| File name: | 1 (1102) |
| Full analysis: | https://app.any.run/tasks/6d45e9b9-c192-4a62-965b-a3c6764d2094 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 09:45:14 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 693838B7B22E2C2E27637366E4A49690 |
| SHA1: | 76FFFCE3AEF87C3FB4EC1FA4752290C40E7B5A35 |
| SHA256: | E46813DCC2874FF8291145C3595F1ABD908BE372CF35AF7F31F6D4D844137853 |
| SSDEEP: | 6144:O7dgdl+wUDLHA9Z4YisXZVfx5pBEovJGB3/WpSACuk/8SwjwpyAOEhMXEk8UYq5t:OhU8NHA9GYjRBbha3OpSACYx4DxDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-45577.exe (PID: 6808)
- 1 (1102).exe (PID: 6032)
- Unicorn-39521.exe (PID: 7252)
- Unicorn-25261.exe (PID: 7332)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-16992.exe (PID: 7380)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-11487.exe (PID: 7260)
- Unicorn-57533.exe (PID: 8036)
- Unicorn-4513.exe (PID: 8012)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-16443.exe (PID: 7976)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-4513.exe (PID: 8004)
- Unicorn-37932.exe (PID: 8048)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-29990.exe (PID: 1012)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-56921.exe (PID: 7948)
- Unicorn-28533.exe (PID: 208)
- Unicorn-40785.exe (PID: 7484)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-32617.exe (PID: 3768)
- Unicorn-32617.exe (PID: 6148)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-25417.exe (PID: 7536)
- Unicorn-46907.exe (PID: 7520)
- Unicorn-33171.exe (PID: 7552)
- Unicorn-57121.exe (PID: 7544)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-1651.exe (PID: 7672)
- Unicorn-33577.exe (PID: 7728)
- Unicorn-51951.exe (PID: 7644)
- Unicorn-43089.exe (PID: 7844)
- Unicorn-25989.exe (PID: 4188)
- Unicorn-43089.exe (PID: 7868)
- Unicorn-47941.exe (PID: 8056)
- Unicorn-56664.exe (PID: 8100)
- Unicorn-27329.exe (PID: 8124)
- Unicorn-60001.exe (PID: 7864)
- Unicorn-39559.exe (PID: 7904)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-60556.exe (PID: 7820)
- Unicorn-23053.exe (PID: 4896)
- Unicorn-23053.exe (PID: 3888)
- Unicorn-31775.exe (PID: 7212)
- Unicorn-31775.exe (PID: 4452)
- Unicorn-31029.exe (PID: 6228)
- Unicorn-31029.exe (PID: 6540)
- Unicorn-31029.exe (PID: 7216)
- Unicorn-18777.exe (PID: 4008)
- Unicorn-28982.exe (PID: 8184)
- Unicorn-34350.exe (PID: 4620)
- Unicorn-31029.exe (PID: 1324)
- Unicorn-53487.exe (PID: 720)
- Unicorn-31953.exe (PID: 1328)
- Unicorn-39751.exe (PID: 5176)
- Unicorn-59352.exe (PID: 5936)
- Unicorn-49913.exe (PID: 2240)
- Unicorn-19509.exe (PID: 4932)
- Unicorn-1126.exe (PID: 7240)
- Unicorn-65512.exe (PID: 7036)
- Unicorn-37189.exe (PID: 1812)
- Unicorn-41273.exe (PID: 1452)
- Unicorn-12170.exe (PID: 5244)
- Unicorn-11682.exe (PID: 7496)
- Unicorn-57972.exe (PID: 7400)
- Unicorn-53141.exe (PID: 7560)
- Unicorn-24553.exe (PID: 4180)
- Unicorn-16385.exe (PID: 7312)
- Unicorn-65128.exe (PID: 8148)
- Unicorn-53141.exe (PID: 6028)
- Unicorn-33275.exe (PID: 1912)
- Unicorn-58377.exe (PID: 7752)
- Unicorn-23466.exe (PID: 7852)
- Unicorn-58185.exe (PID: 1088)
- Unicorn-42595.exe (PID: 7740)
- Unicorn-25875.exe (PID: 8240)
- Unicorn-2854.exe (PID: 8208)
- Unicorn-35195.exe (PID: 8280)
- Unicorn-36295.exe (PID: 8364)
- Unicorn-22005.exe (PID: 8328)
- Unicorn-49825.exe (PID: 8224)
- Unicorn-14796.exe (PID: 8460)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-7183.exe (PID: 8476)
- Unicorn-22389.exe (PID: 8264)
- Unicorn-56322.exe (PID: 8540)
- Unicorn-21878.exe (PID: 8596)
- Unicorn-9626.exe (PID: 8572)
- Unicorn-37848.exe (PID: 8548)
- Unicorn-7204.exe (PID: 8660)
- Unicorn-3120.exe (PID: 8652)
- Unicorn-2440.exe (PID: 7084)
- Unicorn-27625.exe (PID: 8704)
- Unicorn-44516.exe (PID: 8752)
- Unicorn-24095.exe (PID: 8720)
- Unicorn-39877.exe (PID: 8688)
- Unicorn-39685.exe (PID: 8772)
- Unicorn-6820.exe (PID: 8820)
- Unicorn-32071.exe (PID: 8796)
- Unicorn-52129.exe (PID: 8712)
- Unicorn-44324.exe (PID: 8844)
- Unicorn-60105.exe (PID: 8828)
- Unicorn-39685.exe (PID: 8776)
- Unicorn-59352.exe (PID: 8176)
- Unicorn-21163.exe (PID: 8852)
- Unicorn-57100.exe (PID: 8876)
- Unicorn-11486.exe (PID: 8928)
- Unicorn-60488.exe (PID: 8920)
- Unicorn-57173.exe (PID: 8956)
- Unicorn-14094.exe (PID: 9004)
- Unicorn-60992.exe (PID: 8992)
- Unicorn-4080.exe (PID: 8904)
- Unicorn-60303.exe (PID: 9024)
- Unicorn-41565.exe (PID: 9072)
- Unicorn-7588.exe (PID: 9052)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-10763.exe (PID: 632)
- Unicorn-33437.exe (PID: 9104)
- Unicorn-58.exe (PID: 9152)
- Unicorn-49581.exe (PID: 9172)
- Unicorn-6502.exe (PID: 9192)
- Unicorn-57557.exe (PID: 9212)
- Unicorn-25928.exe (PID: 6640)
- Unicorn-38999.exe (PID: 8508)
- Unicorn-17833.exe (PID: 1348)
- Unicorn-5943.exe (PID: 8320)
- Unicorn-25809.exe (PID: 8316)
- Unicorn-9280.exe (PID: 8436)
- Unicorn-46037.exe (PID: 9252)
- Unicorn-37106.exe (PID: 9244)
- Unicorn-9280.exe (PID: 8308)
- Unicorn-20830.exe (PID: 9296)
- Unicorn-48128.exe (PID: 9288)
- Unicorn-61863.exe (PID: 9280)
- Unicorn-60188.exe (PID: 9376)
- Unicorn-41159.exe (PID: 9352)
- Unicorn-59263.exe (PID: 5728)
- Unicorn-63525.exe (PID: 9412)
- Unicorn-63525.exe (PID: 9420)
- Unicorn-59441.exe (PID: 9400)
- Unicorn-27131.exe (PID: 9468)
- Unicorn-65371.exe (PID: 9516)
- Unicorn-48843.exe (PID: 9564)
- Unicorn-48896.exe (PID: 9580)
- Unicorn-7863.exe (PID: 9596)
- Unicorn-27537.exe (PID: 9632)
- Unicorn-23453.exe (PID: 9648)
- Unicorn-55860.exe (PID: 9676)
- Unicorn-28497.exe (PID: 9768)
- Unicorn-36400.exe (PID: 9808)
- Unicorn-24775.exe (PID: 9840)
- Unicorn-48917.exe (PID: 9800)
- Unicorn-52108.exe (PID: 8512)
- Unicorn-6732.exe (PID: 9748)
- Unicorn-54847.exe (PID: 9856)
- Unicorn-28113.exe (PID: 9888)
- Unicorn-38127.exe (PID: 9960)
- Unicorn-4495.exe (PID: 10000)
- Unicorn-64677.exe (PID: 9980)
- Unicorn-49685.exe (PID: 10020)
- Unicorn-51531.exe (PID: 10068)
- Unicorn-1039.exe (PID: 10044)
Executable content was dropped or overwritten
- Unicorn-39521.exe (PID: 7252)
- Unicorn-45577.exe (PID: 6808)
- 1 (1102).exe (PID: 6032)
- Unicorn-11487.exe (PID: 7260)
- Unicorn-25261.exe (PID: 7332)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-57533.exe (PID: 8036)
- Unicorn-4513.exe (PID: 8012)
- Unicorn-16443.exe (PID: 7976)
- Unicorn-16992.exe (PID: 7380)
- Unicorn-56921.exe (PID: 7948)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-37932.exe (PID: 8048)
- Unicorn-29990.exe (PID: 1012)
- Unicorn-25989.exe (PID: 4188)
- Unicorn-28533.exe (PID: 208)
- Unicorn-40785.exe (PID: 7484)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-32617.exe (PID: 3768)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-11682.exe (PID: 7496)
- Unicorn-25417.exe (PID: 7536)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-1651.exe (PID: 7672)
- Unicorn-51951.exe (PID: 7644)
- Unicorn-43089.exe (PID: 7844)
- Unicorn-43089.exe (PID: 7868)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-33577.exe (PID: 7728)
- Unicorn-56664.exe (PID: 8100)
- Unicorn-47941.exe (PID: 8056)
- Unicorn-27329.exe (PID: 8124)
- Unicorn-60001.exe (PID: 7864)
- Unicorn-60556.exe (PID: 7820)
- Unicorn-23053.exe (PID: 3888)
- Unicorn-23053.exe (PID: 4896)
- Unicorn-32617.exe (PID: 6148)
- Unicorn-31775.exe (PID: 7212)
- Unicorn-31775.exe (PID: 4452)
- Unicorn-4513.exe (PID: 8004)
- Unicorn-31029.exe (PID: 6228)
- Unicorn-2440.exe (PID: 7084)
- Unicorn-31029.exe (PID: 7216)
- Unicorn-18777.exe (PID: 4008)
- Unicorn-33171.exe (PID: 7552)
- Unicorn-34350.exe (PID: 4620)
- Unicorn-46907.exe (PID: 7520)
- Unicorn-59352.exe (PID: 8176)
- Unicorn-57121.exe (PID: 7544)
- Unicorn-53487.exe (PID: 720)
- Unicorn-31029.exe (PID: 6540)
- Unicorn-31029.exe (PID: 1324)
- Unicorn-10763.exe (PID: 632)
- Unicorn-39751.exe (PID: 5176)
- Unicorn-59352.exe (PID: 5936)
- Unicorn-31953.exe (PID: 1328)
- Unicorn-49913.exe (PID: 2240)
- Unicorn-1126.exe (PID: 7240)
- Unicorn-19509.exe (PID: 4932)
- Unicorn-37189.exe (PID: 1812)
- Unicorn-65512.exe (PID: 7036)
- Unicorn-12170.exe (PID: 5244)
- Unicorn-24553.exe (PID: 4180)
- Unicorn-57972.exe (PID: 7400)
- Unicorn-53141.exe (PID: 6028)
- Unicorn-53141.exe (PID: 7560)
- Unicorn-59263.exe (PID: 5728)
- Unicorn-39559.exe (PID: 7904)
- Unicorn-65128.exe (PID: 8148)
- Unicorn-16385.exe (PID: 7312)
- Unicorn-23466.exe (PID: 7852)
- Unicorn-58185.exe (PID: 1088)
- Unicorn-42595.exe (PID: 7740)
- Unicorn-25875.exe (PID: 8240)
- Unicorn-58377.exe (PID: 7752)
- Unicorn-2854.exe (PID: 8208)
- Unicorn-35195.exe (PID: 8280)
- Unicorn-49825.exe (PID: 8224)
- Unicorn-22389.exe (PID: 8264)
- Unicorn-36295.exe (PID: 8364)
- Unicorn-22005.exe (PID: 8328)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-14796.exe (PID: 8460)
- Unicorn-7183.exe (PID: 8476)
- Unicorn-37848.exe (PID: 8548)
- Unicorn-21878.exe (PID: 8596)
- Unicorn-9626.exe (PID: 8572)
- Unicorn-52108.exe (PID: 8512)
- Unicorn-56322.exe (PID: 8540)
- Unicorn-7204.exe (PID: 8660)
- Unicorn-3120.exe (PID: 8652)
- Unicorn-27625.exe (PID: 8704)
- Unicorn-52129.exe (PID: 8712)
- Unicorn-44516.exe (PID: 8752)
- Unicorn-24095.exe (PID: 8720)
- Unicorn-39877.exe (PID: 8688)
- Unicorn-32071.exe (PID: 8796)
- Unicorn-6820.exe (PID: 8820)
- Unicorn-44324.exe (PID: 8844)
- Unicorn-60105.exe (PID: 8828)
- Unicorn-60488.exe (PID: 8920)
- Unicorn-21163.exe (PID: 8852)
- Unicorn-11486.exe (PID: 8928)
- Unicorn-57100.exe (PID: 8876)
- Unicorn-57173.exe (PID: 8956)
- Unicorn-12248.exe (PID: 8936)
- Unicorn-28982.exe (PID: 8184)
- Unicorn-14094.exe (PID: 9004)
- Unicorn-60992.exe (PID: 8992)
- Unicorn-60303.exe (PID: 9024)
- Unicorn-7588.exe (PID: 9052)
- Unicorn-41565.exe (PID: 9072)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-33437.exe (PID: 9104)
- Unicorn-49581.exe (PID: 9172)
- Unicorn-6502.exe (PID: 9192)
- Unicorn-57557.exe (PID: 9212)
- Unicorn-25928.exe (PID: 6640)
- Unicorn-17833.exe (PID: 1348)
- Unicorn-5943.exe (PID: 8320)
- Unicorn-25809.exe (PID: 8316)
- Unicorn-38999.exe (PID: 8508)
- Unicorn-58.exe (PID: 9152)
- Unicorn-9280.exe (PID: 8308)
- Unicorn-9280.exe (PID: 8436)
- Unicorn-37106.exe (PID: 9244)
- Unicorn-46037.exe (PID: 9252)
- Unicorn-41273.exe (PID: 1452)
- Unicorn-61863.exe (PID: 9280)
- Unicorn-35129.exe (PID: 9328)
- Unicorn-48128.exe (PID: 9288)
- Unicorn-33275.exe (PID: 1912)
- Unicorn-41159.exe (PID: 9352)
- Unicorn-63525.exe (PID: 9412)
- Unicorn-63525.exe (PID: 9420)
- Unicorn-27131.exe (PID: 9468)
- Unicorn-65371.exe (PID: 9516)
- Unicorn-3224.exe (PID: 9588)
- Unicorn-48843.exe (PID: 9564)
- Unicorn-48896.exe (PID: 9580)
- Unicorn-59441.exe (PID: 9400)
- Unicorn-7863.exe (PID: 9596)
- Unicorn-27537.exe (PID: 9632)
- Unicorn-23453.exe (PID: 9648)
- Unicorn-55860.exe (PID: 9676)
- Unicorn-28497.exe (PID: 9768)
- Unicorn-36400.exe (PID: 9808)
- Unicorn-24775.exe (PID: 9840)
- Unicorn-48917.exe (PID: 9800)
- Unicorn-56488.exe (PID: 9728)
- Unicorn-6732.exe (PID: 9748)
- Unicorn-54847.exe (PID: 9856)
- Unicorn-28113.exe (PID: 9888)
- Unicorn-56701.exe (PID: 9940)
- Unicorn-38127.exe (PID: 9960)
- Unicorn-64677.exe (PID: 9980)
- Unicorn-39685.exe (PID: 8772)
- Unicorn-49685.exe (PID: 10020)
- Unicorn-20713.exe (PID: 10088)
- Unicorn-39685.exe (PID: 8776)
- Unicorn-1039.exe (PID: 10044)
- Unicorn-45580.exe (PID: 10140)
- Unicorn-4080.exe (PID: 8904)
- Unicorn-65445.exe (PID: 10148)
- Unicorn-45025.exe (PID: 10120)
- Unicorn-13239.exe (PID: 10188)
- Unicorn-9975.exe (PID: 10212)
- Unicorn-4495.exe (PID: 10000)
- Unicorn-60188.exe (PID: 9376)
- Unicorn-55305.exe (PID: 5576)
- Unicorn-51584.exe (PID: 10272)
- Unicorn-5912.exe (PID: 10284)
- Unicorn-26525.exe (PID: 10244)
- Unicorn-22803.exe (PID: 10304)
- Unicorn-17973.exe (PID: 10324)
- Unicorn-15926.exe (PID: 10344)
- Unicorn-29522.exe (PID: 10388)
- Unicorn-2788.exe (PID: 10428)
- Unicorn-47905.exe (PID: 10412)
- Unicorn-30666.exe (PID: 9708)
- Unicorn-51797.exe (PID: 10444)
- Unicorn-15403.exe (PID: 10480)
- Unicorn-60328.exe (PID: 10536)
- Unicorn-24133.exe (PID: 10596)
- Unicorn-1947.exe (PID: 10572)
- Unicorn-52529.exe (PID: 10640)
- Unicorn-20830.exe (PID: 9296)
- Unicorn-48253.exe (PID: 10696)
- Unicorn-20027.exe (PID: 10720)
- Unicorn-12456.exe (PID: 10848)
- Unicorn-20817.exe (PID: 10764)
- Unicorn-396.exe (PID: 10756)
- Unicorn-4480.exe (PID: 10740)
- Unicorn-32000.exe (PID: 10824)
- Unicorn-37515.exe (PID: 10876)
- Unicorn-12456.exe (PID: 10844)
- Unicorn-59419.exe (PID: 10896)
- Unicorn-51531.exe (PID: 10068)
- Unicorn-20433.exe (PID: 10916)
- Unicorn-61828.exe (PID: 11008)
- Unicorn-46836.exe (PID: 11116)
- Unicorn-45684.exe (PID: 10908)
- Unicorn-56997.exe (PID: 11076)
- Unicorn-56997.exe (PID: 11084)
- Unicorn-3063.exe (PID: 10660)
- Unicorn-22470.exe (PID: 10964)
- Unicorn-58341.exe (PID: 11156)
- Unicorn-33645.exe (PID: 3032)
- Unicorn-13203.exe (PID: 10800)
- Unicorn-44506.exe (PID: 872)
- Unicorn-62425.exe (PID: 11200)
- Unicorn-9140.exe (PID: 11192)
- Unicorn-17863.exe (PID: 4000)
- Unicorn-37537.exe (PID: 11288)
- Unicorn-13992.exe (PID: 11560)
- Unicorn-50173.exe (PID: 11164)
- Unicorn-4864.exe (PID: 10184)
- Unicorn-24517.exe (PID: 10932)
- Unicorn-35491.exe (PID: 11296)
- Unicorn-15454.exe (PID: 11136)
- Unicorn-28409.exe (PID: 11056)
- Unicorn-13224.exe (PID: 11256)
- Unicorn-13224.exe (PID: 11248)
- Unicorn-7094.exe (PID: 11240)
- Unicorn-16711.exe (PID: 11028)
- Unicorn-25477.exe (PID: 11232)
- Unicorn-40859.exe (PID: 11324)
- Unicorn-21009.exe (PID: 11368)
- Unicorn-1143.exe (PID: 11360)
- Unicorn-24330.exe (PID: 11400)
- Unicorn-50172.exe (PID: 11424)
- Unicorn-35159.exe (PID: 11524)
- Unicorn-53682.exe (PID: 11552)
- Unicorn-54428.exe (PID: 11352)
- Unicorn-18077.exe (PID: 11568)
- Unicorn-61809.exe (PID: 11332)
- Unicorn-53681.exe (PID: 11416)
- Unicorn-18247.exe (PID: 11692)
- Unicorn-9716.exe (PID: 11612)
- Unicorn-47220.exe (PID: 11620)
- Unicorn-44743.exe (PID: 11340)
- Unicorn-38689.exe (PID: 11472)
- Unicorn-3394.exe (PID: 11668)
Executes application which crashes
- Unicorn-23686.exe (PID: 7528)
INFO
Checks supported languages
- Unicorn-25261.exe (PID: 7332)
- Unicorn-11487.exe (PID: 7260)
- Unicorn-45577.exe (PID: 6808)
- 1 (1102).exe (PID: 6032)
- Unicorn-39521.exe (PID: 7252)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-56921.exe (PID: 7948)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-4513.exe (PID: 8004)
- Unicorn-37932.exe (PID: 8048)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-29990.exe (PID: 1012)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-25989.exe (PID: 4188)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-23686.exe (PID: 7528)
- Unicorn-57121.exe (PID: 7544)
- Unicorn-25417.exe (PID: 7536)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-1651.exe (PID: 7672)
- Unicorn-33171.exe (PID: 7552)
- Unicorn-33577.exe (PID: 7728)
- Unicorn-43089.exe (PID: 7844)
- Unicorn-43089.exe (PID: 7868)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-60001.exe (PID: 7864)
- Unicorn-23053.exe (PID: 3888)
- Unicorn-23053.exe (PID: 4896)
- Unicorn-53487.exe (PID: 720)
- Unicorn-31953.exe (PID: 1328)
- Unicorn-1126.exe (PID: 7240)
- Unicorn-31029.exe (PID: 7216)
- Unicorn-41273.exe (PID: 1452)
- Unicorn-57972.exe (PID: 7400)
- Unicorn-2854.exe (PID: 8208)
- Unicorn-53141.exe (PID: 6028)
- Unicorn-42595.exe (PID: 7740)
- Unicorn-23466.exe (PID: 7852)
- Unicorn-58185.exe (PID: 1088)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-14796.exe (PID: 8460)
- Unicorn-52108.exe (PID: 8512)
- Unicorn-9626.exe (PID: 8572)
- Unicorn-39877.exe (PID: 8688)
- Unicorn-21878.exe (PID: 8596)
- Unicorn-39685.exe (PID: 8772)
- Unicorn-6820.exe (PID: 8820)
- Unicorn-60105.exe (PID: 8828)
- Unicorn-44324.exe (PID: 8844)
- Unicorn-24095.exe (PID: 8720)
- Unicorn-11486.exe (PID: 8928)
- Unicorn-12248.exe (PID: 8936)
- Unicorn-33437.exe (PID: 9104)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-4080.exe (PID: 8904)
- Unicorn-57557.exe (PID: 9212)
- Unicorn-38999.exe (PID: 8508)
- Unicorn-9280.exe (PID: 8308)
- Unicorn-6502.exe (PID: 9192)
- Unicorn-37106.exe (PID: 9244)
- Unicorn-20830.exe (PID: 9296)
- Unicorn-35129.exe (PID: 9328)
- Unicorn-60188.exe (PID: 9376)
- Unicorn-63525.exe (PID: 9420)
- Unicorn-59441.exe (PID: 9400)
- Unicorn-63525.exe (PID: 9412)
- Unicorn-65371.exe (PID: 9516)
- Unicorn-48843.exe (PID: 9564)
- Unicorn-41159.exe (PID: 9352)
- Unicorn-23453.exe (PID: 9648)
- Unicorn-56488.exe (PID: 9728)
- Unicorn-24775.exe (PID: 9840)
- Unicorn-28113.exe (PID: 9888)
- Unicorn-38127.exe (PID: 9960)
- Unicorn-64677.exe (PID: 9980)
- Unicorn-1039.exe (PID: 10044)
- Unicorn-13239.exe (PID: 10188)
- Unicorn-26525.exe (PID: 10244)
- Unicorn-51584.exe (PID: 10272)
- Unicorn-45580.exe (PID: 10140)
- Unicorn-45025.exe (PID: 10120)
- Unicorn-2788.exe (PID: 10428)
- Unicorn-51797.exe (PID: 10444)
- Unicorn-15403.exe (PID: 10480)
- Unicorn-60328.exe (PID: 10536)
- Unicorn-17973.exe (PID: 10324)
- Unicorn-3063.exe (PID: 10660)
- Unicorn-20027.exe (PID: 10720)
- Unicorn-4480.exe (PID: 10740)
- Unicorn-24133.exe (PID: 10596)
- Unicorn-20817.exe (PID: 10764)
- Unicorn-396.exe (PID: 10756)
- Unicorn-13203.exe (PID: 10800)
- Unicorn-37515.exe (PID: 10876)
- Unicorn-12456.exe (PID: 10844)
- Unicorn-45684.exe (PID: 10908)
- Unicorn-24517.exe (PID: 10932)
- Unicorn-61828.exe (PID: 11008)
- Unicorn-28409.exe (PID: 11056)
- Unicorn-56997.exe (PID: 11076)
- Unicorn-56997.exe (PID: 11084)
- Unicorn-46836.exe (PID: 11116)
- Unicorn-58341.exe (PID: 11156)
- Unicorn-9140.exe (PID: 11192)
- Unicorn-7094.exe (PID: 11240)
- Unicorn-17863.exe (PID: 4000)
- Unicorn-13224.exe (PID: 11248)
- Unicorn-33645.exe (PID: 3032)
- Unicorn-61809.exe (PID: 11332)
- Unicorn-44743.exe (PID: 11340)
- Unicorn-53681.exe (PID: 11416)
- Unicorn-24330.exe (PID: 11400)
- Unicorn-38689.exe (PID: 11472)
- Unicorn-4864.exe (PID: 10184)
- Unicorn-13992.exe (PID: 11560)
- Unicorn-18077.exe (PID: 11568)
- Unicorn-3394.exe (PID: 11668)
- Unicorn-9716.exe (PID: 11612)
- Unicorn-47220.exe (PID: 11620)
- Unicorn-5995.exe (PID: 11680)
- Unicorn-15315.exe (PID: 11816)
- Unicorn-39265.exe (PID: 11792)
- Unicorn-59493.exe (PID: 11860)
- Unicorn-5506.exe (PID: 11900)
- Unicorn-23889.exe (PID: 11924)
- Unicorn-54449.exe (PID: 11712)
- Unicorn-34029.exe (PID: 11704)
- Unicorn-32057.exe (PID: 11948)
- Unicorn-39841.exe (PID: 12024)
- Unicorn-9014.exe (PID: 12060)
- Unicorn-37463.exe (PID: 12148)
- Unicorn-57329.exe (PID: 12156)
- Unicorn-49161.exe (PID: 12172)
- Unicorn-24273.exe (PID: 12252)
- Unicorn-24273.exe (PID: 12256)
- Unicorn-43923.exe (PID: 12232)
- Unicorn-36525.exe (PID: 12304)
- Unicorn-36260.exe (PID: 12324)
- Unicorn-36260.exe (PID: 12316)
- Unicorn-22034.exe (PID: 12396)
- Unicorn-49524.exe (PID: 12240)
- Unicorn-28165.exe (PID: 12404)
- Unicorn-28165.exe (PID: 12412)
- Unicorn-25979.exe (PID: 12460)
- Unicorn-13727.exe (PID: 12480)
- Unicorn-13727.exe (PID: 12472)
- Unicorn-6850.exe (PID: 12520)
- Unicorn-271.exe (PID: 12580)
- Unicorn-25041.exe (PID: 12616)
- Unicorn-5175.exe (PID: 12608)
- Unicorn-17027.exe (PID: 12760)
- Unicorn-53599.exe (PID: 12900)
- Unicorn-14075.exe (PID: 12860)
- Unicorn-50277.exe (PID: 12884)
- Unicorn-41652.exe (PID: 12996)
- Unicorn-50085.exe (PID: 12972)
- Unicorn-15227.exe (PID: 13044)
- Unicorn-46831.exe (PID: 13092)
- Unicorn-43069.exe (PID: 13128)
- Unicorn-43955.exe (PID: 12964)
- Unicorn-44723.exe (PID: 13220)
- Unicorn-40883.exe (PID: 13572)
- Unicorn-1195.exe (PID: 13676)
- Unicorn-2996.exe (PID: 5452)
- Unicorn-37707.exe (PID: 6264)
- Unicorn-49192.exe (PID: 13816)
- Unicorn-33483.exe (PID: 13928)
- Unicorn-57823.exe (PID: 14072)
- Unicorn-46224.exe (PID: 14236)
- Unicorn-48947.exe (PID: 14316)
- Unicorn-10515.exe (PID: 7812)
- Unicorn-54288.exe (PID: 13784)
- Unicorn-42118.exe (PID: 14388)
- Unicorn-34273.exe (PID: 14412)
Reads the computer name
- Unicorn-11487.exe (PID: 7260)
- 1 (1102).exe (PID: 6032)
- Unicorn-45577.exe (PID: 6808)
- Unicorn-39521.exe (PID: 7252)
- Unicorn-25261.exe (PID: 7332)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-16992.exe (PID: 7380)
- Unicorn-4513.exe (PID: 8004)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-25989.exe (PID: 4188)
- Unicorn-29990.exe (PID: 1012)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-4513.exe (PID: 8012)
- Unicorn-40785.exe (PID: 7484)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-33171.exe (PID: 7552)
- Unicorn-11682.exe (PID: 7496)
- Unicorn-57121.exe (PID: 7544)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-43089.exe (PID: 7844)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-60556.exe (PID: 7820)
- Unicorn-23053.exe (PID: 4896)
- Unicorn-31775.exe (PID: 7212)
- Unicorn-34350.exe (PID: 4620)
- Unicorn-18777.exe (PID: 4008)
- Unicorn-53487.exe (PID: 720)
- Unicorn-1126.exe (PID: 7240)
- Unicorn-37189.exe (PID: 1812)
- Unicorn-12170.exe (PID: 5244)
- Unicorn-16385.exe (PID: 7312)
- Unicorn-33275.exe (PID: 1912)
- Unicorn-23466.exe (PID: 7852)
- Unicorn-42595.exe (PID: 7740)
- Unicorn-2854.exe (PID: 8208)
- Unicorn-36295.exe (PID: 8364)
- Unicorn-22005.exe (PID: 8328)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-21878.exe (PID: 8596)
- Unicorn-7183.exe (PID: 8476)
- Unicorn-27625.exe (PID: 8704)
- Unicorn-39877.exe (PID: 8688)
- Unicorn-3120.exe (PID: 8652)
- Unicorn-39685.exe (PID: 8776)
- Unicorn-57100.exe (PID: 8876)
- Unicorn-57173.exe (PID: 8956)
- Unicorn-14094.exe (PID: 9004)
- Unicorn-60992.exe (PID: 8992)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-49581.exe (PID: 9172)
- Unicorn-9280.exe (PID: 8308)
- Unicorn-46037.exe (PID: 9252)
- Unicorn-35129.exe (PID: 9328)
- Unicorn-63525.exe (PID: 9420)
- Unicorn-48896.exe (PID: 9580)
- Unicorn-48843.exe (PID: 9564)
- Unicorn-56488.exe (PID: 9728)
- Unicorn-36400.exe (PID: 9808)
- Unicorn-24775.exe (PID: 9840)
- Unicorn-45580.exe (PID: 10140)
The sample compiled with chinese language support
- 1 (1102).exe (PID: 6032)
- Unicorn-45580.exe (PID: 10140)
- Unicorn-16385.exe (PID: 7312)
- Unicorn-25928.exe (PID: 6640)
- Unicorn-17863.exe (PID: 4000)
- Unicorn-13203.exe (PID: 10800)
- Unicorn-28533.exe (PID: 208)
- Unicorn-65128.exe (PID: 8148)
- Unicorn-63525.exe (PID: 9420)
- Unicorn-30666.exe (PID: 9708)
- Unicorn-25477.exe (PID: 11232)
- Unicorn-44506.exe (PID: 872)
- Unicorn-59419.exe (PID: 10896)
- Unicorn-396.exe (PID: 10756)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-25875.exe (PID: 8240)
- Unicorn-47941.exe (PID: 8056)
- Unicorn-48896.exe (PID: 9580)
- Unicorn-57533.exe (PID: 8036)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-22389.exe (PID: 8264)
- Unicorn-5912.exe (PID: 10284)
- Unicorn-35195.exe (PID: 8280)
- Unicorn-9140.exe (PID: 11192)
- Unicorn-1143.exe (PID: 11360)
- Unicorn-24330.exe (PID: 11400)
- Unicorn-31775.exe (PID: 7212)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-13992.exe (PID: 11560)
- Unicorn-1947.exe (PID: 10572)
- Unicorn-37106.exe (PID: 9244)
- Unicorn-50172.exe (PID: 11424)
- Unicorn-9280.exe (PID: 8436)
- Unicorn-29522.exe (PID: 10388)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-23053.exe (PID: 3888)
- Unicorn-52108.exe (PID: 8512)
- Unicorn-54847.exe (PID: 9856)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-21878.exe (PID: 8596)
- Unicorn-60328.exe (PID: 10536)
- Unicorn-37515.exe (PID: 10876)
- Unicorn-35159.exe (PID: 11524)
- Unicorn-15403.exe (PID: 10480)
- Unicorn-54428.exe (PID: 11352)
- Unicorn-53682.exe (PID: 11552)
- Unicorn-32617.exe (PID: 6148)
- Unicorn-9626.exe (PID: 8572)
- Unicorn-33437.exe (PID: 9104)
- Unicorn-56701.exe (PID: 9940)
- Unicorn-15926.exe (PID: 10344)
- Unicorn-61809.exe (PID: 11332)
- Unicorn-7204.exe (PID: 8660)
- Unicorn-48917.exe (PID: 9800)
- Unicorn-49685.exe (PID: 10020)
- Unicorn-53681.exe (PID: 11416)
- Unicorn-44516.exe (PID: 8752)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-2440.exe (PID: 7084)
- Unicorn-38127.exe (PID: 9960)
- Unicorn-3120.exe (PID: 8652)
- Unicorn-32071.exe (PID: 8796)
- Unicorn-64677.exe (PID: 9980)
- Unicorn-16443.exe (PID: 7976)
- Unicorn-18077.exe (PID: 11568)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-17973.exe (PID: 10324)
- Unicorn-50173.exe (PID: 11164)
- Unicorn-25417.exe (PID: 7536)
- Unicorn-33171.exe (PID: 7552)
- Unicorn-24095.exe (PID: 8720)
- Unicorn-18247.exe (PID: 11692)
- Unicorn-24133.exe (PID: 10596)
- Unicorn-44324.exe (PID: 8844)
- Unicorn-37537.exe (PID: 11288)
- Unicorn-4495.exe (PID: 10000)
- Unicorn-9716.exe (PID: 11612)
- Unicorn-20433.exe (PID: 10916)
- Unicorn-47220.exe (PID: 11620)
- Unicorn-31029.exe (PID: 7216)
- Unicorn-46907.exe (PID: 7520)
- Unicorn-57121.exe (PID: 7544)
- Unicorn-24517.exe (PID: 10932)
- Unicorn-39521.exe (PID: 7252)
- Unicorn-4864.exe (PID: 10184)
- Unicorn-37932.exe (PID: 8048)
- Unicorn-34350.exe (PID: 4620)
- Unicorn-45577.exe (PID: 6808)
- Unicorn-51531.exe (PID: 10068)
- Unicorn-3063.exe (PID: 10660)
- Unicorn-39751.exe (PID: 5176)
- Unicorn-6502.exe (PID: 9192)
- Unicorn-28409.exe (PID: 11056)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-15454.exe (PID: 11136)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-35491.exe (PID: 11296)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-10763.exe (PID: 632)
- Unicorn-52529.exe (PID: 10640)
- Unicorn-17833.exe (PID: 1348)
- Unicorn-61828.exe (PID: 11008)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-56997.exe (PID: 11076)
- Unicorn-13224.exe (PID: 11256)
- Unicorn-49913.exe (PID: 2240)
- Unicorn-13239.exe (PID: 10188)
- Unicorn-45684.exe (PID: 10908)
- Unicorn-13224.exe (PID: 11248)
- Unicorn-7094.exe (PID: 11240)
- Unicorn-58341.exe (PID: 11156)
- Unicorn-18777.exe (PID: 4008)
- Unicorn-44743.exe (PID: 11340)
- Unicorn-45025.exe (PID: 10120)
- Unicorn-16992.exe (PID: 7380)
- Unicorn-9975.exe (PID: 10212)
- Unicorn-31029.exe (PID: 6540)
- Unicorn-39877.exe (PID: 8688)
- Unicorn-38689.exe (PID: 11472)
- Unicorn-33645.exe (PID: 3032)
- Unicorn-40859.exe (PID: 11324)
- Unicorn-3394.exe (PID: 11668)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 7412)
- BackgroundTransferHost.exe (PID: 7824)
- BackgroundTransferHost.exe (PID: 7652)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 7652)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 7652)
Create files in a temporary directory
- Unicorn-25261.exe (PID: 7332)
- Unicorn-45577.exe (PID: 6808)
- Unicorn-48753.exe (PID: 7912)
- Unicorn-11487.exe (PID: 7260)
- 1 (1102).exe (PID: 6032)
- Unicorn-16443.exe (PID: 7976)
- Unicorn-16992.exe (PID: 7380)
- Unicorn-33520.exe (PID: 5400)
- Unicorn-25815.exe (PID: 7340)
- Unicorn-40785.exe (PID: 7484)
- Unicorn-4513.exe (PID: 8012)
- Unicorn-30178.exe (PID: 7984)
- Unicorn-25417.exe (PID: 7536)
- Unicorn-50297.exe (PID: 5124)
- Unicorn-6786.exe (PID: 7364)
- Unicorn-33577.exe (PID: 7728)
- Unicorn-29990.exe (PID: 1012)
- Unicorn-51951.exe (PID: 7644)
- Unicorn-53295.exe (PID: 7896)
- Unicorn-25989.exe (PID: 4188)
- Unicorn-28533.exe (PID: 208)
- Unicorn-47941.exe (PID: 8056)
- Unicorn-32617.exe (PID: 3768)
- Unicorn-31775.exe (PID: 4452)
- Unicorn-40785.exe (PID: 7464)
- Unicorn-31029.exe (PID: 6228)
- Unicorn-2440.exe (PID: 7084)
- Unicorn-56856.exe (PID: 7512)
- Unicorn-53487.exe (PID: 720)
- Unicorn-39521.exe (PID: 7252)
- Unicorn-39751.exe (PID: 5176)
- Unicorn-37932.exe (PID: 8048)
- Unicorn-10763.exe (PID: 632)
- Unicorn-1651.exe (PID: 7672)
- Unicorn-65512.exe (PID: 7036)
- Unicorn-1126.exe (PID: 7240)
- Unicorn-11682.exe (PID: 7496)
- Unicorn-53141.exe (PID: 6028)
- Unicorn-16385.exe (PID: 7312)
- Unicorn-43089.exe (PID: 7844)
- Unicorn-39559.exe (PID: 7904)
- Unicorn-43089.exe (PID: 7868)
- Unicorn-56921.exe (PID: 7948)
- Unicorn-23466.exe (PID: 7852)
- Unicorn-56664.exe (PID: 8100)
- Unicorn-25875.exe (PID: 8240)
- Unicorn-58185.exe (PID: 1088)
- Unicorn-27329.exe (PID: 8124)
- Unicorn-47661.exe (PID: 8440)
- Unicorn-23053.exe (PID: 4896)
- Unicorn-32617.exe (PID: 6148)
- Unicorn-7204.exe (PID: 8660)
- Unicorn-3120.exe (PID: 8652)
- Unicorn-27625.exe (PID: 8704)
- Unicorn-52129.exe (PID: 8712)
- Unicorn-18777.exe (PID: 4008)
- Unicorn-31029.exe (PID: 6540)
- Unicorn-31029.exe (PID: 1324)
- Unicorn-59352.exe (PID: 8176)
- Unicorn-57100.exe (PID: 8876)
- Unicorn-14094.exe (PID: 9004)
- Unicorn-60992.exe (PID: 8992)
- Unicorn-59352.exe (PID: 5936)
- Unicorn-8740.exe (PID: 9120)
- Unicorn-7588.exe (PID: 9052)
- Unicorn-49581.exe (PID: 9172)
- Unicorn-17833.exe (PID: 1348)
- Unicorn-5943.exe (PID: 8320)
- Unicorn-12170.exe (PID: 5244)
- Unicorn-61863.exe (PID: 9280)
- Unicorn-53141.exe (PID: 7560)
- Unicorn-24553.exe (PID: 4180)
- Unicorn-48128.exe (PID: 9288)
- Unicorn-57972.exe (PID: 7400)
- Unicorn-6960.exe (PID: 6592)
- Unicorn-59441.exe (PID: 9400)
- Unicorn-65128.exe (PID: 8148)
- Unicorn-3224.exe (PID: 9588)
- Unicorn-48896.exe (PID: 9580)
- Unicorn-58377.exe (PID: 7752)
- Unicorn-27537.exe (PID: 9632)
- Unicorn-57533.exe (PID: 8036)
- Unicorn-60556.exe (PID: 7820)
- Unicorn-14796.exe (PID: 8460)
- Unicorn-7183.exe (PID: 8476)
- Unicorn-54847.exe (PID: 9856)
- Unicorn-31775.exe (PID: 7212)
- Unicorn-56322.exe (PID: 8540)
- Unicorn-4513.exe (PID: 8004)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProdctVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
549
Monitored processes
414
Malicious processes
58
Suspicious processes
63
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 208 | C:\Users\admin\AppData\Local\Temp\Unicorn-28533.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28533.exe | Unicorn-57533.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-10763.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10763.exe | 1 (1102).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 720 | C:\Users\admin\AppData\Local\Temp\Unicorn-53487.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-53487.exe | Unicorn-6786.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-44506.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44506.exe | Unicorn-28982.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1012 | C:\Users\admin\AppData\Local\Temp\Unicorn-29990.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29990.exe | Unicorn-25261.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1088 | C:\Users\admin\AppData\Local\Temp\Unicorn-58185.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58185.exe | Unicorn-56664.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-31029.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31029.exe | Unicorn-57121.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1328 | C:\Users\admin\AppData\Local\Temp\Unicorn-31953.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31953.exe | Unicorn-50297.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1348 | C:\Users\admin\AppData\Local\Temp\Unicorn-17833.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17833.exe | Unicorn-37189.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1452 | C:\Users\admin\AppData\Local\Temp\Unicorn-41273.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41273.exe | Unicorn-51951.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
11 232
Read events
11 217
Write events
15
Delete events
0
Modification events
| (PID) Process: | (7412) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7412) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7412) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7652) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7652) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7652) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7824) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7824) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7824) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (8180) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 069
Suspicious files
8
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7652 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\16b8ffac-a3db-4ab5-b307-3d7493b94e5c.down_data | — | |
MD5:— | SHA256:— | |||
| 6808 | Unicorn-45577.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-39521.exe | executable | |
MD5:B8C634EA3161DD4EDB24EF411CFA9023 | SHA256:20305907B8E1F9B910A40FB9DA7E0DA558F81DC5E1C80111553F6F04CDF4F677 | |||
| 7652 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\381f37ae-adef-4ae1-ba54-fd9b1e070774.up_meta_secure | binary | |
MD5:8B07F0CEB7E3CCB4AEF84A5E52668FF5 | SHA256:A2787A26FFD123BB9715A3F30D01E037A3B067E9F764E1DBFA9667B7EEE8682A | |||
| 7652 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\16b8ffac-a3db-4ab5-b307-3d7493b94e5c.a8db86c9-839a-4212-b1c8-850aa7c516bb.down_meta | binary | |
MD5:EACE161F92172682EDE6CB1EE2FDDEA7 | SHA256:FC3189C3C195E2B867314E651BDC2A9BB4F72083269D5F1D1D9DA78427E52A57 | |||
| 6032 | 1 (1102).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11487.exe | executable | |
MD5:2B653D190C8190A2BEDB7526FD19836B | SHA256:0C1257050AA7E10C0876CE34CA49AEF047B147ADCF6F9731C1318C86A7618837 | |||
| 7252 | Unicorn-39521.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25261.exe | executable | |
MD5:FB9FA2A932D15BEBFD8685D129E93BC4 | SHA256:D2653460C0DC115D14C6E8D621A1DFF014AE5150D0630E2C740744343FD58D8A | |||
| 6808 | Unicorn-45577.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25815.exe | executable | |
MD5:F997767AA3DFA3AAA5491714980F415F | SHA256:2C632AFC0162C16203868DAD8091EFEB9DB7C526051DB065920831C7B3CACCAE | |||
| 7332 | Unicorn-25261.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-48753.exe | executable | |
MD5:7C1957E5B9957087F08C1611D6148F6D | SHA256:EBD63C926448B8799FB07E2362211BDF321CDE61878EB0393FCE23737E09A460 | |||
| 7260 | Unicorn-11487.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-6786.exe | executable | |
MD5:CB4221274CC18A386B13E97521D10111 | SHA256:B6D317AFCD6DB58D35BD501D1D46EA921EEE921B8D234DFB945C8A154BD11486 | |||
| 6032 | 1 (1102).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45577.exe | executable | |
MD5:F8F16B95C2E9BAD0ED48977B914C6216 | SHA256:B32C10A8B236A93F2C88E7BB3EC89A4570937ADED4C006A9C329204DDB05A096 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.143:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
4652 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7652 | BackgroundTransferHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
8296 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8296 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 23.48.23.143:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
3216 | svchost.exe | 40.115.3.253:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.160.20:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
4652 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4652 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
2104 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7652 | BackgroundTransferHost.exe | 104.126.37.147:443 | www.bing.com | Akamai International B.V. | DE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |