| File name: | 1 (145) |
| Full analysis: | https://app.any.run/tasks/a6f9fb07-58f8-4a98-a025-a6c3f615ccee |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 14:08:11 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 3BB973D90B3C591B485BB444AC048050 |
| SHA1: | 0DC9B82ED132A4886A02793597A9512A39847B3C |
| SHA256: | F86B62A10A5DDC60BCA4E36A2DFC284A57FD20E5DEF2E5CEC2E4B38BB1E98AE9 |
| SSDEEP: | 6144:2NEgI7IJADmLA5cHXjSp9qSx5trqlp8GBV/0yeXdSk/8SwjwpyAvEh9RSJZQsx1S:2ypMRLA50XeFrM+aVMyeXdxx4nxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-52386.exe (PID: 7576)
- 1 (145).exe (PID: 7412)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-21546.exe (PID: 2384)
- Unicorn-46050.exe (PID: 7360)
- Unicorn-64270.exe (PID: 7320)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-64825.exe (PID: 5332)
- Unicorn-60113.exe (PID: 5380)
- Unicorn-53279.exe (PID: 7204)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-40512.exe (PID: 7172)
- Unicorn-29818.exe (PID: 2236)
- Unicorn-35608.exe (PID: 4976)
- Unicorn-41368.exe (PID: 1324)
- Unicorn-38946.exe (PID: 6768)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-42838.exe (PID: 6388)
- Unicorn-42838.exe (PID: 3240)
- Unicorn-50741.exe (PID: 6372)
- Unicorn-31140.exe (PID: 5720)
- Unicorn-62496.exe (PID: 6476)
- Unicorn-65296.exe (PID: 660)
- Unicorn-61826.exe (PID: 5972)
- Unicorn-5571.exe (PID: 7176)
- Unicorn-5571.exe (PID: 7188)
- Unicorn-46045.exe (PID: 5364)
- Unicorn-22055.exe (PID: 7640)
- Unicorn-22055.exe (PID: 7472)
- Unicorn-36673.exe (PID: 5552)
- Unicorn-17072.exe (PID: 7776)
- Unicorn-28962.exe (PID: 7336)
- Unicorn-27299.exe (PID: 4108)
- Unicorn-5417.exe (PID: 7812)
- Unicorn-1333.exe (PID: 7808)
- Unicorn-1333.exe (PID: 7996)
- Unicorn-51006.exe (PID: 6184)
- Unicorn-17840.exe (PID: 7956)
- Unicorn-17840.exe (PID: 7940)
- Unicorn-17840.exe (PID: 7960)
- Unicorn-17840.exe (PID: 7932)
- Unicorn-60648.exe (PID: 7768)
- Unicorn-60648.exe (PID: 8028)
- Unicorn-28775.exe (PID: 8140)
- Unicorn-8156.exe (PID: 7276)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-21754.exe (PID: 7740)
- Unicorn-21754.exe (PID: 7736)
- Unicorn-31575.exe (PID: 7620)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-14664.exe (PID: 5868)
- Unicorn-14664.exe (PID: 7892)
- Unicorn-52625.exe (PID: 7908)
- Unicorn-56154.exe (PID: 8080)
- Unicorn-60046.exe (PID: 4180)
- Unicorn-59662.exe (PID: 8116)
- Unicorn-16583.exe (PID: 8112)
- Unicorn-2485.exe (PID: 4220)
- Unicorn-11208.exe (PID: 6652)
- Unicorn-50508.exe (PID: 5984)
- Unicorn-44478.exe (PID: 5968)
- Unicorn-50508.exe (PID: 4068)
- Unicorn-30642.exe (PID: 2772)
- Unicorn-40586.exe (PID: 5328)
- Unicorn-12417.exe (PID: 5384)
- Unicorn-64113.exe (PID: 1096)
- Unicorn-25681.exe (PID: 2040)
- Unicorn-61313.exe (PID: 1012)
- Unicorn-20720.exe (PID: 6512)
- Unicorn-40586.exe (PID: 5360)
- Unicorn-45246.exe (PID: 7676)
- Unicorn-4960.exe (PID: 6872)
- Unicorn-57690.exe (PID: 8168)
- Unicorn-53606.exe (PID: 8180)
- Unicorn-4768.exe (PID: 7836)
- Unicorn-62329.exe (PID: 7248)
- Unicorn-32610.exe (PID: 8276)
- Unicorn-32610.exe (PID: 8208)
- Unicorn-32610.exe (PID: 8268)
- Unicorn-20358.exe (PID: 8200)
- Unicorn-20358.exe (PID: 1168)
- Unicorn-32610.exe (PID: 8224)
- Unicorn-28526.exe (PID: 8244)
- Unicorn-52136.exe (PID: 8316)
- Unicorn-20358.exe (PID: 2980)
- Unicorn-26340.exe (PID: 8536)
- Unicorn-28526.exe (PID: 8240)
- Unicorn-32610.exe (PID: 8232)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-20358.exe (PID: 2644)
- Unicorn-20740.exe (PID: 8500)
- Unicorn-34316.exe (PID: 8324)
- Unicorn-40076.exe (PID: 8476)
- Unicorn-23355.exe (PID: 8408)
- Unicorn-37275.exe (PID: 8428)
- Unicorn-37806.exe (PID: 8468)
- Unicorn-29221.exe (PID: 8416)
- Unicorn-33378.exe (PID: 8620)
- Unicorn-38592.exe (PID: 8448)
- Unicorn-13917.exe (PID: 8656)
- Unicorn-1857.exe (PID: 8704)
- Unicorn-52328.exe (PID: 8456)
- Unicorn-34530.exe (PID: 8740)
- Unicorn-62734.exe (PID: 8812)
- Unicorn-37467.exe (PID: 8780)
- Unicorn-21702.exe (PID: 8840)
- Unicorn-59781.exe (PID: 8732)
- Unicorn-55313.exe (PID: 8880)
- Unicorn-19847.exe (PID: 8892)
- Unicorn-49912.exe (PID: 8860)
- Unicorn-17399.exe (PID: 8972)
- Unicorn-59382.exe (PID: 8956)
- Unicorn-7036.exe (PID: 8980)
- Unicorn-43046.exe (PID: 8928)
- Unicorn-27478.exe (PID: 9036)
- Unicorn-6050.exe (PID: 9020)
- Unicorn-36798.exe (PID: 9084)
- Unicorn-6080.exe (PID: 9052)
- Unicorn-56450.exe (PID: 9004)
- Unicorn-36990.exe (PID: 9140)
- Unicorn-15225.exe (PID: 9068)
- Unicorn-53326.exe (PID: 9168)
- Unicorn-4125.exe (PID: 9180)
- Unicorn-36227.exe (PID: 9152)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-62371.exe (PID: 9092)
- Unicorn-36968.exe (PID: 7312)
- Unicorn-25785.exe (PID: 9212)
- Unicorn-26391.exe (PID: 9232)
- Unicorn-36606.exe (PID: 9248)
- Unicorn-27476.exe (PID: 9272)
- Unicorn-49413.exe (PID: 9296)
- Unicorn-24857.exe (PID: 9392)
- Unicorn-50010.exe (PID: 9412)
- Unicorn-61686.exe (PID: 9484)
- Unicorn-14576.exe (PID: 9536)
- Unicorn-45542.exe (PID: 9500)
- Unicorn-2463.exe (PID: 9516)
- Unicorn-13829.exe (PID: 9568)
- Unicorn-50394.exe (PID: 9604)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-60269.exe (PID: 9656)
- Unicorn-44648.exe (PID: 9544)
- Unicorn-54286.exe (PID: 9584)
- Unicorn-26274.exe (PID: 9696)
- Unicorn-31702.exe (PID: 9728)
- Unicorn-52869.exe (PID: 9828)
- Unicorn-27426.exe (PID: 9764)
- Unicorn-40616.exe (PID: 9812)
- Unicorn-8659.exe (PID: 9856)
Executable content was dropped or overwritten
- 1 (145).exe (PID: 7412)
- Unicorn-52386.exe (PID: 7576)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-64825.exe (PID: 5332)
- Unicorn-64270.exe (PID: 7320)
- Unicorn-21546.exe (PID: 2384)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-40512.exe (PID: 7172)
- Unicorn-60113.exe (PID: 5380)
- Unicorn-29818.exe (PID: 2236)
- Unicorn-35608.exe (PID: 4976)
- Unicorn-38946.exe (PID: 6768)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-51006.exe (PID: 6184)
- Unicorn-62496.exe (PID: 6476)
- Unicorn-42838.exe (PID: 3240)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-61826.exe (PID: 5972)
- Unicorn-5571.exe (PID: 7188)
- Unicorn-46045.exe (PID: 5364)
- Unicorn-22055.exe (PID: 7472)
- Unicorn-36673.exe (PID: 5552)
- Unicorn-41368.exe (PID: 1324)
- Unicorn-28962.exe (PID: 7336)
- Unicorn-27299.exe (PID: 4108)
- Unicorn-5417.exe (PID: 7812)
- Unicorn-1333.exe (PID: 7808)
- Unicorn-1333.exe (PID: 7996)
- Unicorn-42838.exe (PID: 6388)
- Unicorn-17840.exe (PID: 7940)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-60648.exe (PID: 8028)
- Unicorn-31140.exe (PID: 5720)
- Unicorn-65296.exe (PID: 660)
- Unicorn-53279.exe (PID: 7204)
- Unicorn-50741.exe (PID: 6372)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-5571.exe (PID: 7176)
- Unicorn-14664.exe (PID: 5868)
- Unicorn-60046.exe (PID: 4180)
- Unicorn-14664.exe (PID: 7892)
- Unicorn-52625.exe (PID: 7908)
- Unicorn-56154.exe (PID: 8080)
- Unicorn-46050.exe (PID: 7360)
- Unicorn-59662.exe (PID: 8116)
- Unicorn-2485.exe (PID: 4220)
- Unicorn-11208.exe (PID: 6652)
- Unicorn-12417.exe (PID: 5384)
- Unicorn-16583.exe (PID: 8112)
- Unicorn-50508.exe (PID: 5984)
- Unicorn-44478.exe (PID: 5968)
- Unicorn-30642.exe (PID: 2772)
- Unicorn-40586.exe (PID: 5328)
- Unicorn-50508.exe (PID: 4068)
- Unicorn-61313.exe (PID: 1012)
- Unicorn-17072.exe (PID: 7776)
- Unicorn-64113.exe (PID: 1096)
- Unicorn-22055.exe (PID: 7640)
- Unicorn-20720.exe (PID: 6512)
- Unicorn-25681.exe (PID: 2040)
- Unicorn-40586.exe (PID: 5360)
- Unicorn-45246.exe (PID: 7676)
- Unicorn-4960.exe (PID: 6872)
- Unicorn-57690.exe (PID: 8168)
- Unicorn-53606.exe (PID: 8180)
- Unicorn-4768.exe (PID: 7836)
- Unicorn-62329.exe (PID: 7248)
- Unicorn-28526.exe (PID: 8244)
- Unicorn-32610.exe (PID: 8208)
- Unicorn-32610.exe (PID: 8268)
- Unicorn-20358.exe (PID: 8200)
- Unicorn-32610.exe (PID: 8224)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-52136.exe (PID: 8316)
- Unicorn-32610.exe (PID: 8276)
- Unicorn-21754.exe (PID: 7736)
- Unicorn-17840.exe (PID: 7932)
- Unicorn-28526.exe (PID: 8240)
- Unicorn-26340.exe (PID: 8536)
- Unicorn-32610.exe (PID: 8232)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-21754.exe (PID: 7740)
- Unicorn-60648.exe (PID: 7768)
- Unicorn-20358.exe (PID: 2644)
- Unicorn-34316.exe (PID: 8324)
- Unicorn-20740.exe (PID: 8500)
- Unicorn-40076.exe (PID: 8476)
- Unicorn-17840.exe (PID: 7960)
- Unicorn-8156.exe (PID: 7276)
- Unicorn-29221.exe (PID: 8416)
- Unicorn-37806.exe (PID: 8468)
- Unicorn-31575.exe (PID: 7620)
- Unicorn-17840.exe (PID: 7956)
- Unicorn-52328.exe (PID: 8456)
- Unicorn-23355.exe (PID: 8408)
- Unicorn-38592.exe (PID: 8448)
- Unicorn-33378.exe (PID: 8620)
- Unicorn-13917.exe (PID: 8656)
- Unicorn-1857.exe (PID: 8704)
- Unicorn-62734.exe (PID: 8812)
- Unicorn-21702.exe (PID: 8840)
- Unicorn-55313.exe (PID: 8880)
- Unicorn-35084.exe (PID: 8648)
- Unicorn-34530.exe (PID: 8740)
- Unicorn-37467.exe (PID: 8780)
- Unicorn-59781.exe (PID: 8732)
- Unicorn-49912.exe (PID: 8860)
- Unicorn-19847.exe (PID: 8892)
- Unicorn-17399.exe (PID: 8972)
- Unicorn-59382.exe (PID: 8956)
- Unicorn-7036.exe (PID: 8980)
- Unicorn-43046.exe (PID: 8928)
- Unicorn-6050.exe (PID: 9020)
- Unicorn-36798.exe (PID: 9084)
- Unicorn-6080.exe (PID: 9052)
- Unicorn-56450.exe (PID: 9004)
- Unicorn-27478.exe (PID: 9036)
- Unicorn-62371.exe (PID: 9092)
- Unicorn-53326.exe (PID: 9168)
- Unicorn-36227.exe (PID: 9152)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-4125.exe (PID: 9180)
- Unicorn-15225.exe (PID: 9068)
- Unicorn-25785.exe (PID: 9212)
- Unicorn-16740.exe (PID: 9240)
- Unicorn-27476.exe (PID: 9272)
- Unicorn-26391.exe (PID: 9232)
- Unicorn-36968.exe (PID: 7312)
- Unicorn-24857.exe (PID: 9392)
- Unicorn-50010.exe (PID: 9412)
- Unicorn-36606.exe (PID: 9248)
- Unicorn-49413.exe (PID: 9296)
- Unicorn-61686.exe (PID: 9484)
- Unicorn-45542.exe (PID: 9500)
- Unicorn-2463.exe (PID: 9516)
- Unicorn-14576.exe (PID: 9536)
- Unicorn-44648.exe (PID: 9544)
- Unicorn-54286.exe (PID: 9584)
- Unicorn-50394.exe (PID: 9604)
- Unicorn-60269.exe (PID: 9656)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-13829.exe (PID: 9568)
- Unicorn-31702.exe (PID: 9728)
- Unicorn-27426.exe (PID: 9764)
- Unicorn-52869.exe (PID: 9828)
- Unicorn-40616.exe (PID: 9812)
- Unicorn-8659.exe (PID: 9856)
- Unicorn-26274.exe (PID: 9696)
- Unicorn-28775.exe (PID: 8140)
- Unicorn-30440.exe (PID: 10136)
- Unicorn-40913.exe (PID: 10080)
- Unicorn-42138.exe (PID: 10128)
- Unicorn-29886.exe (PID: 10116)
- Unicorn-62558.exe (PID: 10180)
- Unicorn-36990.exe (PID: 9140)
- Unicorn-13357.exe (PID: 10204)
- Unicorn-1468.exe (PID: 10272)
- Unicorn-20358.exe (PID: 1168)
- Unicorn-5381.exe (PID: 7652)
- Unicorn-17634.exe (PID: 5576)
- Unicorn-12973.exe (PID: 10320)
- Unicorn-9465.exe (PID: 5212)
- Unicorn-43460.exe (PID: 10460)
- Unicorn-17996.exe (PID: 10356)
- Unicorn-50477.exe (PID: 10300)
- Unicorn-46030.exe (PID: 10372)
- Unicorn-27124.exe (PID: 10400)
- Unicorn-46990.exe (PID: 10408)
- Unicorn-35292.exe (PID: 10432)
- Unicorn-26762.exe (PID: 10516)
- Unicorn-34930.exe (PID: 10544)
- Unicorn-59242.exe (PID: 10416)
- Unicorn-9465.exe (PID: 6228)
- Unicorn-17368.exe (PID: 7488)
- Unicorn-12973.exe (PID: 10312)
- Unicorn-51821.exe (PID: 10628)
- Unicorn-8187.exe (PID: 10644)
- Unicorn-43098.exe (PID: 10572)
- Unicorn-13741.exe (PID: 10712)
- Unicorn-22102.exe (PID: 10652)
- Unicorn-20358.exe (PID: 2980)
- Unicorn-51245.exe (PID: 10688)
- Unicorn-7611.exe (PID: 10704)
- Unicorn-46533.exe (PID: 10820)
- Unicorn-46533.exe (PID: 10812)
- Unicorn-30230.exe (PID: 10788)
- Unicorn-18407.exe (PID: 10888)
- Unicorn-2428.exe (PID: 10728)
- Unicorn-1873.exe (PID: 10448)
- Unicorn-47737.exe (PID: 10608)
- Unicorn-43460.exe (PID: 10468)
- Unicorn-43098.exe (PID: 10580)
- Unicorn-2376.exe (PID: 10924)
- Unicorn-22294.exe (PID: 10736)
- Unicorn-37668.exe (PID: 10856)
- Unicorn-13916.exe (PID: 10936)
- Unicorn-20047.exe (PID: 10952)
- Unicorn-26954.exe (PID: 10992)
- Unicorn-51458.exe (PID: 11020)
- Unicorn-54648.exe (PID: 11220)
- Unicorn-10425.exe (PID: 11036)
- Unicorn-7088.exe (PID: 10984)
- Unicorn-56289.exe (PID: 11148)
- Unicorn-11364.exe (PID: 11072)
- Unicorn-44752.exe (PID: 10796)
- Unicorn-50882.exe (PID: 10804)
- Unicorn-25995.exe (PID: 10916)
- Unicorn-18594.exe (PID: 11044)
- Unicorn-51650.exe (PID: 11116)
- Unicorn-26251.exe (PID: 8572)
- Unicorn-24768.exe (PID: 8604)
- Unicorn-11000.exe (PID: 4164)
- Unicorn-53357.exe (PID: 11308)
- Unicorn-7493.exe (PID: 11252)
- Unicorn-22678.exe (PID: 10524)
- Unicorn-36466.exe (PID: 8592)
- Unicorn-30844.exe (PID: 11380)
- Unicorn-53165.exe (PID: 11244)
- Unicorn-64457.exe (PID: 11160)
- Unicorn-18786.exe (PID: 11168)
- Unicorn-29759.exe (PID: 11348)
- Unicorn-31230.exe (PID: 11096)
- Unicorn-15662.exe (PID: 11260)
- Unicorn-56310.exe (PID: 11404)
- Unicorn-13092.exe (PID: 11532)
- Unicorn-56045.exe (PID: 11396)
- Unicorn-44250.exe (PID: 11472)
- Unicorn-15469.exe (PID: 11508)
- Unicorn-20514.exe (PID: 11564)
- Unicorn-45402.exe (PID: 11592)
- Unicorn-37404.exe (PID: 11704)
- Unicorn-16046.exe (PID: 11644)
- Unicorn-22551.exe (PID: 11652)
- Unicorn-40934.exe (PID: 11684)
- Unicorn-57633.exe (PID: 11624)
- Unicorn-11583.exe (PID: 11556)
- Unicorn-49678.exe (PID: 11828)
- Unicorn-49678.exe (PID: 11820)
- Unicorn-13305.exe (PID: 11772)
- Unicorn-22220.exe (PID: 11756)
- Unicorn-61930.exe (PID: 11836)
- Unicorn-37275.exe (PID: 8428)
- Unicorn-27787.exe (PID: 11732)
- Unicorn-25174.exe (PID: 11796)
INFO
Checks supported languages
- Unicorn-52386.exe (PID: 7576)
- 1 (145).exe (PID: 7412)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-64270.exe (PID: 7320)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-53279.exe (PID: 7204)
- Unicorn-46050.exe (PID: 7360)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-50741.exe (PID: 6372)
- Unicorn-42838.exe (PID: 3240)
- Unicorn-28962.exe (PID: 7336)
- Unicorn-46045.exe (PID: 5364)
- Unicorn-5571.exe (PID: 7188)
- Unicorn-61826.exe (PID: 5972)
- Unicorn-5417.exe (PID: 7812)
- Unicorn-21754.exe (PID: 7736)
- Unicorn-60648.exe (PID: 7768)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-17840.exe (PID: 7960)
- Unicorn-21754.exe (PID: 7740)
- Unicorn-56154.exe (PID: 8080)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-14664.exe (PID: 5868)
- Unicorn-52625.exe (PID: 7908)
- Unicorn-30642.exe (PID: 2772)
- Unicorn-40586.exe (PID: 5360)
- Unicorn-4768.exe (PID: 7836)
- Unicorn-61313.exe (PID: 1012)
- Unicorn-20720.exe (PID: 6512)
- Unicorn-32610.exe (PID: 8232)
- Unicorn-32610.exe (PID: 8224)
- Unicorn-28526.exe (PID: 8244)
- Unicorn-32610.exe (PID: 8276)
- Unicorn-20358.exe (PID: 2980)
- Unicorn-38592.exe (PID: 8448)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-52328.exe (PID: 8456)
- Unicorn-26340.exe (PID: 8536)
- Unicorn-20740.exe (PID: 8500)
- Unicorn-52136.exe (PID: 8316)
- Unicorn-32610.exe (PID: 8268)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-34530.exe (PID: 8740)
- Unicorn-62734.exe (PID: 8812)
- Unicorn-56450.exe (PID: 9004)
- Unicorn-7036.exe (PID: 8980)
- Unicorn-6080.exe (PID: 9052)
- Unicorn-19847.exe (PID: 8892)
- Unicorn-36990.exe (PID: 9140)
- Unicorn-53326.exe (PID: 9168)
- Unicorn-15225.exe (PID: 9068)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-16740.exe (PID: 9240)
- Unicorn-49413.exe (PID: 9296)
- Unicorn-24857.exe (PID: 9392)
- Unicorn-50010.exe (PID: 9412)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-50394.exe (PID: 9604)
- Unicorn-12359.exe (PID: 9664)
- Unicorn-31702.exe (PID: 9728)
- Unicorn-52869.exe (PID: 9828)
- Unicorn-27426.exe (PID: 9764)
- Unicorn-42138.exe (PID: 10128)
- Unicorn-5381.exe (PID: 7652)
- Unicorn-17634.exe (PID: 5576)
- Unicorn-50477.exe (PID: 10300)
- Unicorn-17996.exe (PID: 10356)
- Unicorn-46030.exe (PID: 10372)
- Unicorn-17368.exe (PID: 7488)
- Unicorn-27124.exe (PID: 10400)
- Unicorn-59242.exe (PID: 10416)
- Unicorn-35292.exe (PID: 10432)
- Unicorn-43460.exe (PID: 10460)
- Unicorn-46990.exe (PID: 10408)
- Unicorn-51821.exe (PID: 10628)
- Unicorn-26762.exe (PID: 10516)
- Unicorn-8187.exe (PID: 10644)
- Unicorn-22294.exe (PID: 10736)
- Unicorn-44752.exe (PID: 10796)
- Unicorn-37668.exe (PID: 10856)
- Unicorn-46533.exe (PID: 10812)
- Unicorn-18407.exe (PID: 10888)
- Unicorn-51458.exe (PID: 11020)
- Unicorn-10425.exe (PID: 11036)
- Unicorn-24022.exe (PID: 11188)
- Unicorn-56289.exe (PID: 11148)
- Unicorn-53165.exe (PID: 11244)
- Unicorn-24768.exe (PID: 8604)
- Unicorn-7493.exe (PID: 11252)
- Unicorn-53357.exe (PID: 11308)
- Unicorn-29759.exe (PID: 11348)
- Unicorn-26251.exe (PID: 8572)
- Unicorn-13092.exe (PID: 11532)
- Unicorn-11583.exe (PID: 11556)
- Unicorn-56045.exe (PID: 11396)
- Unicorn-15469.exe (PID: 11508)
- Unicorn-57633.exe (PID: 11624)
- Unicorn-16046.exe (PID: 11644)
- Unicorn-22220.exe (PID: 11756)
- Unicorn-37404.exe (PID: 11704)
- Unicorn-25174.exe (PID: 11796)
- Unicorn-45402.exe (PID: 11592)
- Unicorn-49678.exe (PID: 11828)
- Unicorn-45786.exe (PID: 11876)
- Unicorn-26326.exe (PID: 11904)
- Unicorn-50830.exe (PID: 11952)
- Unicorn-9797.exe (PID: 11968)
- Unicorn-2184.exe (PID: 11976)
- Unicorn-59190.exe (PID: 12020)
- Unicorn-47493.exe (PID: 12040)
- Unicorn-10160.exe (PID: 12092)
- Unicorn-46746.exe (PID: 11920)
- Unicorn-51193.exe (PID: 12188)
- Unicorn-3426.exe (PID: 12268)
- Unicorn-41508.exe (PID: 12196)
- Unicorn-34180.exe (PID: 2064)
- Unicorn-46465.exe (PID: 5164)
- Unicorn-60987.exe (PID: 4008)
- Unicorn-18279.exe (PID: 12424)
- Unicorn-8103.exe (PID: 12392)
- Unicorn-29214.exe (PID: 12408)
- Unicorn-10516.exe (PID: 12572)
- Unicorn-50781.exe (PID: 11620)
- Unicorn-18419.exe (PID: 12604)
- Unicorn-14216.exe (PID: 12684)
- Unicorn-27429.exe (PID: 12756)
- Unicorn-15560.exe (PID: 12984)
- Unicorn-9622.exe (PID: 13032)
- Unicorn-49769.exe (PID: 13128)
- Unicorn-13594.exe (PID: 13360)
- Unicorn-51284.exe (PID: 13416)
- Unicorn-53919.exe (PID: 13572)
- Unicorn-36291.exe (PID: 13696)
- Unicorn-24754.exe (PID: 13768)
- Unicorn-44076.exe (PID: 13844)
- Unicorn-36099.exe (PID: 13532)
- Unicorn-36099.exe (PID: 13564)
The sample compiled with chinese language support
- 1 (145).exe (PID: 7412)
- Unicorn-27426.exe (PID: 9764)
- Unicorn-40616.exe (PID: 9812)
- Unicorn-30844.exe (PID: 11380)
- Unicorn-8659.exe (PID: 9856)
- Unicorn-32610.exe (PID: 8276)
- Unicorn-32610.exe (PID: 8268)
- Unicorn-32610.exe (PID: 8208)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-32610.exe (PID: 8224)
- Unicorn-15662.exe (PID: 11260)
- Unicorn-21754.exe (PID: 7736)
- Unicorn-26340.exe (PID: 8536)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-21754.exe (PID: 7740)
- Unicorn-20358.exe (PID: 8200)
- Unicorn-8187.exe (PID: 10644)
- Unicorn-43098.exe (PID: 10572)
- Unicorn-42838.exe (PID: 6388)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-34930.exe (PID: 10544)
- Unicorn-20358.exe (PID: 1168)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-17840.exe (PID: 7932)
- Unicorn-17840.exe (PID: 7940)
- Unicorn-60648.exe (PID: 8028)
- Unicorn-31140.exe (PID: 5720)
- Unicorn-17840.exe (PID: 7960)
- Unicorn-7611.exe (PID: 10704)
- Unicorn-32610.exe (PID: 8232)
- Unicorn-8156.exe (PID: 7276)
- Unicorn-50741.exe (PID: 6372)
- Unicorn-23355.exe (PID: 8408)
- Unicorn-37806.exe (PID: 8468)
- Unicorn-56310.exe (PID: 11404)
- Unicorn-13741.exe (PID: 10712)
- Unicorn-31575.exe (PID: 7620)
- Unicorn-2428.exe (PID: 10728)
- Unicorn-33378.exe (PID: 8620)
- Unicorn-40512.exe (PID: 7172)
- Unicorn-18407.exe (PID: 10888)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-46533.exe (PID: 10812)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-56045.exe (PID: 11396)
- Unicorn-38592.exe (PID: 8448)
- Unicorn-52386.exe (PID: 7576)
- Unicorn-53279.exe (PID: 7204)
- Unicorn-46533.exe (PID: 10820)
- Unicorn-62496.exe (PID: 6476)
- Unicorn-17840.exe (PID: 7956)
- Unicorn-65296.exe (PID: 660)
- Unicorn-44752.exe (PID: 10796)
- Unicorn-1857.exe (PID: 8704)
- Unicorn-50882.exe (PID: 10804)
- Unicorn-44250.exe (PID: 11472)
- Unicorn-25995.exe (PID: 10916)
- Unicorn-35084.exe (PID: 8648)
- Unicorn-60046.exe (PID: 4180)
- Unicorn-59781.exe (PID: 8732)
- Unicorn-62734.exe (PID: 8812)
- Unicorn-37467.exe (PID: 8780)
- Unicorn-28526.exe (PID: 8244)
- Unicorn-49912.exe (PID: 8860)
- Unicorn-13092.exe (PID: 11532)
- Unicorn-13917.exe (PID: 8656)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-22294.exe (PID: 10736)
- Unicorn-2376.exe (PID: 10924)
- Unicorn-5571.exe (PID: 7176)
- Unicorn-29818.exe (PID: 2236)
- Unicorn-43046.exe (PID: 8928)
- Unicorn-20358.exe (PID: 2980)
- Unicorn-20047.exe (PID: 10952)
- Unicorn-13916.exe (PID: 10936)
- Unicorn-59382.exe (PID: 8956)
- Unicorn-61826.exe (PID: 5972)
- Unicorn-46050.exe (PID: 7360)
- Unicorn-59662.exe (PID: 8116)
- Unicorn-19847.exe (PID: 8892)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-5571.exe (PID: 7188)
- Unicorn-14664.exe (PID: 7892)
- Unicorn-37668.exe (PID: 10856)
- Unicorn-56154.exe (PID: 8080)
- Unicorn-17399.exe (PID: 8972)
- Unicorn-15469.exe (PID: 11508)
- Unicorn-7036.exe (PID: 8980)
- Unicorn-28775.exe (PID: 8140)
- Unicorn-56450.exe (PID: 9004)
- Unicorn-29221.exe (PID: 8416)
- Unicorn-46045.exe (PID: 5364)
- Unicorn-20514.exe (PID: 11564)
- Unicorn-16583.exe (PID: 8112)
- Unicorn-27478.exe (PID: 9036)
- Unicorn-28962.exe (PID: 7336)
- Unicorn-2485.exe (PID: 4220)
- Unicorn-26954.exe (PID: 10992)
- Unicorn-64270.exe (PID: 7320)
- Unicorn-40913.exe (PID: 10080)
- Unicorn-44478.exe (PID: 5968)
- Unicorn-21702.exe (PID: 8840)
- Unicorn-4125.exe (PID: 9180)
- Unicorn-13357.exe (PID: 10204)
- Unicorn-51458.exe (PID: 11020)
- Unicorn-35608.exe (PID: 4976)
- Unicorn-25785.exe (PID: 9212)
- Unicorn-50508.exe (PID: 5984)
- Unicorn-54648.exe (PID: 11220)
- Unicorn-5381.exe (PID: 7652)
- Unicorn-26391.exe (PID: 9232)
- Unicorn-10425.exe (PID: 11036)
- Unicorn-50010.exe (PID: 9412)
- Unicorn-21546.exe (PID: 2384)
- Unicorn-56289.exe (PID: 11148)
- Unicorn-6080.exe (PID: 9052)
- Unicorn-42138.exe (PID: 10128)
- Unicorn-11208.exe (PID: 6652)
- Unicorn-30440.exe (PID: 10136)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-45402.exe (PID: 11592)
- Unicorn-61313.exe (PID: 1012)
- Unicorn-9465.exe (PID: 6228)
- Unicorn-64113.exe (PID: 1096)
- Unicorn-38946.exe (PID: 6768)
- Unicorn-50508.exe (PID: 4068)
- Unicorn-17634.exe (PID: 5576)
- Unicorn-17368.exe (PID: 7488)
- Unicorn-20720.exe (PID: 6512)
- Unicorn-45542.exe (PID: 9500)
- Unicorn-14576.exe (PID: 9536)
- Unicorn-64457.exe (PID: 11160)
- Unicorn-2463.exe (PID: 9516)
- Unicorn-64825.exe (PID: 5332)
- Unicorn-11364.exe (PID: 11072)
- Unicorn-50477.exe (PID: 10300)
- Unicorn-40586.exe (PID: 5328)
- Unicorn-25681.exe (PID: 2040)
- Unicorn-44648.exe (PID: 9544)
- Unicorn-18786.exe (PID: 11168)
- Unicorn-46030.exe (PID: 10372)
- Unicorn-51006.exe (PID: 6184)
- Unicorn-29759.exe (PID: 11348)
- Unicorn-36673.exe (PID: 5552)
- Unicorn-54286.exe (PID: 9584)
- Unicorn-31230.exe (PID: 11096)
- Unicorn-4960.exe (PID: 6872)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-4768.exe (PID: 7836)
- Unicorn-45246.exe (PID: 7676)
- Unicorn-13829.exe (PID: 9568)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-52625.exe (PID: 7908)
- Unicorn-43460.exe (PID: 10460)
- Unicorn-51650.exe (PID: 11116)
- Unicorn-41368.exe (PID: 1324)
- Unicorn-22055.exe (PID: 7472)
- Unicorn-16046.exe (PID: 11644)
- Unicorn-5417.exe (PID: 7812)
- Unicorn-57690.exe (PID: 8168)
- Unicorn-26251.exe (PID: 8572)
- Unicorn-37404.exe (PID: 11704)
- Unicorn-53606.exe (PID: 8180)
- Unicorn-22551.exe (PID: 11652)
- Unicorn-59242.exe (PID: 10416)
- Unicorn-62329.exe (PID: 7248)
- Unicorn-60269.exe (PID: 9656)
- Unicorn-1333.exe (PID: 7996)
- Unicorn-24768.exe (PID: 8604)
- Unicorn-11000.exe (PID: 4164)
- Unicorn-27124.exe (PID: 10400)
- Unicorn-46990.exe (PID: 10408)
- Unicorn-7493.exe (PID: 11252)
- Unicorn-36466.exe (PID: 8592)
- Unicorn-26274.exe (PID: 9696)
- Unicorn-43460.exe (PID: 10468)
- Unicorn-22678.exe (PID: 10524)
- Unicorn-42838.exe (PID: 3240)
- Unicorn-43098.exe (PID: 10580)
- Unicorn-47737.exe (PID: 10608)
- Unicorn-31702.exe (PID: 9728)
- Unicorn-51821.exe (PID: 10628)
- Unicorn-52869.exe (PID: 9828)
- Unicorn-22102.exe (PID: 10652)
- Unicorn-40934.exe (PID: 11684)
- Unicorn-1333.exe (PID: 7808)
- Unicorn-12973.exe (PID: 10320)
- Unicorn-53357.exe (PID: 11308)
- Unicorn-20358.exe (PID: 2644)
- Unicorn-20740.exe (PID: 8500)
- Unicorn-52328.exe (PID: 8456)
- Unicorn-11583.exe (PID: 11556)
- Unicorn-34530.exe (PID: 8740)
- Unicorn-14664.exe (PID: 5868)
- Unicorn-6050.exe (PID: 9020)
- Unicorn-60113.exe (PID: 5380)
- Unicorn-29886.exe (PID: 10116)
- Unicorn-57633.exe (PID: 11624)
- Unicorn-28526.exe (PID: 8240)
- Unicorn-40076.exe (PID: 8476)
- Unicorn-49678.exe (PID: 11828)
- Unicorn-36798.exe (PID: 9084)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-36227.exe (PID: 9152)
- Unicorn-30642.exe (PID: 2772)
- Unicorn-16740.exe (PID: 9240)
- Unicorn-7088.exe (PID: 10984)
- Unicorn-18594.exe (PID: 11044)
- Unicorn-36606.exe (PID: 9248)
- Unicorn-50394.exe (PID: 9604)
- Unicorn-49678.exe (PID: 11820)
- Unicorn-27787.exe (PID: 11732)
Reads the computer name
- 1 (145).exe (PID: 7412)
- Unicorn-52386.exe (PID: 7576)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-29818.exe (PID: 2236)
- Unicorn-42816.exe (PID: 1660)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-31140.exe (PID: 5720)
- Unicorn-22055.exe (PID: 7640)
- Unicorn-27299.exe (PID: 4108)
- Unicorn-22055.exe (PID: 7472)
- Unicorn-65296.exe (PID: 660)
- Unicorn-17840.exe (PID: 7960)
- Unicorn-1333.exe (PID: 7996)
- Unicorn-17840.exe (PID: 7932)
- Unicorn-1333.exe (PID: 7808)
- Unicorn-28775.exe (PID: 8140)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-16583.exe (PID: 8112)
- Unicorn-52625.exe (PID: 7908)
- Unicorn-50508.exe (PID: 5984)
- Unicorn-25681.exe (PID: 2040)
- Unicorn-57690.exe (PID: 8168)
- Unicorn-28526.exe (PID: 8244)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-28526.exe (PID: 8240)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-20740.exe (PID: 8500)
- Unicorn-34316.exe (PID: 8324)
- Unicorn-29221.exe (PID: 8416)
- Unicorn-38592.exe (PID: 8448)
- Unicorn-12359.exe (PID: 9664)
- Unicorn-35084.exe (PID: 8648)
- Unicorn-17399.exe (PID: 8972)
- Unicorn-6050.exe (PID: 9020)
- Unicorn-62371.exe (PID: 9092)
- Unicorn-4125.exe (PID: 9180)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-25785.exe (PID: 9212)
- Unicorn-27476.exe (PID: 9272)
- Unicorn-26391.exe (PID: 9232)
- Unicorn-36606.exe (PID: 9248)
- Unicorn-24857.exe (PID: 9392)
- Unicorn-13829.exe (PID: 9568)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-40913.exe (PID: 10080)
Create files in a temporary directory
- 1 (145).exe (PID: 7412)
- Unicorn-18016.exe (PID: 7384)
- Unicorn-14965.exe (PID: 7848)
- Unicorn-60113.exe (PID: 5380)
- Unicorn-52386.exe (PID: 7576)
- Unicorn-40512.exe (PID: 7172)
- Unicorn-39920.exe (PID: 7364)
- Unicorn-21546.exe (PID: 2384)
- Unicorn-29818.exe (PID: 2236)
- Unicorn-64825.exe (PID: 5332)
- Unicorn-51006.exe (PID: 6184)
- Unicorn-62496.exe (PID: 6476)
- Unicorn-47149.exe (PID: 1764)
- Unicorn-42838.exe (PID: 4452)
- Unicorn-61826.exe (PID: 5972)
- Unicorn-38946.exe (PID: 6768)
- Unicorn-36673.exe (PID: 5552)
- Unicorn-35608.exe (PID: 4976)
- Unicorn-22055.exe (PID: 7472)
- Unicorn-42838.exe (PID: 3240)
- Unicorn-5417.exe (PID: 7812)
- Unicorn-1333.exe (PID: 7996)
- Unicorn-17840.exe (PID: 7940)
- Unicorn-60648.exe (PID: 8028)
- Unicorn-3268.exe (PID: 7868)
- Unicorn-65296.exe (PID: 660)
- Unicorn-60046.exe (PID: 5280)
- Unicorn-50741.exe (PID: 6372)
- Unicorn-60046.exe (PID: 4180)
- Unicorn-5571.exe (PID: 7176)
- Unicorn-56154.exe (PID: 8080)
- Unicorn-5571.exe (PID: 7188)
- Unicorn-59662.exe (PID: 8116)
- Unicorn-2485.exe (PID: 4220)
- Unicorn-11208.exe (PID: 6652)
- Unicorn-12417.exe (PID: 5384)
- Unicorn-30642.exe (PID: 2772)
- Unicorn-50508.exe (PID: 5984)
- Unicorn-44478.exe (PID: 5968)
- Unicorn-17072.exe (PID: 7776)
- Unicorn-22055.exe (PID: 7640)
- Unicorn-20720.exe (PID: 6512)
- Unicorn-25681.exe (PID: 2040)
- Unicorn-61313.exe (PID: 1012)
- Unicorn-45246.exe (PID: 7676)
- Unicorn-53606.exe (PID: 8180)
- Unicorn-62329.exe (PID: 7248)
- Unicorn-32610.exe (PID: 8268)
- Unicorn-32610.exe (PID: 8216)
- Unicorn-32610.exe (PID: 8276)
- Unicorn-9620.exe (PID: 8400)
- Unicorn-20358.exe (PID: 2644)
- Unicorn-40076.exe (PID: 8476)
- Unicorn-31140.exe (PID: 5720)
- Unicorn-37806.exe (PID: 8468)
- Unicorn-17840.exe (PID: 7956)
- Unicorn-37275.exe (PID: 8428)
- Unicorn-53279.exe (PID: 7204)
- Unicorn-13917.exe (PID: 8656)
- Unicorn-37467.exe (PID: 8780)
- Unicorn-59781.exe (PID: 8732)
- Unicorn-62734.exe (PID: 8812)
- Unicorn-35084.exe (PID: 8648)
- Unicorn-49912.exe (PID: 8860)
- Unicorn-46050.exe (PID: 7360)
- Unicorn-64270.exe (PID: 7320)
- Unicorn-7036.exe (PID: 8980)
- Unicorn-36798.exe (PID: 9084)
- Unicorn-62371.exe (PID: 9092)
- Unicorn-16583.exe (PID: 8112)
- Unicorn-36227.exe (PID: 9152)
- Unicorn-45651.exe (PID: 3896)
- Unicorn-25785.exe (PID: 9212)
- Unicorn-16740.exe (PID: 9240)
- Unicorn-26391.exe (PID: 9232)
- Unicorn-49413.exe (PID: 9296)
- Unicorn-24857.exe (PID: 9392)
- Unicorn-64113.exe (PID: 1096)
- Unicorn-50010.exe (PID: 9412)
- Unicorn-45542.exe (PID: 9500)
- Unicorn-2463.exe (PID: 9516)
- Unicorn-40586.exe (PID: 5360)
- Unicorn-14576.exe (PID: 9536)
- Unicorn-44648.exe (PID: 9544)
- Unicorn-13829.exe (PID: 9568)
- Unicorn-60600.exe (PID: 9620)
- Unicorn-60269.exe (PID: 9656)
- Unicorn-26274.exe (PID: 9696)
- Unicorn-27426.exe (PID: 9764)
- Unicorn-33357.exe (PID: 8124)
- Unicorn-42838.exe (PID: 6388)
- Unicorn-60648.exe (PID: 7768)
- Unicorn-21754.exe (PID: 7736)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | DOS Executable Generic (100) |
|---|
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
482
Monitored processes
348
Malicious processes
52
Suspicious processes
69
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-65296.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-65296.exe | Unicorn-3268.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1012 | C:\Users\admin\AppData\Local\Temp\Unicorn-61313.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61313.exe | Unicorn-14965.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1096 | C:\Users\admin\AppData\Local\Temp\Unicorn-64113.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64113.exe | Unicorn-64825.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1168 | C:\Users\admin\AppData\Local\Temp\Unicorn-20358.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-20358.exe | Unicorn-17840.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-41368.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41368.exe | Unicorn-14965.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1660 | C:\Users\admin\AppData\Local\Temp\Unicorn-42816.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42816.exe | — | Unicorn-18016.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1764 | C:\Users\admin\AppData\Local\Temp\Unicorn-47149.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47149.exe | Unicorn-52386.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2040 | C:\Users\admin\AppData\Local\Temp\Unicorn-25681.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25681.exe | Unicorn-51006.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2064 | C:\Users\admin\AppData\Local\Temp\Unicorn-34180.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34180.exe | — | Unicorn-38946.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 2236 | C:\Users\admin\AppData\Local\Temp\Unicorn-29818.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29818.exe | Unicorn-64270.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
7 454
Read events
7 454
Write events
0
Delete events
0
Modification events
Executable files
1 192
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7412 | 1 (145).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-39920.exe | executable | |
MD5:7AE1E3B67AFB1115DBE05B9A7DEA6850 | SHA256:F20B7479CE9F3ACDD63880D7A3C0A2475ADF1FF0A13F8582C8CC37DFE0671736 | |||
| 7868 | Unicorn-3268.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46050.exe | executable | |
MD5:D0583545421E5F57B6254E4B8CC72C00 | SHA256:5B00728F90AAF14C0494138F6A353996E12299CD02C05A583D6980CF0A05E510 | |||
| 7848 | Unicorn-14965.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21546.exe | executable | |
MD5:19EEC25D8391215DC2961F9C394DEC02 | SHA256:95011337A90E4BDCD821EB0315D5057B0EAE1A9A7BCD1BE23E342D5F98BFB17B | |||
| 7576 | Unicorn-52386.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18016.exe | executable | |
MD5:499785634136C8B001E8752DAEC5EF01 | SHA256:C6164993A1CDB30810EE0B27C94DCB9D914D258D995BAEBB89D91D5320D9D80F | |||
| 7412 | 1 (145).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60113.exe | executable | |
MD5:EE7F34B87FA4C5EE80AA893FF55FB619 | SHA256:EB5BA561E54BCBFFF1485F5655F04E52B1223545E69416232C16D3BA7759F936 | |||
| 7320 | Unicorn-64270.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29818.exe | executable | |
MD5:AB2D3D4BF60CF3A72803A986ABBB8D70 | SHA256:142AE0C1281DFA0A2D5608ADEE05F3F2F2207EA3CC24D368FC71CAF44258F7D0 | |||
| 7384 | Unicorn-18016.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42816.exe | executable | |
MD5:860AC6134A0776749D515E4351765E49 | SHA256:16EEDE7A38E462CB6F29FCC8DED3641A53EBD89AFCB61494FEC3BDE5C2FB63D3 | |||
| 5332 | Unicorn-64825.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-38946.exe | executable | |
MD5:DC55B292C74165E0F350E8A9A938B804 | SHA256:160BD8D325D33084BE832074EF105C597B8A46466B0FC962EBB0363AED0F64FF | |||
| 2384 | Unicorn-21546.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35608.exe | executable | |
MD5:62229514080BE205EDC1CF97760F5134 | SHA256:B67D879D380DF3E191A8BF1405BF631F30675EF9AA92EA9F9F7B6B3F9C21AAA4 | |||
| 7848 | Unicorn-14965.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41368.exe | executable | |
MD5:8F2CF0A09786B5DCE89876F8DE1BFBEE | SHA256:E1286A20D977ABDA5F402AB19153E1B925C7785FF89278E15D69361796FF1087 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
22
DNS requests
15
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 95.101.54.122:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
7664 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8568 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 95.101.54.122:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4108 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.159.131:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
7664 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |