| File name: | 1 (589) |
| Full analysis: | https://app.any.run/tasks/5782f4d4-e458-4ae0-8337-889f96f1f205 |
| Verdict: | Malicious activity |
| Analysis date: | March 25, 2025, 03:14:26 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 48E83D0FEADFBA831DB8F45166D3E8B0 |
| SHA1: | 5DC523ADF710F5075C1598CD26E080756471CF32 |
| SHA256: | 3B30BABACDC99EC999E04095F1579641B1EA87D0717A10037ADB1518700A57A4 |
| SSDEEP: | 6144:t70gAKIBvDpHAk+XTZeMJvfC4KBqlvJGBCIW2erdak/8SwjwpyivEhyy5LSAslXa:tIZxXHAkeTY5BMhaCz2erdhx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (589).exe (PID: 2564)
- Unicorn-49727.exe (PID: 4688)
- Unicorn-15508.exe (PID: 2244)
- Unicorn-28507.exe (PID: 6476)
- Unicorn-47509.exe (PID: 4244)
- Unicorn-27451.exe (PID: 5392)
- Unicorn-57331.exe (PID: 2692)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-30866.exe (PID: 2096)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-53420.exe (PID: 1228)
- Unicorn-34588.exe (PID: 616)
- Unicorn-33685.exe (PID: 3096)
- Unicorn-17083.exe (PID: 728)
- Unicorn-13819.exe (PID: 3100)
- Unicorn-43891.exe (PID: 680)
- Unicorn-38060.exe (PID: 5984)
- Unicorn-34469.exe (PID: 5360)
- Unicorn-28146.exe (PID: 5260)
- Unicorn-14603.exe (PID: 6068)
- Unicorn-39212.exe (PID: 6592)
- Unicorn-39212.exe (PID: 1040)
- Unicorn-15947.exe (PID: 2040)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-35356.exe (PID: 7240)
- Unicorn-35813.exe (PID: 856)
- Unicorn-3140.exe (PID: 7196)
- Unicorn-29897.exe (PID: 7260)
- Unicorn-34604.exe (PID: 7684)
- Unicorn-60540.exe (PID: 7716)
- Unicorn-836.exe (PID: 7824)
- Unicorn-17173.exe (PID: 7812)
- Unicorn-836.exe (PID: 7832)
- Unicorn-36259.exe (PID: 7880)
- Unicorn-27186.exe (PID: 7864)
- Unicorn-15755.exe (PID: 7248)
- Unicorn-24101.exe (PID: 8048)
- Unicorn-24101.exe (PID: 8056)
- Unicorn-13088.exe (PID: 8096)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-866.exe (PID: 8180)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-61708.exe (PID: 7464)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-61708.exe (PID: 7472)
- Unicorn-15422.exe (PID: 7528)
- Unicorn-6612.exe (PID: 7424)
- Unicorn-57951.exe (PID: 7452)
- Unicorn-15422.exe (PID: 7316)
- Unicorn-19913.exe (PID: 7348)
- Unicorn-1687.exe (PID: 7520)
- Unicorn-8978.exe (PID: 7544)
- Unicorn-35813.exe (PID: 5228)
- Unicorn-61708.exe (PID: 7484)
- Unicorn-8978.exe (PID: 7340)
- Unicorn-3378.exe (PID: 7536)
- Unicorn-65148.exe (PID: 7172)
- Unicorn-11826.exe (PID: 3300)
- Unicorn-48325.exe (PID: 6228)
- Unicorn-1812.exe (PID: 7772)
- Unicorn-64147.exe (PID: 7552)
- Unicorn-12594.exe (PID: 8020)
- Unicorn-15579.exe (PID: 7972)
- Unicorn-15771.exe (PID: 2148)
- Unicorn-9794.exe (PID: 8016)
- Unicorn-15771.exe (PID: 6112)
- Unicorn-2580.exe (PID: 7996)
- Unicorn-19109.exe (PID: 780)
- Unicorn-35637.exe (PID: 8028)
- Unicorn-2964.exe (PID: 7948)
- Unicorn-18459.exe (PID: 8036)
- Unicorn-2964.exe (PID: 7944)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-59251.exe (PID: 5084)
- Unicorn-29724.exe (PID: 7592)
- Unicorn-29724.exe (PID: 7620)
- Unicorn-24907.exe (PID: 4652)
- Unicorn-28821.exe (PID: 8204)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-49324.exe (PID: 8384)
- Unicorn-11882.exe (PID: 8296)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-53045.exe (PID: 8372)
- Unicorn-36709.exe (PID: 8348)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-20491.exe (PID: 8340)
- Unicorn-40165.exe (PID: 8652)
- Unicorn-37669.exe (PID: 8520)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-7170.exe (PID: 8676)
- Unicorn-4804.exe (PID: 8584)
- Unicorn-6612.exe (PID: 7416)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-53813.exe (PID: 8636)
- Unicorn-35867.exe (PID: 8804)
- Unicorn-23445.exe (PID: 8704)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-35867.exe (PID: 8796)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-24524.exe (PID: 8900)
- Unicorn-57715.exe (PID: 8840)
- Unicorn-98.exe (PID: 8856)
- Unicorn-25564.exe (PID: 9084)
- Unicorn-39205.exe (PID: 8784)
- Unicorn-5499.exe (PID: 8848)
- Unicorn-18274.exe (PID: 8992)
- Unicorn-39397.exe (PID: 8752)
- Unicorn-8763.exe (PID: 8864)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-17890.exe (PID: 9036)
- Unicorn-28188.exe (PID: 8888)
- Unicorn-39205.exe (PID: 8820)
- Unicorn-64860.exe (PID: 8908)
- Unicorn-31141.exe (PID: 9212)
- Unicorn-34732.exe (PID: 9180)
- Unicorn-36003.exe (PID: 7580)
- Unicorn-59987.exe (PID: 8288)
- Unicorn-20124.exe (PID: 8308)
- Unicorn-48172.exe (PID: 9228)
- Unicorn-57669.exe (PID: 9284)
- Unicorn-41141.exe (PID: 9300)
- Unicorn-23845.exe (PID: 9340)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-53184.exe (PID: 9444)
- Unicorn-57020.exe (PID: 9584)
- Unicorn-9044.exe (PID: 9412)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-7284.exe (PID: 8324)
- Unicorn-53148.exe (PID: 9664)
- Unicorn-58748.exe (PID: 9692)
- Unicorn-43122.exe (PID: 9640)
- Unicorn-30508.exe (PID: 9624)
- Unicorn-6946.exe (PID: 9680)
Executable content was dropped or overwritten
- 1 (589).exe (PID: 2564)
- Unicorn-15508.exe (PID: 2244)
- Unicorn-49727.exe (PID: 4688)
- Unicorn-28507.exe (PID: 6476)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-47509.exe (PID: 4244)
- Unicorn-57331.exe (PID: 2692)
- Unicorn-43891.exe (PID: 680)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-34588.exe (PID: 616)
- Unicorn-13819.exe (PID: 3100)
- Unicorn-27451.exe (PID: 5392)
- Unicorn-17083.exe (PID: 728)
- Unicorn-38060.exe (PID: 5984)
- Unicorn-34469.exe (PID: 5360)
- Unicorn-14603.exe (PID: 6068)
- Unicorn-30866.exe (PID: 2096)
- Unicorn-39212.exe (PID: 6592)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-15755.exe (PID: 7248)
- Unicorn-35813.exe (PID: 856)
- Unicorn-15947.exe (PID: 2040)
- Unicorn-60540.exe (PID: 7716)
- Unicorn-17173.exe (PID: 7812)
- Unicorn-836.exe (PID: 7832)
- Unicorn-34604.exe (PID: 7684)
- Unicorn-36259.exe (PID: 7880)
- Unicorn-27186.exe (PID: 7864)
- Unicorn-24101.exe (PID: 8056)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-13088.exe (PID: 8096)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-39212.exe (PID: 1040)
- Unicorn-53420.exe (PID: 1228)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-866.exe (PID: 8180)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-61708.exe (PID: 7464)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-61708.exe (PID: 7472)
- Unicorn-15422.exe (PID: 7528)
- Unicorn-3140.exe (PID: 7196)
- Unicorn-28579.exe (PID: 7344)
- Unicorn-6612.exe (PID: 7416)
- Unicorn-19913.exe (PID: 7348)
- Unicorn-8978.exe (PID: 7544)
- Unicorn-35356.exe (PID: 7240)
- Unicorn-15422.exe (PID: 7316)
- Unicorn-65148.exe (PID: 7172)
- Unicorn-3378.exe (PID: 7536)
- Unicorn-8978.exe (PID: 7340)
- Unicorn-29897.exe (PID: 7260)
- Unicorn-48325.exe (PID: 6228)
- Unicorn-11826.exe (PID: 3300)
- Unicorn-1812.exe (PID: 7772)
- Unicorn-64147.exe (PID: 7552)
- Unicorn-15579.exe (PID: 7972)
- Unicorn-12594.exe (PID: 8020)
- Unicorn-15771.exe (PID: 2148)
- Unicorn-35637.exe (PID: 8028)
- Unicorn-18459.exe (PID: 8036)
- Unicorn-2964.exe (PID: 7944)
- Unicorn-28146.exe (PID: 5260)
- Unicorn-59251.exe (PID: 5084)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-836.exe (PID: 7824)
- Unicorn-29724.exe (PID: 7592)
- Unicorn-29724.exe (PID: 7620)
- Unicorn-24907.exe (PID: 4652)
- Unicorn-24101.exe (PID: 8048)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-28821.exe (PID: 8204)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-49324.exe (PID: 8384)
- Unicorn-7284.exe (PID: 8324)
- Unicorn-11882.exe (PID: 8296)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-53045.exe (PID: 8372)
- Unicorn-36709.exe (PID: 8348)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-20491.exe (PID: 8340)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-40165.exe (PID: 8652)
- Unicorn-37669.exe (PID: 8520)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-4804.exe (PID: 8584)
- Unicorn-7170.exe (PID: 8676)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-23445.exe (PID: 8704)
- Unicorn-57951.exe (PID: 7452)
- Unicorn-23253.exe (PID: 8720)
- Unicorn-35867.exe (PID: 8804)
- Unicorn-53813.exe (PID: 8636)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-35867.exe (PID: 8796)
- Unicorn-98.exe (PID: 8856)
- Unicorn-24524.exe (PID: 8900)
- Unicorn-40741.exe (PID: 8980)
- Unicorn-57715.exe (PID: 8840)
- Unicorn-39205.exe (PID: 8784)
- Unicorn-5499.exe (PID: 8848)
- Unicorn-1687.exe (PID: 7520)
- Unicorn-18274.exe (PID: 8992)
- Unicorn-61708.exe (PID: 7484)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-17890.exe (PID: 9036)
- Unicorn-28188.exe (PID: 8888)
- Unicorn-33685.exe (PID: 3096)
- Unicorn-64860.exe (PID: 8908)
- Unicorn-39205.exe (PID: 8820)
- Unicorn-31141.exe (PID: 9212)
- Unicorn-2964.exe (PID: 7948)
- Unicorn-34732.exe (PID: 9180)
- Unicorn-36003.exe (PID: 7580)
- Unicorn-15771.exe (PID: 6112)
- Unicorn-2580.exe (PID: 7996)
- Unicorn-20124.exe (PID: 8308)
- Unicorn-48172.exe (PID: 9228)
- Unicorn-41141.exe (PID: 9300)
- Unicorn-57669.exe (PID: 9284)
- Unicorn-23845.exe (PID: 9340)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-53184.exe (PID: 9444)
- Unicorn-57020.exe (PID: 9584)
- Unicorn-9044.exe (PID: 9412)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-60741.exe (PID: 9552)
- Unicorn-53148.exe (PID: 9664)
- Unicorn-58748.exe (PID: 9692)
- Unicorn-30508.exe (PID: 9624)
- Unicorn-58748.exe (PID: 9672)
- Unicorn-6833.exe (PID: 9764)
- Unicorn-36626.exe (PID: 9740)
- Unicorn-57024.exe (PID: 9732)
- Unicorn-6946.exe (PID: 9680)
- Unicorn-8763.exe (PID: 8864)
- Unicorn-18085.exe (PID: 9796)
- Unicorn-30402.exe (PID: 9856)
- Unicorn-14996.exe (PID: 9192)
- Unicorn-34395.exe (PID: 9836)
- Unicorn-59987.exe (PID: 8288)
- Unicorn-19813.exe (PID: 9872)
- Unicorn-19109.exe (PID: 780)
- Unicorn-64524.exe (PID: 9952)
- Unicorn-36149.exe (PID: 9892)
- Unicorn-6612.exe (PID: 7424)
- Unicorn-22444.exe (PID: 9928)
- Unicorn-16313.exe (PID: 9920)
- Unicorn-18395.exe (PID: 9976)
- Unicorn-25564.exe (PID: 9084)
- Unicorn-35813.exe (PID: 5228)
- Unicorn-9794.exe (PID: 8016)
- Unicorn-2242.exe (PID: 10132)
- Unicorn-43387.exe (PID: 10156)
- Unicorn-17068.exe (PID: 10180)
- Unicorn-13476.exe (PID: 10200)
- Unicorn-64332.exe (PID: 10228)
- Unicorn-43122.exe (PID: 9640)
- Unicorn-44348.exe (PID: 9320)
- Unicorn-39397.exe (PID: 8752)
- Unicorn-15287.exe (PID: 7624)
- Unicorn-15026.exe (PID: 10000)
- Unicorn-9044.exe (PID: 9396)
- Unicorn-38645.exe (PID: 10080)
- Unicorn-16357.exe (PID: 8816)
- Unicorn-7332.exe (PID: 9792)
- Unicorn-40389.exe (PID: 10124)
- Unicorn-54732.exe (PID: 10276)
- Unicorn-61084.exe (PID: 10352)
- Unicorn-58069.exe (PID: 10332)
- Unicorn-60181.exe (PID: 10420)
- Unicorn-9361.exe (PID: 10384)
- Unicorn-39205.exe (PID: 8776)
- Unicorn-25179.exe (PID: 10432)
- Unicorn-19650.exe (PID: 10268)
- Unicorn-52371.exe (PID: 10556)
- Unicorn-6329.exe (PID: 10260)
- Unicorn-7451.exe (PID: 10444)
- Unicorn-22827.exe (PID: 10532)
- Unicorn-40307.exe (PID: 10568)
- Unicorn-54348.exe (PID: 8444)
- Unicorn-1883.exe (PID: 8440)
- Unicorn-43404.exe (PID: 10100)
- Unicorn-1764.exe (PID: 10668)
- Unicorn-54172.exe (PID: 10684)
- Unicorn-34245.exe (PID: 10704)
- Unicorn-48012.exe (PID: 10824)
- Unicorn-65500.exe (PID: 10764)
- Unicorn-59827.exe (PID: 10744)
- Unicorn-27317.exe (PID: 10452)
- Unicorn-37125.exe (PID: 10892)
- Unicorn-6315.exe (PID: 10784)
- Unicorn-32251.exe (PID: 10800)
- Unicorn-59059.exe (PID: 10592)
- Unicorn-23403.exe (PID: 10480)
- Unicorn-51484.exe (PID: 10640)
Executes application which crashes
- Unicorn-63164.exe (PID: 6300)
INFO
Checks supported languages
- 1 (589).exe (PID: 2564)
- Unicorn-49727.exe (PID: 4688)
- Unicorn-15508.exe (PID: 2244)
- Unicorn-28507.exe (PID: 6476)
- Unicorn-47509.exe (PID: 4244)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-27451.exe (PID: 5392)
- Unicorn-57331.exe (PID: 2692)
- Unicorn-30866.exe (PID: 2096)
- Unicorn-34588.exe (PID: 616)
- Unicorn-43891.exe (PID: 680)
- Unicorn-33685.exe (PID: 3096)
- Unicorn-13819.exe (PID: 3100)
- Unicorn-17083.exe (PID: 728)
- Unicorn-53420.exe (PID: 1228)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-38060.exe (PID: 5984)
- Unicorn-34469.exe (PID: 5360)
- Unicorn-14603.exe (PID: 6068)
- Unicorn-28146.exe (PID: 5260)
- Unicorn-39212.exe (PID: 6592)
- Unicorn-15755.exe (PID: 7248)
- Unicorn-15947.exe (PID: 2040)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-65148.exe (PID: 7172)
- Unicorn-35813.exe (PID: 5228)
- Unicorn-35356.exe (PID: 7240)
- Unicorn-39212.exe (PID: 1040)
- Unicorn-29897.exe (PID: 7260)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-3140.exe (PID: 7196)
- Unicorn-35813.exe (PID: 856)
- Unicorn-60540.exe (PID: 7716)
- Unicorn-836.exe (PID: 7824)
- Unicorn-36259.exe (PID: 7880)
- Unicorn-34604.exe (PID: 7684)
- Unicorn-24101.exe (PID: 8056)
- Unicorn-24101.exe (PID: 8048)
- Unicorn-13088.exe (PID: 8096)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-836.exe (PID: 7832)
- Unicorn-27186.exe (PID: 7864)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-17173.exe (PID: 7812)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-866.exe (PID: 8180)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-57951.exe (PID: 7452)
- Unicorn-6612.exe (PID: 7424)
- Unicorn-61708.exe (PID: 7464)
- Unicorn-15422.exe (PID: 7528)
- Unicorn-61708.exe (PID: 7484)
- Unicorn-6612.exe (PID: 7416)
- Unicorn-61708.exe (PID: 7472)
- Unicorn-1687.exe (PID: 7520)
- Unicorn-8978.exe (PID: 7544)
- Unicorn-19913.exe (PID: 7348)
- Unicorn-8978.exe (PID: 7340)
- Unicorn-28579.exe (PID: 7344)
- Unicorn-3378.exe (PID: 7536)
- Unicorn-15422.exe (PID: 7316)
- Unicorn-48325.exe (PID: 6228)
- Unicorn-1812.exe (PID: 7772)
- Unicorn-64147.exe (PID: 7552)
- Unicorn-11826.exe (PID: 3300)
- Unicorn-2964.exe (PID: 7944)
- Unicorn-19109.exe (PID: 780)
- Unicorn-15771.exe (PID: 6112)
- Unicorn-2964.exe (PID: 7948)
- Unicorn-2580.exe (PID: 7996)
- Unicorn-15579.exe (PID: 7972)
- Unicorn-15771.exe (PID: 2148)
- Unicorn-12594.exe (PID: 8020)
- Unicorn-35637.exe (PID: 8028)
- Unicorn-9794.exe (PID: 8016)
- Unicorn-18459.exe (PID: 8036)
- Unicorn-59251.exe (PID: 5084)
- Unicorn-29724.exe (PID: 7592)
- Unicorn-29724.exe (PID: 7620)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-24907.exe (PID: 4652)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-28821.exe (PID: 8204)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-11882.exe (PID: 8296)
- Unicorn-7284.exe (PID: 8324)
- Unicorn-20491.exe (PID: 8340)
- Unicorn-36709.exe (PID: 8348)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-49324.exe (PID: 8384)
- Unicorn-37669.exe (PID: 8520)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-53045.exe (PID: 8372)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-53813.exe (PID: 8636)
- Unicorn-40165.exe (PID: 8652)
- Unicorn-7170.exe (PID: 8676)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-4804.exe (PID: 8584)
- Unicorn-23253.exe (PID: 8720)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-23445.exe (PID: 8704)
- Unicorn-39397.exe (PID: 8752)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-39205.exe (PID: 8784)
- Unicorn-39205.exe (PID: 8776)
- Unicorn-57715.exe (PID: 8840)
- Unicorn-35867.exe (PID: 8804)
- Unicorn-5499.exe (PID: 8848)
- Unicorn-28188.exe (PID: 8888)
- Unicorn-98.exe (PID: 8856)
- Unicorn-24524.exe (PID: 8900)
- Unicorn-64860.exe (PID: 8908)
- Unicorn-40741.exe (PID: 8980)
- Unicorn-18274.exe (PID: 8992)
- Unicorn-39205.exe (PID: 8820)
- Unicorn-35867.exe (PID: 8796)
- Unicorn-8763.exe (PID: 8864)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-17890.exe (PID: 9036)
- Unicorn-34732.exe (PID: 9180)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-25564.exe (PID: 9084)
- Unicorn-59987.exe (PID: 8288)
- Unicorn-36003.exe (PID: 7580)
- Unicorn-20124.exe (PID: 8308)
- Unicorn-14996.exe (PID: 9192)
- Unicorn-31141.exe (PID: 9212)
- Unicorn-63164.exe (PID: 6300)
- Unicorn-57669.exe (PID: 9284)
- Unicorn-48172.exe (PID: 9228)
- Unicorn-53184.exe (PID: 9444)
- Unicorn-9044.exe (PID: 9396)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-55650.exe (PID: 9452)
- Unicorn-41141.exe (PID: 9300)
- Unicorn-23845.exe (PID: 9340)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-9044.exe (PID: 9412)
- Unicorn-57020.exe (PID: 9584)
- Unicorn-60741.exe (PID: 9552)
- Unicorn-30508.exe (PID: 9624)
- Unicorn-43122.exe (PID: 9640)
- Unicorn-53148.exe (PID: 9664)
- Unicorn-58748.exe (PID: 9672)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-57024.exe (PID: 9732)
- Unicorn-36626.exe (PID: 9740)
- Unicorn-6833.exe (PID: 9764)
- Unicorn-18085.exe (PID: 9796)
- Unicorn-6946.exe (PID: 9680)
- Unicorn-58748.exe (PID: 9692)
- Unicorn-19813.exe (PID: 9872)
- Unicorn-16313.exe (PID: 9920)
- Unicorn-22444.exe (PID: 9928)
- Unicorn-64524.exe (PID: 9952)
- Unicorn-34395.exe (PID: 9836)
- Unicorn-30402.exe (PID: 9856)
- Unicorn-36149.exe (PID: 9892)
- Unicorn-15026.exe (PID: 10000)
- Unicorn-43387.exe (PID: 10156)
- Unicorn-38645.exe (PID: 10080)
- Unicorn-2242.exe (PID: 10132)
- Unicorn-17068.exe (PID: 10180)
- Unicorn-18395.exe (PID: 9976)
- Unicorn-13476.exe (PID: 10200)
- Unicorn-64332.exe (PID: 10228)
- Unicorn-44348.exe (PID: 9320)
- Unicorn-16357.exe (PID: 8816)
- Unicorn-54348.exe (PID: 8444)
- Unicorn-1883.exe (PID: 8440)
- Unicorn-43404.exe (PID: 10100)
- Unicorn-15287.exe (PID: 7624)
- Unicorn-40389.exe (PID: 10124)
- Unicorn-58069.exe (PID: 10332)
- Unicorn-6329.exe (PID: 10260)
- Unicorn-54732.exe (PID: 10276)
- Unicorn-7332.exe (PID: 9792)
- Unicorn-19650.exe (PID: 10268)
- Unicorn-60181.exe (PID: 10420)
- Unicorn-7451.exe (PID: 10444)
- Unicorn-25179.exe (PID: 10432)
- Unicorn-27317.exe (PID: 10452)
- Unicorn-23403.exe (PID: 10480)
- Unicorn-61084.exe (PID: 10352)
- Unicorn-9361.exe (PID: 10384)
- Unicorn-40307.exe (PID: 10568)
- Unicorn-52371.exe (PID: 10556)
- Unicorn-59059.exe (PID: 10592)
- Unicorn-22827.exe (PID: 10532)
- Unicorn-51484.exe (PID: 10640)
- Unicorn-54172.exe (PID: 10684)
- Unicorn-1764.exe (PID: 10668)
- Unicorn-34245.exe (PID: 10704)
- Unicorn-59827.exe (PID: 10744)
- Unicorn-65500.exe (PID: 10764)
- Unicorn-32251.exe (PID: 10800)
- Unicorn-6315.exe (PID: 10784)
- Unicorn-48012.exe (PID: 10824)
- Unicorn-37125.exe (PID: 10892)
- Unicorn-11585.exe (PID: 10980)
- Unicorn-7083.exe (PID: 10908)
- Unicorn-52755.exe (PID: 10916)
- Unicorn-56092.exe (PID: 10952)
- Unicorn-4644.exe (PID: 10864)
- Unicorn-45794.exe (PID: 11104)
- Unicorn-11201.exe (PID: 11020)
- Unicorn-54573.exe (PID: 11060)
- Unicorn-59670.exe (PID: 11120)
- Unicorn-45410.exe (PID: 11136)
- Unicorn-12737.exe (PID: 11148)
- Unicorn-61746.exe (PID: 11188)
- Unicorn-45410.exe (PID: 11164)
- Unicorn-8632.exe (PID: 2384)
- Unicorn-60101.exe (PID: 1196)
- Unicorn-24584.exe (PID: 3268)
- Unicorn-28498.exe (PID: 11256)
- Unicorn-44450.exe (PID: 11288)
- Unicorn-44450.exe (PID: 5164)
- Unicorn-24584.exe (PID: 5304)
- Unicorn-61554.exe (PID: 11212)
- Unicorn-61554.exe (PID: 11204)
- Unicorn-58797.exe (PID: 11316)
- Unicorn-24776.exe (PID: 10636)
- Unicorn-60329.exe (PID: 11276)
- Unicorn-58797.exe (PID: 11308)
- Unicorn-60101.exe (PID: 4268)
- Unicorn-38200.exe (PID: 11376)
- Unicorn-30418.exe (PID: 11420)
- Unicorn-30994.exe (PID: 11268)
- Unicorn-57536.exe (PID: 11496)
- Unicorn-63666.exe (PID: 11396)
- Unicorn-54882.exe (PID: 11448)
- Unicorn-62441.exe (PID: 11560)
- Unicorn-9976.exe (PID: 11536)
- Unicorn-23711.exe (PID: 11544)
- Unicorn-30610.exe (PID: 11404)
- Unicorn-54352.exe (PID: 11480)
- Unicorn-54736.exe (PID: 11388)
- Unicorn-43416.exe (PID: 11460)
- Unicorn-18632.exe (PID: 11880)
- Unicorn-19784.exe (PID: 11804)
- Unicorn-16194.exe (PID: 11636)
- Unicorn-3092.exe (PID: 11732)
- Unicorn-33624.exe (PID: 11772)
- Unicorn-33624.exe (PID: 11764)
- Unicorn-33135.exe (PID: 11832)
- Unicorn-32265.exe (PID: 11608)
- Unicorn-27704.exe (PID: 11596)
- Unicorn-29577.exe (PID: 11552)
- Unicorn-56095.exe (PID: 11896)
- Unicorn-62432.exe (PID: 11888)
- Unicorn-2876.exe (PID: 12000)
- Unicorn-5944.exe (PID: 12068)
- Unicorn-6136.exe (PID: 12028)
- Unicorn-35440.exe (PID: 12120)
- Unicorn-35440.exe (PID: 12124)
- Unicorn-38233.exe (PID: 11872)
- Unicorn-37429.exe (PID: 11932)
- Unicorn-56095.exe (PID: 11916)
- Unicorn-65327.exe (PID: 12188)
- Unicorn-65327.exe (PID: 12192)
- Unicorn-14408.exe (PID: 12220)
- Unicorn-46505.exe (PID: 12244)
- Unicorn-38040.exe (PID: 12152)
- Unicorn-12104.exe (PID: 12168)
- Unicorn-13448.exe (PID: 12280)
- Unicorn-13448.exe (PID: 11184)
- Unicorn-33049.exe (PID: 12264)
- Unicorn-26607.exe (PID: 924)
- Unicorn-42978.exe (PID: 11704)
- Unicorn-46614.exe (PID: 9120)
- Unicorn-9887.exe (PID: 11728)
- Unicorn-12191.exe (PID: 12064)
- Unicorn-18056.exe (PID: 12296)
- Unicorn-46505.exe (PID: 12252)
- Unicorn-13448.exe (PID: 12272)
- Unicorn-33122.exe (PID: 3024)
- Unicorn-46998.exe (PID: 3032)
- Unicorn-5000.exe (PID: 12472)
- Unicorn-2753.exe (PID: 12400)
- Unicorn-41513.exe (PID: 12448)
- Unicorn-39317.exe (PID: 12440)
- Unicorn-8565.exe (PID: 12536)
- Unicorn-21528.exe (PID: 12488)
- Unicorn-28166.exe (PID: 12524)
- Unicorn-21039.exe (PID: 12548)
- Unicorn-12191.exe (PID: 2968)
- Unicorn-2597.exe (PID: 12336)
- Unicorn-25528.exe (PID: 12344)
- Unicorn-11423.exe (PID: 12372)
- Unicorn-33541.exe (PID: 12392)
- Unicorn-12177.exe (PID: 12660)
- Unicorn-43049.exe (PID: 12608)
- Unicorn-61762.exe (PID: 12628)
- Unicorn-53520.exe (PID: 12592)
- Unicorn-38087.exe (PID: 12712)
- Unicorn-62530.exe (PID: 12764)
- Unicorn-32789.exe (PID: 12920)
- Unicorn-14236.exe (PID: 12872)
- Unicorn-15768.exe (PID: 12900)
- Unicorn-15897.exe (PID: 12860)
- Unicorn-14127.exe (PID: 12968)
- Unicorn-23055.exe (PID: 13004)
- Unicorn-33531.exe (PID: 13040)
- Unicorn-21794.exe (PID: 13032)
- Unicorn-41753.exe (PID: 12952)
- Unicorn-23906.exe (PID: 13100)
- Unicorn-57647.exe (PID: 13108)
- Unicorn-53625.exe (PID: 13076)
- Unicorn-40272.exe (PID: 13184)
- Unicorn-23906.exe (PID: 13092)
- Unicorn-31804.exe (PID: 13160)
- Unicorn-58249.exe (PID: 13296)
- Unicorn-56002.exe (PID: 13152)
- Unicorn-42104.exe (PID: 13288)
- Unicorn-6993.exe (PID: 13144)
- Unicorn-14040.exe (PID: 4272)
- Unicorn-59785.exe (PID: 1600)
- Unicorn-41040.exe (PID: 4608)
- Unicorn-13537.exe (PID: 13176)
- Unicorn-26920.exe (PID: 13320)
- Unicorn-48047.exe (PID: 5232)
- Unicorn-14040.exe (PID: 4012)
- Unicorn-59510.exe (PID: 13276)
The sample compiled with chinese language support
- 1 (589).exe (PID: 2564)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-58748.exe (PID: 9692)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-30508.exe (PID: 9624)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-17083.exe (PID: 728)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-58748.exe (PID: 9672)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-98.exe (PID: 8856)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-53148.exe (PID: 9664)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-24907.exe (PID: 4652)
Reads the computer name
- 1 (589).exe (PID: 2564)
- Unicorn-49727.exe (PID: 4688)
- Unicorn-15508.exe (PID: 2244)
- Unicorn-28507.exe (PID: 6476)
- Unicorn-47509.exe (PID: 4244)
- Unicorn-27451.exe (PID: 5392)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-57331.exe (PID: 2692)
- Unicorn-30866.exe (PID: 2096)
- Unicorn-43891.exe (PID: 680)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-33685.exe (PID: 3096)
- Unicorn-17083.exe (PID: 728)
- Unicorn-13819.exe (PID: 3100)
- Unicorn-34588.exe (PID: 616)
- Unicorn-53420.exe (PID: 1228)
- Unicorn-38060.exe (PID: 5984)
- Unicorn-34469.exe (PID: 5360)
- Unicorn-14603.exe (PID: 6068)
- Unicorn-28146.exe (PID: 5260)
- Unicorn-15947.exe (PID: 2040)
- Unicorn-39212.exe (PID: 6592)
- Unicorn-39212.exe (PID: 1040)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-65148.exe (PID: 7172)
- Unicorn-15755.exe (PID: 7248)
- Unicorn-35813.exe (PID: 5228)
- Unicorn-3140.exe (PID: 7196)
- Unicorn-35356.exe (PID: 7240)
- Unicorn-35813.exe (PID: 856)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-29897.exe (PID: 7260)
- Unicorn-34604.exe (PID: 7684)
- Unicorn-60540.exe (PID: 7716)
- Unicorn-36259.exe (PID: 7880)
- Unicorn-836.exe (PID: 7824)
- Unicorn-836.exe (PID: 7832)
- Unicorn-27186.exe (PID: 7864)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-17173.exe (PID: 7812)
- Unicorn-24101.exe (PID: 8056)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-24101.exe (PID: 8048)
- Unicorn-13088.exe (PID: 8096)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-866.exe (PID: 8180)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-61708.exe (PID: 7464)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-57951.exe (PID: 7452)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-6612.exe (PID: 7416)
- Unicorn-61708.exe (PID: 7472)
- Unicorn-28579.exe (PID: 7344)
- Unicorn-6612.exe (PID: 7424)
- Unicorn-19913.exe (PID: 7348)
- Unicorn-15422.exe (PID: 7316)
- Unicorn-1687.exe (PID: 7520)
- Unicorn-61708.exe (PID: 7484)
- Unicorn-8978.exe (PID: 7544)
- Unicorn-15422.exe (PID: 7528)
- Unicorn-8978.exe (PID: 7340)
- Unicorn-3378.exe (PID: 7536)
- Unicorn-11826.exe (PID: 3300)
- Unicorn-64147.exe (PID: 7552)
- Unicorn-48325.exe (PID: 6228)
- Unicorn-1812.exe (PID: 7772)
- Unicorn-12594.exe (PID: 8020)
- Unicorn-15579.exe (PID: 7972)
- Unicorn-2964.exe (PID: 7948)
- Unicorn-35637.exe (PID: 8028)
- Unicorn-9794.exe (PID: 8016)
- Unicorn-15771.exe (PID: 6112)
- Unicorn-19109.exe (PID: 780)
- Unicorn-2964.exe (PID: 7944)
- Unicorn-18459.exe (PID: 8036)
- Unicorn-15771.exe (PID: 2148)
- Unicorn-2580.exe (PID: 7996)
- Unicorn-59251.exe (PID: 5084)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-29724.exe (PID: 7592)
- Unicorn-29724.exe (PID: 7620)
- Unicorn-24907.exe (PID: 4652)
- Unicorn-28821.exe (PID: 8204)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-55650.exe (PID: 9452)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-7284.exe (PID: 8324)
- Unicorn-11882.exe (PID: 8296)
- Unicorn-53045.exe (PID: 8372)
- Unicorn-36709.exe (PID: 8348)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-49324.exe (PID: 8384)
- Unicorn-20491.exe (PID: 8340)
- Unicorn-40165.exe (PID: 8652)
- Unicorn-37669.exe (PID: 8520)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-7170.exe (PID: 8676)
- Unicorn-4804.exe (PID: 8584)
- Unicorn-23253.exe (PID: 8720)
- Unicorn-23445.exe (PID: 8704)
- Unicorn-53813.exe (PID: 8636)
- Unicorn-35867.exe (PID: 8804)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-98.exe (PID: 8856)
- Unicorn-25564.exe (PID: 9084)
- Unicorn-39205.exe (PID: 8776)
- Unicorn-40741.exe (PID: 8980)
- Unicorn-57715.exe (PID: 8840)
- Unicorn-24524.exe (PID: 8900)
- Unicorn-5499.exe (PID: 8848)
- Unicorn-39205.exe (PID: 8784)
- Unicorn-8763.exe (PID: 8864)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-35867.exe (PID: 8796)
- Unicorn-17890.exe (PID: 9036)
- Unicorn-28188.exe (PID: 8888)
- Unicorn-18274.exe (PID: 8992)
- Unicorn-39397.exe (PID: 8752)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-39205.exe (PID: 8820)
- Unicorn-64860.exe (PID: 8908)
- Unicorn-14996.exe (PID: 9192)
- Unicorn-31141.exe (PID: 9212)
- Unicorn-34732.exe (PID: 9180)
- Unicorn-59987.exe (PID: 8288)
- Unicorn-20124.exe (PID: 8308)
- Unicorn-36003.exe (PID: 7580)
- Unicorn-48172.exe (PID: 9228)
- Unicorn-57669.exe (PID: 9284)
- Unicorn-41141.exe (PID: 9300)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-23845.exe (PID: 9340)
- Unicorn-9044.exe (PID: 9396)
- Unicorn-60741.exe (PID: 9552)
- Unicorn-53184.exe (PID: 9444)
- Unicorn-57020.exe (PID: 9584)
- Unicorn-9044.exe (PID: 9412)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-30508.exe (PID: 9624)
- Unicorn-43122.exe (PID: 9640)
- Unicorn-58748.exe (PID: 9692)
- Unicorn-53148.exe (PID: 9664)
- Unicorn-36626.exe (PID: 9740)
- Unicorn-6946.exe (PID: 9680)
- Unicorn-58748.exe (PID: 9672)
- Unicorn-6833.exe (PID: 9764)
- Unicorn-57024.exe (PID: 9732)
Create files in a temporary directory
- Unicorn-49727.exe (PID: 4688)
- Unicorn-15508.exe (PID: 2244)
- 1 (589).exe (PID: 2564)
- Unicorn-47509.exe (PID: 4244)
- Unicorn-1323.exe (PID: 6708)
- Unicorn-28507.exe (PID: 6476)
- Unicorn-57331.exe (PID: 2692)
- Unicorn-34588.exe (PID: 616)
- Unicorn-53420.exe (PID: 1228)
- Unicorn-17083.exe (PID: 728)
- Unicorn-27451.exe (PID: 5392)
- Unicorn-13819.exe (PID: 3100)
- Unicorn-43891.exe (PID: 680)
- Unicorn-38060.exe (PID: 5984)
- Unicorn-34469.exe (PID: 5360)
- Unicorn-14603.exe (PID: 6068)
- Unicorn-30866.exe (PID: 2096)
- Unicorn-53420.exe (PID: 2600)
- Unicorn-15947.exe (PID: 2040)
- Unicorn-39212.exe (PID: 6592)
- Unicorn-19477.exe (PID: 7184)
- Unicorn-15755.exe (PID: 7248)
- Unicorn-32697.exe (PID: 7272)
- Unicorn-34604.exe (PID: 7684)
- Unicorn-836.exe (PID: 7832)
- Unicorn-27186.exe (PID: 7864)
- Unicorn-36259.exe (PID: 7880)
- Unicorn-24101.exe (PID: 8056)
- Unicorn-39212.exe (PID: 1040)
- Unicorn-13088.exe (PID: 8104)
- Unicorn-13088.exe (PID: 8096)
- Unicorn-866.exe (PID: 8180)
- Unicorn-52305.exe (PID: 8160)
- Unicorn-51407.exe (PID: 7380)
- Unicorn-57951.exe (PID: 7444)
- Unicorn-6612.exe (PID: 7416)
- Unicorn-61708.exe (PID: 7464)
- Unicorn-61708.exe (PID: 7472)
- Unicorn-3140.exe (PID: 7196)
- Unicorn-28579.exe (PID: 7344)
- Unicorn-19913.exe (PID: 7348)
- Unicorn-8978.exe (PID: 7544)
- Unicorn-35356.exe (PID: 7240)
- Unicorn-15422.exe (PID: 7316)
- Unicorn-65148.exe (PID: 7172)
- Unicorn-35813.exe (PID: 856)
- Unicorn-3378.exe (PID: 7536)
- Unicorn-8978.exe (PID: 7340)
- Unicorn-29897.exe (PID: 7260)
- Unicorn-48325.exe (PID: 6228)
- Unicorn-11826.exe (PID: 3300)
- Unicorn-1812.exe (PID: 7772)
- Unicorn-15579.exe (PID: 7972)
- Unicorn-60540.exe (PID: 7716)
- Unicorn-15771.exe (PID: 2148)
- Unicorn-35637.exe (PID: 8028)
- Unicorn-18459.exe (PID: 8036)
- Unicorn-2964.exe (PID: 7944)
- Unicorn-17173.exe (PID: 7812)
- Unicorn-28146.exe (PID: 5260)
- Unicorn-836.exe (PID: 7824)
- Unicorn-59251.exe (PID: 5084)
- Unicorn-5883.exe (PID: 7924)
- Unicorn-29724.exe (PID: 7592)
- Unicorn-29724.exe (PID: 7620)
- Unicorn-24907.exe (PID: 4652)
- Unicorn-24101.exe (PID: 8048)
- Unicorn-28821.exe (PID: 8204)
- Unicorn-42042.exe (PID: 8224)
- Unicorn-23240.exe (PID: 8248)
- Unicorn-46885.exe (PID: 8272)
- Unicorn-45349.exe (PID: 7752)
- Unicorn-40245.exe (PID: 8136)
- Unicorn-7284.exe (PID: 8324)
- Unicorn-11882.exe (PID: 8296)
- Unicorn-49324.exe (PID: 8384)
- Unicorn-53045.exe (PID: 8372)
- Unicorn-36709.exe (PID: 8348)
- Unicorn-21333.exe (PID: 8528)
- Unicorn-13451.exe (PID: 7856)
- Unicorn-20491.exe (PID: 8340)
- Unicorn-2235.exe (PID: 8448)
- Unicorn-51300.exe (PID: 8424)
- Unicorn-55795.exe (PID: 8692)
- Unicorn-37669.exe (PID: 8520)
- Unicorn-40165.exe (PID: 8652)
- Unicorn-4804.exe (PID: 8592)
- Unicorn-7170.exe (PID: 8676)
- Unicorn-15422.exe (PID: 7528)
- Unicorn-4804.exe (PID: 8584)
- Unicorn-57951.exe (PID: 7452)
- Unicorn-53813.exe (PID: 8636)
- Unicorn-35867.exe (PID: 8804)
- Unicorn-23445.exe (PID: 8704)
- Unicorn-23253.exe (PID: 8720)
- Unicorn-18274.exe (PID: 8988)
- Unicorn-35867.exe (PID: 8796)
- Unicorn-98.exe (PID: 8856)
- Unicorn-23445.exe (PID: 8700)
- Unicorn-24524.exe (PID: 8900)
- Unicorn-40741.exe (PID: 8980)
- Unicorn-57715.exe (PID: 8840)
- Unicorn-1687.exe (PID: 7520)
- Unicorn-39205.exe (PID: 8784)
- Unicorn-5499.exe (PID: 8848)
- Unicorn-61708.exe (PID: 7484)
- Unicorn-18274.exe (PID: 8992)
- Unicorn-4539.exe (PID: 9004)
- Unicorn-28188.exe (PID: 8888)
- Unicorn-17890.exe (PID: 9036)
- Unicorn-33685.exe (PID: 3096)
- Unicorn-64860.exe (PID: 8908)
- Unicorn-39205.exe (PID: 8820)
- Unicorn-64147.exe (PID: 7552)
- Unicorn-31141.exe (PID: 9212)
- Unicorn-12594.exe (PID: 8020)
- Unicorn-2964.exe (PID: 7948)
- Unicorn-34732.exe (PID: 9180)
- Unicorn-2580.exe (PID: 7996)
- Unicorn-36003.exe (PID: 7580)
- Unicorn-15771.exe (PID: 6112)
- Unicorn-20124.exe (PID: 8308)
- Unicorn-48172.exe (PID: 9228)
- Unicorn-57669.exe (PID: 9284)
- Unicorn-41141.exe (PID: 9300)
- Unicorn-23845.exe (PID: 9340)
- Unicorn-23845.exe (PID: 9332)
- Unicorn-9044.exe (PID: 9420)
- Unicorn-9044.exe (PID: 9428)
- Unicorn-53184.exe (PID: 9444)
- Unicorn-9044.exe (PID: 9412)
- Unicorn-57020.exe (PID: 9584)
- Unicorn-9044.exe (PID: 9404)
- Unicorn-60741.exe (PID: 9552)
- Unicorn-30508.exe (PID: 9624)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 7328)
- BackgroundTransferHost.exe (PID: 7564)
- BackgroundTransferHost.exe (PID: 7764)
- BackgroundTransferHost.exe (PID: 7624)
- BackgroundTransferHost.exe (PID: 8884)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 7564)
- WerFault.exe (PID: 11704)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 7564)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 7564)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:20 00:32:00+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
493
Monitored processes
358
Malicious processes
52
Suspicious processes
52
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 616 | C:\Users\admin\AppData\Local\Temp\Unicorn-34588.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34588.exe | Unicorn-47509.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 680 | C:\Users\admin\AppData\Local\Temp\Unicorn-43891.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43891.exe | Unicorn-49727.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 728 | C:\Users\admin\AppData\Local\Temp\Unicorn-17083.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17083.exe | 1 (589).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 780 | C:\Users\admin\AppData\Local\Temp\Unicorn-19109.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19109.exe | Unicorn-836.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 856 | C:\Users\admin\AppData\Local\Temp\Unicorn-35813.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35813.exe | Unicorn-33685.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 924 | C:\Users\admin\AppData\Local\Temp\Unicorn-26607.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26607.exe | — | Unicorn-17173.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-39212.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-39212.exe | Unicorn-53420.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1196 | C:\Users\admin\AppData\Local\Temp\Unicorn-60101.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-60101.exe | — | Unicorn-39205.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1228 | C:\Users\admin\AppData\Local\Temp\Unicorn-53420.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-53420.exe | Unicorn-1323.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1600 | C:\Users\admin\AppData\Local\Temp\Unicorn-59785.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-59785.exe | — | Unicorn-53045.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
10 339
Read events
10 324
Write events
15
Delete events
0
Modification events
| (PID) Process: | (7328) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7328) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7328) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7564) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7564) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7564) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7764) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (7764) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (7764) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (7624) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 051
Suspicious files
5
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4688 | Unicorn-49727.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15508.exe | executable | |
MD5:EB4171CB41460C840AFE3A4822EE36CE | SHA256:DCE86415047BB8D75258942D42EE9AC1BEE9B30D8E3C1EBAB39A6B26C1F2D1AD | |||
| 2564 | 1 (589).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28507.exe | executable | |
MD5:2E0ED64FB0BEFD33970793169CEBD95E | SHA256:5C8534B3A5915C052DC769286D1DD3BD2E12ABDFF43A3D288281A92973F41627 | |||
| 2244 | Unicorn-15508.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47509.exe | executable | |
MD5:7BD52AD4B42C3D6B29A3BFDB583275EA | SHA256:98032FE89AE91DC302F44ADF15C4330FB47A48B78F3C7C92F5BB07DB3852F918 | |||
| 2244 | Unicorn-15508.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-30866.exe | executable | |
MD5:31B71275AB71D61A782C1DBD72087579 | SHA256:A0AAC4649B8298302F2150984F273EE0FC7FBE84655A70E27395D125EC9CA75F | |||
| 6476 | Unicorn-28507.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-1323.exe | executable | |
MD5:948FA0B6009D3BAFA8FF125E7C3F951A | SHA256:5E6D547D81FA71AEC5F5CC13BC0C0BCBF5FA358EFCC64559BA932B39EB9E13CE | |||
| 4688 | Unicorn-49727.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43891.exe | executable | |
MD5:BC794F0099D20F2B962828CA72945B67 | SHA256:DA5541BDEAF21B196FDEBCC2320F55803CBABC6DA2D6B3FCB3F7A8D7CCDFBDF6 | |||
| 6476 | Unicorn-28507.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13819.exe | executable | |
MD5:1EA39E748CC4EF7EF3B9A4A981D7A68D | SHA256:41201C88D7F9DCA4BA180C69FCDEEA6B9337187B65037394B45114ACEE346262 | |||
| 2564 | 1 (589).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49727.exe | executable | |
MD5:F6F4F80D7B8040F15AABBBDA1004C4DA | SHA256:31A6BD420F20245614BB7984643E1A9F12E2527B85218F65C994CE05BB5B37BE | |||
| 6708 | Unicorn-1323.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-53420.exe | executable | |
MD5:F84BD0AAF213B3DDCACD80F54725635F | SHA256:06A037923A412E8DA0A720D624B0B193D983EB5CE98D8EA1514F225CC027D31F | |||
| 2564 | 1 (589).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-17083.exe | executable | |
MD5:CAD3AEDAB9A057E1CDDC5FF278286715 | SHA256:BDF9F0629A47B3519E7C6EC03E01DF782F61AFA137A26EB348EF8E3E530C8BBE | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
23
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 2.16.164.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
2136 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
7564 | BackgroundTransferHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8812 | SIHClient.exe | GET | 200 | 92.123.22.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
8812 | SIHClient.exe | GET | 200 | 92.123.22.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 2.16.164.120:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 20.190.160.65:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2136 | backgroundTaskHost.exe | 20.199.58.43:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
2136 | backgroundTaskHost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |