exe (PID: 9668)
- Unicorn-61235.exe (PID: 9684)
- Unicorn-60659.exe (PID: 9680)
- Unicorn-24287.exe (PID: 6876)
- Unicorn-26787.exe (PID: 10272)
- Unicorn-7758.exe (PID: 10256)
- Unicorn-14456.exe (PID: 10316)
- Unicorn-45838.exe (PID: 10336)
- Unicorn-2667.exe (PID: 10384)
- Unicorn-6751.exe (PID: 10408)
- Unicorn-24022.exe (PID: 7764)
- Unicorn-12802.exe (PID: 10464)
- Unicorn-6772.exe (PID: 10452)
- Unicorn-51505.exe (PID: 10560)
- Unicorn-21525.exe (PID: 10500)
- Unicorn-32958.exe (PID: 10524)
- Unicorn-23109.exe (PID: 10428)
- Unicorn-18017.exe (PID: 10604)
- Unicorn-35645.exe (PID: 10660)
- Unicorn-54219.exe (PID: 10588)
- Unicorn-54603.exe (PID: 10740)
- Unicorn-40021.exe (PID: 10880)
- Unicorn-3840.exe (PID: 10900)
- Unicorn-11816.exe (PID: 10936)
- Unicorn-42713.exe (PID: 10856)
- Unicorn-40405.exe (PID: 11088)
- Unicorn-50611.exe (PID: 11068)
- Unicorn-52657.exe (PID: 11048)
- Unicorn-15085.exe (PID: 11120)
- Unicorn-14338.exe (PID: 11136)
- Unicorn-34929.exe (PID: 10952)
- Unicorn-63539.exe (PID: 11180)
- Unicorn-6170.exe (PID: 11204)
- Unicorn-40.exe (PID: 11196)
- Unicorn-40981.exe (PID: 11224)
- Unicorn-41535.exe (PID: 11244)
- Unicorn-38843.exe (PID: 10308)
- Unicorn-20923.exe (PID: 9092)
- Unicorn-61301.exe (PID: 8808)
- Unicorn-40789.exe (PID: 6592)
- Unicorn-29204.exe (PID: 924)
- Unicorn-9247.exe (PID: 11312)
- Unicorn-3025.exe (PID: 11304)
- Unicorn-44058.exe (PID: 11320)
- Unicorn-16669.exe (PID: 11376)
- Unicorn-38350.exe (PID: 11108)
- Unicorn-38350.exe (PID: 6268)
- Unicorn-47587.exe (PID: 4996)
- Unicorn-35889.exe (PID: 872)
- Unicorn-42111.exe (PID: 11116)
- Unicorn-61023.exe (PID: 11480)
- Unicorn-61785.exe (PID: 11420)
- Unicorn-4151.exe (PID: 11496)
- Unicorn-63823.exe (PID: 11472)
- Unicorn-17223.exe (PID: 11596)
- Unicorn-47971.exe (PID: 11616)
- Unicorn-24928.exe (PID: 11428)
- Unicorn-61023.exe (PID: 11488)
- Unicorn-53736.exe (PID: 11692)
- Unicorn-23829.exe (PID: 11800)
- Unicorn-13715.exe (PID: 11752)
- Unicorn-64307.exe (PID: 11732)
- Unicorn-59070.exe (PID: 11836)
- Unicorn-61100.exe (PID: 11792)
- Unicorn-38027.exe (PID: 11856)
- Unicorn-35719.exe (PID: 11652)
- Unicorn-8976.exe (PID: 11672)
- Unicorn-50457.exe (PID: 11916)
- Unicorn-5240.exe (PID: 11976)
- Unicorn-52403.exe (PID: 11992)
- Unicorn-33124.exe (PID: 11876)
- Unicorn-2662.exe (PID: 11900)
- Unicorn-10493.exe (PID: 11924)
- Unicorn-18531.exe (PID: 12060)
- Unicorn-49258.exe (PID: 12052)
- Unicorn-52687.exe (PID: 12128)
- Unicorn-43035.exe (PID: 12160)
- Unicorn-49887.exe (PID: 12132)
- Unicorn-32970.exe (PID: 12152)
- Unicorn-53150.exe (PID: 12208)
- Unicorn-50841.exe (PID: 12028)
- Unicorn-51780.exe (PID: 2968)
- Unicorn-30704.exe (PID: 11680)
- Unicorn-21053.exe (PID: 12012)
- Unicorn-8146.exe (PID: 11576)
- Unicorn-59948.exe (PID: 12296)
- Unicorn-633.exe (PID: 12328)
- Unicorn-43084.exe (PID: 12200)
- Unicorn-22423.exe (PID: 12216)
- Unicorn-32729.exe (PID: 12252)
- Unicorn-36813.exe (PID: 12276)
- Unicorn-8801.exe (PID: 12364)
- Unicorn-57810.exe (PID: 12448)
- Unicorn-40157.exe (PID: 12468)
- Unicorn-41473.exe (PID: 12520)
- Unicorn-18095.exe (PID: 12496)
- Unicorn-41473.exe (PID: 12528)
- Unicorn-18095.exe (PID: 12504)
- Unicorn-64032.exe (PID: 12512)
- Unicorn-28402.exe (PID: 12348)
- Unicorn-22536.exe (PID: 12356)
- Unicorn-63020.exe (PID: 12680)
- Unicorn-57155.exe (PID: 12688)
- Unicorn-40495.exe (PID: 12720)
- Unicorn-52164.exe (PID: 12744)
- Unicorn-63099.exe (PID: 12752)
- Unicorn-3870.exe (PID: 12608)
- Unicorn-35251.exe (PID: 12640)
- Unicorn-48987.exe (PID: 12656)
- Unicorn-39165.exe (PID: 12808)
- Unicorn-12614.exe (PID: 12828)
- Unicorn-45771.exe (PID: 12960)
- Unicorn-25329.exe (PID: 12860)
- Unicorn-12065.exe (PID: 12904)
- Unicorn-30805.exe (PID: 12936)
- Unicorn-29051.exe (PID: 12784)
- Unicorn-19683.exe (PID: 13032)
- Unicorn-654.exe (PID: 13008)
- Unicorn-8822.exe (PID: 13044)
- Unicorn-12906.exe (PID: 13060)
- Unicorn-31381.exe (PID: 13140)
- Unicorn-45579.exe (PID: 13204)
- Unicorn-29243.exe (PID: 13220)
- Unicorn-31381.exe (PID: 13148)
- Unicorn-28920.exe (PID: 13128)
- Unicorn-42071.exe (PID: 13308)
- Unicorn-39357.exe (PID: 13240)
- Unicorn-23021.exe (PID: 13284)
- Unicorn-41395.exe (PID: 13264)
- Unicorn-33903.exe (PID: 13300)
- Unicorn-42049.exe (PID: 13276)
- Unicorn-13290.exe (PID: 2096)
- Unicorn-14037.exe (PID: 13292)
- Unicorn-31765.exe (PID: 5740)
- Unicorn-13290.exe (PID: 13016)
- Unicorn-54878.exe (PID: 2152)
- Unicorn-7160.exe (PID: 7696)
- Unicorn-40679.exe (PID: 11004)
- Unicorn-1038.exe (PID: 1676)
- Unicorn-25735.exe (PID: 13004)
Reads the computer name
- Unicorn-63313.exe (PID: 7396)
- 1 (345).exe (PID: 7000)
- Unicorn-38377.exe (PID: 7848)
- Unicorn-52213.exe (PID: 7828)
- Unicorn-62088.exe (PID: 7888)
- Unicorn-43059.exe (PID: 7868)
- Unicorn-20501.exe (PID: 7904)
- Unicorn-20400.exe (PID: 7920)
- Unicorn-25605.exe (PID: 7980)
- Unicorn-16045.exe (PID: 8000)
- Unicorn-50109.exe (PID: 8016)
- Unicorn-48063.exe (PID: 8032)
- Unicorn-3601.exe (PID: 8048)
- Unicorn-58277.exe (PID: 8056)
- Unicorn-60150.exe (PID: 8096)
- Unicorn-20535.exe (PID: 8144)
- Unicorn-4753.exe (PID: 8164)
- Unicorn-43093.exe (PID: 8184)
- Unicorn-43761.exe (PID: 5680)
- Unicorn-60005.exe (PID: 5728)
- Unicorn-54530.exe (PID: 1052)
- Unicorn-31417.exe (PID: 5376)
- Unicorn-4774.exe (PID: 5556)
- Unicorn-31417.exe (PID: 1180)
- Unicorn-19719.exe (PID: 5056)
- Unicorn-4509.exe (PID: 5608)
- Unicorn-690.exe (PID: 1660)
- Unicorn-2728.exe (PID: 5640)
- Unicorn-690.exe (PID: 2108)
- Unicorn-65465.exe (PID: 3240)
- Unicorn-33638.exe (PID: 7232)
- Unicorn-28485.exe (PID: 7452)
- Unicorn-4857.exe (PID: 7336)
- Unicorn-57073.exe (PID: 7208)
- Unicorn-60892.exe (PID: 7524)
- Unicorn-21748.exe (PID: 6656)
- Unicorn-50851.exe (PID: 2516)
- Unicorn-50166.exe (PID: 7760)
- Unicorn-14540.exe (PID: 7660)
- Unicorn-46658.exe (PID: 632)
- Unicorn-2702.exe (PID: 5984)
- Unicorn-61925.exe (PID: 6080)
- Unicorn-57841.exe (PID: 4188)
- Unicorn-62994.exe (PID: 6228)
- Unicorn-2610.exe (PID: 5228)
- Unicorn-59879.exe (PID: 7288)
- Unicorn-38605.exe (PID: 7284)
- Unicorn-54504.exe (PID: 4068)
- Unicorn-61925.exe (PID: 2040)
- Unicorn-207.exe (PID: 7428)
- Unicorn-42443.exe (PID: 5380)
- Unicorn-61432.exe (PID: 976)
- Unicorn-42173.exe (PID: 7960)
- Unicorn-41204.exe (PID: 7640)
- Unicorn-55594.exe (PID: 7948)
- Unicorn-23607.exe (PID: 7384)
- Unicorn-31967.exe (PID: 7212)
- Unicorn-35728.exe (PID: 7816)
- Unicorn-43954.exe (PID: 7552)
- Unicorn-33097.exe (PID: 8252)
- Unicorn-36051.exe (PID: 7216)
- Unicorn-23607.exe (PID: 2100)
- Unicorn-14461.exe (PID: 7600)
- Unicorn-42081.exe (PID: 8208)
- Unicorn-46833.exe (PID: 8240)
- Unicorn-37997.exe (PID: 7584)
- Unicorn-22215.exe (PID: 8200)
- Unicorn-44987.exe (PID: 8420)
- Unicorn-5992.exe (PID: 8440)
- Unicorn-61494.exe (PID: 8312)
- Unicorn-57815.exe (PID: 8452)
- Unicorn-41479.exe (PID: 8480)
- Unicorn-62454.exe (PID: 8488)
- Unicorn-20675.exe (PID: 8604)
- Unicorn-25335.exe (PID: 8748)
- Unicorn-12982.exe (PID: 8788)
- Unicorn-53072.exe (PID: 8912)
- Unicorn-16975.exe (PID: 8864)
- Unicorn-15568.exe (PID: 8940)
- Unicorn-13430.exe (PID: 8976)
- Unicorn-13430.exe (PID: 8984)
- Unicorn-13238.exe (PID: 9136)
- Unicorn-34427.exe (PID: 8736)
- Unicorn-171.exe (PID: 8332)
- Unicorn-13906.exe (PID: 6156)
- Unicorn-14561.exe (PID: 8644)
- Unicorn-42019.exe (PID: 9048)
- Unicorn-5070.exe (PID: 9112)
- Unicorn-9154.exe (PID: 9128)
- Unicorn-17707.exe (PID: 9240)
- Unicorn-34134.exe (PID: 9220)
- Unicorn-28013.exe (PID: 9260)
- Unicorn-24121.exe (PID: 8956)
- Unicorn-62637.exe (PID: 9308)
- Unicorn-20320.exe (PID: 9408)
- Unicorn-24867.exe (PID: 9460)
- Unicorn-40156.exe (PID: 9592)
- Unicorn-40156.exe (PID: 9600)
- Unicorn-58692.exe (PID: 9712)
- Unicorn-51915.exe (PID: 9720)
- Unicorn-49777.exe (PID: 9808)
- Unicorn-9491.exe (PID: 9840)
- Unicorn-33441.exe (PID: 9856)
- Unicorn-39471.exe (PID: 9884)
- Unicorn-47639.exe (PID: 9928)
- Unicorn-27773.exe (PID: 9920)
- Unicorn-576.exe (PID: 9968)
- Unicorn-57183.exe (PID: 9960)
- Unicorn-62029.exe (PID: 9952)
- Unicorn-25081.exe (PID: 10076)
- Unicorn-43455.exe (PID: 10032)
- Unicorn-23689.exe (PID: 9900)
- Unicorn-5215.exe (PID: 10088)
- Unicorn-49320.exe (PID: 10024)
- Unicorn-41509.exe (PID: 9936)
- Unicorn-28349.exe (PID: 10184)
- Unicorn-37525.exe (PID: 9868)
- Unicorn-60559.exe (PID: 10228)
- Unicorn-14774.exe (PID: 10016)
- Unicorn-54992.exe (PID: 10148)
- Unicorn-12013.exe (PID: 10220)
- Unicorn-4560.exe (PID: 10004)
- Unicorn-37909.exe (PID: 9296)
- Unicorn-30103.exe (PID: 9524)
- Unicorn-1436.exe (PID: 9640)
Create files in a temporary directory
- Unicorn-63313.exe (PID: 7396)
- Unicorn-52213.exe (PID: 7828)
- 1 (345).exe (PID: 7000)
- Unicorn-43059.exe (PID: 7868)
- Unicorn-20501.exe (PID: 7904)
- Unicorn-20400.exe (PID: 7920)
- Unicorn-50109.exe (PID: 8016)
- Unicorn-60150.exe (PID: 8096)
- Unicorn-25605.exe (PID: 7980)
- Unicorn-4753.exe (PID: 8164)
- Unicorn-43093.exe (PID: 8184)
- Unicorn-43761.exe (PID: 5680)
- Unicorn-60005.exe (PID: 5728)
- Unicorn-31417.exe (PID: 5376)
- Unicorn-62088.exe (PID: 7888)
- Unicorn-54193.exe (PID: 8040)
- Unicorn-19719.exe (PID: 5056)
- Unicorn-690.exe (PID: 1660)
- Unicorn-48063.exe (PID: 8032)
- Unicorn-46362.exe (PID: 660)
- Unicorn-54530.exe (PID: 1052)
- Unicorn-58277.exe (PID: 8056)
- Unicorn-38377.exe (PID: 7848)
- Unicorn-33638.exe (PID: 7232)
- Unicorn-20535.exe (PID: 8144)
- Unicorn-3601.exe (PID: 8048)
- Unicorn-32660.exe (PID: 6584)
- Unicorn-37207.exe (PID: 7332)
- Unicorn-28485.exe (PID: 7452)
- Unicorn-57073.exe (PID: 7208)
- Unicorn-16045.exe (PID: 8000)
- Unicorn-46658.exe (PID: 632)
- Unicorn-31417.exe (PID: 1180)
- Unicorn-2702.exe (PID: 5984)
- Unicorn-4774.exe (PID: 5556)
- Unicorn-6694.exe (PID: 5800)
- Unicorn-61925.exe (PID: 6080)
- Unicorn-2610.exe (PID: 5228)
- Unicorn-57841.exe (PID: 4188)
- Unicorn-564.exe (PID: 5552)
- Unicorn-59879.exe (PID: 7288)
- Unicorn-690.exe (PID: 2108)
- Unicorn-62994.exe (PID: 7020)
- Unicorn-61925.exe (PID: 2040)
- Unicorn-65465.exe (PID: 3240)
- Unicorn-2728.exe (PID: 5640)
- Unicorn-46144.exe (PID: 7424)
- Unicorn-57327.exe (PID: 668)
- Unicorn-35728.exe (PID: 7816)
- Unicorn-23607.exe (PID: 7384)
- Unicorn-43954.exe (PID: 7552)
- Unicorn-21940.exe (PID: 732)
- Unicorn-61110.exe (PID: 5324)
- Unicorn-14461.exe (PID: 7600)
- Unicorn-36051.exe (PID: 7216)
- Unicorn-42081.exe (PID: 8208)
- Unicorn-22215.exe (PID: 8200)
- Unicorn-4857.exe (PID: 7336)
- Unicorn-33150.exe (PID: 7480)
- Unicorn-37997.exe (PID: 7584)
- Unicorn-21748.exe (PID: 6656)
- Unicorn-50851.exe (PID: 2516)
- Unicorn-50166.exe (PID: 7760)
- Unicorn-61494.exe (PID: 8312)
- Unicorn-14540.exe (PID: 7660)
- Unicorn-57815.exe (PID: 8452)
- Unicorn-41479.exe (PID: 8480)
- Unicorn-62454.exe (PID: 8488)
- Unicorn-54286.exe (PID: 8532)
- Unicorn-20675.exe (PID: 8604)
- Unicorn-46658.exe (PID: 1388)
- Unicorn-42443.exe (PID: 5380)
- Unicorn-54504.exe (PID: 4068)
- Unicorn-53072.exe (PID: 8912)
- Unicorn-16975.exe (PID: 8864)
- Unicorn-2610.exe (PID: 856)
- Unicorn-32459.exe (PID: 9012)
- Unicorn-5817.exe (PID: 9064)
- Unicorn-13238.exe (PID: 9136)
- Unicorn-4509.exe (PID: 5608)
- Unicorn-64577.exe (PID: 9084)
- Unicorn-171.exe (PID: 8332)
- Unicorn-13906.exe (PID: 6156)
- Unicorn-46144.exe (PID: 1132)
- Unicorn-38605.exe (PID: 7284)
- Unicorn-50498.exe (PID: 8296)
- Unicorn-14369.exe (PID: 7316)
- Unicorn-17707.exe (PID: 9240)
- Unicorn-24121.exe (PID: 8956)
- Unicorn-61432.exe (PID: 976)
- Unicorn-207.exe (PID: 7428)
- Unicorn-20320.exe (PID: 9408)
- Unicorn-24867.exe (PID: 9460)
- Unicorn-62637.exe (PID: 9308)
- Unicorn-41204.exe (PID: 7640)
- Unicorn-55594.exe (PID: 7948)
- Unicorn-42173.exe (PID: 7960)
- Unicorn-33097.exe (PID: 8252)
- Unicorn-60892.exe (PID: 7524)
- Unicorn-23607.exe (PID: 2100)
- Unicorn-15438.exe (PID: 4336)
- Unicorn-42657.exe (PID: 8280)
- Unicorn-46833.exe (PID: 8240)
- Unicorn-12755.exe (PID: 9704)
- Unicorn-19010.exe (PID: 9728)
- Unicorn-44987.exe (PID: 8420)
- Unicorn-58692.exe (PID: 9712)
- Unicorn-4852.exe (PID: 9756)
- Unicorn-5992.exe (PID: 8440)
- Unicorn-768.exe (PID: 9800)
- Unicorn-33441.exe (PID: 9856)
- Unicorn-9491.exe (PID: 9840)
- Unicorn-39471.exe (PID: 9884)
- Unicorn-576.exe (PID: 9968)
- Unicorn-27773.exe (PID: 9920)
- Unicorn-62029.exe (PID: 9952)
- Unicorn-43455.exe (PID: 10032)
- Unicorn-5215.exe (PID: 10088)
- Unicorn-49320.exe (PID: 10024)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 4172)
- BackgroundTransferHost.exe (PID: 7484)
- BackgroundTransferHost.exe (PID: 3008)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 7484)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 7484)
- WerFault.exe (PID: 8836)
- WerFault.exe (PID: 9436)
- WerFault.exe (PID: 9668)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 7484)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | DOS Executable Generic (100) |
|---|
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
486
Monitored processes
349
Malicious processes
57
Suspicious processes
63
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-46658.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46658.exe | Unicorn-46362.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-46362.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46362.exe | Unicorn-62088.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 668 | C:\Users\admin\AppData\Local\Temp\Unicorn-57327.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57327.exe | Unicorn-58277.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 732 | C:\Users\admin\AppData\Local\Temp\Unicorn-21940.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21940.exe | Unicorn-25605.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 856 | C:\Users\admin\AppData\Local\Temp\Unicorn-2610.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2610.exe | Unicorn-4774.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-35889.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35889.exe | Unicorn-46144.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 924 | C:\Users\admin\AppData\Local\Temp\Unicorn-29204.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29204.exe | Unicorn-19719.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 976 | C:\Users\admin\AppData\Local\Temp\Unicorn-61432.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61432.exe | Unicorn-33638.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1052 | C:\Users\admin\AppData\Local\Temp\Unicorn-54530.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54530.exe | Unicorn-20400.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1132 | C:\Users\admin\AppData\Local\Temp\Unicorn-46144.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46144.exe | Unicorn-3601.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
13 722
Read events
13 707
Write events
15
Delete events
0
Modification events
| (PID) Process: | (4172) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (4172) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (4172) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7484) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7484) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7484) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (3008) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (3008) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (3008) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (9092) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 152
Suspicious files
14
Text files
3
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7396 | Unicorn-63313.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52213.exe | executable | |
MD5:0F15DCB0915C63FAF11D00585631008A | SHA256:B2DFC188FE2A14AFCB2CAD7A6D9AA14CEC526C100C2EABCE6E3CEC33A560D5ED | |||
| 7828 | Unicorn-52213.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16045.exe | executable | |
MD5:3EC27C8B714D489C503AC510EBF78509 | SHA256:211FCDD7E07F770042E56668B8344483D7A925858448882A530B192107A16652 | |||
| 7904 | Unicorn-20501.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54193.exe | executable | |
MD5:756F799638F395E881DC17FF9BA90534 | SHA256:55D51EEF979CC7A1D64972502093063B1C1FCF830CAEBF923D7B18E20C979F9E | |||
| 7848 | Unicorn-38377.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-20501.exe | executable | |
MD5:4AE6BCFA694237F2591FB18368B4BF50 | SHA256:7CAA7199AD09B9CEFA662D35F919537F51F371917B807C06A6B111FAB0C5C262 | |||
| 7828 | Unicorn-52213.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43761.exe | executable | |
MD5:7B4A6EB99284535738066C1682DC67DE | SHA256:1276960F8EF055DE9BEFEE507BF9D2EC7C1FDBB2D78BF3B511201527117F8FF1 | |||
| 7000 | 1 (345).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60150.exe | executable | |
MD5:E86DE4C8BD6B00F7699B98CB702F3164 | SHA256:D6DE711531297A455CB0917AC2E00101751B187EBD4298AB09F12F5C21283006 | |||
| 8016 | Unicorn-50109.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60005.exe | executable | |
MD5:FC0DE5EB3B1C9C4709488936DF05E778 | SHA256:16F527A12FFC0A799BABCB89AF6629C09AF7046395912514466D022BE187834B | |||
| 7980 | Unicorn-25605.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-20535.exe | executable | |
MD5:9BF5AFCC827534BBCB5D83971ACC33D3 | SHA256:D2304E0235D6E71A6B9A3F7816D61FF91F2EDFEF2C8570AF31F1193C1313F6C5 | |||
| 7868 | Unicorn-43059.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4753.exe | executable | |
MD5:72AA5D52910A3DD654A7B8AD4B1E6E21 | SHA256:EFC6050E98BA2FBA62CA79C643C2F57C42B51C45C7FAB2C36AD2B152E329B577 | |||
| 8000 | Unicorn-16045.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43093.exe | executable | |
MD5:22D375807E14F339E75EDB083AF72E4F | SHA256:AF7306E5FB07B553216A6DCA8B661AE5720604F92DBC854F83323FF2A18B434E | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
7576 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7484 | BackgroundTransferHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 2.19.11.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
8588 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8588 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.19.11.120:80 | crl.microsoft.com | Elisa Oyj | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 40.115.3.253:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.159.73:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
7576 | backgroundTaskHost.exe | 20.199.58.43:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
7576 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |