| File name: | 1 (480) |
| Full analysis: | https://app.any.run/tasks/d76d23de-6efd-4b42-b2d5-853d33d198ca |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 21:29:54 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 12C0F74643424D0EFC105216FEDF30C0 |
| SHA1: | FC5B5DE1076B416B144D9B7335CCB7A2D0CC73B3 |
| SHA256: | 2AD4FC07A8E45ABBBE0A06F18B49686F786D09126396EA9E74AB292D56FD8B51 |
| SSDEEP: | 6144:y7y7CB/7oDJ8AlLo1oe/77fx5t5qlp8AB5LGNdfqCk/8SwuwpyAvEhi9ABp/dhSa:y2WtA8Alc1jt5M+45SNdfqkx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- 1 (480).exe (PID: 6392)
- Unicorn-35961.exe (PID: 4652)
- Unicorn-19961.exe (PID: 1188)
- Unicorn-12162.exe (PID: 1244)
- Unicorn-37797.exe (PID: 4812)
- Unicorn-1062.exe (PID: 6972)
- Unicorn-6032.exe (PID: 5776)
- Unicorn-17682.exe (PID: 1568)
- Unicorn-42287.exe (PID: 2392)
- Unicorn-56848.exe (PID: 6512)
- Unicorn-18359.exe (PID: 1040)
- Unicorn-63475.exe (PID: 7188)
- Unicorn-1062.exe (PID: 2852)
- Unicorn-10911.exe (PID: 1128)
- Unicorn-8058.exe (PID: 7256)
- Unicorn-21051.exe (PID: 7208)
- Unicorn-40917.exe (PID: 7224)
- Unicorn-49469.exe (PID: 7344)
- Unicorn-10858.exe (PID: 7264)
- Unicorn-37771.exe (PID: 7368)
- Unicorn-53288.exe (PID: 7392)
- Unicorn-18119.exe (PID: 7932)
- Unicorn-5888.exe (PID: 8036)
- Unicorn-26863.exe (PID: 8076)
- Unicorn-61119.exe (PID: 8120)
- Unicorn-49422.exe (PID: 8152)
- Unicorn-22033.exe (PID: 8180)
- Unicorn-1612.exe (PID: 6184)
- Unicorn-21051.exe (PID: 7212)
- Unicorn-22124.exe (PID: 4120)
- Unicorn-50356.exe (PID: 7048)
- Unicorn-1612.exe (PID: 7320)
- Unicorn-40507.exe (PID: 1164)
- Unicorn-45767.exe (PID: 660)
- Unicorn-8389.exe (PID: 6032)
- Unicorn-41083.exe (PID: 7468)
- Unicorn-39499.exe (PID: 5308)
- Unicorn-38945.exe (PID: 3896)
- Unicorn-38945.exe (PID: 668)
- Unicorn-49059.exe (PID: 7604)
- Unicorn-13486.exe (PID: 7656)
- Unicorn-10574.exe (PID: 7360)
- Unicorn-25109.exe (PID: 7620)
- Unicorn-62363.exe (PID: 7528)
- Unicorn-35629.exe (PID: 7492)
- Unicorn-11679.exe (PID: 7480)
- Unicorn-23377.exe (PID: 7512)
- Unicorn-2764.exe (PID: 7852)
- Unicorn-64309.exe (PID: 7816)
- Unicorn-39521.exe (PID: 7884)
- Unicorn-9541.exe (PID: 7860)
- Unicorn-44145.exe (PID: 7940)
- Unicorn-30501.exe (PID: 7780)
- Unicorn-62711.exe (PID: 7904)
- Unicorn-54814.exe (PID: 8064)
- Unicorn-60481.exe (PID: 7976)
- Unicorn-25671.exe (PID: 7768)
- Unicorn-54814.exe (PID: 8024)
- Unicorn-42583.exe (PID: 8132)
- Unicorn-27430.exe (PID: 208)
- Unicorn-11856.exe (PID: 8108)
- Unicorn-47222.exe (PID: 8012)
- Unicorn-11856.exe (PID: 7312)
- Unicorn-11856.exe (PID: 8188)
- Unicorn-56935.exe (PID: 5504)
- Unicorn-65141.exe (PID: 4336)
- Unicorn-16495.exe (PID: 1240)
- Unicorn-28255.exe (PID: 2088)
- Unicorn-22163.exe (PID: 8172)
- Unicorn-56973.exe (PID: 8148)
- Unicorn-58687.exe (PID: 7556)
- Unicorn-32831.exe (PID: 2644)
- Unicorn-1285.exe (PID: 8028)
- Unicorn-32085.exe (PID: 8300)
- Unicorn-15749.exe (PID: 5392)
- Unicorn-12219.exe (PID: 8284)
- Unicorn-12219.exe (PID: 8292)
- Unicorn-30038.exe (PID: 8216)
- Unicorn-44337.exe (PID: 8244)
- Unicorn-38618.exe (PID: 8344)
- Unicorn-13417.exe (PID: 8360)
- Unicorn-50559.exe (PID: 8276)
- Unicorn-8135.exe (PID: 8324)
- Unicorn-50559.exe (PID: 8316)
- Unicorn-28577.exe (PID: 8480)
- Unicorn-32752.exe (PID: 8352)
- Unicorn-32661.exe (PID: 8472)
- Unicorn-42510.exe (PID: 8516)
- Unicorn-20370.exe (PID: 7632)
- Unicorn-18825.exe (PID: 8492)
- Unicorn-42483.exe (PID: 8060)
- Unicorn-372.exe (PID: 8644)
- Unicorn-55603.exe (PID: 8720)
- Unicorn-22931.exe (PID: 8628)
- Unicorn-41959.exe (PID: 8652)
- Unicorn-272.exe (PID: 8680)
- Unicorn-24776.exe (PID: 8856)
- Unicorn-55603.exe (PID: 8712)
- Unicorn-9095.exe (PID: 8760)
- Unicorn-43159.exe (PID: 8824)
- Unicorn-2873.exe (PID: 8832)
- Unicorn-28696.exe (PID: 8772)
- Unicorn-39713.exe (PID: 5116)
- Unicorn-4840.exe (PID: 8896)
- Unicorn-7533.exe (PID: 8920)
- Unicorn-14954.exe (PID: 8948)
- Unicorn-26942.exe (PID: 8972)
- Unicorn-48758.exe (PID: 9012)
- Unicorn-19615.exe (PID: 9004)
- Unicorn-52187.exe (PID: 9036)
- Unicorn-517.exe (PID: 9184)
- Unicorn-63963.exe (PID: 8988)
- Unicorn-29921.exe (PID: 9164)
- Unicorn-46641.exe (PID: 1348)
- Unicorn-5369.exe (PID: 2984)
- Unicorn-54643.exe (PID: 8264)
- Unicorn-18528.exe (PID: 8448)
- Unicorn-41571.exe (PID: 8540)
- Unicorn-62567.exe (PID: 9464)
- Unicorn-42239.exe (PID: 9360)
- Unicorn-53392.exe (PID: 9600)
- Unicorn-57113.exe (PID: 9532)
- Unicorn-61197.exe (PID: 9524)
- Unicorn-28887.exe (PID: 9560)
- Unicorn-11035.exe (PID: 9568)
- Unicorn-61005.exe (PID: 9644)
- Unicorn-15889.exe (PID: 9616)
- Unicorn-57476.exe (PID: 9652)
- Unicorn-23241.exe (PID: 9748)
- Unicorn-48815.exe (PID: 9784)
- Unicorn-44477.exe (PID: 9688)
- Unicorn-65089.exe (PID: 9696)
- Unicorn-65068.exe (PID: 9224)
- Unicorn-30139.exe (PID: 6468)
- Unicorn-35541.exe (PID: 9276)
- Unicorn-16517.exe (PID: 8800)
- Unicorn-11804.exe (PID: 9608)
- Unicorn-59443.exe (PID: 9936)
- Unicorn-47191.exe (PID: 9812)
- Unicorn-58109.exe (PID: 9884)
- Unicorn-26094.exe (PID: 9728)
- Unicorn-49884.exe (PID: 9840)
- Unicorn-48561.exe (PID: 9704)
- Unicorn-59998.exe (PID: 9908)
- Unicorn-53313.exe (PID: 9928)
- Unicorn-34939.exe (PID: 9864)
- Unicorn-47191.exe (PID: 9804)
- Unicorn-26579.exe (PID: 10024)
- Unicorn-128.exe (PID: 9876)
- Unicorn-39407.exe (PID: 10172)
- Unicorn-10050.exe (PID: 10088)
- Unicorn-10050.exe (PID: 10096)
- Unicorn-28141.exe (PID: 9712)
- Unicorn-49884.exe (PID: 9848)
- Unicorn-35930.exe (PID: 10048)
- Unicorn-12743.exe (PID: 10132)
- Unicorn-18219.exe (PID: 10104)
- Unicorn-43491.exe (PID: 10148)
- Unicorn-54352.exe (PID: 10160)
- Unicorn-14134.exe (PID: 10116)
- Unicorn-30946.exe (PID: 10452)
- Unicorn-8256.exe (PID: 10328)
- Unicorn-30974.exe (PID: 7440)
- Unicorn-29101.exe (PID: 960)
- Unicorn-55743.exe (PID: 10264)
- Unicorn-7726.exe (PID: 10320)
- Unicorn-10626.exe (PID: 7464)
- Unicorn-45437.exe (PID: 7444)
- Unicorn-5151.exe (PID: 10252)
- Unicorn-58265.exe (PID: 10564)
- Unicorn-3920.exe (PID: 10080)
- Unicorn-13564.exe (PID: 10032)
- Unicorn-62185.exe (PID: 10016)
- Unicorn-50076.exe (PID: 10380)
- Unicorn-38207.exe (PID: 10640)
- Unicorn-50268.exe (PID: 10236)
- Unicorn-13610.exe (PID: 8228)
- Unicorn-58073.exe (PID: 10676)
- Unicorn-20832.exe (PID: 10360)
- Unicorn-9672.exe (PID: 10440)
- Unicorn-27347.exe (PID: 10624)
- Unicorn-65535.exe (PID: 10272)
- Unicorn-28586.exe (PID: 10416)
- Unicorn-12572.exe (PID: 10304)
- Unicorn-40896.exe (PID: 10424)
- Unicorn-39791.exe (PID: 10508)
- Unicorn-4404.exe (PID: 10392)
- Unicorn-39215.exe (PID: 10312)
- Unicorn-16718.exe (PID: 10588)
- Unicorn-35707.exe (PID: 10572)
- Unicorn-53605.exe (PID: 7740)
- Unicorn-9427.exe (PID: 10732)
- Unicorn-34375.exe (PID: 10808)
- Unicorn-58517.exe (PID: 10760)
- Unicorn-63732.exe (PID: 10860)
- Unicorn-20165.exe (PID: 9496)
- Unicorn-17485.exe (PID: 10776)
- Unicorn-59919.exe (PID: 9244)
- Unicorn-39857.exe (PID: 10876)
- Unicorn-5351.exe (PID: 10948)
- Unicorn-48130.exe (PID: 10280)
- Unicorn-32259.exe (PID: 10920)
- Unicorn-15265.exe (PID: 10400)
- Unicorn-8309.exe (PID: 10932)
- Unicorn-27347.exe (PID: 10632)
- Unicorn-64739.exe (PID: 10712)
- Unicorn-9427.exe (PID: 10728)
- Unicorn-15081.exe (PID: 10800)
- Unicorn-13976.exe (PID: 10884)
- Unicorn-64447.exe (PID: 10788)
- Unicorn-53426.exe (PID: 10844)
- Unicorn-32813.exe (PID: 11016)
- Unicorn-54817.exe (PID: 10988)
- Unicorn-36819.exe (PID: 11044)
- Unicorn-64116.exe (PID: 11052)
- Unicorn-32762.exe (PID: 11192)
- Unicorn-65023.exe (PID: 10968)
- Unicorn-25029.exe (PID: 11120)
- Unicorn-14068.exe (PID: 11172)
- Unicorn-44895.exe (PID: 11112)
- Unicorn-61786.exe (PID: 11148)
- Unicorn-11930.exe (PID: 10868)
- Unicorn-50355.exe (PID: 11088)
- Unicorn-47033.exe (PID: 11080)
- Unicorn-738.exe (PID: 11256)
Starts itself from another location
- Unicorn-19961.exe (PID: 1188)
- Unicorn-6032.exe (PID: 5776)
- Unicorn-12162.exe (PID: 1244)
- Unicorn-37797.exe (PID: 4812)
- Unicorn-1062.exe (PID: 6972)
- 1 (480).exe (PID: 6392)
- Unicorn-35961.exe (PID: 4652)
- Unicorn-1062.exe (PID: 2852)
- Unicorn-10911.exe (PID: 1128)
- Unicorn-42287.exe (PID: 2392)
- Unicorn-17682.exe (PID: 1568)
- Unicorn-56848.exe (PID: 6512)
- Unicorn-63475.exe (PID: 7188)
- Unicorn-21051.exe (PID: 7208)
- Unicorn-21051.exe (PID: 7212)
- Unicorn-10858.exe (PID: 7264)
- Unicorn-49469.exe (PID: 7344)
- Unicorn-8058.exe (PID: 7256)
- Unicorn-37771.exe (PID: 7368)
- Unicorn-10574.exe (PID: 7360)
- Unicorn-53288.exe (PID: 7392)
- Unicorn-40917.exe (PID: 7224)
- Unicorn-5888.exe (PID: 8036)
- Unicorn-18359.exe (PID: 1040)
- Unicorn-26863.exe (PID: 8076)
- Unicorn-61119.exe (PID: 8120)
- Unicorn-18119.exe (PID: 7932)
- Unicorn-49422.exe (PID: 8152)
- Unicorn-22033.exe (PID: 8180)
- Unicorn-1612.exe (PID: 6184)
- Unicorn-1612.exe (PID: 7320)
- Unicorn-22124.exe (PID: 4120)
- Unicorn-50356.exe (PID: 7048)
- Unicorn-40507.exe (PID: 1164)
- Unicorn-45767.exe (PID: 660)
- Unicorn-56935.exe (PID: 5504)
- Unicorn-28255.exe (PID: 2088)
- Unicorn-8389.exe (PID: 6032)
- Unicorn-41083.exe (PID: 7468)
- Unicorn-39499.exe (PID: 5308)
- Unicorn-38945.exe (PID: 3896)
- Unicorn-38945.exe (PID: 668)
- Unicorn-49059.exe (PID: 7604)
- Unicorn-13486.exe (PID: 7656)
- Unicorn-20370.exe (PID: 7632)
- Unicorn-25109.exe (PID: 7620)
- Unicorn-35629.exe (PID: 7492)
- Unicorn-11679.exe (PID: 7480)
- Unicorn-39713.exe (PID: 5116)
- Unicorn-64309.exe (PID: 7816)
- Unicorn-2764.exe (PID: 7852)
- Unicorn-9541.exe (PID: 7860)
- Unicorn-39521.exe (PID: 7884)
- Unicorn-30501.exe (PID: 7780)
- Unicorn-44145.exe (PID: 7940)
- Unicorn-62711.exe (PID: 7904)
- Unicorn-25671.exe (PID: 7768)
- Unicorn-54814.exe (PID: 8064)
- Unicorn-60481.exe (PID: 7976)
- Unicorn-54814.exe (PID: 8024)
- Unicorn-23377.exe (PID: 7512)
- Unicorn-62363.exe (PID: 7528)
- Unicorn-42583.exe (PID: 8132)
- Unicorn-27430.exe (PID: 208)
- Unicorn-11856.exe (PID: 8108)
- Unicorn-47222.exe (PID: 8012)
- Unicorn-11856.exe (PID: 7312)
- Unicorn-11856.exe (PID: 8188)
- Unicorn-65141.exe (PID: 4336)
- Unicorn-30139.exe (PID: 6468)
- Unicorn-56973.exe (PID: 8148)
- Unicorn-16495.exe (PID: 1240)
- Unicorn-42483.exe (PID: 8060)
- Unicorn-58687.exe (PID: 7556)
- Unicorn-5369.exe (PID: 2984)
- Unicorn-1285.exe (PID: 8028)
- Unicorn-32831.exe (PID: 2644)
- Unicorn-15749.exe (PID: 5392)
- Unicorn-32085.exe (PID: 8300)
- Unicorn-13610.exe (PID: 8228)
- Unicorn-12219.exe (PID: 8292)
- Unicorn-12219.exe (PID: 8284)
- Unicorn-30038.exe (PID: 8216)
- Unicorn-50559.exe (PID: 8276)
- Unicorn-38618.exe (PID: 8344)
- Unicorn-54643.exe (PID: 8264)
- Unicorn-8135.exe (PID: 8324)
- Unicorn-50559.exe (PID: 8316)
- Unicorn-13417.exe (PID: 8360)
- Unicorn-32661.exe (PID: 8472)
- Unicorn-32752.exe (PID: 8352)
- Unicorn-42510.exe (PID: 8516)
- Unicorn-28577.exe (PID: 8480)
- Unicorn-18825.exe (PID: 8492)
- Unicorn-372.exe (PID: 8644)
- Unicorn-55603.exe (PID: 8720)
- Unicorn-22931.exe (PID: 8628)
- Unicorn-16517.exe (PID: 8800)
- Unicorn-272.exe (PID: 8680)
- Unicorn-24776.exe (PID: 8856)
- Unicorn-55603.exe (PID: 8712)
- Unicorn-44337.exe (PID: 8244)
- Unicorn-9095.exe (PID: 8760)
- Unicorn-43159.exe (PID: 8824)
- Unicorn-2873.exe (PID: 8832)
- Unicorn-28696.exe (PID: 8772)
- Unicorn-4840.exe (PID: 8896)
- Unicorn-7533.exe (PID: 8920)
- Unicorn-14954.exe (PID: 8948)
- Unicorn-26942.exe (PID: 8972)
- Unicorn-19615.exe (PID: 9004)
- Unicorn-63963.exe (PID: 8988)
- Unicorn-52187.exe (PID: 9036)
- Unicorn-517.exe (PID: 9184)
- Unicorn-29921.exe (PID: 9164)
- Unicorn-46641.exe (PID: 1348)
- Unicorn-22163.exe (PID: 8172)
- Unicorn-18528.exe (PID: 8448)
- Unicorn-48758.exe (PID: 9012)
- Unicorn-41571.exe (PID: 8540)
Executes application which crashes
- Unicorn-29521.exe (PID: 4608)
INFO
Checks supported languages
- 1 (480).exe (PID: 6392)
- Unicorn-12162.exe (PID: 1244)
- Unicorn-6032.exe (PID: 5776)
- Unicorn-37797.exe (PID: 4812)
- Unicorn-1062.exe (PID: 6972)
- Unicorn-1062.exe (PID: 2852)
- Unicorn-10911.exe (PID: 1128)
- Unicorn-56848.exe (PID: 6512)
- Unicorn-17682.exe (PID: 1568)
- Unicorn-42287.exe (PID: 2392)
- Unicorn-35961.exe (PID: 4652)
- Unicorn-63475.exe (PID: 7188)
- Unicorn-21051.exe (PID: 7208)
- Unicorn-40917.exe (PID: 7224)
- Unicorn-19961.exe (PID: 1188)
- Unicorn-8058.exe (PID: 7256)
- Unicorn-10858.exe (PID: 7264)
- Unicorn-49469.exe (PID: 7344)
- Unicorn-10574.exe (PID: 7360)
- Unicorn-53288.exe (PID: 7392)
- Unicorn-37771.exe (PID: 7368)
- Unicorn-18119.exe (PID: 7932)
- Unicorn-5888.exe (PID: 8036)
- Unicorn-26863.exe (PID: 8076)
- Unicorn-21051.exe (PID: 7212)
- Unicorn-18359.exe (PID: 1040)
- Unicorn-49422.exe (PID: 8152)
- Unicorn-61119.exe (PID: 8120)
- Unicorn-1612.exe (PID: 7320)
- Unicorn-56935.exe (PID: 5504)
- Unicorn-22033.exe (PID: 8180)
- Unicorn-8389.exe (PID: 6032)
- Unicorn-22124.exe (PID: 4120)
- Unicorn-40507.exe (PID: 1164)
- Unicorn-28255.exe (PID: 2088)
- Unicorn-50356.exe (PID: 7048)
- Unicorn-45767.exe (PID: 660)
- Unicorn-39499.exe (PID: 5308)
- Unicorn-41083.exe (PID: 7468)
- Unicorn-38945.exe (PID: 3896)
- Unicorn-38945.exe (PID: 668)
- Unicorn-49059.exe (PID: 7604)
- Unicorn-25109.exe (PID: 7620)
- Unicorn-20370.exe (PID: 7632)
- Unicorn-13486.exe (PID: 7656)
- Unicorn-1612.exe (PID: 6184)
- Unicorn-23377.exe (PID: 7512)
- Unicorn-62363.exe (PID: 7528)
- Unicorn-11679.exe (PID: 7480)
- Unicorn-35629.exe (PID: 7492)
- Unicorn-39713.exe (PID: 5116)
- Unicorn-64309.exe (PID: 7816)
- Unicorn-9541.exe (PID: 7860)
- Unicorn-2764.exe (PID: 7852)
- Unicorn-39521.exe (PID: 7884)
- Unicorn-62711.exe (PID: 7904)
- Unicorn-44145.exe (PID: 7940)
- Unicorn-25671.exe (PID: 7768)
- Unicorn-60481.exe (PID: 7976)
- Unicorn-54814.exe (PID: 8024)
- Unicorn-54814.exe (PID: 8064)
- Unicorn-30501.exe (PID: 7780)
- Unicorn-42583.exe (PID: 8132)
- Unicorn-11856.exe (PID: 7312)
- Unicorn-65141.exe (PID: 4336)
- Unicorn-22163.exe (PID: 8172)
- Unicorn-5369.exe (PID: 2984)
- Unicorn-47222.exe (PID: 8012)
- Unicorn-1285.exe (PID: 8028)
- Unicorn-42483.exe (PID: 8060)
- Unicorn-56973.exe (PID: 8148)
- Unicorn-27430.exe (PID: 208)
- Unicorn-58687.exe (PID: 7556)
- Unicorn-15749.exe (PID: 5392)
- Unicorn-11856.exe (PID: 8108)
- Unicorn-16495.exe (PID: 1240)
- Unicorn-11856.exe (PID: 8188)
- Unicorn-32831.exe (PID: 2644)
- Unicorn-30139.exe (PID: 6468)
- Unicorn-30038.exe (PID: 8216)
- Unicorn-13610.exe (PID: 8228)
- Unicorn-13417.exe (PID: 8360)
- Unicorn-54643.exe (PID: 8264)
- Unicorn-32085.exe (PID: 8300)
- Unicorn-12219.exe (PID: 8284)
- Unicorn-50559.exe (PID: 8276)
- Unicorn-32752.exe (PID: 8352)
- Unicorn-50559.exe (PID: 8316)
- Unicorn-38618.exe (PID: 8344)
- Unicorn-8135.exe (PID: 8324)
- Unicorn-44337.exe (PID: 8244)
- Unicorn-12219.exe (PID: 8292)
- Unicorn-18825.exe (PID: 8492)
- Unicorn-28577.exe (PID: 8480)
- Unicorn-42510.exe (PID: 8516)
- Unicorn-22931.exe (PID: 8628)
- Unicorn-372.exe (PID: 8644)
- Unicorn-272.exe (PID: 8680)
- Unicorn-55603.exe (PID: 8712)
- Unicorn-55603.exe (PID: 8720)
- Unicorn-9095.exe (PID: 8760)
- Unicorn-28696.exe (PID: 8772)
- Unicorn-41959.exe (PID: 8652)
- Unicorn-2873.exe (PID: 8832)
- Unicorn-16517.exe (PID: 8800)
- Unicorn-43159.exe (PID: 8824)
- Unicorn-24776.exe (PID: 8856)
- Unicorn-4840.exe (PID: 8896)
- Unicorn-7533.exe (PID: 8920)
- Unicorn-63963.exe (PID: 8988)
- Unicorn-52187.exe (PID: 9036)
- Unicorn-19615.exe (PID: 9004)
- Unicorn-48758.exe (PID: 9012)
- Unicorn-14954.exe (PID: 8948)
- Unicorn-26942.exe (PID: 8972)
- Unicorn-29921.exe (PID: 9164)
- Unicorn-46641.exe (PID: 1348)
- Unicorn-517.exe (PID: 9184)
- Unicorn-18528.exe (PID: 8448)
- Unicorn-41571.exe (PID: 8540)
- Unicorn-65068.exe (PID: 9224)
- Unicorn-35541.exe (PID: 9276)
- Unicorn-32661.exe (PID: 8472)
- Unicorn-42239.exe (PID: 9360)
- Unicorn-62567.exe (PID: 9464)
- Unicorn-61197.exe (PID: 9524)
- Unicorn-57113.exe (PID: 9532)
- Unicorn-28887.exe (PID: 9560)
- Unicorn-53392.exe (PID: 9600)
- Unicorn-11804.exe (PID: 9608)
- Unicorn-57476.exe (PID: 9652)
- Unicorn-15889.exe (PID: 9616)
- Unicorn-61005.exe (PID: 9644)
- Unicorn-11035.exe (PID: 9568)
- Unicorn-28141.exe (PID: 9712)
- Unicorn-44477.exe (PID: 9688)
- Unicorn-65089.exe (PID: 9696)
- Unicorn-48561.exe (PID: 9704)
- Unicorn-26094.exe (PID: 9728)
- Unicorn-48815.exe (PID: 9784)
- Unicorn-23241.exe (PID: 9748)
- Unicorn-47191.exe (PID: 9804)
- Unicorn-47191.exe (PID: 9812)
- Unicorn-34939.exe (PID: 9864)
- Unicorn-26579.exe (PID: 10024)
- Unicorn-58109.exe (PID: 9884)
- Unicorn-59443.exe (PID: 9936)
- Unicorn-59998.exe (PID: 9908)
- Unicorn-53313.exe (PID: 9928)
- Unicorn-13564.exe (PID: 10032)
- Unicorn-49884.exe (PID: 9840)
- Unicorn-128.exe (PID: 9876)
- Unicorn-49884.exe (PID: 9848)
- Unicorn-3920.exe (PID: 10080)
- Unicorn-10050.exe (PID: 10088)
- Unicorn-20165.exe (PID: 9496)
- Unicorn-35930.exe (PID: 10048)
- Unicorn-62185.exe (PID: 10016)
- Unicorn-18219.exe (PID: 10104)
- Unicorn-14134.exe (PID: 10116)
- Unicorn-12743.exe (PID: 10132)
- Unicorn-43491.exe (PID: 10148)
- Unicorn-39407.exe (PID: 10172)
- Unicorn-54352.exe (PID: 10160)
- Unicorn-10050.exe (PID: 10096)
- Unicorn-30974.exe (PID: 7440)
- Unicorn-21024.exe (PID: 10220)
- Unicorn-45437.exe (PID: 7444)
- Unicorn-50268.exe (PID: 10236)
- Unicorn-59919.exe (PID: 9244)
- Unicorn-10626.exe (PID: 7464)
- Unicorn-48130.exe (PID: 10280)
- Unicorn-29101.exe (PID: 960)
- Unicorn-55743.exe (PID: 10264)
- Unicorn-14710.exe (PID: 4844)
- Unicorn-53605.exe (PID: 7740)
- Unicorn-8256.exe (PID: 10328)
- Unicorn-5151.exe (PID: 10252)
- Unicorn-4404.exe (PID: 10392)
- Unicorn-50076.exe (PID: 10380)
- Unicorn-15265.exe (PID: 10400)
- Unicorn-28586.exe (PID: 10416)
- Unicorn-7726.exe (PID: 10320)
- Unicorn-39215.exe (PID: 10312)
- Unicorn-65535.exe (PID: 10272)
- Unicorn-39791.exe (PID: 10508)
- Unicorn-20832.exe (PID: 10360)
- Unicorn-30946.exe (PID: 10452)
- Unicorn-12572.exe (PID: 10304)
- Unicorn-40896.exe (PID: 10424)
- Unicorn-9672.exe (PID: 10440)
- Unicorn-27347.exe (PID: 10624)
- Unicorn-27347.exe (PID: 10632)
- Unicorn-38207.exe (PID: 10640)
- Unicorn-58073.exe (PID: 10676)
- Unicorn-35707.exe (PID: 10572)
- Unicorn-58265.exe (PID: 10564)
- Unicorn-16718.exe (PID: 10588)
- Unicorn-9427.exe (PID: 10732)
- Unicorn-9427.exe (PID: 10728)
- Unicorn-58517.exe (PID: 10760)
- Unicorn-17485.exe (PID: 10776)
- Unicorn-15081.exe (PID: 10800)
- Unicorn-34375.exe (PID: 10808)
- Unicorn-64739.exe (PID: 10712)
- Unicorn-13976.exe (PID: 10884)
- Unicorn-39857.exe (PID: 10876)
- Unicorn-63732.exe (PID: 10860)
- Unicorn-5351.exe (PID: 10948)
- Unicorn-11930.exe (PID: 10868)
- Unicorn-32259.exe (PID: 10920)
- Unicorn-8309.exe (PID: 10932)
- Unicorn-65023.exe (PID: 10968)
- Unicorn-53426.exe (PID: 10844)
- Unicorn-64447.exe (PID: 10788)
- Unicorn-32813.exe (PID: 11016)
- Unicorn-36819.exe (PID: 11044)
- Unicorn-64116.exe (PID: 11052)
- Unicorn-47033.exe (PID: 11080)
- Unicorn-50355.exe (PID: 11088)
- Unicorn-44895.exe (PID: 11112)
- Unicorn-25029.exe (PID: 11120)
- Unicorn-54817.exe (PID: 10988)
- Unicorn-14068.exe (PID: 11172)
- Unicorn-63753.exe (PID: 11200)
- Unicorn-32762.exe (PID: 11192)
- Unicorn-738.exe (PID: 11256)
- Unicorn-45855.exe (PID: 5680)
- Unicorn-61786.exe (PID: 11148)
- Unicorn-64692.exe (PID: 1748)
- Unicorn-49747.exe (PID: 2064)
- Unicorn-23105.exe (PID: 6208)
- Unicorn-4530.exe (PID: 11284)
- Unicorn-48185.exe (PID: 11300)
- Unicorn-40571.exe (PID: 11308)
- Unicorn-33914.exe (PID: 11356)
- Unicorn-5398.exe (PID: 11400)
- Unicorn-10058.exe (PID: 11464)
- Unicorn-48880.exe (PID: 11800)
- Unicorn-63051.exe (PID: 11584)
- Unicorn-38839.exe (PID: 11792)
- Unicorn-27717.exe (PID: 11832)
- Unicorn-50084.exe (PID: 11852)
- Unicorn-16756.exe (PID: 11912)
- Unicorn-50942.exe (PID: 11940)
- Unicorn-48055.exe (PID: 11408)
- Unicorn-2829.exe (PID: 11720)
- Unicorn-27717.exe (PID: 11840)
- Unicorn-50084.exe (PID: 11848)
- Unicorn-62419.exe (PID: 12212)
- Unicorn-42491.exe (PID: 12012)
- Unicorn-19933.exe (PID: 11996)
- Unicorn-56690.exe (PID: 12068)
- Unicorn-56690.exe (PID: 12076)
- Unicorn-47867.exe (PID: 12152)
- Unicorn-54552.exe (PID: 12148)
- Unicorn-47702.exe (PID: 12092)
- Unicorn-47867.exe (PID: 12140)
- Unicorn-41837.exe (PID: 12116)
- Unicorn-16482.exe (PID: 12220)
- Unicorn-58388.exe (PID: 12204)
- Unicorn-37753.exe (PID: 11988)
- Unicorn-50660.exe (PID: 11980)
- Unicorn-64395.exe (PID: 11964)
- Unicorn-1380.exe (PID: 12284)
- Unicorn-41359.exe (PID: 864)
- Unicorn-9001.exe (PID: 3968)
- Unicorn-44822.exe (PID: 12300)
- Unicorn-44822.exe (PID: 8052)
- Unicorn-28485.exe (PID: 12416)
- Unicorn-57074.exe (PID: 12316)
- Unicorn-44822.exe (PID: 12292)
- Unicorn-29362.exe (PID: 12368)
- Unicorn-13083.exe (PID: 12396)
- Unicorn-58200.exe (PID: 12464)
- Unicorn-2750.exe (PID: 12168)
- Unicorn-54552.exe (PID: 12188)
- Unicorn-47453.exe (PID: 12256)
- Unicorn-24401.exe (PID: 2416)
- Unicorn-55750.exe (PID: 6424)
- Unicorn-45398.exe (PID: 12572)
- Unicorn-45398.exe (PID: 12580)
- Unicorn-54195.exe (PID: 12648)
- Unicorn-16617.exe (PID: 12588)
- Unicorn-60218.exe (PID: 12628)
- Unicorn-57650.exe (PID: 12564)
- Unicorn-33575.exe (PID: 12788)
- Unicorn-42221.exe (PID: 12504)
- Unicorn-56995.exe (PID: 12656)
- Unicorn-51668.exe (PID: 12612)
- Unicorn-19881.exe (PID: 12680)
- Unicorn-46332.exe (PID: 12672)
- Unicorn-56995.exe (PID: 12664)
- Unicorn-3134.exe (PID: 12428)
- Unicorn-32490.exe (PID: 12556)
- Unicorn-281.exe (PID: 12640)
- Unicorn-56995.exe (PID: 12760)
- Unicorn-5848.exe (PID: 12548)
- Unicorn-20509.exe (PID: 13020)
- Unicorn-43259.exe (PID: 12904)
- Unicorn-19361.exe (PID: 13124)
- Unicorn-33337.exe (PID: 13152)
- Unicorn-33337.exe (PID: 13160)
- Unicorn-47073.exe (PID: 13144)
- Unicorn-35283.exe (PID: 13192)
- Unicorn-43565.exe (PID: 13284)
- Unicorn-52196.exe (PID: 13300)
- Unicorn-30352.exe (PID: 12596)
- Unicorn-56333.exe (PID: 12540)
- Unicorn-55320.exe (PID: 12924)
- Unicorn-89.exe (PID: 12932)
- Unicorn-56803.exe (PID: 12940)
- Unicorn-53295.exe (PID: 13112)
- Unicorn-30928.exe (PID: 13384)
- Unicorn-36794.exe (PID: 13392)
- Unicorn-29558.exe (PID: 13464)
- Unicorn-10223.exe (PID: 13480)
- Unicorn-26758.exe (PID: 13432)
- Unicorn-35424.exe (PID: 13488)
- Unicorn-29558.exe (PID: 13472)
- Unicorn-15823.exe (PID: 13440)
- Unicorn-19087.exe (PID: 13512)
- Unicorn-22952.exe (PID: 6944)
- Unicorn-22952.exe (PID: 6264)
- Unicorn-44657.exe (PID: 13356)
- Unicorn-45974.exe (PID: 7520)
- Unicorn-23415.exe (PID: 7964)
- Unicorn-49979.exe (PID: 13564)
- Unicorn-49979.exe (PID: 13624)
- Unicorn-49979.exe (PID: 13568)
- Unicorn-21390.exe (PID: 13540)
- Unicorn-22823.exe (PID: 13804)
- Unicorn-35397.exe (PID: 13720)
- Unicorn-63820.exe (PID: 13748)
- Unicorn-38075.exe (PID: 13788)
- Unicorn-38537.exe (PID: 13828)
- Unicorn-60441.exe (PID: 13852)
- Unicorn-28423.exe (PID: 13812)
- Unicorn-38381.exe (PID: 13496)
- Unicorn-34926.exe (PID: 13504)
- Unicorn-15823.exe (PID: 13444)
- Unicorn-33551.exe (PID: 13548)
- Unicorn-41454.exe (PID: 13636)
- Unicorn-42927.exe (PID: 14012)
- Unicorn-49036.exe (PID: 13972)
- Unicorn-39497.exe (PID: 13996)
- Unicorn-10638.exe (PID: 14112)
- Unicorn-39305.exe (PID: 14032)
- Unicorn-36348.exe (PID: 14048)
- Unicorn-29191.exe (PID: 14020)
- Unicorn-9970.exe (PID: 14076)
- Unicorn-62440.exe (PID: 14120)
- Unicorn-31852.exe (PID: 13876)
- Unicorn-64168.exe (PID: 13900)
- Unicorn-58958.exe (PID: 13916)
- Unicorn-4356.exe (PID: 13928)
The sample compiled with chinese language support
- 1 (480).exe (PID: 6392)
Reads the computer name
- Unicorn-19961.exe (PID: 1188)
- 1 (480).exe (PID: 6392)
- Unicorn-6032.exe (PID: 5776)
- Unicorn-12162.exe (PID: 1244)
- Unicorn-37797.exe (PID: 4812)
- Unicorn-1062.exe (PID: 2852)
- Unicorn-1062.exe (PID: 6972)
- Unicorn-56848.exe (PID: 6512)
- Unicorn-10911.exe (PID: 1128)
- Unicorn-42287.exe (PID: 2392)
- Unicorn-17682.exe (PID: 1568)
- Unicorn-35961.exe (PID: 4652)
- Unicorn-63475.exe (PID: 7188)
- Unicorn-18359.exe (PID: 1040)
- Unicorn-21051.exe (PID: 7208)
- Unicorn-40917.exe (PID: 7224)
- Unicorn-8058.exe (PID: 7256)
- Unicorn-21051.exe (PID: 7212)
- Unicorn-10858.exe (PID: 7264)
- Unicorn-49469.exe (PID: 7344)
- Unicorn-10574.exe (PID: 7360)
- Unicorn-37771.exe (PID: 7368)
- Unicorn-53288.exe (PID: 7392)
- Unicorn-18119.exe (PID: 7932)
- Unicorn-5888.exe (PID: 8036)
- Unicorn-26863.exe (PID: 8076)
- Unicorn-49422.exe (PID: 8152)
- Unicorn-22033.exe (PID: 8180)
- Unicorn-1612.exe (PID: 6184)
- Unicorn-56935.exe (PID: 5504)
- Unicorn-1612.exe (PID: 7320)
- Unicorn-22124.exe (PID: 4120)
- Unicorn-50356.exe (PID: 7048)
- Unicorn-28255.exe (PID: 2088)
- Unicorn-40507.exe (PID: 1164)
- Unicorn-41083.exe (PID: 7468)
- Unicorn-45767.exe (PID: 660)
- Unicorn-8389.exe (PID: 6032)
- Unicorn-39499.exe (PID: 5308)
- Unicorn-38945.exe (PID: 3896)
- Unicorn-38945.exe (PID: 668)
- Unicorn-49059.exe (PID: 7604)
- Unicorn-25109.exe (PID: 7620)
- Unicorn-20370.exe (PID: 7632)
- Unicorn-61119.exe (PID: 8120)
- Unicorn-23377.exe (PID: 7512)
- Unicorn-62363.exe (PID: 7528)
- Unicorn-13486.exe (PID: 7656)
- Unicorn-11679.exe (PID: 7480)
- Unicorn-35629.exe (PID: 7492)
- Unicorn-64309.exe (PID: 7816)
- Unicorn-2764.exe (PID: 7852)
- Unicorn-9541.exe (PID: 7860)
- Unicorn-39521.exe (PID: 7884)
- Unicorn-62711.exe (PID: 7904)
- Unicorn-44145.exe (PID: 7940)
- Unicorn-30501.exe (PID: 7780)
- Unicorn-39713.exe (PID: 5116)
- Unicorn-25671.exe (PID: 7768)
- Unicorn-54814.exe (PID: 8064)
- Unicorn-60481.exe (PID: 7976)
- Unicorn-54814.exe (PID: 8024)
- Unicorn-42583.exe (PID: 8132)
- Unicorn-11856.exe (PID: 8108)
- Unicorn-11856.exe (PID: 7312)
- Unicorn-47222.exe (PID: 8012)
- Unicorn-22163.exe (PID: 8172)
- Unicorn-11856.exe (PID: 8188)
- Unicorn-65141.exe (PID: 4336)
- Unicorn-42483.exe (PID: 8060)
- Unicorn-30139.exe (PID: 6468)
- Unicorn-56973.exe (PID: 8148)
- Unicorn-16495.exe (PID: 1240)
- Unicorn-58687.exe (PID: 7556)
- Unicorn-5369.exe (PID: 2984)
- Unicorn-27430.exe (PID: 208)
- Unicorn-32085.exe (PID: 8300)
- Unicorn-12219.exe (PID: 8292)
- Unicorn-13610.exe (PID: 8228)
- Unicorn-12219.exe (PID: 8284)
- Unicorn-30038.exe (PID: 8216)
- Unicorn-38618.exe (PID: 8344)
- Unicorn-54643.exe (PID: 8264)
- Unicorn-50559.exe (PID: 8276)
- Unicorn-44337.exe (PID: 8244)
- Unicorn-1285.exe (PID: 8028)
- Unicorn-32831.exe (PID: 2644)
- Unicorn-15749.exe (PID: 5392)
- Unicorn-50559.exe (PID: 8316)
- Unicorn-28577.exe (PID: 8480)
- Unicorn-42510.exe (PID: 8516)
- Unicorn-32752.exe (PID: 8352)
- Unicorn-18825.exe (PID: 8492)
- Unicorn-22931.exe (PID: 8628)
- Unicorn-13417.exe (PID: 8360)
- Unicorn-8135.exe (PID: 8324)
- Unicorn-32661.exe (PID: 8472)
- Unicorn-372.exe (PID: 8644)
- Unicorn-55603.exe (PID: 8720)
- Unicorn-41959.exe (PID: 8652)
- Unicorn-272.exe (PID: 8680)
- Unicorn-16517.exe (PID: 8800)
- Unicorn-9095.exe (PID: 8760)
- Unicorn-24776.exe (PID: 8856)
- Unicorn-55603.exe (PID: 8712)
- Unicorn-43159.exe (PID: 8824)
- Unicorn-2873.exe (PID: 8832)
- Unicorn-28696.exe (PID: 8772)
- Unicorn-4840.exe (PID: 8896)
- Unicorn-7533.exe (PID: 8920)
- Unicorn-14954.exe (PID: 8948)
- Unicorn-26942.exe (PID: 8972)
- Unicorn-48758.exe (PID: 9012)
- Unicorn-19615.exe (PID: 9004)
- Unicorn-63963.exe (PID: 8988)
- Unicorn-52187.exe (PID: 9036)
- Unicorn-517.exe (PID: 9184)
- Unicorn-29921.exe (PID: 9164)
- Unicorn-46641.exe (PID: 1348)
- Unicorn-18528.exe (PID: 8448)
- Unicorn-41571.exe (PID: 8540)
Creates files or folders in the user directory
- WerFault.exe (PID: 6768)
- BackgroundTransferHost.exe (PID: 2984)
Create files in a temporary directory
- Unicorn-35961.exe (PID: 4652)
- Unicorn-19961.exe (PID: 1188)
- Unicorn-12162.exe (PID: 1244)
- Unicorn-37797.exe (PID: 4812)
- Unicorn-1062.exe (PID: 6972)
- 1 (480).exe (PID: 6392)
- Unicorn-6032.exe (PID: 5776)
- Unicorn-56848.exe (PID: 6512)
- Unicorn-42287.exe (PID: 2392)
- Unicorn-17682.exe (PID: 1568)
- Unicorn-18359.exe (PID: 1040)
- Unicorn-63475.exe (PID: 7188)
- Unicorn-1062.exe (PID: 2852)
- Unicorn-37771.exe (PID: 7368)
- Unicorn-53288.exe (PID: 7392)
- Unicorn-8058.exe (PID: 7256)
- Unicorn-10911.exe (PID: 1128)
- Unicorn-18119.exe (PID: 7932)
- Unicorn-5888.exe (PID: 8036)
- Unicorn-61119.exe (PID: 8120)
- Unicorn-49422.exe (PID: 8152)
- Unicorn-22033.exe (PID: 8180)
- Unicorn-21051.exe (PID: 7208)
- Unicorn-10858.exe (PID: 7264)
- Unicorn-1612.exe (PID: 6184)
- Unicorn-21051.exe (PID: 7212)
- Unicorn-22124.exe (PID: 4120)
- Unicorn-50356.exe (PID: 7048)
- Unicorn-40507.exe (PID: 1164)
- Unicorn-45767.exe (PID: 660)
- Unicorn-8389.exe (PID: 6032)
- Unicorn-41083.exe (PID: 7468)
- Unicorn-39499.exe (PID: 5308)
- Unicorn-49469.exe (PID: 7344)
- Unicorn-38945.exe (PID: 668)
- Unicorn-49059.exe (PID: 7604)
- Unicorn-13486.exe (PID: 7656)
- Unicorn-38945.exe (PID: 3896)
- Unicorn-25109.exe (PID: 7620)
- Unicorn-10574.exe (PID: 7360)
- Unicorn-35629.exe (PID: 7492)
- Unicorn-11679.exe (PID: 7480)
- Unicorn-23377.exe (PID: 7512)
- Unicorn-62363.exe (PID: 7528)
- Unicorn-26863.exe (PID: 8076)
- Unicorn-2764.exe (PID: 7852)
- Unicorn-9541.exe (PID: 7860)
- Unicorn-64309.exe (PID: 7816)
- Unicorn-39521.exe (PID: 7884)
- Unicorn-62711.exe (PID: 7904)
- Unicorn-44145.exe (PID: 7940)
- Unicorn-30501.exe (PID: 7780)
- Unicorn-40917.exe (PID: 7224)
- Unicorn-60481.exe (PID: 7976)
- Unicorn-25671.exe (PID: 7768)
- Unicorn-54814.exe (PID: 8064)
- Unicorn-1612.exe (PID: 7320)
- Unicorn-54814.exe (PID: 8024)
- Unicorn-42583.exe (PID: 8132)
- Unicorn-27430.exe (PID: 208)
- Unicorn-56935.exe (PID: 5504)
- Unicorn-47222.exe (PID: 8012)
- Unicorn-11856.exe (PID: 7312)
- Unicorn-11856.exe (PID: 8108)
- Unicorn-11856.exe (PID: 8188)
- Unicorn-22163.exe (PID: 8172)
- Unicorn-65141.exe (PID: 4336)
- Unicorn-56973.exe (PID: 8148)
- Unicorn-16495.exe (PID: 1240)
- Unicorn-58687.exe (PID: 7556)
- Unicorn-28255.exe (PID: 2088)
- Unicorn-42483.exe (PID: 8060)
- Unicorn-1285.exe (PID: 8028)
- Unicorn-32831.exe (PID: 2644)
- Unicorn-15749.exe (PID: 5392)
- Unicorn-32085.exe (PID: 8300)
- Unicorn-12219.exe (PID: 8292)
- Unicorn-30038.exe (PID: 8216)
- Unicorn-12219.exe (PID: 8284)
- Unicorn-38618.exe (PID: 8344)
- Unicorn-13417.exe (PID: 8360)
- Unicorn-50559.exe (PID: 8276)
- Unicorn-44337.exe (PID: 8244)
- Unicorn-50559.exe (PID: 8316)
- Unicorn-28577.exe (PID: 8480)
- Unicorn-8135.exe (PID: 8324)
- Unicorn-42510.exe (PID: 8516)
- Unicorn-32752.exe (PID: 8352)
- Unicorn-32661.exe (PID: 8472)
- Unicorn-18825.exe (PID: 8492)
- Unicorn-20370.exe (PID: 7632)
- Unicorn-372.exe (PID: 8644)
- Unicorn-22931.exe (PID: 8628)
- Unicorn-55603.exe (PID: 8720)
- Unicorn-272.exe (PID: 8680)
- Unicorn-41959.exe (PID: 8652)
- Unicorn-9095.exe (PID: 8760)
- Unicorn-55603.exe (PID: 8712)
- Unicorn-39713.exe (PID: 5116)
- Unicorn-24776.exe (PID: 8856)
- Unicorn-43159.exe (PID: 8824)
- Unicorn-2873.exe (PID: 8832)
- Unicorn-28696.exe (PID: 8772)
- Unicorn-4840.exe (PID: 8896)
- Unicorn-7533.exe (PID: 8920)
- Unicorn-14954.exe (PID: 8948)
- Unicorn-26942.exe (PID: 8972)
- Unicorn-48758.exe (PID: 9012)
- Unicorn-19615.exe (PID: 9004)
- Unicorn-517.exe (PID: 9184)
- Unicorn-52187.exe (PID: 9036)
- Unicorn-63963.exe (PID: 8988)
- Unicorn-46641.exe (PID: 1348)
- Unicorn-29921.exe (PID: 9164)
- Unicorn-5369.exe (PID: 2984)
- Unicorn-54643.exe (PID: 8264)
- Unicorn-18528.exe (PID: 8448)
- Unicorn-41571.exe (PID: 8540)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 6576)
- BackgroundTransferHost.exe (PID: 2984)
- BackgroundTransferHost.exe (PID: 7496)
- BackgroundTransferHost.exe (PID: 7772)
- BackgroundTransferHost.exe (PID: 8000)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 2984)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 2984)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
504
Monitored processes
368
Malicious processes
59
Suspicious processes
54
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 208 | C:\Users\admin\AppData\Local\Temp\Unicorn-27430.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27430.exe | Unicorn-19961.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-45767.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45767.exe | 1 (480).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 668 | C:\Users\admin\AppData\Local\Temp\Unicorn-38945.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-38945.exe | Unicorn-10574.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 864 | C:\Users\admin\AppData\Local\Temp\Unicorn-41359.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41359.exe | — | Unicorn-6032.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 960 | C:\Users\admin\AppData\Local\Temp\Unicorn-29101.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29101.exe | Unicorn-28577.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-18359.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18359.exe | Unicorn-1062.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1128 | C:\Users\admin\AppData\Local\Temp\Unicorn-10911.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10911.exe | 1 (480).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1164 | C:\Users\admin\AppData\Local\Temp\Unicorn-40507.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40507.exe | Unicorn-10858.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-19961.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19961.exe | 1 (480).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-16495.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16495.exe | Unicorn-8058.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
10 792
Read events
10 777
Write events
15
Delete events
0
Modification events
| (PID) Process: | (6576) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6576) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6576) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2984) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2984) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2984) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7496) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7496) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7496) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (8000) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 019
Suspicious files
8
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6768 | WerFault.exe | C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_Unicorn-29521.ex_9af5826e263f752e557e9b8b98314bed52363ac_407d8355_5d0b9d21-b28c-44d0-8916-30b6b59e71a1\Report.wer | — | |
MD5:— | SHA256:— | |||
| 6768 | WerFault.exe | C:\ProgramData\Microsoft\Windows\WER\Temp\WERD2D2.tmp.dmp | binary | |
MD5:B1B7FCAEDB1F7C672718FD020F98FE5C | SHA256:411C5C12329EC1689E0536524778495029952BCA77679482673687AE39AF2585 | |||
| 6392 | 1 (480).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19961.exe | executable | |
MD5:16726EAD8BA205A3A6213F02EE23B136 | SHA256:93DB8CF0EE1DE3A61ABE92CEA916C915667B57646575E07F3E629712C1CD8306 | |||
| 6392 | 1 (480).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35961.exe | executable | |
MD5:6E09040B38BBBEC7CEB13DA8F21F63D6 | SHA256:91BF92C0307A63C74AEFF1F8FAFD4E020FAF144E1F87BD7B8D658D6855C1AF5E | |||
| 1188 | Unicorn-19961.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-56848.exe | executable | |
MD5:B0FCB7F929989AFB61005B903E294905 | SHA256:1C993A4A131A3C175335FC0C6BD95CCD4FF89EE03EFC359E482BE9DE08EA3371 | |||
| 2984 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\33ce84ae-3646-4eed-8bde-48fa3307c386.down_data | — | |
MD5:— | SHA256:— | |||
| 4812 | Unicorn-37797.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42287.exe | executable | |
MD5:AEED397E928DF5834769064407EBC2FC | SHA256:B16FCD0319D02BAC870CCB0F162BC131C668F5A628269F902CBF95404C82BEC5 | |||
| 4652 | Unicorn-35961.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29521.exe | executable | |
MD5:F1460C06AD72EE9233953A2CADBDB295 | SHA256:66B5B0FC292F11C18F2B3C8D828199F1A88A141891894DAA69D2BA78D0D88F98 | |||
| 6768 | WerFault.exe | C:\ProgramData\Microsoft\Windows\WER\Temp\WERD360.tmp.WERInternalMetadata.xml | binary | |
MD5:FE7081E2F8CC78C921B86F130FCB4D83 | SHA256:F49C00D20A76B2DE3E4DF432072E71080C7B77D7E5F8419D2EE0B14EA3967894 | |||
| 1244 | Unicorn-12162.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-1062.exe | executable | |
MD5:08D91D773C3FA4CECEEFFB752DFE4906 | SHA256:2A739A1A64D2EDE1E6537B712CFEF05AA34C10E195C32C5A9C2F145841D992B3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
25
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.194:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
6272 | backgroundTaskHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8536 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
2984 | BackgroundTransferHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
8536 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 192.168.100.255:137 | — | — | — | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 23.48.23.194:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2112 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.115.3.253:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.160.128:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
6272 | backgroundTaskHost.exe | 20.223.36.55:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |