| File name: | 1 (1338) |
| Full analysis: | https://app.any.run/tasks/22f1c07b-59b8-4eee-a726-bcbae67e8ddc |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 12:26:01 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | C4BBFAD04A88ABA5F042EF070B909520 |
| SHA1: | 397BF28E8A855892FA0674BF375C19DA85B34A41 |
| SHA256: | DF10B209575474C02EE7C5286726196CEC095727EEC1979AF4E6A3652128755C |
| SSDEEP: | 6144:Y7TLnghCQD2eAgx7p7esP5Jx5tPqDp8GBf/xyeOoTk/8SwjwpyAvEh7iQZLlsbra:Yfz+geAg9paCP6+afJyeOowx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1338).exe (PID: 7288)
- Unicorn-51219.exe (PID: 7200)
- Unicorn-34395.exe (PID: 7744)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-61950.exe (PID: 8060)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-10186.exe (PID: 4108)
- Unicorn-8214.exe (PID: 7312)
- Unicorn-47690.exe (PID: 2284)
- Unicorn-23434.exe (PID: 6564)
- Unicorn-49522.exe (PID: 7176)
- Unicorn-25572.exe (PID: 3396)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-49522.exe (PID: 6268)
- Unicorn-49522.exe (PID: 5200)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-57306.exe (PID: 6744)
- Unicorn-48391.exe (PID: 6728)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-45459.exe (PID: 6388)
- Unicorn-4426.exe (PID: 5720)
- Unicorn-4426.exe (PID: 1052)
- Unicorn-342.exe (PID: 6272)
- Unicorn-4426.exe (PID: 6540)
- Unicorn-46014.exe (PID: 3240)
- Unicorn-10356.exe (PID: 680)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-7556.exe (PID: 4696)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-5770.exe (PID: 7352)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-59418.exe (PID: 7336)
- Unicorn-37274.exe (PID: 7644)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-57280.exe (PID: 7656)
- Unicorn-1037.exe (PID: 7676)
- Unicorn-5386.exe (PID: 7688)
- Unicorn-10430.exe (PID: 7696)
- Unicorn-20820.exe (PID: 2564)
- Unicorn-20820.exe (PID: 5868)
- Unicorn-57384.exe (PID: 7880)
- Unicorn-60783.exe (PID: 7724)
- Unicorn-15474.exe (PID: 7736)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-57384.exe (PID: 4920)
- Unicorn-37518.exe (PID: 6132)
- Unicorn-59614.exe (PID: 8128)
- Unicorn-45879.exe (PID: 8040)
- Unicorn-27727.exe (PID: 7968)
- Unicorn-45879.exe (PID: 8136)
- Unicorn-37518.exe (PID: 7704)
- Unicorn-61146.exe (PID: 7868)
- Unicorn-35125.exe (PID: 904)
- Unicorn-27727.exe (PID: 7852)
- Unicorn-51661.exe (PID: 7192)
- Unicorn-2957.exe (PID: 8184)
- Unicorn-31811.exe (PID: 7876)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-54461.exe (PID: 8124)
- Unicorn-36471.exe (PID: 7988)
- Unicorn-29049.exe (PID: 7992)
- Unicorn-3606.exe (PID: 7788)
- Unicorn-17565.exe (PID: 5400)
- Unicorn-6988.exe (PID: 7776)
- Unicorn-16745.exe (PID: 2420)
- Unicorn-9034.exe (PID: 1328)
- Unicorn-29625.exe (PID: 4784)
- Unicorn-25838.exe (PID: 1180)
- Unicorn-50238.exe (PID: 4464)
- Unicorn-28116.exe (PID: 1240)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-482.exe (PID: 3008)
- Unicorn-10496.exe (PID: 7316)
- Unicorn-5682.exe (PID: 6392)
- Unicorn-41711.exe (PID: 7700)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-33080.exe (PID: 7612)
- Unicorn-34463.exe (PID: 2340)
- Unicorn-38163.exe (PID: 6048)
- Unicorn-34463.exe (PID: 1676)
- Unicorn-30933.exe (PID: 4844)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-42609.exe (PID: 7540)
- Unicorn-34655.exe (PID: 8216)
- Unicorn-20217.exe (PID: 8236)
- Unicorn-10726.exe (PID: 8336)
- Unicorn-40637.exe (PID: 8244)
- Unicorn-43404.exe (PID: 7648)
- Unicorn-27255.exe (PID: 8280)
- Unicorn-7986.exe (PID: 8368)
- Unicorn-59927.exe (PID: 8352)
- Unicorn-32853.exe (PID: 8736)
- Unicorn-59927.exe (PID: 8360)
- Unicorn-2558.exe (PID: 8328)
- Unicorn-8541.exe (PID: 8396)
- Unicorn-25069.exe (PID: 8420)
- Unicorn-32085.exe (PID: 8316)
- Unicorn-28407.exe (PID: 8404)
- Unicorn-36767.exe (PID: 8444)
- Unicorn-3902.exe (PID: 8384)
- Unicorn-53103.exe (PID: 8504)
- Unicorn-40851.exe (PID: 8432)
- Unicorn-44935.exe (PID: 8520)
- Unicorn-44935.exe (PID: 8540)
- Unicorn-15771.exe (PID: 8716)
- Unicorn-7986.exe (PID: 8372)
- Unicorn-46589.exe (PID: 8760)
- Unicorn-7794.exe (PID: 8572)
- Unicorn-44935.exe (PID: 8528)
- Unicorn-27253.exe (PID: 8792)
- Unicorn-1280.exe (PID: 8752)
- Unicorn-44094.exe (PID: 8804)
- Unicorn-65355.exe (PID: 8452)
- Unicorn-43789.exe (PID: 8784)
- Unicorn-52454.exe (PID: 8744)
- Unicorn-44319.exe (PID: 8776)
- Unicorn-16709.exe (PID: 8664)
- Unicorn-24493.exe (PID: 8812)
- Unicorn-58510.exe (PID: 8840)
- Unicorn-8733.exe (PID: 8984)
- Unicorn-46589.exe (PID: 8864)
- Unicorn-38028.exe (PID: 8956)
- Unicorn-17691.exe (PID: 8996)
- Unicorn-60761.exe (PID: 9024)
- Unicorn-62615.exe (PID: 9076)
- Unicorn-21391.exe (PID: 9120)
- Unicorn-42749.exe (PID: 9068)
- Unicorn-25864.exe (PID: 5204)
- Unicorn-52209.exe (PID: 9152)
- Unicorn-10025.exe (PID: 9204)
- Unicorn-14374.exe (PID: 9196)
- Unicorn-38879.exe (PID: 9224)
- Unicorn-25475.exe (PID: 9108)
- Unicorn-43155.exe (PID: 8276)
- Unicorn-63383.exe (PID: 9232)
- Unicorn-9449.exe (PID: 9312)
- Unicorn-9449.exe (PID: 9300)
- Unicorn-1930.exe (PID: 9288)
- Unicorn-59299.exe (PID: 9260)
- Unicorn-59299.exe (PID: 9240)
- Unicorn-15142.exe (PID: 9356)
- Unicorn-63389.exe (PID: 9432)
- Unicorn-48007.exe (PID: 9396)
- Unicorn-47815.exe (PID: 9496)
- Unicorn-15142.exe (PID: 9348)
- Unicorn-44286.exe (PID: 9536)
- Unicorn-32225.exe (PID: 9380)
- Unicorn-45577.exe (PID: 9588)
- Unicorn-41877.exe (PID: 9388)
- Unicorn-31841.exe (PID: 9604)
- Unicorn-46661.exe (PID: 9564)
- Unicorn-5342.exe (PID: 9700)
- Unicorn-6953.exe (PID: 9640)
- Unicorn-33376.exe (PID: 9736)
- Unicorn-55334.exe (PID: 9656)
- Unicorn-16848.exe (PID: 9792)
- Unicorn-5150.exe (PID: 9772)
- Unicorn-53967.exe (PID: 9808)
- Unicorn-33354.exe (PID: 9864)
- Unicorn-4403.exe (PID: 9752)
- Unicorn-44350.exe (PID: 9896)
- Unicorn-38228.exe (PID: 9916)
Executable content was dropped or overwritten
- Unicorn-51219.exe (PID: 7200)
- Unicorn-34395.exe (PID: 7744)
- Unicorn-61950.exe (PID: 8060)
- 1 (1338).exe (PID: 7288)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-8214.exe (PID: 7312)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-49522.exe (PID: 7176)
- Unicorn-49522.exe (PID: 6268)
- Unicorn-49522.exe (PID: 5200)
- Unicorn-10186.exe (PID: 4108)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-23434.exe (PID: 6564)
- Unicorn-47690.exe (PID: 2284)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-57306.exe (PID: 6744)
- Unicorn-48391.exe (PID: 6728)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-45459.exe (PID: 6388)
- Unicorn-4426.exe (PID: 5720)
- Unicorn-342.exe (PID: 6272)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-4426.exe (PID: 6540)
- Unicorn-10356.exe (PID: 680)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-7556.exe (PID: 4696)
- Unicorn-59418.exe (PID: 7336)
- Unicorn-43404.exe (PID: 7648)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-5386.exe (PID: 7688)
- Unicorn-57280.exe (PID: 7656)
- Unicorn-1037.exe (PID: 7676)
- Unicorn-33080.exe (PID: 7612)
- Unicorn-41711.exe (PID: 7700)
- Unicorn-20820.exe (PID: 2564)
- Unicorn-20820.exe (PID: 5868)
- Unicorn-4426.exe (PID: 1052)
- Unicorn-57384.exe (PID: 7880)
- Unicorn-46014.exe (PID: 3240)
- Unicorn-57384.exe (PID: 4920)
- Unicorn-60783.exe (PID: 7724)
- Unicorn-15474.exe (PID: 7736)
- Unicorn-37518.exe (PID: 6132)
- Unicorn-59614.exe (PID: 8128)
- Unicorn-45879.exe (PID: 8040)
- Unicorn-37518.exe (PID: 7704)
- Unicorn-27727.exe (PID: 7968)
- Unicorn-61146.exe (PID: 7868)
- Unicorn-27727.exe (PID: 7852)
- Unicorn-35125.exe (PID: 904)
- Unicorn-54461.exe (PID: 8124)
- Unicorn-31811.exe (PID: 7876)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-36471.exe (PID: 7988)
- Unicorn-5770.exe (PID: 7352)
- Unicorn-29049.exe (PID: 7992)
- Unicorn-3606.exe (PID: 7788)
- Unicorn-16745.exe (PID: 2420)
- Unicorn-17565.exe (PID: 5400)
- Unicorn-6988.exe (PID: 7776)
- Unicorn-29625.exe (PID: 4784)
- Unicorn-25838.exe (PID: 1180)
- Unicorn-9034.exe (PID: 1328)
- Unicorn-50238.exe (PID: 4464)
- Unicorn-482.exe (PID: 3008)
- Unicorn-34463.exe (PID: 2340)
- Unicorn-28116.exe (PID: 1240)
- Unicorn-37274.exe (PID: 7644)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-38163.exe (PID: 6048)
- Unicorn-5682.exe (PID: 6392)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-34463.exe (PID: 1676)
- Unicorn-30933.exe (PID: 4844)
- Unicorn-34655.exe (PID: 8216)
- Unicorn-20217.exe (PID: 8236)
- Unicorn-10430.exe (PID: 7696)
- Unicorn-42609.exe (PID: 7540)
- Unicorn-40637.exe (PID: 8244)
- Unicorn-27255.exe (PID: 8280)
- Unicorn-10726.exe (PID: 8336)
- Unicorn-7986.exe (PID: 8368)
- Unicorn-45879.exe (PID: 8136)
- Unicorn-59927.exe (PID: 8352)
- Unicorn-32853.exe (PID: 8736)
- Unicorn-32085.exe (PID: 8316)
- Unicorn-59927.exe (PID: 8360)
- Unicorn-2558.exe (PID: 8328)
- Unicorn-8541.exe (PID: 8396)
- Unicorn-28407.exe (PID: 8404)
- Unicorn-25069.exe (PID: 8420)
- Unicorn-36767.exe (PID: 8444)
- Unicorn-3902.exe (PID: 8384)
- Unicorn-53103.exe (PID: 8504)
- Unicorn-40851.exe (PID: 8432)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-44935.exe (PID: 8520)
- Unicorn-44935.exe (PID: 8540)
- Unicorn-7986.exe (PID: 8372)
- Unicorn-7794.exe (PID: 8572)
- Unicorn-44935.exe (PID: 8528)
- Unicorn-27253.exe (PID: 8792)
- Unicorn-1280.exe (PID: 8752)
- Unicorn-65355.exe (PID: 8452)
- Unicorn-43789.exe (PID: 8784)
- Unicorn-46589.exe (PID: 8760)
- Unicorn-52454.exe (PID: 8744)
- Unicorn-25572.exe (PID: 3396)
- Unicorn-51661.exe (PID: 7192)
- Unicorn-44319.exe (PID: 8776)
- Unicorn-24493.exe (PID: 8812)
- Unicorn-16709.exe (PID: 8664)
- Unicorn-2957.exe (PID: 8184)
- Unicorn-38028.exe (PID: 8956)
- Unicorn-54639.exe (PID: 9044)
- Unicorn-17691.exe (PID: 8996)
- Unicorn-58510.exe (PID: 8840)
- Unicorn-46589.exe (PID: 8864)
- Unicorn-62615.exe (PID: 9076)
- Unicorn-21391.exe (PID: 9120)
- Unicorn-52209.exe (PID: 9152)
- Unicorn-60761.exe (PID: 9024)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-38879.exe (PID: 9224)
- Unicorn-59299.exe (PID: 9260)
- Unicorn-43155.exe (PID: 8276)
- Unicorn-9449.exe (PID: 9312)
- Unicorn-10496.exe (PID: 7316)
- Unicorn-9449.exe (PID: 9300)
- Unicorn-1930.exe (PID: 9288)
- Unicorn-63383.exe (PID: 9232)
- Unicorn-15142.exe (PID: 9356)
- Unicorn-63389.exe (PID: 9432)
- Unicorn-48007.exe (PID: 9396)
- Unicorn-41877.exe (PID: 9388)
- Unicorn-59299.exe (PID: 9240)
- Unicorn-15142.exe (PID: 9348)
- Unicorn-32225.exe (PID: 9380)
- Unicorn-44286.exe (PID: 9536)
- Unicorn-45577.exe (PID: 9588)
- Unicorn-31841.exe (PID: 9596)
- Unicorn-47815.exe (PID: 9496)
- Unicorn-31841.exe (PID: 9604)
- Unicorn-46661.exe (PID: 9564)
- Unicorn-6953.exe (PID: 9640)
- Unicorn-5342.exe (PID: 9700)
- Unicorn-33376.exe (PID: 9736)
- Unicorn-55334.exe (PID: 9656)
- Unicorn-4403.exe (PID: 9752)
- Unicorn-5150.exe (PID: 9772)
- Unicorn-53967.exe (PID: 9808)
- Unicorn-16848.exe (PID: 9792)
- Unicorn-8295.exe (PID: 9816)
- Unicorn-32727.exe (PID: 9844)
- Unicorn-33354.exe (PID: 9864)
- Unicorn-44350.exe (PID: 9896)
- Unicorn-38228.exe (PID: 9916)
- Unicorn-15771.exe (PID: 8716)
- Unicorn-44094.exe (PID: 8804)
- Unicorn-33045.exe (PID: 8708)
- Unicorn-11293.exe (PID: 9964)
- Unicorn-8733.exe (PID: 8984)
- Unicorn-42749.exe (PID: 9068)
- Unicorn-25475.exe (PID: 9108)
- Unicorn-14374.exe (PID: 9196)
- Unicorn-39764.exe (PID: 10044)
- Unicorn-3178.exe (PID: 10072)
- Unicorn-64844.exe (PID: 10104)
- Unicorn-46078.exe (PID: 10168)
- Unicorn-37216.exe (PID: 7372)
- Unicorn-8243.exe (PID: 6712)
- Unicorn-53723.exe (PID: 8312)
- Unicorn-30701.exe (PID: 896)
- Unicorn-50236.exe (PID: 10260)
- Unicorn-21818.exe (PID: 10348)
- Unicorn-45576.exe (PID: 10404)
- Unicorn-21072.exe (PID: 10380)
- Unicorn-29240.exe (PID: 10368)
- Unicorn-25864.exe (PID: 5204)
- Unicorn-10025.exe (PID: 9204)
- Unicorn-46728.exe (PID: 10496)
- Unicorn-54128.exe (PID: 10304)
- Unicorn-26094.exe (PID: 10328)
- Unicorn-40598.exe (PID: 10480)
- Unicorn-13863.exe (PID: 10448)
- Unicorn-40598.exe (PID: 10488)
- Unicorn-50983.exe (PID: 10628)
- Unicorn-9587.exe (PID: 10536)
- Unicorn-17756.exe (PID: 10648)
- Unicorn-50812.exe (PID: 10440)
- Unicorn-63988.exe (PID: 10768)
- Unicorn-46344.exe (PID: 10668)
- Unicorn-6442.exe (PID: 10472)
- Unicorn-23702.exe (PID: 10700)
- Unicorn-63988.exe (PID: 10760)
- Unicorn-34284.exe (PID: 10596)
- Unicorn-6811.exe (PID: 10860)
- Unicorn-54512.exe (PID: 10604)
- Unicorn-35400.exe (PID: 10880)
- Unicorn-25924.exe (PID: 10636)
- Unicorn-19064.exe (PID: 10820)
- Unicorn-60267.exe (PID: 11144)
- Unicorn-56183.exe (PID: 11164)
- Unicorn-39484.exe (PID: 10716)
- Unicorn-55628.exe (PID: 10936)
- Unicorn-43738.exe (PID: 11104)
- Unicorn-51352.exe (PID: 11024)
- Unicorn-43184.exe (PID: 11048)
- Unicorn-4765.exe (PID: 10832)
- Unicorn-43184.exe (PID: 11040)
- Unicorn-31486.exe (PID: 11016)
- Unicorn-27210.exe (PID: 11248)
- Unicorn-60459.exe (PID: 10952)
- Unicorn-64159.exe (PID: 11268)
- Unicorn-24993.exe (PID: 10984)
- Unicorn-52099.exe (PID: 11172)
- Unicorn-63604.exe (PID: 11112)
- Unicorn-43184.exe (PID: 11032)
- Unicorn-22764.exe (PID: 11224)
- Unicorn-20525.exe (PID: 11320)
- Unicorn-47631.exe (PID: 7256)
- Unicorn-6235.exe (PID: 11300)
- Unicorn-18222.exe (PID: 11244)
- Unicorn-19042.exe (PID: 4736)
- Unicorn-2898.exe (PID: 11216)
- Unicorn-1959.exe (PID: 7216)
- Unicorn-39462.exe (PID: 2064)
- Unicorn-60672.exe (PID: 11388)
- Unicorn-47963.exe (PID: 11496)
- Unicorn-3303.exe (PID: 11372)
- Unicorn-47077.exe (PID: 11584)
- Unicorn-19832.exe (PID: 11420)
- Unicorn-36530.exe (PID: 11564)
- Unicorn-28000.exe (PID: 11448)
- Unicorn-39298.exe (PID: 11504)
- Unicorn-26656.exe (PID: 11328)
- Unicorn-62710.exe (PID: 11364)
- Unicorn-55634.exe (PID: 11540)
- Unicorn-10510.exe (PID: 11600)
- Unicorn-41714.exe (PID: 11716)
- Unicorn-39828.exe (PID: 11480)
- Unicorn-48228.exe (PID: 11512)
INFO
Checks supported languages
- Unicorn-34395.exe (PID: 7744)
- 1 (1338).exe (PID: 7288)
- Unicorn-61950.exe (PID: 8060)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-51219.exe (PID: 7200)
- Unicorn-47690.exe (PID: 2284)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-25572.exe (PID: 3396)
- Unicorn-49522.exe (PID: 6268)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-49522.exe (PID: 7176)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-4426.exe (PID: 6540)
- Unicorn-4426.exe (PID: 1052)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-10356.exe (PID: 680)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-7556.exe (PID: 4696)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-5770.exe (PID: 7352)
- Unicorn-59418.exe (PID: 7336)
- Unicorn-37274.exe (PID: 7644)
- Unicorn-4426.exe (PID: 5720)
- Unicorn-1037.exe (PID: 7676)
- Unicorn-33080.exe (PID: 7612)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-41711.exe (PID: 7700)
- Unicorn-20820.exe (PID: 2564)
- Unicorn-31811.exe (PID: 7876)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-37518.exe (PID: 7704)
- Unicorn-45879.exe (PID: 8040)
- Unicorn-54461.exe (PID: 8124)
- Unicorn-35125.exe (PID: 904)
- Unicorn-29049.exe (PID: 7992)
- Unicorn-17565.exe (PID: 5400)
- Unicorn-6988.exe (PID: 7776)
- Unicorn-9034.exe (PID: 1328)
- Unicorn-45879.exe (PID: 8136)
- Unicorn-29071.exe (PID: 5756)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-29625.exe (PID: 4784)
- Unicorn-28116.exe (PID: 1240)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-42609.exe (PID: 7540)
- Unicorn-34463.exe (PID: 2340)
- Unicorn-59927.exe (PID: 8352)
- Unicorn-7986.exe (PID: 8368)
- Unicorn-7986.exe (PID: 8372)
- Unicorn-59927.exe (PID: 8360)
- Unicorn-36767.exe (PID: 8444)
- Unicorn-53103.exe (PID: 8504)
- Unicorn-7794.exe (PID: 8572)
- Unicorn-16709.exe (PID: 8664)
- Unicorn-1280.exe (PID: 8752)
- Unicorn-43789.exe (PID: 8784)
- Unicorn-58510.exe (PID: 8840)
- Unicorn-24493.exe (PID: 8812)
- Unicorn-44319.exe (PID: 8776)
- Unicorn-38028.exe (PID: 8956)
- Unicorn-27253.exe (PID: 8792)
- Unicorn-21391.exe (PID: 9120)
- Unicorn-60761.exe (PID: 9024)
- Unicorn-42749.exe (PID: 9068)
- Unicorn-52209.exe (PID: 9152)
- Unicorn-14374.exe (PID: 9196)
- Unicorn-25864.exe (PID: 5204)
- Unicorn-10025.exe (PID: 9204)
- Unicorn-25475.exe (PID: 9108)
- Unicorn-38879.exe (PID: 9224)
- Unicorn-59299.exe (PID: 9240)
- Unicorn-63383.exe (PID: 9232)
- Unicorn-59299.exe (PID: 9260)
- Unicorn-9449.exe (PID: 9312)
- Unicorn-48007.exe (PID: 9396)
- Unicorn-46661.exe (PID: 9564)
- Unicorn-47815.exe (PID: 9496)
- Unicorn-31841.exe (PID: 9604)
- Unicorn-55334.exe (PID: 9656)
- Unicorn-15142.exe (PID: 9356)
- Unicorn-5150.exe (PID: 9772)
- Unicorn-16848.exe (PID: 9792)
- Unicorn-8295.exe (PID: 9816)
- Unicorn-11293.exe (PID: 9964)
- Unicorn-39764.exe (PID: 10044)
- Unicorn-33354.exe (PID: 9864)
- Unicorn-37216.exe (PID: 7372)
- Unicorn-8243.exe (PID: 6712)
- Unicorn-30701.exe (PID: 896)
- Unicorn-64844.exe (PID: 10104)
- Unicorn-54128.exe (PID: 10304)
- Unicorn-26094.exe (PID: 10328)
- Unicorn-21818.exe (PID: 10348)
- Unicorn-50812.exe (PID: 10440)
- Unicorn-45576.exe (PID: 10404)
- Unicorn-50983.exe (PID: 10628)
- Unicorn-25924.exe (PID: 10636)
- Unicorn-17756.exe (PID: 10648)
- Unicorn-43738.exe (PID: 11104)
- Unicorn-51352.exe (PID: 11024)
- Unicorn-15098.exe (PID: 11668)
- Unicorn-19832.exe (PID: 11420)
- Unicorn-10438.exe (PID: 10288)
- Unicorn-17860.exe (PID: 12360)
- Unicorn-54424.exe (PID: 12400)
- Unicorn-6375.exe (PID: 12604)
- Unicorn-39048.exe (PID: 12692)
- Unicorn-22520.exe (PID: 12740)
- Unicorn-25836.exe (PID: 12488)
- Unicorn-30688.exe (PID: 12764)
- Unicorn-34969.exe (PID: 12944)
- Unicorn-9795.exe (PID: 13676)
- Unicorn-4102.exe (PID: 14028)
The sample compiled with chinese language support
- 1 (1338).exe (PID: 7288)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-45459.exe (PID: 6388)
- Unicorn-47690.exe (PID: 2284)
- Unicorn-49522.exe (PID: 7176)
- Unicorn-48391.exe (PID: 6728)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-4426.exe (PID: 6540)
- Unicorn-49522.exe (PID: 5200)
- Unicorn-10356.exe (PID: 680)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-7556.exe (PID: 4696)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-10186.exe (PID: 4108)
- Unicorn-61950.exe (PID: 8060)
- Unicorn-34395.exe (PID: 7744)
- Unicorn-5770.exe (PID: 7352)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-59418.exe (PID: 7336)
- Unicorn-43404.exe (PID: 7648)
- Unicorn-8214.exe (PID: 7312)
- Unicorn-51219.exe (PID: 7200)
- Unicorn-57306.exe (PID: 6744)
- Unicorn-57280.exe (PID: 7656)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-1037.exe (PID: 7676)
- Unicorn-23434.exe (PID: 6564)
- Unicorn-5386.exe (PID: 7688)
- Unicorn-33080.exe (PID: 7612)
- Unicorn-41711.exe (PID: 7700)
- Unicorn-20820.exe (PID: 2564)
- Unicorn-4426.exe (PID: 5720)
- Unicorn-20820.exe (PID: 5868)
- Unicorn-4426.exe (PID: 1052)
- Unicorn-57384.exe (PID: 7880)
- Unicorn-46014.exe (PID: 3240)
- Unicorn-15474.exe (PID: 7736)
- Unicorn-60783.exe (PID: 7724)
- Unicorn-57384.exe (PID: 4920)
- Unicorn-27727.exe (PID: 7968)
- Unicorn-37518.exe (PID: 6132)
- Unicorn-59614.exe (PID: 8128)
- Unicorn-342.exe (PID: 6272)
- Unicorn-45879.exe (PID: 8040)
- Unicorn-61146.exe (PID: 7868)
- Unicorn-37518.exe (PID: 7704)
- Unicorn-35125.exe (PID: 904)
- Unicorn-27727.exe (PID: 7852)
- Unicorn-54461.exe (PID: 8124)
- Unicorn-31811.exe (PID: 7876)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-36471.exe (PID: 7988)
- Unicorn-29049.exe (PID: 7992)
- Unicorn-3606.exe (PID: 7788)
- Unicorn-17565.exe (PID: 5400)
- Unicorn-6988.exe (PID: 7776)
- Unicorn-16745.exe (PID: 2420)
- Unicorn-9034.exe (PID: 1328)
- Unicorn-29625.exe (PID: 4784)
- Unicorn-25838.exe (PID: 1180)
- Unicorn-28116.exe (PID: 1240)
- Unicorn-482.exe (PID: 3008)
- Unicorn-34463.exe (PID: 2340)
- Unicorn-50238.exe (PID: 4464)
- Unicorn-37274.exe (PID: 7644)
- Unicorn-5682.exe (PID: 6392)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-38163.exe (PID: 6048)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-30933.exe (PID: 4844)
- Unicorn-10430.exe (PID: 7696)
- Unicorn-34463.exe (PID: 1676)
- Unicorn-42609.exe (PID: 7540)
- Unicorn-34655.exe (PID: 8216)
- Unicorn-20217.exe (PID: 8236)
- Unicorn-10726.exe (PID: 8336)
- Unicorn-40637.exe (PID: 8244)
- Unicorn-27255.exe (PID: 8280)
- Unicorn-45879.exe (PID: 8136)
- Unicorn-32085.exe (PID: 8316)
- Unicorn-59927.exe (PID: 8352)
- Unicorn-32853.exe (PID: 8736)
- Unicorn-7986.exe (PID: 8368)
- Unicorn-59927.exe (PID: 8360)
- Unicorn-8541.exe (PID: 8396)
- Unicorn-2558.exe (PID: 8328)
- Unicorn-28407.exe (PID: 8404)
- Unicorn-25069.exe (PID: 8420)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-3902.exe (PID: 8384)
- Unicorn-53103.exe (PID: 8504)
- Unicorn-40851.exe (PID: 8432)
- Unicorn-36767.exe (PID: 8444)
- Unicorn-44935.exe (PID: 8540)
- Unicorn-44935.exe (PID: 8520)
- Unicorn-27253.exe (PID: 8792)
- Unicorn-1280.exe (PID: 8752)
- Unicorn-65355.exe (PID: 8452)
- Unicorn-43789.exe (PID: 8784)
- Unicorn-7986.exe (PID: 8372)
- Unicorn-7794.exe (PID: 8572)
- Unicorn-44935.exe (PID: 8528)
- Unicorn-46589.exe (PID: 8760)
- Unicorn-2957.exe (PID: 8184)
- Unicorn-16709.exe (PID: 8664)
- Unicorn-52454.exe (PID: 8744)
- Unicorn-44319.exe (PID: 8776)
- Unicorn-25572.exe (PID: 3396)
- Unicorn-51661.exe (PID: 7192)
- Unicorn-24493.exe (PID: 8812)
- Unicorn-58510.exe (PID: 8840)
- Unicorn-8733.exe (PID: 8984)
- Unicorn-46589.exe (PID: 8864)
- Unicorn-38028.exe (PID: 8956)
- Unicorn-54639.exe (PID: 9044)
- Unicorn-62615.exe (PID: 9076)
- Unicorn-60761.exe (PID: 9024)
- Unicorn-21391.exe (PID: 9120)
- Unicorn-52209.exe (PID: 9152)
- Unicorn-17691.exe (PID: 8996)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-38879.exe (PID: 9224)
- Unicorn-49522.exe (PID: 6268)
- Unicorn-59299.exe (PID: 9260)
- Unicorn-43155.exe (PID: 8276)
- Unicorn-9449.exe (PID: 9312)
- Unicorn-10496.exe (PID: 7316)
- Unicorn-9449.exe (PID: 9300)
- Unicorn-1930.exe (PID: 9288)
- Unicorn-63383.exe (PID: 9232)
- Unicorn-15142.exe (PID: 9356)
- Unicorn-63389.exe (PID: 9432)
- Unicorn-48007.exe (PID: 9396)
- Unicorn-41877.exe (PID: 9388)
- Unicorn-59299.exe (PID: 9240)
- Unicorn-47815.exe (PID: 9496)
- Unicorn-15142.exe (PID: 9348)
- Unicorn-45577.exe (PID: 9588)
- Unicorn-32225.exe (PID: 9380)
- Unicorn-44286.exe (PID: 9536)
- Unicorn-31841.exe (PID: 9604)
- Unicorn-46661.exe (PID: 9564)
- Unicorn-6953.exe (PID: 9640)
- Unicorn-33376.exe (PID: 9736)
- Unicorn-5342.exe (PID: 9700)
- Unicorn-55334.exe (PID: 9656)
- Unicorn-31841.exe (PID: 9596)
- Unicorn-4403.exe (PID: 9752)
- Unicorn-5150.exe (PID: 9772)
- Unicorn-53967.exe (PID: 9808)
- Unicorn-16848.exe (PID: 9792)
- Unicorn-8295.exe (PID: 9816)
- Unicorn-32727.exe (PID: 9844)
- Unicorn-33354.exe (PID: 9864)
- Unicorn-15771.exe (PID: 8716)
- Unicorn-38228.exe (PID: 9916)
- Unicorn-33045.exe (PID: 8708)
- Unicorn-44094.exe (PID: 8804)
- Unicorn-11293.exe (PID: 9964)
- Unicorn-42749.exe (PID: 9068)
- Unicorn-44350.exe (PID: 9896)
- Unicorn-14374.exe (PID: 9196)
- Unicorn-39764.exe (PID: 10044)
- Unicorn-3178.exe (PID: 10072)
- Unicorn-64844.exe (PID: 10104)
- Unicorn-46078.exe (PID: 10168)
- Unicorn-37216.exe (PID: 7372)
- Unicorn-8243.exe (PID: 6712)
- Unicorn-53723.exe (PID: 8312)
- Unicorn-30701.exe (PID: 896)
- Unicorn-25475.exe (PID: 9108)
- Unicorn-54128.exe (PID: 10304)
- Unicorn-50236.exe (PID: 10260)
- Unicorn-26094.exe (PID: 10328)
- Unicorn-45576.exe (PID: 10404)
- Unicorn-21072.exe (PID: 10380)
- Unicorn-29240.exe (PID: 10368)
- Unicorn-25864.exe (PID: 5204)
- Unicorn-10025.exe (PID: 9204)
- Unicorn-46728.exe (PID: 10496)
- Unicorn-21818.exe (PID: 10348)
- Unicorn-40598.exe (PID: 10488)
- Unicorn-50812.exe (PID: 10440)
- Unicorn-9587.exe (PID: 10536)
- Unicorn-17756.exe (PID: 10648)
- Unicorn-50983.exe (PID: 10628)
- Unicorn-63988.exe (PID: 10768)
- Unicorn-40598.exe (PID: 10480)
- Unicorn-13863.exe (PID: 10448)
- Unicorn-23702.exe (PID: 10700)
- Unicorn-63988.exe (PID: 10760)
- Unicorn-34284.exe (PID: 10596)
- Unicorn-19064.exe (PID: 10820)
- Unicorn-6811.exe (PID: 10860)
- Unicorn-54512.exe (PID: 10604)
- Unicorn-46344.exe (PID: 10668)
- Unicorn-25924.exe (PID: 10636)
- Unicorn-6442.exe (PID: 10472)
- Unicorn-4765.exe (PID: 10832)
- Unicorn-56183.exe (PID: 11164)
- Unicorn-39484.exe (PID: 10716)
- Unicorn-55628.exe (PID: 10936)
- Unicorn-43738.exe (PID: 11104)
- Unicorn-60267.exe (PID: 11144)
- Unicorn-51352.exe (PID: 11024)
- Unicorn-35400.exe (PID: 10880)
- Unicorn-43184.exe (PID: 11040)
- Unicorn-31486.exe (PID: 11016)
- Unicorn-60459.exe (PID: 10952)
- Unicorn-27210.exe (PID: 11248)
- Unicorn-64159.exe (PID: 11268)
- Unicorn-24993.exe (PID: 10984)
- Unicorn-52099.exe (PID: 11172)
- Unicorn-43184.exe (PID: 11048)
- Unicorn-63604.exe (PID: 11112)
- Unicorn-43184.exe (PID: 11032)
- Unicorn-2898.exe (PID: 11216)
- Unicorn-1959.exe (PID: 7216)
- Unicorn-20525.exe (PID: 11320)
- Unicorn-39462.exe (PID: 2064)
- Unicorn-22764.exe (PID: 11224)
- Unicorn-47631.exe (PID: 7256)
- Unicorn-6235.exe (PID: 11300)
- Unicorn-18222.exe (PID: 11244)
- Unicorn-19042.exe (PID: 4736)
- Unicorn-60672.exe (PID: 11388)
- Unicorn-62710.exe (PID: 11364)
- Unicorn-28000.exe (PID: 11448)
- Unicorn-36530.exe (PID: 11564)
- Unicorn-19832.exe (PID: 11420)
- Unicorn-39298.exe (PID: 11504)
- Unicorn-26656.exe (PID: 11328)
- Unicorn-3303.exe (PID: 11372)
- Unicorn-47963.exe (PID: 11496)
- Unicorn-39828.exe (PID: 11480)
- Unicorn-55634.exe (PID: 11540)
- Unicorn-10510.exe (PID: 11600)
- Unicorn-47077.exe (PID: 11584)
- Unicorn-41714.exe (PID: 11716)
- Unicorn-48228.exe (PID: 11512)
Reads the computer name
- 1 (1338).exe (PID: 7288)
- Unicorn-34395.exe (PID: 7744)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-25572.exe (PID: 3396)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-46014.exe (PID: 3240)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-59418.exe (PID: 7336)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-1037.exe (PID: 7676)
- Unicorn-20820.exe (PID: 2564)
- Unicorn-57384.exe (PID: 7880)
- Unicorn-60783.exe (PID: 7724)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-57384.exe (PID: 4920)
- Unicorn-35125.exe (PID: 904)
- Unicorn-45879.exe (PID: 8136)
- Unicorn-37518.exe (PID: 6132)
- Unicorn-59614.exe (PID: 8128)
- Unicorn-61146.exe (PID: 7868)
- Unicorn-37518.exe (PID: 7704)
- Unicorn-3606.exe (PID: 7788)
- Unicorn-17565.exe (PID: 5400)
- Unicorn-29049.exe (PID: 7992)
- Unicorn-16745.exe (PID: 2420)
- Unicorn-9034.exe (PID: 1328)
- Unicorn-482.exe (PID: 3008)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-34463.exe (PID: 2340)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-29071.exe (PID: 5756)
- Unicorn-38163.exe (PID: 6048)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-20217.exe (PID: 8236)
- Unicorn-27255.exe (PID: 8280)
- Unicorn-59927.exe (PID: 8352)
- Unicorn-3902.exe (PID: 8384)
- Unicorn-44935.exe (PID: 8528)
- Unicorn-52454.exe (PID: 8744)
- Unicorn-33045.exe (PID: 8708)
- Unicorn-25069.exe (PID: 8420)
- Unicorn-8733.exe (PID: 8984)
- Unicorn-38028.exe (PID: 8956)
- Unicorn-9449.exe (PID: 9300)
Create files in a temporary directory
- Unicorn-61950.exe (PID: 8060)
- Unicorn-23434.exe (PID: 6564)
- Unicorn-51219.exe (PID: 7200)
- 1 (1338).exe (PID: 7288)
- Unicorn-54410.exe (PID: 1600)
- Unicorn-49522.exe (PID: 7176)
- Unicorn-49522.exe (PID: 5200)
- Unicorn-34395.exe (PID: 7744)
- Unicorn-8214.exe (PID: 7312)
- Unicorn-48391.exe (PID: 6728)
- Unicorn-57311.exe (PID: 8052)
- Unicorn-4426.exe (PID: 6540)
- Unicorn-48545.exe (PID: 2852)
- Unicorn-61795.exe (PID: 4224)
- Unicorn-10186.exe (PID: 4108)
- Unicorn-43404.exe (PID: 7648)
- Unicorn-5386.exe (PID: 7688)
- Unicorn-25807.exe (PID: 7628)
- Unicorn-51498.exe (PID: 4896)
- Unicorn-33080.exe (PID: 7612)
- Unicorn-47690.exe (PID: 2284)
- Unicorn-45459.exe (PID: 6388)
- Unicorn-20820.exe (PID: 5868)
- Unicorn-57384.exe (PID: 7880)
- Unicorn-46014.exe (PID: 3240)
- Unicorn-15474.exe (PID: 7736)
- Unicorn-57384.exe (PID: 4920)
- Unicorn-27727.exe (PID: 7968)
- Unicorn-59614.exe (PID: 8128)
- Unicorn-342.exe (PID: 6272)
- Unicorn-45879.exe (PID: 8040)
- Unicorn-27727.exe (PID: 7852)
- Unicorn-35125.exe (PID: 904)
- Unicorn-54461.exe (PID: 8124)
- Unicorn-7556.exe (PID: 4696)
- Unicorn-31811.exe (PID: 7876)
- Unicorn-62158.exe (PID: 5428)
- Unicorn-16221.exe (PID: 6040)
- Unicorn-61027.exe (PID: 4560)
- Unicorn-5770.exe (PID: 7352)
- Unicorn-10356.exe (PID: 680)
- Unicorn-3606.exe (PID: 7788)
- Unicorn-16745.exe (PID: 2420)
- Unicorn-57306.exe (PID: 6744)
- Unicorn-25838.exe (PID: 1180)
- Unicorn-50238.exe (PID: 4464)
- Unicorn-29625.exe (PID: 4784)
- Unicorn-16627.exe (PID: 5228)
- Unicorn-57280.exe (PID: 7656)
- Unicorn-38163.exe (PID: 6048)
- Unicorn-44669.exe (PID: 5212)
- Unicorn-34463.exe (PID: 1676)
- Unicorn-29071.exe (PID: 5756)
- Unicorn-20217.exe (PID: 8236)
- Unicorn-10726.exe (PID: 8336)
- Unicorn-25069.exe (PID: 8420)
- Unicorn-53103.exe (PID: 8504)
- Unicorn-27727.exe (PID: 7904)
- Unicorn-3902.exe (PID: 8384)
- Unicorn-60783.exe (PID: 7724)
- Unicorn-58510.exe (PID: 8840)
- Unicorn-46589.exe (PID: 8864)
- Unicorn-54639.exe (PID: 9044)
- Unicorn-61425.exe (PID: 5072)
- Unicorn-38879.exe (PID: 9224)
- Unicorn-6988.exe (PID: 7776)
- Unicorn-49683.exe (PID: 6752)
- Unicorn-37274.exe (PID: 7644)
- Unicorn-27255.exe (PID: 8280)
Creates files or folders in the user directory
- Unicorn-29071.exe (PID: 5756)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
495
Monitored processes
361
Malicious processes
55
Suspicious processes
65
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 680 | C:\Users\admin\AppData\Local\Temp\Unicorn-10356.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10356.exe | Unicorn-61950.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 896 | C:\Users\admin\AppData\Local\Temp\Unicorn-30701.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-30701.exe | Unicorn-43404.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 904 | C:\Users\admin\AppData\Local\Temp\Unicorn-35125.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35125.exe | 1 (1338).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1052 | C:\Users\admin\AppData\Local\Temp\Unicorn-4426.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4426.exe | Unicorn-48545.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1180 | C:\Users\admin\AppData\Local\Temp\Unicorn-25838.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25838.exe | Unicorn-47690.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-28116.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28116.exe | Unicorn-57311.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1328 | C:\Users\admin\AppData\Local\Temp\Unicorn-9034.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9034.exe | Unicorn-37274.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1600 | C:\Users\admin\AppData\Local\Temp\Unicorn-54410.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54410.exe | 1 (1338).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1676 | C:\Users\admin\AppData\Local\Temp\Unicorn-34463.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34463.exe | Unicorn-10430.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2064 | C:\Users\admin\AppData\Local\Temp\Unicorn-39462.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-39462.exe | Unicorn-54461.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
7 737
Read events
7 737
Write events
0
Delete events
0
Modification events
Executable files
1 199
Suspicious files
27
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7288 | 1 (1338).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61425.exe | executable | |
MD5:C9BC46D659160D9806BADCF4F2D0D844 | SHA256:6BB20809662A877A0ABB3EB1E35C441ABB1F264E5D4DCB795554363A21173DF5 | |||
| 7744 | Unicorn-34395.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47690.exe | executable | |
MD5:44F0B1F5872D7ACF57ACD59B36AB61CB | SHA256:C4F567E06C082101E400C7BAC2566A3B78E5ACE44F1DE8E5ABC2AF32B6C6499C | |||
| 8060 | Unicorn-61950.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10186.exe | executable | |
MD5:6C2A51E073A0E535C721F2CEF984EF45 | SHA256:0572B1B1E460D56B37DD46954822E228E04D101375DE9EC64C3CDCFC84953DB7 | |||
| 7744 | Unicorn-34395.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57311.exe | executable | |
MD5:1265D7E42932A127772BF97909BF556D | SHA256:601A61A730B7F4833C02EFE6F40F55EDD7B7F6146F7CE6CA513EBB14AF25C77B | |||
| 7288 | 1 (1338).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61950.exe | executable | |
MD5:0F43F37A88A00EADCBA7BBDA8FBBDA15 | SHA256:23A57755D49CF38E31A0BB4F90E5D485809BEDAC000B3F5E9D31F61C669B999D | |||
| 7200 | Unicorn-51219.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-8214.exe | executable | |
MD5:46EEE62298266D65F8849CBA96041D73 | SHA256:FCB958B82320318D900D50602E88EA307404049F5B5960B740D085468AFC7F8A | |||
| 7288 | 1 (1338).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54410.exe | executable | |
MD5:339C6D38FBD0A3974723F9F8FA86AEAC | SHA256:A962032AAB190627009570045964143F374F2D766CCF89434CFFCDC07632321B | |||
| 8052 | Unicorn-57311.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23434.exe | executable | |
MD5:CF991522C014F721F5E8F6CDE88678F7 | SHA256:A473DAD89F334625570003321DE0350C33D052C5116A31DBF71CD0A10BBA27BF | |||
| 5072 | Unicorn-61425.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49522.exe | executable | |
MD5:1AD406E6406FD7F8CA5A7985A90DDBCE | SHA256:79CE33620A95489BA33F2BB59DCA58B304AF685A7A8CD13EC37413398F95DCD7 | |||
| 8060 | Unicorn-61950.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25572.exe | executable | |
MD5:E3E0871D1C5449C5C4167A8D2C32DFD7 | SHA256:B26E18E43DEE816640BA875DEBB0C925B587EDB751C0D54B3DA60A26D80C63B2 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.194:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
7788 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8268 | SIHClient.exe | GET | 200 | 2.23.181.156:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8268 | SIHClient.exe | GET | 200 | 2.23.181.156:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 23.48.23.194:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
6652 | RUXIMICS.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2112 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.159.128:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |