File name:

1 (1295)

Full analysis: https://app.any.run/tasks/00457f33-c27d-4e1a-a10e-c2b4f90873ac
Verdict: Malicious activity
Analysis date: March 24, 2025, 13:17:36
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

B3407E7EBAFF8937490FB9DD441D8B70

SHA1:

862B47C25A610664B6317841968CA693E9444C15

SHA256:

E33B84BF4DFE3FF8DDE8AB54C7C4FF95BEA510CEA6528986A3BDD9B149667293

SSDEEP:

6144:77wgV7+ZQDAHA5ZTZ7sXUJfx5pBEovJHB3/WpSaCZk/8SwjwpyAOEh8sWzuGLJIt:7UsyJHA5BZQWBbhh3OpSaCUx4DxDsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • Unicorn-539.exe (PID: 4408)
      • Unicorn-24414.exe (PID: 6512)
      • 1 (1295).exe (PID: 660)
      • Unicorn-40750.exe (PID: 4920)
      • Unicorn-14199.exe (PID: 4068)
      • Unicorn-35632.exe (PID: 1660)
      • Unicorn-63474.exe (PID: 1388)
      • Unicorn-13951.exe (PID: 1228)
      • Unicorn-2213.exe (PID: 1276)
      • Unicorn-38321.exe (PID: 1568)
      • Unicorn-42670.exe (PID: 2088)
      • Unicorn-42670.exe (PID: 5588)
      • Unicorn-49406.exe (PID: 1096)
      • Unicorn-13.exe (PID: 5720)
      • Unicorn-54258.exe (PID: 6392)
      • Unicorn-50174.exe (PID: 6112)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-46090.exe (PID: 3884)
      • Unicorn-17118.exe (PID: 4688)
      • Unicorn-19.exe (PID: 7192)
      • Unicorn-33131.exe (PID: 7228)
      • Unicorn-23894.exe (PID: 7212)
      • Unicorn-10485.exe (PID: 7312)
      • Unicorn-39820.exe (PID: 7332)
      • Unicorn-61030.exe (PID: 7348)
      • Unicorn-50816.exe (PID: 7368)
      • Unicorn-48778.exe (PID: 7380)
      • Unicorn-27709.exe (PID: 7408)
      • Unicorn-24466.exe (PID: 7484)
      • Unicorn-41548.exe (PID: 7504)
      • Unicorn-40610.exe (PID: 7520)
      • Unicorn-61777.exe (PID: 7540)
      • Unicorn-51252.exe (PID: 3888)
      • Unicorn-5752.exe (PID: 7584)
      • Unicorn-46230.exe (PID: 7640)
      • Unicorn-37538.exe (PID: 2092)
      • Unicorn-46230.exe (PID: 7648)
      • Unicorn-48970.exe (PID: 7560)
      • Unicorn-46230.exe (PID: 7608)
      • Unicorn-17672.exe (PID: 6228)
      • Unicorn-23239.exe (PID: 2908)
      • Unicorn-41762.exe (PID: 7660)
      • Unicorn-46230.exe (PID: 7616)
      • Unicorn-50314.exe (PID: 7624)
      • Unicorn-50314.exe (PID: 7632)
      • Unicorn-46593.exe (PID: 7812)
      • Unicorn-46593.exe (PID: 7748)
      • Unicorn-8824.exe (PID: 7756)
      • Unicorn-13173.exe (PID: 7696)
      • Unicorn-21342.exe (PID: 7716)
      • Unicorn-54761.exe (PID: 7788)
      • Unicorn-60328.exe (PID: 7740)
      • Unicorn-29370.exe (PID: 3300)
      • Unicorn-2959.exe (PID: 7724)
      • Unicorn-49160.exe (PID: 7764)
      • Unicorn-60328.exe (PID: 7824)
      • Unicorn-22302.exe (PID: 7908)
      • Unicorn-55166.exe (PID: 7940)
      • Unicorn-32315.exe (PID: 7956)
      • Unicorn-51637.exe (PID: 7924)
      • Unicorn-33978.exe (PID: 7988)
      • Unicorn-54590.exe (PID: 8084)
      • Unicorn-46422.exe (PID: 8108)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-46422.exe (PID: 8112)
      • Unicorn-63304.exe (PID: 3140)
      • Unicorn-30937.exe (PID: 8140)
      • Unicorn-50506.exe (PID: 8124)
      • Unicorn-3168.exe (PID: 8172)
      • Unicorn-48778.exe (PID: 7388)
      • Unicorn-31970.exe (PID: 8228)
      • Unicorn-39178.exe (PID: 6972)
      • Unicorn-8108.exe (PID: 7416)
      • Unicorn-10760.exe (PID: 6656)
      • Unicorn-36940.exe (PID: 8208)
      • Unicorn-46452.exe (PID: 8272)
      • Unicorn-38092.exe (PID: 8328)
      • Unicorn-63490.exe (PID: 2980)
      • Unicorn-16188.exe (PID: 8344)
      • Unicorn-7465.exe (PID: 8248)
      • Unicorn-11357.exe (PID: 8296)
      • Unicorn-7273.exe (PID: 8304)
      • Unicorn-3936.exe (PID: 8240)
      • Unicorn-12125.exe (PID: 8388)
      • Unicorn-29208.exe (PID: 8408)
      • Unicorn-58202.exe (PID: 8528)
      • Unicorn-46313.exe (PID: 8556)
      • Unicorn-24954.exe (PID: 8572)
      • Unicorn-34274.exe (PID: 8676)
      • Unicorn-47273.exe (PID: 8708)
      • Unicorn-1964.exe (PID: 8728)
      • Unicorn-38358.exe (PID: 8764)
      • Unicorn-17532.exe (PID: 8592)
      • Unicorn-62670.exe (PID: 8800)
      • Unicorn-9385.exe (PID: 8788)
      • Unicorn-58778.exe (PID: 8748)
      • Unicorn-5301.exe (PID: 8780)
      • Unicorn-1025.exe (PID: 8872)
      • Unicorn-58949.exe (PID: 8844)
      • Unicorn-50226.exe (PID: 8880)
      • Unicorn-49524.exe (PID: 8956)
      • Unicorn-25530.exe (PID: 8836)
      • Unicorn-35042.exe (PID: 8908)
      • Unicorn-33698.exe (PID: 8828)
      • Unicorn-22192.exe (PID: 8932)
      • Unicorn-17751.exe (PID: 9044)
      • Unicorn-4407.exe (PID: 8924)
      • Unicorn-30501.exe (PID: 9004)
      • Unicorn-34201.exe (PID: 9188)
      • Unicorn-4023.exe (PID: 9116)
      • Unicorn-63993.exe (PID: 9092)
      • Unicorn-46870.exe (PID: 9140)
      • Unicorn-9888.exe (PID: 9132)
      • Unicorn-39126.exe (PID: 9068)
      • Unicorn-31726.exe (PID: 9212)
      • Unicorn-20220.exe (PID: 1852)
      • Unicorn-19282.exe (PID: 7996)
      • Unicorn-55825.exe (PID: 9124)
      • Unicorn-27450.exe (PID: 8016)
      • Unicorn-22717.exe (PID: 9264)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-43978.exe (PID: 9232)
      • Unicorn-36194.exe (PID: 9316)
      • Unicorn-7413.exe (PID: 9356)
      • Unicorn-4599.exe (PID: 9288)
      • Unicorn-15581.exe (PID: 9340)
      • Unicorn-24866.exe (PID: 9496)
      • Unicorn-8529.exe (PID: 9528)
      • Unicorn-8529.exe (PID: 9532)
      • Unicorn-65337.exe (PID: 9348)
      • Unicorn-24674.exe (PID: 9636)
      • Unicorn-54009.exe (PID: 9668)
      • Unicorn-16698.exe (PID: 9508)
      • Unicorn-28950.exe (PID: 9704)
      • Unicorn-56577.exe (PID: 9656)
      • Unicorn-26572.exe (PID: 9836)
      • Unicorn-33396.exe (PID: 9748)
      • Unicorn-1876.exe (PID: 9796)
      • Unicorn-61430.exe (PID: 9740)
      • Unicorn-57081.exe (PID: 9772)
      • Unicorn-47132.exe (PID: 9756)
      • Unicorn-11335.exe (PID: 9888)
      • Unicorn-257.exe (PID: 8652)
      • Unicorn-44332.exe (PID: 9764)
      • Unicorn-55109.exe (PID: 10052)
      • Unicorn-39732.exe (PID: 9964)
      • Unicorn-58306.exe (PID: 9928)
      • Unicorn-4829.exe (PID: 9944)
      • Unicorn-47206.exe (PID: 10064)
      • Unicorn-18234.exe (PID: 10100)
      • Unicorn-6173.exe (PID: 10012)
      • Unicorn-27148.exe (PID: 10152)
      • Unicorn-5789.exe (PID: 8696)
      • Unicorn-13692.exe (PID: 10228)
      • Unicorn-2089.exe (PID: 10044)
      • Unicorn-56836.exe (PID: 9452)
      • Unicorn-34113.exe (PID: 10040)
      • Unicorn-52369.exe (PID: 2616)
      • Unicorn-36276.exe (PID: 8040)
      • Unicorn-13957.exe (PID: 10236)
      • Unicorn-2068.exe (PID: 8700)
      • Unicorn-50714.exe (PID: 5200)
      • Unicorn-44445.exe (PID: 9620)
      • Unicorn-20847.exe (PID: 10308)
      • Unicorn-6099.exe (PID: 9724)
      • Unicorn-8529.exe (PID: 9544)
      • Unicorn-56142.exe (PID: 2096)
      • Unicorn-64673.exe (PID: 10268)
      • Unicorn-35338.exe (PID: 10328)
      • Unicorn-23854.exe (PID: 10352)
      • Unicorn-8072.exe (PID: 10360)
      • Unicorn-42058.exe (PID: 8900)
      • Unicorn-58372.exe (PID: 10408)
      • Unicorn-47014.exe (PID: 10160)

    • Starts itself from another location

      • Unicorn-539.exe (PID: 4408)
      • Unicorn-24414.exe (PID: 6512)
      • 1 (1295).exe (PID: 660)
      • Unicorn-40750.exe (PID: 4920)
      • Unicorn-35632.exe (PID: 1660)
      • Unicorn-63474.exe (PID: 1388)
      • Unicorn-13951.exe (PID: 1228)
      • Unicorn-14199.exe (PID: 4068)
      • Unicorn-2213.exe (PID: 1276)
      • Unicorn-42670.exe (PID: 2088)
      • Unicorn-42670.exe (PID: 5588)
      • Unicorn-49406.exe (PID: 1096)
      • Unicorn-38321.exe (PID: 1568)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-51252.exe (PID: 3888)
      • Unicorn-13.exe (PID: 5720)
      • Unicorn-54258.exe (PID: 6392)
      • Unicorn-46090.exe (PID: 3884)
      • Unicorn-23239.exe (PID: 2908)
      • Unicorn-17672.exe (PID: 6228)
      • Unicorn-17118.exe (PID: 4688)
      • Unicorn-29370.exe (PID: 3300)
      • Unicorn-37538.exe (PID: 2092)
      • Unicorn-50174.exe (PID: 6112)
      • Unicorn-19.exe (PID: 7192)
      • Unicorn-33131.exe (PID: 7228)
      • Unicorn-23894.exe (PID: 7212)
      • Unicorn-10485.exe (PID: 7312)
      • Unicorn-39820.exe (PID: 7332)
      • Unicorn-61030.exe (PID: 7348)
      • Unicorn-48778.exe (PID: 7388)
      • Unicorn-48778.exe (PID: 7380)
      • Unicorn-8108.exe (PID: 7416)
      • Unicorn-27709.exe (PID: 7408)
      • Unicorn-50816.exe (PID: 7368)
      • Unicorn-24466.exe (PID: 7484)
      • Unicorn-41548.exe (PID: 7504)
      • Unicorn-40610.exe (PID: 7520)
      • Unicorn-48970.exe (PID: 7560)
      • Unicorn-46230.exe (PID: 7640)
      • Unicorn-46230.exe (PID: 7608)
      • Unicorn-41762.exe (PID: 7660)
      • Unicorn-46230.exe (PID: 7616)
      • Unicorn-46230.exe (PID: 7648)
      • Unicorn-50314.exe (PID: 7624)
      • Unicorn-50314.exe (PID: 7632)
      • Unicorn-46593.exe (PID: 7812)
      • Unicorn-46593.exe (PID: 7748)
      • Unicorn-8824.exe (PID: 7756)
      • Unicorn-21342.exe (PID: 7716)
      • Unicorn-13173.exe (PID: 7696)
      • Unicorn-60328.exe (PID: 7740)
      • Unicorn-49160.exe (PID: 7764)
      • Unicorn-60328.exe (PID: 7824)
      • Unicorn-54761.exe (PID: 7788)
      • Unicorn-22302.exe (PID: 7908)
      • Unicorn-55166.exe (PID: 7940)
      • Unicorn-32315.exe (PID: 7956)
      • Unicorn-2959.exe (PID: 7724)
      • Unicorn-51637.exe (PID: 7924)
      • Unicorn-33978.exe (PID: 7988)
      • Unicorn-46422.exe (PID: 8108)
      • Unicorn-4651.exe (PID: 8188)
      • Unicorn-30937.exe (PID: 8140)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-54590.exe (PID: 8084)
      • Unicorn-52369.exe (PID: 2616)
      • Unicorn-46422.exe (PID: 8112)
      • Unicorn-50506.exe (PID: 8124)
      • Unicorn-3168.exe (PID: 8172)
      • Unicorn-10760.exe (PID: 6656)
      • Unicorn-36940.exe (PID: 8208)
      • Unicorn-31970.exe (PID: 8228)
      • Unicorn-38092.exe (PID: 8328)
      • Unicorn-63490.exe (PID: 2980)
      • Unicorn-16188.exe (PID: 8344)
      • Unicorn-39178.exe (PID: 6972)
      • Unicorn-7273.exe (PID: 8304)
      • Unicorn-11357.exe (PID: 8296)
      • Unicorn-46452.exe (PID: 8272)
      • Unicorn-5752.exe (PID: 7584)
      • Unicorn-12125.exe (PID: 8388)
      • Unicorn-29208.exe (PID: 8408)
      • Unicorn-61777.exe (PID: 7540)
      • Unicorn-3936.exe (PID: 8240)
      • Unicorn-24954.exe (PID: 8572)
      • Unicorn-34274.exe (PID: 8676)
      • Unicorn-257.exe (PID: 8652)
      • Unicorn-58202.exe (PID: 8528)
      • Unicorn-46313.exe (PID: 8556)
      • Unicorn-47273.exe (PID: 8708)
      • Unicorn-1964.exe (PID: 8728)
      • Unicorn-38358.exe (PID: 8764)
      • Unicorn-17532.exe (PID: 8592)
      • Unicorn-58778.exe (PID: 8748)
      • Unicorn-62670.exe (PID: 8800)
      • Unicorn-9385.exe (PID: 8788)
      • Unicorn-5301.exe (PID: 8780)
      • Unicorn-1025.exe (PID: 8872)
      • Unicorn-50226.exe (PID: 8880)
      • Unicorn-25530.exe (PID: 8836)
      • Unicorn-58949.exe (PID: 8844)
      • Unicorn-35042.exe (PID: 8908)
      • Unicorn-42058.exe (PID: 8900)
      • Unicorn-33698.exe (PID: 8828)
      • Unicorn-22192.exe (PID: 8932)
      • Unicorn-49524.exe (PID: 8956)
      • Unicorn-4407.exe (PID: 8924)
      • Unicorn-30501.exe (PID: 9004)
      • Unicorn-4023.exe (PID: 9116)
      • Unicorn-34201.exe (PID: 9188)
      • Unicorn-17751.exe (PID: 9044)
      • Unicorn-30958.exe (PID: 8892)
      • Unicorn-39126.exe (PID: 9068)
      • Unicorn-9888.exe (PID: 9132)
      • Unicorn-63993.exe (PID: 9092)
      • Unicorn-46870.exe (PID: 9140)
      • Unicorn-55825.exe (PID: 9124)
      • Unicorn-20220.exe (PID: 1852)
      • Unicorn-19282.exe (PID: 7996)
      • Unicorn-31726.exe (PID: 9212)
      • Unicorn-22717.exe (PID: 9264)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-43978.exe (PID: 9232)
      • Unicorn-27450.exe (PID: 8016)
      • Unicorn-4599.exe (PID: 9288)
      • Unicorn-63304.exe (PID: 3140)
      • Unicorn-15581.exe (PID: 9340)
      • Unicorn-36194.exe (PID: 9316)
      • Unicorn-7413.exe (PID: 9356)
      • Unicorn-65337.exe (PID: 9348)
      • Unicorn-7465.exe (PID: 8248)
      • Unicorn-24866.exe (PID: 9496)
      • Unicorn-8529.exe (PID: 9528)
      • Unicorn-8529.exe (PID: 9544)
      • Unicorn-54009.exe (PID: 9668)
      • Unicorn-16698.exe (PID: 9508)
      • Unicorn-56577.exe (PID: 9656)
      • Unicorn-8529.exe (PID: 9532)
      • Unicorn-6099.exe (PID: 9724)
      • Unicorn-26572.exe (PID: 9836)
      • Unicorn-33396.exe (PID: 9748)
      • Unicorn-57901.exe (PID: 9732)
      • Unicorn-1876.exe (PID: 9796)
      • Unicorn-28950.exe (PID: 9704)
      • Unicorn-61430.exe (PID: 9740)
      • Unicorn-57081.exe (PID: 9772)
      • Unicorn-24674.exe (PID: 9636)
      • Unicorn-11335.exe (PID: 9888)
      • Unicorn-44332.exe (PID: 9764)
      • Unicorn-47132.exe (PID: 9756)
      • Unicorn-39732.exe (PID: 9964)
      • Unicorn-58306.exe (PID: 9928)
      • Unicorn-4829.exe (PID: 9944)
      • Unicorn-55109.exe (PID: 10052)
      • Unicorn-18234.exe (PID: 10100)
      • Unicorn-47206.exe (PID: 10064)
      • Unicorn-6173.exe (PID: 10012)
      • Unicorn-2089.exe (PID: 10044)
      • Unicorn-27148.exe (PID: 10152)
      • Unicorn-18980.exe (PID: 10172)
      • Unicorn-47014.exe (PID: 10160)
      • Unicorn-34762.exe (PID: 10208)
      • Unicorn-56836.exe (PID: 9452)
      • Unicorn-13692.exe (PID: 10228)
      • Unicorn-13957.exe (PID: 10236)
      • Unicorn-34113.exe (PID: 10040)
      • Unicorn-36276.exe (PID: 8040)
      • Unicorn-50714.exe (PID: 5200)
      • Unicorn-2068.exe (PID: 8700)
      • Unicorn-44445.exe (PID: 9620)
      • Unicorn-56142.exe (PID: 2096)
      • Unicorn-64673.exe (PID: 10268)
      • Unicorn-20847.exe (PID: 10308)
      • Unicorn-35338.exe (PID: 10328)
      • Unicorn-23854.exe (PID: 10352)
      • Unicorn-8072.exe (PID: 10360)
      • Unicorn-58372.exe (PID: 10408)
      • Unicorn-5789.exe (PID: 8696)

    • Executes application which crashes

      • Unicorn-63313.exe (PID: 8036)
      • Unicorn-39836.exe (PID: 14424)

  • INFO

    • The sample compiled with chinese language support

      • 1 (1295).exe (PID: 660)
      • Unicorn-539.exe (PID: 4408)
      • Unicorn-40750.exe (PID: 4920)
      • Unicorn-24414.exe (PID: 6512)
      • Unicorn-14199.exe (PID: 4068)
      • Unicorn-2213.exe (PID: 1276)
      • Unicorn-35632.exe (PID: 1660)
      • Unicorn-63474.exe (PID: 1388)
      • Unicorn-13951.exe (PID: 1228)
      • Unicorn-38321.exe (PID: 1568)
      • Unicorn-42670.exe (PID: 2088)
      • Unicorn-42670.exe (PID: 5588)
      • Unicorn-49406.exe (PID: 1096)
      • Unicorn-13.exe (PID: 5720)
      • Unicorn-54258.exe (PID: 6392)
      • Unicorn-50174.exe (PID: 6112)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-46090.exe (PID: 3884)
      • Unicorn-19.exe (PID: 7192)
      • Unicorn-17118.exe (PID: 4688)
      • Unicorn-33131.exe (PID: 7228)
      • Unicorn-23894.exe (PID: 7212)
      • Unicorn-10485.exe (PID: 7312)
      • Unicorn-39820.exe (PID: 7332)
      • Unicorn-61030.exe (PID: 7348)
      • Unicorn-48778.exe (PID: 7380)
      • Unicorn-27709.exe (PID: 7408)
      • Unicorn-50816.exe (PID: 7368)
      • Unicorn-24466.exe (PID: 7484)
      • Unicorn-40610.exe (PID: 7520)
      • Unicorn-41548.exe (PID: 7504)
      • Unicorn-61777.exe (PID: 7540)
      • Unicorn-51252.exe (PID: 3888)
      • Unicorn-46230.exe (PID: 7648)
      • Unicorn-5752.exe (PID: 7584)
      • Unicorn-46230.exe (PID: 7640)
      • Unicorn-37538.exe (PID: 2092)
      • Unicorn-48970.exe (PID: 7560)
      • Unicorn-17672.exe (PID: 6228)
      • Unicorn-46230.exe (PID: 7608)
      • Unicorn-23239.exe (PID: 2908)
      • Unicorn-41762.exe (PID: 7660)
      • Unicorn-46230.exe (PID: 7616)
      • Unicorn-50314.exe (PID: 7624)
      • Unicorn-46593.exe (PID: 7748)
      • Unicorn-50314.exe (PID: 7632)
      • Unicorn-46593.exe (PID: 7812)
      • Unicorn-8824.exe (PID: 7756)
      • Unicorn-21342.exe (PID: 7716)
      • Unicorn-13173.exe (PID: 7696)
      • Unicorn-60328.exe (PID: 7740)
      • Unicorn-49160.exe (PID: 7764)
      • Unicorn-54761.exe (PID: 7788)
      • Unicorn-60328.exe (PID: 7824)
      • Unicorn-29370.exe (PID: 3300)
      • Unicorn-2959.exe (PID: 7724)
      • Unicorn-55166.exe (PID: 7940)
      • Unicorn-32315.exe (PID: 7956)
      • Unicorn-22302.exe (PID: 7908)
      • Unicorn-51637.exe (PID: 7924)
      • Unicorn-33978.exe (PID: 7988)
      • Unicorn-54590.exe (PID: 8084)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-30937.exe (PID: 8140)
      • Unicorn-63304.exe (PID: 3140)
      • Unicorn-46422.exe (PID: 8108)
      • Unicorn-50506.exe (PID: 8124)
      • Unicorn-3168.exe (PID: 8172)
      • Unicorn-48778.exe (PID: 7388)
      • Unicorn-46422.exe (PID: 8112)
      • Unicorn-36940.exe (PID: 8208)
      • Unicorn-31970.exe (PID: 8228)
      • Unicorn-39178.exe (PID: 6972)
      • Unicorn-8108.exe (PID: 7416)
      • Unicorn-10760.exe (PID: 6656)
      • Unicorn-38092.exe (PID: 8328)
      • Unicorn-63490.exe (PID: 2980)
      • Unicorn-16188.exe (PID: 8344)
      • Unicorn-11357.exe (PID: 8296)
      • Unicorn-3936.exe (PID: 8240)
      • Unicorn-46452.exe (PID: 8272)
      • Unicorn-7273.exe (PID: 8304)
      • Unicorn-7465.exe (PID: 8248)
      • Unicorn-12125.exe (PID: 8388)
      • Unicorn-29208.exe (PID: 8408)
      • Unicorn-46313.exe (PID: 8556)
      • Unicorn-34274.exe (PID: 8676)
      • Unicorn-58202.exe (PID: 8528)
      • Unicorn-24954.exe (PID: 8572)
      • Unicorn-47273.exe (PID: 8708)
      • Unicorn-1964.exe (PID: 8728)
      • Unicorn-38358.exe (PID: 8764)
      • Unicorn-17532.exe (PID: 8592)
      • Unicorn-9385.exe (PID: 8788)
      • Unicorn-5301.exe (PID: 8780)
      • Unicorn-58778.exe (PID: 8748)
      • Unicorn-58949.exe (PID: 8844)
      • Unicorn-50226.exe (PID: 8880)
      • Unicorn-25530.exe (PID: 8836)
      • Unicorn-1025.exe (PID: 8872)
      • Unicorn-35042.exe (PID: 8908)
      • Unicorn-33698.exe (PID: 8828)
      • Unicorn-22192.exe (PID: 8932)
      • Unicorn-49524.exe (PID: 8956)
      • Unicorn-4407.exe (PID: 8924)
      • Unicorn-30501.exe (PID: 9004)
      • Unicorn-34201.exe (PID: 9188)
      • Unicorn-4023.exe (PID: 9116)
      • Unicorn-17751.exe (PID: 9044)
      • Unicorn-63993.exe (PID: 9092)
      • Unicorn-46870.exe (PID: 9140)
      • Unicorn-9888.exe (PID: 9132)
      • Unicorn-39126.exe (PID: 9068)
      • Unicorn-31726.exe (PID: 9212)
      • Unicorn-20220.exe (PID: 1852)
      • Unicorn-19282.exe (PID: 7996)
      • Unicorn-55825.exe (PID: 9124)
      • Unicorn-27450.exe (PID: 8016)
      • Unicorn-22717.exe (PID: 9264)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-43978.exe (PID: 9232)
      • Unicorn-36194.exe (PID: 9316)
      • Unicorn-15581.exe (PID: 9340)
      • Unicorn-7413.exe (PID: 9356)
      • Unicorn-4599.exe (PID: 9288)
      • Unicorn-24674.exe (PID: 9636)
      • Unicorn-24866.exe (PID: 9496)
      • Unicorn-8529.exe (PID: 9528)
      • Unicorn-65337.exe (PID: 9348)
      • Unicorn-54009.exe (PID: 9668)
      • Unicorn-16698.exe (PID: 9508)
      • Unicorn-28950.exe (PID: 9704)
      • Unicorn-56577.exe (PID: 9656)
      • Unicorn-8529.exe (PID: 9532)
      • Unicorn-26572.exe (PID: 9836)
      • Unicorn-33396.exe (PID: 9748)
      • Unicorn-1876.exe (PID: 9796)
      • Unicorn-61430.exe (PID: 9740)
      • Unicorn-57081.exe (PID: 9772)
      • Unicorn-47132.exe (PID: 9756)
      • Unicorn-11335.exe (PID: 9888)
      • Unicorn-44332.exe (PID: 9764)
      • Unicorn-58306.exe (PID: 9928)
      • Unicorn-4829.exe (PID: 9944)
      • Unicorn-39732.exe (PID: 9964)
      • Unicorn-55109.exe (PID: 10052)
      • Unicorn-257.exe (PID: 8652)
      • Unicorn-18234.exe (PID: 10100)
      • Unicorn-47206.exe (PID: 10064)
      • Unicorn-6173.exe (PID: 10012)
      • Unicorn-2089.exe (PID: 10044)
      • Unicorn-27148.exe (PID: 10152)
      • Unicorn-5789.exe (PID: 8696)
      • Unicorn-13692.exe (PID: 10228)
      • Unicorn-13957.exe (PID: 10236)
      • Unicorn-56836.exe (PID: 9452)
      • Unicorn-34113.exe (PID: 10040)
      • Unicorn-52369.exe (PID: 2616)
      • Unicorn-50714.exe (PID: 5200)
      • Unicorn-44445.exe (PID: 9620)
      • Unicorn-36276.exe (PID: 8040)
      • Unicorn-2068.exe (PID: 8700)
      • Unicorn-56142.exe (PID: 2096)
      • Unicorn-64673.exe (PID: 10268)
      • Unicorn-8529.exe (PID: 9544)
      • Unicorn-20847.exe (PID: 10308)
      • Unicorn-35338.exe (PID: 10328)
      • Unicorn-23854.exe (PID: 10352)
      • Unicorn-8072.exe (PID: 10360)
      • Unicorn-6099.exe (PID: 9724)
      • Unicorn-42058.exe (PID: 8900)
      • Unicorn-58372.exe (PID: 10408)
      • Unicorn-47014.exe (PID: 10160)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 6872)
      • BackgroundTransferHost.exe (PID: 1040)
      • BackgroundTransferHost.exe (PID: 5588)

    • Checks supported languages

      • Unicorn-24414.exe (PID: 6512)
      • Unicorn-539.exe (PID: 4408)
      • Unicorn-2213.exe (PID: 1276)
      • Unicorn-35632.exe (PID: 1660)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-13951.exe (PID: 1228)
      • Unicorn-10485.exe (PID: 7312)
      • Unicorn-50314.exe (PID: 7632)
      • Unicorn-41762.exe (PID: 7660)
      • Unicorn-13173.exe (PID: 7696)
      • Unicorn-51637.exe (PID: 7924)
      • Unicorn-55166.exe (PID: 7940)
      • Unicorn-30937.exe (PID: 8140)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-17532.exe (PID: 8592)
      • Unicorn-47273.exe (PID: 8708)
      • Unicorn-9385.exe (PID: 8788)
      • Unicorn-5301.exe (PID: 8780)
      • Unicorn-50226.exe (PID: 8880)
      • Unicorn-22192.exe (PID: 8932)
      • Unicorn-42058.exe (PID: 8900)
      • Unicorn-20220.exe (PID: 1852)
      • Unicorn-19282.exe (PID: 7996)
      • Unicorn-63993.exe (PID: 9092)
      • Unicorn-9888.exe (PID: 9132)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-43978.exe (PID: 9232)
      • Unicorn-22717.exe (PID: 9264)
      • Unicorn-4599.exe (PID: 9288)
      • Unicorn-24866.exe (PID: 9496)
      • Unicorn-7413.exe (PID: 9356)
      • Unicorn-56577.exe (PID: 9656)
      • Unicorn-1876.exe (PID: 9796)
      • Unicorn-55109.exe (PID: 10052)
      • Unicorn-18234.exe (PID: 10100)
      • Unicorn-18980.exe (PID: 10172)
      • Unicorn-13692.exe (PID: 10228)
      • Unicorn-56836.exe (PID: 9452)
      • Unicorn-50714.exe (PID: 5200)
      • Unicorn-64673.exe (PID: 10268)
      • Unicorn-20847.exe (PID: 10308)
      • Unicorn-58372.exe (PID: 10408)
      • Unicorn-56142.exe (PID: 2096)
      • Unicorn-36276.exe (PID: 8040)
      • Unicorn-42664.exe (PID: 10528)
      • Unicorn-13692.exe (PID: 10612)
      • Unicorn-22266.exe (PID: 10664)
      • Unicorn-26904.exe (PID: 10764)
      • Unicorn-18338.exe (PID: 11064)
      • Unicorn-55841.exe (PID: 11072)
      • Unicorn-24320.exe (PID: 11192)
      • Unicorn-3900.exe (PID: 11212)
      • Unicorn-56246.exe (PID: 11228)
      • Unicorn-27658.exe (PID: 11248)
      • Unicorn-43802.exe (PID: 3024)
      • Unicorn-12089.exe (PID: 11292)
      • Unicorn-21004.exe (PID: 11348)
      • Unicorn-36594.exe (PID: 11480)
      • Unicorn-36329.exe (PID: 11504)
      • Unicorn-23188.exe (PID: 11628)
      • Unicorn-33397.exe (PID: 11772)
      • Unicorn-57974.exe (PID: 11848)
      • Unicorn-40552.exe (PID: 12068)
      • Unicorn-34238.exe (PID: 12120)
      • Unicorn-41808.exe (PID: 11952)
      • Unicorn-9031.exe (PID: 12476)
      • Unicorn-148.exe (PID: 12772)
      • Unicorn-56941.exe (PID: 12364)
      • Unicorn-18699.exe (PID: 13168)
      • Unicorn-19251.exe (PID: 12848)
      • Unicorn-38234.exe (PID: 1280)
      • Unicorn-5540.exe (PID: 13464)
      • Unicorn-49142.exe (PID: 13252)
      • Unicorn-62857.exe (PID: 13564)
      • Unicorn-2629.exe (PID: 13776)
      • Unicorn-42384.exe (PID: 14036)
      • Unicorn-31091.exe (PID: 14244)
      • Unicorn-7931.exe (PID: 14572)
      • Unicorn-39660.exe (PID: 15248)
      • Unicorn-61564.exe (PID: 15204)
      • Unicorn-61564.exe (PID: 15212)
      • Unicorn-39993.exe (PID: 15448)
      • Unicorn-15561.exe (PID: 15620)
      • Unicorn-2364.exe (PID: 14768)
      • Unicorn-6988.exe (PID: 15324)
      • Unicorn-14792.exe (PID: 15440)
      • Unicorn-58056.exe (PID: 15700)
      • Unicorn-55316.exe (PID: 15840)
      • Unicorn-39872.exe (PID: 15936)
      • Unicorn-36920.exe (PID: 16112)
      • Unicorn-47532.exe (PID: 16364)
      • Unicorn-43256.exe (PID: 14700)
      • Unicorn-41219.exe (PID: 16412)
      • Unicorn-60870.exe (PID: 16100)
      • Unicorn-25079.exe (PID: 16692)
      • Unicorn-45176.exe (PID: 16876)
      • Unicorn-16779.exe (PID: 16828)
      • Unicorn-52960.exe (PID: 17140)
      • Unicorn-63564.exe (PID: 17276)
      • Unicorn-20532.exe (PID: 17572)
      • Unicorn-64902.exe (PID: 17544)
      • Unicorn-59665.exe (PID: 17260)
      • Unicorn-23848.exe (PID: 17404)
      • Unicorn-8803.exe (PID: 17472)
      • Unicorn-21264.exe (PID: 17712)
      • Unicorn-34668.exe (PID: 17800)
      • Unicorn-20391.exe (PID: 18192)
      • Unicorn-60464.exe (PID: 17920)
      • Unicorn-7179.exe (PID: 18024)
      • Unicorn-46293.exe (PID: 18336)
      • Unicorn-5717.exe (PID: 18404)
      • Unicorn-9999.exe (PID: 6324)
      • Unicorn-22119.exe (PID: 18528)
      • Unicorn-13375.exe (PID: 18748)
      • Unicorn-4876.exe (PID: 18872)
      • Unicorn-49436.exe (PID: 19304)

    • Reads the computer name

      • Unicorn-539.exe (PID: 4408)
      • Unicorn-40750.exe (PID: 4920)
      • Unicorn-42670.exe (PID: 5588)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-33131.exe (PID: 7228)
      • Unicorn-50174.exe (PID: 6112)
      • Unicorn-27709.exe (PID: 7408)
      • Unicorn-48778.exe (PID: 7380)
      • Unicorn-10485.exe (PID: 7312)
      • Unicorn-46230.exe (PID: 7616)
      • Unicorn-60328.exe (PID: 7824)
      • Unicorn-50314.exe (PID: 7624)
      • Unicorn-54761.exe (PID: 7788)
      • Unicorn-63313.exe (PID: 8036)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-31970.exe (PID: 8228)
      • Unicorn-16188.exe (PID: 8344)
      • Unicorn-46452.exe (PID: 8272)
      • Unicorn-12125.exe (PID: 8388)
      • Unicorn-257.exe (PID: 8652)
      • Unicorn-17532.exe (PID: 8592)
      • Unicorn-1964.exe (PID: 8728)
      • Unicorn-42058.exe (PID: 8900)
      • Unicorn-30501.exe (PID: 9004)
      • Unicorn-31726.exe (PID: 9212)
      • Unicorn-55825.exe (PID: 9124)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-4829.exe (PID: 9944)
      • Unicorn-50714.exe (PID: 5200)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 5588)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 5588)

    • Create files in a temporary directory

      • Unicorn-539.exe (PID: 4408)
      • Unicorn-14199.exe (PID: 4068)
      • 1 (1295).exe (PID: 660)
      • Unicorn-24414.exe (PID: 6512)
      • Unicorn-38321.exe (PID: 1568)
      • Unicorn-40750.exe (PID: 4920)
      • Unicorn-42670.exe (PID: 2088)
      • Unicorn-42670.exe (PID: 5588)
      • Unicorn-49406.exe (PID: 1096)
      • Unicorn-13.exe (PID: 5720)
      • Unicorn-54258.exe (PID: 6392)
      • Unicorn-13951.exe (PID: 1228)
      • Unicorn-2213.exe (PID: 1276)
      • Unicorn-17118.exe (PID: 4688)
      • Unicorn-33131.exe (PID: 7228)
      • Unicorn-23894.exe (PID: 7212)
      • Unicorn-50816.exe (PID: 7368)
      • Unicorn-27709.exe (PID: 7408)
      • Unicorn-35632.exe (PID: 1660)
      • Unicorn-24466.exe (PID: 7484)
      • Unicorn-40610.exe (PID: 7520)
      • Unicorn-50174.exe (PID: 6112)
      • Unicorn-63474.exe (PID: 1388)
      • Unicorn-5752.exe (PID: 7584)
      • Unicorn-46090.exe (PID: 3884)
      • Unicorn-46230.exe (PID: 7648)
      • Unicorn-48970.exe (PID: 7560)
      • Unicorn-23239.exe (PID: 2908)
      • Unicorn-46230.exe (PID: 7616)
      • Unicorn-19.exe (PID: 7192)
      • Unicorn-17672.exe (PID: 6228)
      • Unicorn-46230.exe (PID: 7608)
      • Unicorn-50314.exe (PID: 7632)
      • Unicorn-46593.exe (PID: 7748)
      • Unicorn-60328.exe (PID: 7740)
      • Unicorn-8824.exe (PID: 7756)
      • Unicorn-21342.exe (PID: 7716)
      • Unicorn-13173.exe (PID: 7696)
      • Unicorn-49160.exe (PID: 7764)
      • Unicorn-60328.exe (PID: 7824)
      • Unicorn-54761.exe (PID: 7788)
      • Unicorn-29370.exe (PID: 3300)
      • Unicorn-22302.exe (PID: 7908)
      • Unicorn-55166.exe (PID: 7940)
      • Unicorn-32315.exe (PID: 7956)
      • Unicorn-51637.exe (PID: 7924)
      • Unicorn-33978.exe (PID: 7988)
      • Unicorn-54590.exe (PID: 8084)
      • Unicorn-46422.exe (PID: 8108)
      • Unicorn-63304.exe (PID: 3140)
      • Unicorn-50506.exe (PID: 8124)
      • Unicorn-48778.exe (PID: 7380)
      • Unicorn-62021.exe (PID: 3768)
      • Unicorn-31970.exe (PID: 8228)
      • Unicorn-39178.exe (PID: 6972)
      • Unicorn-10760.exe (PID: 6656)
      • Unicorn-46452.exe (PID: 8272)
      • Unicorn-38092.exe (PID: 8328)
      • Unicorn-11357.exe (PID: 8296)
      • Unicorn-37538.exe (PID: 2092)
      • Unicorn-24954.exe (PID: 8572)
      • Unicorn-34274.exe (PID: 8676)
      • Unicorn-47273.exe (PID: 8708)
      • Unicorn-1964.exe (PID: 8728)
      • Unicorn-41762.exe (PID: 7660)
      • Unicorn-62670.exe (PID: 8800)
      • Unicorn-50314.exe (PID: 7624)
      • Unicorn-9385.exe (PID: 8788)
      • Unicorn-46593.exe (PID: 7812)
      • Unicorn-35042.exe (PID: 8908)
      • Unicorn-22192.exe (PID: 8932)
      • Unicorn-4407.exe (PID: 8924)
      • Unicorn-17751.exe (PID: 9044)
      • Unicorn-39126.exe (PID: 9068)
      • Unicorn-63993.exe (PID: 9092)
      • Unicorn-2959.exe (PID: 7724)
      • Unicorn-31726.exe (PID: 9212)
      • Unicorn-19282.exe (PID: 7996)
      • Unicorn-27450.exe (PID: 8016)
      • Unicorn-52509.exe (PID: 9248)
      • Unicorn-4599.exe (PID: 9288)
      • Unicorn-30937.exe (PID: 8140)
      • Unicorn-24866.exe (PID: 9496)
      • Unicorn-65337.exe (PID: 9348)
      • Unicorn-46230.exe (PID: 7640)
      • Unicorn-33396.exe (PID: 9748)
      • Unicorn-46313.exe (PID: 8556)
      • Unicorn-47132.exe (PID: 9756)
      • Unicorn-25530.exe (PID: 8836)
      • Unicorn-49524.exe (PID: 8956)
      • Unicorn-47206.exe (PID: 10064)
      • Unicorn-46422.exe (PID: 8100)
      • Unicorn-8529.exe (PID: 9532)
      • Unicorn-8529.exe (PID: 9528)
      • Unicorn-257.exe (PID: 8652)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 5588)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (90.6)
.exe | Win32 Executable (generic) (4.9)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:19 13:34:56+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 176128
InitializedDataSize: 299008
UninitializedDataSize: -
EntryPoint: 0x13d4
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: UEFI
ProductName: Kawaii-Unicorn
FileVersion: 1
ProdctVersion: 1
InternalName: Kawaii-Unicorn
OriginalFileName: Kawaii-Unicorn.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
770
Monitored processes
622
Malicious processes
82
Suspicious processes
75

Behavior graph

Click at the process to see the details
start 1 (1295).exe unicorn-539.exe backgroundtransferhost.exe no specs unicorn-40750.exe unicorn-24414.exe unicorn-14199.exe backgroundtransferhost.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs unicorn-2213.exe unicorn-35632.exe unicorn-63474.exe unicorn-13951.exe unicorn-42670.exe unicorn-42670.exe unicorn-38321.exe backgroundtransferhost.exe no specs unicorn-49406.exe unicorn-62021.exe unicorn-13.exe unicorn-51252.exe unicorn-50174.exe unicorn-54258.exe unicorn-46090.exe unicorn-17672.exe unicorn-37538.exe unicorn-23239.exe unicorn-29370.exe unicorn-17118.exe unicorn-19.exe unicorn-23894.exe unicorn-33131.exe unicorn-10485.exe unicorn-39820.exe unicorn-61030.exe unicorn-50816.exe unicorn-48778.exe unicorn-48778.exe unicorn-27709.exe unicorn-8108.exe unicorn-24466.exe unicorn-41548.exe unicorn-40610.exe unicorn-61777.exe unicorn-48970.exe unicorn-5752.exe unicorn-46230.exe unicorn-46230.exe unicorn-50314.exe unicorn-50314.exe unicorn-46230.exe unicorn-46230.exe unicorn-41762.exe unicorn-13173.exe unicorn-21342.exe unicorn-2959.exe unicorn-60328.exe unicorn-46593.exe unicorn-8824.exe unicorn-49160.exe unicorn-54761.exe unicorn-46593.exe unicorn-60328.exe unicorn-22302.exe unicorn-51637.exe unicorn-55166.exe unicorn-32315.exe unicorn-33978.exe unicorn-63313.exe unicorn-54590.exe unicorn-46422.exe unicorn-46422.exe unicorn-46422.exe unicorn-50506.exe unicorn-30937.exe unicorn-3168.exe unicorn-4651.exe no specs unicorn-52369.exe unicorn-63304.exe unicorn-39178.exe unicorn-10760.exe unicorn-63490.exe unicorn-36940.exe unicorn-31970.exe unicorn-3936.exe unicorn-7465.exe unicorn-46452.exe unicorn-11357.exe unicorn-7273.exe unicorn-38092.exe unicorn-16188.exe unicorn-12125.exe unicorn-29208.exe unicorn-58202.exe unicorn-46313.exe unicorn-24954.exe unicorn-17532.exe unicorn-257.exe unicorn-34274.exe unicorn-47273.exe unicorn-1964.exe unicorn-58778.exe unicorn-38358.exe unicorn-5301.exe unicorn-9385.exe unicorn-62670.exe unicorn-33698.exe unicorn-25530.exe unicorn-58949.exe unicorn-1025.exe unicorn-50226.exe unicorn-30958.exe no specs unicorn-42058.exe unicorn-35042.exe unicorn-4407.exe unicorn-22192.exe unicorn-49524.exe unicorn-30501.exe unicorn-17751.exe unicorn-39126.exe unicorn-63993.exe unicorn-4023.exe unicorn-55825.exe unicorn-9888.exe unicorn-46870.exe unicorn-34201.exe unicorn-31726.exe unicorn-20220.exe unicorn-27450.exe unicorn-19282.exe unicorn-43978.exe unicorn-52509.exe unicorn-22717.exe unicorn-4599.exe unicorn-36194.exe unicorn-15581.exe unicorn-65337.exe unicorn-7413.exe unicorn-24866.exe unicorn-16698.exe unicorn-8529.exe unicorn-8529.exe unicorn-8529.exe werfault.exe no specs unicorn-24674.exe unicorn-56577.exe unicorn-54009.exe unicorn-28950.exe unicorn-6099.exe unicorn-57901.exe no specs unicorn-61430.exe unicorn-33396.exe unicorn-47132.exe unicorn-44332.exe unicorn-57081.exe unicorn-1876.exe unicorn-26572.exe unicorn-11335.exe unicorn-58306.exe unicorn-4829.exe unicorn-39732.exe unicorn-6173.exe unicorn-2089.exe unicorn-55109.exe unicorn-47206.exe unicorn-18234.exe unicorn-27148.exe unicorn-47014.exe unicorn-18980.exe no specs unicorn-34762.exe no specs unicorn-13692.exe unicorn-13957.exe unicorn-5789.exe unicorn-2068.exe unicorn-56836.exe unicorn-50714.exe unicorn-34113.exe unicorn-44445.exe unicorn-36276.exe unicorn-56142.exe unicorn-64673.exe unicorn-20847.exe unicorn-35338.exe unicorn-23854.exe unicorn-8072.exe unicorn-58372.exe unicorn-61378.exe no specs unicorn-57102.exe no specs unicorn-42664.exe no specs unicorn-29474.exe no specs unicorn-60292.exe no specs unicorn-13692.exe no specs unicorn-22266.exe no specs unicorn-22266.exe no specs unicorn-42878.exe no specs unicorn-26904.exe no specs unicorn-14652.exe no specs unicorn-34518.exe no specs unicorn-56784.exe no specs unicorn-56592.exe no specs unicorn-50470.exe no specs unicorn-39526.exe no specs unicorn-63838.exe no specs unicorn-49540.exe no specs unicorn-23360.exe no specs unicorn-18338.exe no specs unicorn-55841.exe no specs unicorn-63454.exe no specs unicorn-2001.exe no specs unicorn-32126.exe no specs unicorn-56993.exe no specs unicorn-56438.exe no specs unicorn-24320.exe no specs unicorn-3900.exe no specs unicorn-56246.exe no specs unicorn-27658.exe no specs unicorn-19106.exe no specs unicorn-64222.exe no specs unicorn-43802.exe no specs unicorn-20450.exe no specs unicorn-20450.exe no specs unicorn-36978.exe no specs unicorn-4860.exe no specs unicorn-12089.exe no specs unicorn-12089.exe no specs unicorn-21004.exe no specs unicorn-21004.exe no specs unicorn-34739.exe no specs unicorn-24534.exe no specs unicorn-11897.exe no specs unicorn-41232.exe no specs unicorn-24896.exe no specs unicorn-24896.exe no specs unicorn-24896.exe no specs unicorn-36594.exe no specs unicorn-36329.exe no specs unicorn-24342.exe no specs unicorn-15790.exe no specs unicorn-18211.exe no specs unicorn-24077.exe no specs unicorn-39724.exe no specs unicorn-23188.exe no specs unicorn-44570.exe no specs unicorn-36402.exe no specs unicorn-58721.exe no specs unicorn-47952.exe no specs unicorn-54082.exe no specs unicorn-41830.exe no specs unicorn-33397.exe no specs unicorn-3731.exe no specs unicorn-24731.exe no specs unicorn-23447.exe no specs unicorn-57974.exe no specs unicorn-40876.exe no specs unicorn-13604.exe no specs unicorn-20642.exe no specs unicorn-6343.exe no specs unicorn-41808.exe no specs unicorn-29556.exe no specs unicorn-45338.exe no specs unicorn-37170.exe no specs unicorn-55405.exe no specs unicorn-40552.exe no specs unicorn-62064.exe no specs unicorn-34238.exe no specs unicorn-54393.exe no specs unicorn-34046.exe no specs unicorn-25878.exe no specs unicorn-51534.exe no specs unicorn-23500.exe no specs unicorn-49296.exe no specs unicorn-35560.exe no specs unicorn-23308.exe no specs unicorn-18840.exe no specs unicorn-56941.exe no specs unicorn-56941.exe no specs unicorn-56941.exe no specs unicorn-61025.exe no specs unicorn-32436.exe no specs unicorn-27566.exe no specs unicorn-9031.exe no specs unicorn-60833.exe no specs unicorn-55929.exe no specs unicorn-50064.exe no specs unicorn-28160.exe no specs unicorn-21475.exe no specs unicorn-18788.exe no specs unicorn-10123.exe no specs unicorn-63209.exe no specs unicorn-4755.exe no specs unicorn-35582.exe no specs unicorn-12731.exe no specs unicorn-43293.exe no specs unicorn-3869.exe no specs unicorn-53070.exe no specs unicorn-148.exe no specs unicorn-28928.exe no specs unicorn-23641.exe no specs unicorn-36904.exe no specs unicorn-20568.exe no specs unicorn-19251.exe no specs unicorn-57133.exe no specs unicorn-11461.exe no specs unicorn-36712.exe no specs unicorn-12208.exe no specs unicorn-25943.exe no specs unicorn-38020.exe no specs unicorn-59924.exe no specs unicorn-25768.exe no specs unicorn-29852.exe no specs unicorn-40788.exe no specs unicorn-63816.exe no specs unicorn-60252.exe no specs unicorn-45805.exe no specs unicorn-56740.exe no specs unicorn-26867.exe no specs unicorn-32998.exe no specs unicorn-18699.exe no specs unicorn-4964.exe no specs unicorn-12193.exe no specs unicorn-49142.exe no specs unicorn-34843.exe no specs unicorn-16470.exe no specs unicorn-54305.exe no specs unicorn-54570.exe no specs unicorn-38234.exe no specs unicorn-50849.exe no specs unicorn-53994.exe no specs unicorn-5540.exe no specs unicorn-19275.exe no specs unicorn-26750.exe no specs unicorn-62857.exe no specs unicorn-63122.exe no specs unicorn-62930.exe no specs unicorn-62930.exe no specs unicorn-26174.exe no specs unicorn-6905.exe no specs unicorn-6905.exe no specs unicorn-19350.exe no specs unicorn-2629.exe no specs unicorn-44217.exe no specs unicorn-39940.exe no specs unicorn-59806.exe no specs unicorn-64637.exe no specs unicorn-53484.exe no specs unicorn-64445.exe no specs unicorn-64777.exe no specs unicorn-40538.exe no specs unicorn-42384.exe no specs unicorn-20288.exe no specs unicorn-8036.exe no specs unicorn-48685.exe no specs unicorn-8441.exe no specs unicorn-43344.exe no specs unicorn-31091.exe no specs unicorn-17356.exe no specs unicorn-7984.exe no specs unicorn-11876.exe no specs unicorn-49645.exe no specs unicorn-33116.exe no specs unicorn-8612.exe no specs unicorn-62229.exe no specs unicorn-39836.exe unicorn-33714.exe no specs unicorn-27583.exe no specs unicorn-13848.exe no specs unicorn-62665.exe no specs unicorn-62665.exe no specs unicorn-46137.exe no specs unicorn-7931.exe no specs unicorn-59733.exe no specs unicorn-65300.exe no specs unicorn-657.exe no specs unicorn-53750.exe no specs unicorn-40796.exe no specs unicorn-6640.exe no specs werfault.exe no specs unicorn-26868.exe no specs unicorn-22784.exe no specs unicorn-2364.exe no specs unicorn-55265.exe no specs unicorn-30760.exe no specs unicorn-30760.exe no specs unicorn-38374.exe no specs unicorn-48213.exe no specs unicorn-48213.exe no specs unicorn-48213.exe no specs unicorn-61948.exe no specs unicorn-43309.exe no specs unicorn-37444.exe no specs unicorn-19624.exe no specs unicorn-21107.exe no specs unicorn-39852.exe no specs unicorn-57672.exe no specs unicorn-47829.exe no specs unicorn-61564.exe no specs unicorn-61564.exe no specs unicorn-61564.exe no specs unicorn-59261.exe no specs unicorn-39660.exe no specs unicorn-39660.exe no specs unicorn-50596.exe no specs unicorn-50596.exe no specs unicorn-51126.exe no specs unicorn-38144.exe no specs unicorn-20723.exe no specs unicorn-6988.exe no specs unicorn-35384.exe no specs unicorn-2712.exe no specs unicorn-14792.exe no specs unicorn-39993.exe no specs unicorn-33388.exe no specs unicorn-43188.exe no specs unicorn-2852.exe no specs unicorn-48789.exe no specs unicorn-40620.exe no specs unicorn-59724.exe no specs unicorn-29851.exe no specs unicorn-15561.exe no specs unicorn-48042.exe no specs unicorn-63921.exe no specs unicorn-58056.exe no specs unicorn-58056.exe no specs unicorn-44321.exe no specs unicorn-44321.exe no specs unicorn-44321.exe no specs unicorn-39682.exe no specs unicorn-61181.exe no specs unicorn-55316.exe no specs unicorn-57362.exe no specs unicorn-57362.exe no specs unicorn-45473.exe no specs unicorn-56408.exe no specs unicorn-39872.exe no specs unicorn-51040.exe no specs unicorn-4632.exe no specs unicorn-62001.exe no specs unicorn-60870.exe no specs unicorn-60870.exe no specs unicorn-60870.exe no specs unicorn-36920.exe no specs unicorn-30235.exe no specs unicorn-28198.exe no specs unicorn-11861.exe no specs unicorn-2799.exe no specs unicorn-2799.exe no specs unicorn-8929.exe no specs unicorn-8664.exe no specs unicorn-47532.exe no specs unicorn-51616.exe no specs unicorn-57554.exe no specs unicorn-43256.exe no specs unicorn-43256.exe no specs unicorn-31003.exe no specs unicorn-18751.exe no specs unicorn-18751.exe no specs unicorn-24617.exe no specs unicorn-41219.exe no specs unicorn-65020.exe no specs unicorn-54549.exe no specs unicorn-42297.exe no specs unicorn-42562.exe no specs unicorn-25463.exe no specs unicorn-28263.exe no specs unicorn-62021.exe no specs unicorn-13549.exe no specs unicorn-13019.exe no specs unicorn-50901.exe no specs unicorn-21684.exe no specs unicorn-25769.exe no specs unicorn-50346.exe no specs unicorn-25079.exe no specs unicorn-46625.exe no specs unicorn-38456.exe no specs unicorn-10465.exe no specs unicorn-53536.exe no specs unicorn-16779.exe no specs unicorn-9895.exe no specs unicorn-45176.exe no specs unicorn-28839.exe no specs unicorn-9504.exe no specs unicorn-12503.exe no specs unicorn-64305.exe no specs unicorn-53152.exe no specs unicorn-46765.exe no specs unicorn-8227.exe no specs unicorn-14092.exe no specs unicorn-61128.exe no specs unicorn-61128.exe no specs unicorn-33624.exe no specs unicorn-52960.exe no specs unicorn-38405.exe no specs unicorn-42754.exe no specs unicorn-13900.exe no specs unicorn-59665.exe no specs unicorn-827.exe no specs unicorn-63564.exe no specs unicorn-51809.exe no specs unicorn-32208.exe no specs unicorn-35473.exe no specs unicorn-29607.exe no specs unicorn-15872.exe no specs unicorn-51617.exe no specs unicorn-23848.exe no specs unicorn-64881.exe no specs unicorn-1727.exe no specs unicorn-35908.exe no specs unicorn-31824.exe no specs unicorn-8803.exe no specs unicorn-65094.exe no specs unicorn-64902.exe no specs unicorn-40133.exe no specs unicorn-20532.exe no specs unicorn-52650.exe no specs unicorn-61373.exe no specs unicorn-44644.exe no specs unicorn-37792.exe no specs unicorn-33516.exe no specs unicorn-21264.exe no specs unicorn-21264.exe no specs unicorn-62297.exe no specs unicorn-62297.exe no specs unicorn-34668.exe no specs unicorn-30584.exe no specs unicorn-44320.exe no specs unicorn-42644.exe no specs unicorn-60464.exe no specs unicorn-35960.exe no specs unicorn-13236.exe no specs unicorn-7179.exe no specs unicorn-57280.exe no specs unicorn-30008.exe no specs unicorn-46869.exe no specs slui.exe no specs unicorn-28559.exe no specs unicorn-20391.exe no specs unicorn-8139.exe no specs unicorn-55665.exe no specs unicorn-58545.exe no specs unicorn-46293.exe no specs unicorn-40428.exe no specs unicorn-13123.exe no specs unicorn-5717.exe no specs unicorn-6299.exe no specs unicorn-931.exe no specs unicorn-41388.exe no specs unicorn-29135.exe no specs unicorn-35266.exe no specs unicorn-9999.exe no specs unicorn-18930.exe no specs unicorn-16552.exe no specs unicorn-27985.exe no specs unicorn-9867.exe no specs unicorn-22119.exe no specs unicorn-34179.exe no specs unicorn-17651.exe no specs unicorn-23517.exe no specs unicorn-15348.exe no specs unicorn-48649.exe no specs unicorn-48649.exe no specs unicorn-39661.exe no specs unicorn-13375.exe no specs unicorn-22887.exe no specs unicorn-22887.exe no specs unicorn-6551.exe no specs unicorn-43116.exe no specs unicorn-4876.exe no specs unicorn-18611.exe no specs unicorn-14335.exe no specs unicorn-63152.exe no specs unicorn-56765.exe no specs unicorn-63152.exe no specs unicorn-52681.exe no specs unicorn-44016.exe no specs unicorn-34563.exe no specs unicorn-740.exe no specs unicorn-740.exe no specs unicorn-5975.exe no specs unicorn-17268.exe no specs unicorn-49436.exe no specs unicorn-49436.exe no specs unicorn-965.exe no specs unicorn-435.exe no specs unicorn-3235.exe no specs unicorn-3235.exe no specs unicorn-22394.exe no specs unicorn-28260.exe no specs unicorn-44971.exe no specs unicorn-3235.exe no specs unicorn-51860.exe no specs unicorn-32531.exe no specs unicorn-37146.exe no specs unicorn-30289.exe no specs unicorn-22153.exe no specs unicorn-2520.exe no specs unicorn-65025.exe no specs unicorn-21623.exe no specs unicorn-5088.exe no specs unicorn-24423.exe no specs unicorn-14580.exe no specs unicorn-45744.exe no specs unicorn-54409.exe no specs unicorn-48544.exe no specs unicorn-48544.exe no specs unicorn-54409.exe no specs unicorn-48544.exe no specs unicorn-5016.exe no specs unicorn-2136.exe no specs unicorn-61888.exe no specs unicorn-34616.exe no specs unicorn-34616.exe no specs unicorn-46314.exe no specs unicorn-4639.exe no specs unicorn-34504.exe no specs unicorn-51570.exe no specs unicorn-43369.exe no specs unicorn-29335.exe no specs unicorn-29335.exe no specs unicorn-49564.exe no specs unicorn-64225.exe no specs unicorn-64225.exe no specs unicorn-64225.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208C:\Users\admin\AppData\Local\Temp\Unicorn-23500.exeC:\Users\admin\AppData\Local\Temp\Unicorn-23500.exeUnicorn-33978.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-23500.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
456C:\Users\admin\AppData\Local\Temp\Unicorn-49645.exeC:\Users\admin\AppData\Local\Temp\Unicorn-49645.exeUnicorn-1964.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-49645.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
660"C:\Users\admin\AppData\Local\Temp\1 (1295).exe" C:\Users\admin\AppData\Local\Temp\1 (1295).exe
explorer.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
872C:\Users\admin\AppData\Local\Temp\Unicorn-20450.exeC:\Users\admin\AppData\Local\Temp\Unicorn-20450.exeUnicorn-33698.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-20450.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1040"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1096C:\Users\admin\AppData\Local\Temp\Unicorn-49406.exeC:\Users\admin\AppData\Local\Temp\Unicorn-49406.exe
Unicorn-2213.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-49406.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1188"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1228C:\Users\admin\AppData\Local\Temp\Unicorn-13951.exeC:\Users\admin\AppData\Local\Temp\Unicorn-13951.exe
Unicorn-539.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-13951.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1276C:\Users\admin\AppData\Local\Temp\Unicorn-2213.exeC:\Users\admin\AppData\Local\Temp\Unicorn-2213.exe
Unicorn-40750.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-2213.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1280C:\Users\admin\AppData\Local\Temp\Unicorn-38234.exeC:\Users\admin\AppData\Local\Temp\Unicorn-38234.exeUnicorn-16698.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-38234.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
16 912
Read events
16 897
Write events
15
Delete events
0

Modification events

(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6872) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(5588) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(5588) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(5588) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1188) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1188) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1188) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
609
Suspicious files
7
Text files
2
Unknown types
0

Dropped files

PID
Process
Filename
Type
5588BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\04c5f736-fb25-4771-aaf9-5dba2cb0ac86.down_data
MD5:
SHA256:
6601 (1295).exeC:\Users\admin\AppData\Local\Temp\Unicorn-63025.exeexecutable
MD5:CCE404830724D086E0E5351CDEB416A2
SHA256:EEC5B15B20880988C5AE564008213B48EB9C66C6C1C6598A1617B4E94873125D
6601 (1295).exeC:\Users\admin\AppData\Local\Temp\Unicorn-14199.exeexecutable
MD5:D0B7E88D753593DE43C6191B5EE1D446
SHA256:7A70A696D30464558844AA46CA051B340055368A1AD349DE6A34852BE074224F
4408Unicorn-539.exeC:\Users\admin\AppData\Local\Temp\Unicorn-24414.exeexecutable
MD5:2143DC352AA9B274234B0A5BEAA4359D
SHA256:2F9D9A92D7C4C85CE00D601699D48C219AE5A0FB48EA53128E15FA741B535796
5588BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\dbb1f7e6-a290-4048-8a17-927bd9e466ae.up_meta_securebinary
MD5:6A6D201B87EF53BDFE992E2D386D64C2
SHA256:A7776788B38878B5519BB2D6262F0F066546628E289EB774F98D415C95C73397
6601 (1295).exeC:\Users\admin\AppData\Local\Temp\Unicorn-38321.exeexecutable
MD5:5A997EE8CB1D9DC0356C850C8CCC7428
SHA256:0EF9C3AB72A92E2B71B84312DEF3ACA6E7AF320626D565DBF8FE5BB1B72B207C
6512Unicorn-24414.exeC:\Users\admin\AppData\Local\Temp\Unicorn-63474.exeexecutable
MD5:3DFCE681FDB1BA76AF479DBE2DEF3C28
SHA256:AC024C8820D76AC26B301BDE992F333F228472D3D8DE2094A4D973502FF903B1
4068Unicorn-14199.exeC:\Users\admin\AppData\Local\Temp\Unicorn-42670.exeexecutable
MD5:826BEDE15063A10E579CCD452A505D5E
SHA256:E40AA00A03C44D238259DBEAC1D9C55FA9D681490B729A6E3ADCE4404B80E679
4408Unicorn-539.exeC:\Users\admin\AppData\Local\Temp\Unicorn-13951.exeexecutable
MD5:DE861B8CCCEB241CFCF6AB89429BD667
SHA256:0C79F5AC8B4CB1D01BDF4313C1EC0B707A92F1C9B2D563D5B991F490BF3A9E74
5588BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\04c5f736-fb25-4771-aaf9-5dba2cb0ac86.0f28668e-13c1-457c-9be4-a66925a1af19.down_metabinary
MD5:716980EA586483E20DAB80B553121F00
SHA256:46956B5FC4AC621CC996622D21117757668A307E576070350CC2922E2CBEAF08
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
28
DNS requests
19
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6572
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
unknown
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
unknown
5588
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
unknown
8376
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
unknown
3284
svchost.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
unknown
8376
SIHClient.exe
GET
200
2.16.253.202:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
unknown
3284
svchost.exe
GET
200
23.48.23.147:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
unknown
40.127.240.158:443
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
unknown
3216
svchost.exe
40.115.3.253:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
2112
svchost.exe
51.124.78.146:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
6544
svchost.exe
40.126.32.140:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
unknown
6572
backgroundTaskHost.exe
20.223.36.55:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
6572
backgroundTaskHost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
unknown

DNS requests

Domain
IP
Reputation
client.wns.windows.com
  • 40.115.3.253
unknown
login.live.com
  • 40.126.32.140
  • 20.190.160.17
  • 20.190.160.132
  • 20.190.160.3
  • 20.190.160.131
  • 40.126.32.72
  • 20.190.160.14
  • 40.126.32.136
unknown
ocsp.digicert.com
  • 184.30.131.245
unknown
settings-win.data.microsoft.com
  • 51.124.78.146
unknown
arc.msn.com
  • 20.223.36.55
unknown
www.bing.com
  • 2.16.204.143
  • 2.16.204.138
  • 2.16.204.150
  • 2.16.204.137
  • 2.16.204.156
  • 2.16.204.152
  • 2.16.204.132
  • 2.16.204.134
  • 2.16.204.151
unknown
slscr.update.microsoft.com
  • 172.202.163.200
unknown
www.microsoft.com
  • 2.16.253.202
unknown
fe3cr.delivery.mp.microsoft.com
  • 52.165.164.15
unknown
watson.events.data.microsoft.com
  • 13.89.230.12
unknown

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (1295)