File name:

1 (1274)

Full analysis: https://app.any.run/tasks/9f00d1b2-c23a-43cf-9892-10f0fc7d6d86
Verdict: Malicious activity
Analysis date: March 24, 2025, 09:57:46
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections
MD5:

B27B0D3A1E31CA34DCE5C31EFC29C720

SHA1:

11D65B2EF1C358E9823AF801E5E059BF8CFD3F92

SHA256:

6E4AC4D53E2382F02CDFFFC690BACA80ED576B1DDF4160767F3C531B756E11C7

SSDEEP:

6144:U7Lpf7Ip0DEjA5c/HAe+3ofxotBQHvJGBH/WyeOZFk/8SwjwpyAvEht+xEZEJOrL:UvhMpjA5YH7UB4haHOyeOZDx4DOmDsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts itself from another location

      • Unicorn-340.exe (PID: 680)
      • 1 (1274).exe (PID: 5796)
      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-31610.exe (PID: 2692)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-43448.exe (PID: 6744)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-61342.exe (PID: 4688)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-12696.exe (PID: 6656)
      • Unicorn-39661.exe (PID: 6272)
      • Unicorn-27775.exe (PID: 1056)
      • Unicorn-11949.exe (PID: 3676)
      • Unicorn-11684.exe (PID: 6960)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-23324.exe (PID: 6424)
      • Unicorn-54181.exe (PID: 4228)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-10600.exe (PID: 7188)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-33329.exe (PID: 7264)
      • Unicorn-57341.exe (PID: 6816)
      • Unicorn-46211.exe (PID: 7340)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-20798.exe (PID: 7548)
      • Unicorn-50464.exe (PID: 7196)
      • Unicorn-56210.exe (PID: 7308)
      • Unicorn-53195.exe (PID: 7284)
      • Unicorn-9100.exe (PID: 7608)
      • Unicorn-49941.exe (PID: 7632)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-13973.exe (PID: 7704)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-53195.exe (PID: 7276)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-35930.exe (PID: 8068)
      • Unicorn-37600.exe (PID: 7788)
      • Unicorn-25671.exe (PID: 7812)
      • Unicorn-7040.exe (PID: 3900)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-32260.exe (PID: 7324)
      • Unicorn-60169.exe (PID: 8080)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-37299.exe (PID: 8060)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-45769.exe (PID: 7768)
      • Unicorn-33849.exe (PID: 7688)
      • Unicorn-58383.exe (PID: 7660)
      • Unicorn-50429.exe (PID: 7556)
      • Unicorn-52157.exe (PID: 7716)
      • Unicorn-2711.exe (PID: 7444)
      • Unicorn-8088.exe (PID: 4696)
      • Unicorn-43714.exe (PID: 8180)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-53439.exe (PID: 7884)
      • Unicorn-28634.exe (PID: 7904)
      • Unicorn-56734.exe (PID: 3304)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-41846.exe (PID: 8240)
      • Unicorn-49225.exe (PID: 7692)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-52458.exe (PID: 6620)
      • Unicorn-8405.exe (PID: 7600)
      • Unicorn-59064.exe (PID: 2136)
      • Unicorn-2977.exe (PID: 7336)
      • Unicorn-683.exe (PID: 8200)
      • Unicorn-62856.exe (PID: 6640)
      • Unicorn-56781.exe (PID: 7560)
      • Unicorn-40677.exe (PID: 8252)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-17342.exe (PID: 8228)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-8597.exe (PID: 4180)
      • Unicorn-14396.exe (PID: 8848)
      • Unicorn-58574.exe (PID: 8880)
      • Unicorn-53421.exe (PID: 8912)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-49630.exe (PID: 8264)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-19405.exe (PID: 8564)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-19322.exe (PID: 8476)
      • Unicorn-33219.exe (PID: 8688)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-43695.exe (PID: 8456)
      • Unicorn-13841.exe (PID: 8796)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-12010.exe (PID: 8824)
      • Unicorn-25331.exe (PID: 8812)
      • Unicorn-41086.exe (PID: 8520)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-59064.exe (PID: 7532)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-22394.exe (PID: 9068)
      • Unicorn-8029.exe (PID: 8588)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-39471.exe (PID: 9900)
      • Unicorn-28878.exe (PID: 7740)
      • Unicorn-6856.exe (PID: 9856)
      • Unicorn-20902.exe (PID: 7424)
      • Unicorn-34816.exe (PID: 8832)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-3236.exe (PID: 7244)
      • Unicorn-65185.exe (PID: 8448)
      • Unicorn-5564.exe (PID: 9448)
      • Unicorn-46331.exe (PID: 8776)
      • Unicorn-1012.exe (PID: 9060)
      • Unicorn-7697.exe (PID: 9716)
      • Unicorn-48834.exe (PID: 10628)
      • Unicorn-39803.exe (PID: 9496)
      • Unicorn-37246.exe (PID: 9908)
      • Unicorn-19020.exe (PID: 11140)
      • Unicorn-9823.exe (PID: 3024)
      • Unicorn-60302.exe (PID: 9184)
      • Unicorn-59861.exe (PID: 11300)
      • Unicorn-24934.exe (PID: 5048)
      • Unicorn-15791.exe (PID: 9576)
      • Unicorn-27822.exe (PID: 9220)
      • Unicorn-38621.exe (PID: 11272)
      • Unicorn-19042.exe (PID: 11760)
      • Unicorn-23126.exe (PID: 11664)
      • Unicorn-49638.exe (PID: 8740)
      • Unicorn-53885.exe (PID: 7620)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-44957.exe (PID: 8408)
      • Unicorn-23022.exe (PID: 8344)
      • Unicorn-20312.exe (PID: 9780)
      • Unicorn-17270.exe (PID: 11776)
      • Unicorn-34707.exe (PID: 8984)
      • Unicorn-18195.exe (PID: 10456)
      • Unicorn-33494.exe (PID: 8716)
      • Unicorn-10333.exe (PID: 9020)
      • Unicorn-40178.exe (PID: 9800)
      • Unicorn-17676.exe (PID: 10980)
      • Unicorn-12269.exe (PID: 10600)
      • Unicorn-16494.exe (PID: 9316)
      • Unicorn-12409.exe (PID: 9324)
      • Unicorn-54364.exe (PID: 9120)
      • Unicorn-42644.exe (PID: 10380)
      • Unicorn-48989.exe (PID: 6988)
      • Unicorn-48989.exe (PID: 2504)
      • Unicorn-7012.exe (PID: 12996)
      • Unicorn-29818.exe (PID: 12964)
      • Unicorn-27898.exe (PID: 13036)
      • Unicorn-45289.exe (PID: 6068)
      • Unicorn-2217.exe (PID: 10972)
      • Unicorn-56460.exe (PID: 7892)
      • Unicorn-30422.exe (PID: 6264)
      • Unicorn-19107.exe (PID: 9228)
      • Unicorn-17676.exe (PID: 10956)

    • Executable content was dropped or overwritten

      • Unicorn-340.exe (PID: 680)
      • 1 (1274).exe (PID: 5796)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-31610.exe (PID: 2692)
      • Unicorn-43448.exe (PID: 6744)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-61342.exe (PID: 4688)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-12696.exe (PID: 6656)
      • Unicorn-11949.exe (PID: 3676)
      • Unicorn-39661.exe (PID: 6272)
      • Unicorn-11684.exe (PID: 6960)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-23324.exe (PID: 6424)
      • Unicorn-54181.exe (PID: 4228)
      • Unicorn-53195.exe (PID: 7276)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-10600.exe (PID: 7188)
      • Unicorn-32260.exe (PID: 7324)
      • Unicorn-33329.exe (PID: 7264)
      • Unicorn-57341.exe (PID: 6816)
      • Unicorn-46211.exe (PID: 7340)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-53195.exe (PID: 7284)
      • Unicorn-50464.exe (PID: 7196)
      • Unicorn-56210.exe (PID: 7308)
      • Unicorn-20798.exe (PID: 7548)
      • Unicorn-9100.exe (PID: 7608)
      • Unicorn-49941.exe (PID: 7632)
      • Unicorn-13973.exe (PID: 7704)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-37600.exe (PID: 7788)
      • Unicorn-35930.exe (PID: 8068)
      • Unicorn-25671.exe (PID: 7812)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-7040.exe (PID: 3900)
      • Unicorn-60169.exe (PID: 8080)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-37299.exe (PID: 8060)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-45769.exe (PID: 7768)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-33849.exe (PID: 7688)
      • Unicorn-58383.exe (PID: 7660)
      • Unicorn-50429.exe (PID: 7556)
      • Unicorn-52157.exe (PID: 7716)
      • Unicorn-2711.exe (PID: 7444)
      • Unicorn-20902.exe (PID: 7424)
      • Unicorn-3236.exe (PID: 7244)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-41846.exe (PID: 8240)
      • Unicorn-8088.exe (PID: 4696)
      • Unicorn-43714.exe (PID: 8180)
      • Unicorn-49225.exe (PID: 7692)
      • Unicorn-28634.exe (PID: 7904)
      • Unicorn-40677.exe (PID: 8252)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-59064.exe (PID: 2136)
      • Unicorn-52458.exe (PID: 6620)
      • Unicorn-8405.exe (PID: 7600)
      • Unicorn-2977.exe (PID: 7336)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-683.exe (PID: 8200)
      • Unicorn-62856.exe (PID: 6640)
      • Unicorn-56781.exe (PID: 7560)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-8597.exe (PID: 4180)
      • Unicorn-17342.exe (PID: 8228)
      • Unicorn-14396.exe (PID: 8848)
      • Unicorn-58574.exe (PID: 8880)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-53421.exe (PID: 8912)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-19405.exe (PID: 8564)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-33219.exe (PID: 8688)
      • Unicorn-27775.exe (PID: 1056)
      • Unicorn-19322.exe (PID: 8476)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-43695.exe (PID: 8456)
      • Unicorn-13841.exe (PID: 8796)
      • Unicorn-41086.exe (PID: 8520)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-12010.exe (PID: 8824)
      • Unicorn-25331.exe (PID: 8812)
      • Unicorn-59064.exe (PID: 7532)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-22394.exe (PID: 9068)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-6856.exe (PID: 9856)
      • Unicorn-8029.exe (PID: 8588)
      • Unicorn-39471.exe (PID: 9900)
      • Unicorn-28878.exe (PID: 7740)
      • Unicorn-54364.exe (PID: 9120)
      • Unicorn-34816.exe (PID: 8832)
      • Unicorn-48989.exe (PID: 2504)
      • Unicorn-56734.exe (PID: 3304)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-65185.exe (PID: 8448)
      • Unicorn-5564.exe (PID: 9448)
      • Unicorn-27822.exe (PID: 9220)
      • Unicorn-1012.exe (PID: 9060)
      • Unicorn-46331.exe (PID: 8776)
      • Unicorn-7697.exe (PID: 9716)
      • Unicorn-48834.exe (PID: 10628)
      • Unicorn-39803.exe (PID: 9496)
      • Unicorn-60302.exe (PID: 9184)
      • Unicorn-37246.exe (PID: 9908)
      • Unicorn-9823.exe (PID: 3024)
      • Unicorn-19020.exe (PID: 11140)
      • Unicorn-59861.exe (PID: 11300)
      • Unicorn-15791.exe (PID: 9576)
      • Unicorn-38621.exe (PID: 11272)
      • Unicorn-49630.exe (PID: 8264)
      • Unicorn-19042.exe (PID: 11760)
      • Unicorn-44957.exe (PID: 8408)
      • Unicorn-23126.exe (PID: 11664)
      • Unicorn-49638.exe (PID: 8740)
      • Unicorn-53885.exe (PID: 7620)
      • Unicorn-53722.exe (PID: 8732)
      • Unicorn-23022.exe (PID: 8344)
      • Unicorn-32583.exe (PID: 7460)
      • Unicorn-20312.exe (PID: 9780)
      • Unicorn-17270.exe (PID: 11776)
      • Unicorn-18195.exe (PID: 10456)
      • Unicorn-34707.exe (PID: 8984)
      • Unicorn-33494.exe (PID: 8716)
      • Unicorn-10333.exe (PID: 9020)
      • Unicorn-40178.exe (PID: 9800)
      • Unicorn-17676.exe (PID: 10980)
      • Unicorn-16494.exe (PID: 9316)
      • Unicorn-48989.exe (PID: 6988)
      • Unicorn-12269.exe (PID: 10600)
      • Unicorn-7012.exe (PID: 12996)
      • Unicorn-19107.exe (PID: 9228)
      • Unicorn-2217.exe (PID: 10972)
      • Unicorn-30422.exe (PID: 6264)
      • Unicorn-56460.exe (PID: 7892)
      • Unicorn-45289.exe (PID: 6068)
      • Unicorn-17676.exe (PID: 10956)
      • Unicorn-24934.exe (PID: 5048)
      • Unicorn-14884.exe (PID: 11596)
      • Unicorn-39913.exe (PID: 9772)
      • Unicorn-28760.exe (PID: 3032)
      • Unicorn-17676.exe (PID: 10940)
      • Unicorn-56072.exe (PID: 13952)
      • Unicorn-57972.exe (PID: 9428)
      • Unicorn-56072.exe (PID: 13968)
      • Unicorn-20747.exe (PID: 10404)
      • Unicorn-62579.exe (PID: 9308)
      • Unicorn-11641.exe (PID: 12436)
      • Unicorn-48443.exe (PID: 8992)
      • Unicorn-53088.exe (PID: 12296)
      • Unicorn-7012.exe (PID: 10412)
      • Unicorn-61937.exe (PID: 13808)
      • Unicorn-1412.exe (PID: 10396)
      • Unicorn-61937.exe (PID: 13960)
      • Unicorn-15512.exe (PID: 11640)
      • Unicorn-28938.exe (PID: 9292)
      • Unicorn-7645.exe (PID: 8680)
      • Unicorn-53177.exe (PID: 9756)
      • Unicorn-45061.exe (PID: 8940)
      • Unicorn-29818.exe (PID: 12964)
      • Unicorn-52196.exe (PID: 8768)
      • Unicorn-14412.exe (PID: 9828)
      • Unicorn-1287.exe (PID: 10480)
      • Unicorn-2497.exe (PID: 10116)
      • Unicorn-4335.exe (PID: 8952)
      • Unicorn-46125.exe (PID: 9476)
      • Unicorn-31708.exe (PID: 10388)
      • Unicorn-3347.exe (PID: 9368)
      • Unicorn-50052.exe (PID: 11612)
      • Unicorn-53439.exe (PID: 7884)
      • Unicorn-58953.exe (PID: 12336)
      • Unicorn-46649.exe (PID: 11204)
      • Unicorn-13814.exe (PID: 11028)
      • Unicorn-56692.exe (PID: 2780)
      • Unicorn-22617.exe (PID: 9668)
      • Unicorn-64817.exe (PID: 15080)
      • Unicorn-47488.exe (PID: 10468)
      • Unicorn-36794.exe (PID: 3992)
      • Unicorn-12409.exe (PID: 9324)
      • Unicorn-27712.exe (PID: 2664)
      • Unicorn-27898.exe (PID: 13036)
      • Unicorn-32598.exe (PID: 13340)
      • Unicorn-53307.exe (PID: 9820)
      • Unicorn-21200.exe (PID: 15484)
      • Unicorn-13924.exe (PID: 9204)
      • Unicorn-52036.exe (PID: 15444)
      • Unicorn-4069.exe (PID: 3796)
      • Unicorn-2508.exe (PID: 12108)
      • Unicorn-58952.exe (PID: 15088)
      • Unicorn-5668.exe (PID: 9652)
      • Unicorn-681.exe (PID: 10180)
      • Unicorn-52301.exe (PID: 15432)

  • INFO

    • Checks supported languages

      • 1 (1274).exe (PID: 5796)
      • Unicorn-340.exe (PID: 680)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-12696.exe (PID: 6656)
      • Unicorn-61342.exe (PID: 4688)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-11684.exe (PID: 6960)
      • Unicorn-27775.exe (PID: 1056)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-57341.exe (PID: 6816)
      • Unicorn-10600.exe (PID: 7188)
      • Unicorn-50464.exe (PID: 7196)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-53195.exe (PID: 7284)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-56210.exe (PID: 7308)
      • Unicorn-32260.exe (PID: 7324)
      • Unicorn-54181.exe (PID: 4228)
      • Unicorn-20798.exe (PID: 7548)
      • Unicorn-13973.exe (PID: 7704)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-49941.exe (PID: 7632)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-35930.exe (PID: 8068)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-43714.exe (PID: 8180)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-3236.exe (PID: 7244)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-56734.exe (PID: 3304)
      • Unicorn-8088.exe (PID: 4696)
      • Unicorn-59064.exe (PID: 7532)
      • Unicorn-59064.exe (PID: 2136)
      • Unicorn-25671.exe (PID: 7812)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-52458.exe (PID: 6620)
      • Unicorn-32583.exe (PID: 7460)
      • Unicorn-20902.exe (PID: 7424)
      • Unicorn-2711.exe (PID: 7444)
      • Unicorn-56781.exe (PID: 7560)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-49225.exe (PID: 7692)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-45769.exe (PID: 7768)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-53439.exe (PID: 7884)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-52157.exe (PID: 7716)
      • Unicorn-8597.exe (PID: 4180)
      • Unicorn-24934.exe (PID: 5048)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-53885.exe (PID: 7620)
      • Unicorn-28634.exe (PID: 7904)
      • Unicorn-683.exe (PID: 8200)
      • Unicorn-17342.exe (PID: 8228)
      • Unicorn-41846.exe (PID: 8240)
      • Unicorn-49630.exe (PID: 8264)
      • Unicorn-40677.exe (PID: 8252)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-23022.exe (PID: 8344)
      • Unicorn-44957.exe (PID: 8408)
      • Unicorn-65185.exe (PID: 8448)
      • Unicorn-7261.exe (PID: 8432)
      • Unicorn-43695.exe (PID: 8456)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-41086.exe (PID: 8520)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-19405.exe (PID: 8564)
      • Unicorn-14396.exe (PID: 8848)
      • Unicorn-8029.exe (PID: 8588)
      • Unicorn-52954.exe (PID: 8620)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-7645.exe (PID: 8680)
      • Unicorn-49638.exe (PID: 8740)
      • Unicorn-33494.exe (PID: 8716)
      • Unicorn-53722.exe (PID: 8732)
      • Unicorn-32077.exe (PID: 8644)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-52196.exe (PID: 8768)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-19322.exe (PID: 8476)
      • Unicorn-25331.exe (PID: 8812)
      • Unicorn-34816.exe (PID: 8832)
      • Unicorn-12010.exe (PID: 8824)
      • Unicorn-28131.exe (PID: 8840)
      • Unicorn-4335.exe (PID: 8952)
      • Unicorn-34707.exe (PID: 8984)
      • Unicorn-52461.exe (PID: 8760)
      • Unicorn-10333.exe (PID: 9020)
      • Unicorn-47474.exe (PID: 8972)
      • Unicorn-46331.exe (PID: 8776)
      • Unicorn-13841.exe (PID: 8796)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-54364.exe (PID: 9120)
      • Unicorn-2611.exe (PID: 9164)
      • Unicorn-59918.exe (PID: 7928)
      • Unicorn-40436.exe (PID: 9176)
      • Unicorn-60302.exe (PID: 9184)
      • Unicorn-13924.exe (PID: 9204)
      • Unicorn-34345.exe (PID: 7940)
      • Unicorn-60229.exe (PID: 9128)
      • Unicorn-61817.exe (PID: 7824)
      • Unicorn-57541.exe (PID: 2288)
      • Unicorn-48989.exe (PID: 2504)
      • Unicorn-27822.exe (PID: 9220)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-28938.exe (PID: 9292)
      • Unicorn-62579.exe (PID: 9308)
      • Unicorn-28760.exe (PID: 3032)
      • Unicorn-16494.exe (PID: 9316)
      • Unicorn-45061.exe (PID: 8940)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-6856.exe (PID: 9856)
      • Unicorn-3347.exe (PID: 9368)
      • Unicorn-37495.exe (PID: 9356)
      • Unicorn-39026.exe (PID: 9464)
      • Unicorn-42150.exe (PID: 9396)
      • Unicorn-46125.exe (PID: 9476)
      • Unicorn-39803.exe (PID: 9496)
      • Unicorn-31028.exe (PID: 9516)
      • Unicorn-44350.exe (PID: 5364)
      • Unicorn-57993.exe (PID: 9544)
      • Unicorn-57972.exe (PID: 9428)
      • Unicorn-14136.exe (PID: 9596)
      • Unicorn-5668.exe (PID: 9652)
      • Unicorn-22617.exe (PID: 9668)
      • Unicorn-64853.exe (PID: 9584)
      • Unicorn-20312.exe (PID: 9780)
      • Unicorn-39913.exe (PID: 9772)
      • Unicorn-53307.exe (PID: 9820)
      • Unicorn-64018.exe (PID: 10284)
      • Unicorn-7012.exe (PID: 10412)
      • Unicorn-1412.exe (PID: 10396)
      • Unicorn-42644.exe (PID: 10380)
      • Unicorn-20526.exe (PID: 9964)
      • Unicorn-14412.exe (PID: 9828)
      • Unicorn-12741.exe (PID: 3956)
      • Unicorn-20747.exe (PID: 10404)
      • Unicorn-31708.exe (PID: 10388)
      • Unicorn-14500.exe (PID: 9552)
      • Unicorn-53753.exe (PID: 9988)
      • Unicorn-62518.exe (PID: 10064)
      • Unicorn-2497.exe (PID: 10116)
      • Unicorn-36287.exe (PID: 10172)
      • Unicorn-26892.exe (PID: 3156)
      • Unicorn-2876.exe (PID: 10496)
      • Unicorn-1287.exe (PID: 10480)
      • Unicorn-47488.exe (PID: 10468)
      • Unicorn-12269.exe (PID: 10600)
      • Unicorn-50505.exe (PID: 10524)
      • Unicorn-48834.exe (PID: 10628)
      • Unicorn-18195.exe (PID: 10456)
      • Unicorn-54661.exe (PID: 6248)
      • Unicorn-53110.exe (PID: 10612)
      • Unicorn-48813.exe (PID: 10508)
      • Unicorn-15949.exe (PID: 10200)
      • Unicorn-681.exe (PID: 10180)
      • Unicorn-53302.exe (PID: 10592)
      • Unicorn-19020.exe (PID: 11140)
      • Unicorn-38621.exe (PID: 11272)
      • Unicorn-13893.exe (PID: 4336)
      • Unicorn-7609.exe (PID: 10844)
      • Unicorn-17676.exe (PID: 10956)
      • Unicorn-2217.exe (PID: 10972)
      • Unicorn-17676.exe (PID: 10988)
      • Unicorn-17676.exe (PID: 10940)
      • Unicorn-11014.exe (PID: 11020)
      • Unicorn-7609.exe (PID: 10852)
      • Unicorn-15952.exe (PID: 10964)
      • Unicorn-17676.exe (PID: 10948)
      • Unicorn-17676.exe (PID: 10980)
      • Unicorn-46649.exe (PID: 11204)
      • Unicorn-13814.exe (PID: 11028)
      • Unicorn-11206.exe (PID: 10996)
      • Unicorn-59861.exe (PID: 11300)
      • Unicorn-57945.exe (PID: 11144)
      • Unicorn-55414.exe (PID: 11240)
      • Unicorn-54646.exe (PID: 11184)
      • Unicorn-14884.exe (PID: 11596)
      • Unicorn-60384.exe (PID: 11212)
      • Unicorn-553.exe (PID: 10900)
      • Unicorn-60208.exe (PID: 10932)
      • Unicorn-15267.exe (PID: 10876)
      • Unicorn-15512.exe (PID: 11640)
      • Unicorn-55917.exe (PID: 11604)
      • Unicorn-63810.exe (PID: 11156)
      • Unicorn-10111.exe (PID: 11824)
      • Unicorn-45430.exe (PID: 11920)
      • Unicorn-41538.exe (PID: 11872)
      • Unicorn-23126.exe (PID: 11664)
      • Unicorn-19042.exe (PID: 11760)
      • Unicorn-41199.exe (PID: 11856)
      • Unicorn-44756.exe (PID: 11044)
      • Unicorn-2191.exe (PID: 12064)
      • Unicorn-7203.exe (PID: 12116)
      • Unicorn-44864.exe (PID: 12056)
      • Unicorn-13608.exe (PID: 12484)
      • Unicorn-12819.exe (PID: 12228)
      • Unicorn-50288.exe (PID: 12304)
      • Unicorn-53088.exe (PID: 4428)
      • Unicorn-57936.exe (PID: 12184)
      • Unicorn-23754.exe (PID: 12212)
      • Unicorn-2809.exe (PID: 12416)
      • Unicorn-26554.exe (PID: 12284)
      • Unicorn-33261.exe (PID: 12384)
      • Unicorn-13068.exe (PID: 12164)
      • Unicorn-22877.exe (PID: 12044)
      • Unicorn-40452.exe (PID: 12392)
      • Unicorn-6343.exe (PID: 11936)
      • Unicorn-36307.exe (PID: 11956)
      • Unicorn-42016.exe (PID: 12856)
      • Unicorn-12819.exe (PID: 12220)
      • Unicorn-37328.exe (PID: 12460)
      • Unicorn-12819.exe (PID: 12236)
      • Unicorn-11641.exe (PID: 12436)
      • Unicorn-48185.exe (PID: 12016)
      • Unicorn-33752.exe (PID: 12312)
      • Unicorn-56072.exe (PID: 13952)
      • Unicorn-61937.exe (PID: 13960)
      • Unicorn-42035.exe (PID: 14072)
      • Unicorn-56072.exe (PID: 13844)
      • Unicorn-53501.exe (PID: 14052)
      • Unicorn-42424.exe (PID: 13308)
      • Unicorn-19887.exe (PID: 13824)
      • Unicorn-52971.exe (PID: 14084)
      • Unicorn-2508.exe (PID: 12108)
      • Unicorn-49440.exe (PID: 14172)
      • Unicorn-61937.exe (PID: 13784)
      • Unicorn-29818.exe (PID: 13116)
      • Unicorn-17064.exe (PID: 13556)
      • Unicorn-37833.exe (PID: 13376)
      • Unicorn-12980.exe (PID: 13572)
      • Unicorn-60453.exe (PID: 4016)
      • Unicorn-60453.exe (PID: 12412)
      • Unicorn-53088.exe (PID: 13048)
      • Unicorn-31572.exe (PID: 13080)
      • Unicorn-36435.exe (PID: 14124)
      • Unicorn-55771.exe (PID: 14140)
      • Unicorn-30799.exe (PID: 13604)
      • Unicorn-17064.exe (PID: 13512)
      • Unicorn-53802.exe (PID: 13836)
      • Unicorn-32462.exe (PID: 13644)
      • Unicorn-42035.exe (PID: 14092)
      • Unicorn-27994.exe (PID: 13384)
      • Unicorn-28530.exe (PID: 13528)
      • Unicorn-27501.exe (PID: 13620)
      • Unicorn-55771.exe (PID: 14268)
      • Unicorn-56400.exe (PID: 14852)
      • Unicorn-56152.exe (PID: 14836)
      • Unicorn-64817.exe (PID: 14828)
      • Unicorn-35193.exe (PID: 14736)
      • Unicorn-61636.exe (PID: 14212)
      • Unicorn-33312.exe (PID: 15228)
      • Unicorn-1269.exe (PID: 15188)
      • Unicorn-33312.exe (PID: 15196)
      • Unicorn-36794.exe (PID: 3992)
      • Unicorn-15336.exe (PID: 13144)
      • Unicorn-32598.exe (PID: 13340)
      • Unicorn-32435.exe (PID: 15128)
      • Unicorn-55771.exe (PID: 14244)
      • Unicorn-30799.exe (PID: 13612)
      • Unicorn-61636.exe (PID: 14220)

    • Reads the computer name

      • 1 (1274).exe (PID: 5796)
      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-340.exe (PID: 680)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-43448.exe (PID: 6744)
      • Unicorn-31610.exe (PID: 2692)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-12696.exe (PID: 6656)
      • Unicorn-39661.exe (PID: 6272)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-11949.exe (PID: 3676)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-20798.exe (PID: 7548)
      • Unicorn-53195.exe (PID: 7276)
      • Unicorn-53195.exe (PID: 7284)
      • Unicorn-9100.exe (PID: 7608)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-7040.exe (PID: 3900)
      • Unicorn-60169.exe (PID: 8080)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-37299.exe (PID: 8060)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-33849.exe (PID: 7688)
      • Unicorn-58383.exe (PID: 7660)
      • Unicorn-8088.exe (PID: 4696)
      • Unicorn-20902.exe (PID: 7424)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-53439.exe (PID: 7884)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-41846.exe (PID: 8240)
      • Unicorn-56734.exe (PID: 3304)
      • Unicorn-40677.exe (PID: 8252)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-59064.exe (PID: 2136)
      • Unicorn-2977.exe (PID: 7336)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-62856.exe (PID: 6640)
      • Unicorn-17342.exe (PID: 8228)
      • Unicorn-683.exe (PID: 8200)
      • Unicorn-49630.exe (PID: 8264)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-53421.exe (PID: 8912)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-8029.exe (PID: 8588)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-28878.exe (PID: 7740)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-19405.exe (PID: 8564)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-13841.exe (PID: 8796)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-22394.exe (PID: 9068)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-6856.exe (PID: 9856)
      • Unicorn-39471.exe (PID: 9900)
      • Unicorn-12409.exe (PID: 9324)
      • Unicorn-48989.exe (PID: 2504)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-5564.exe (PID: 9448)
      • Unicorn-27822.exe (PID: 9220)
      • Unicorn-7697.exe (PID: 9716)
      • Unicorn-39803.exe (PID: 9496)
      • Unicorn-60302.exe (PID: 9184)
      • Unicorn-15791.exe (PID: 9576)
      • Unicorn-59861.exe (PID: 11300)
      • Unicorn-10333.exe (PID: 9020)
      • Unicorn-49638.exe (PID: 8740)
      • Unicorn-48989.exe (PID: 6988)
      • Unicorn-53885.exe (PID: 7620)
      • Unicorn-44957.exe (PID: 8408)
      • Unicorn-18195.exe (PID: 10456)
      • Unicorn-33494.exe (PID: 8716)
      • Unicorn-32583.exe (PID: 7460)
      • Unicorn-30422.exe (PID: 6264)
      • Unicorn-7012.exe (PID: 12996)
      • Unicorn-45289.exe (PID: 6068)
      • Unicorn-2217.exe (PID: 10972)
      • Unicorn-29818.exe (PID: 12964)
      • Unicorn-39913.exe (PID: 9772)

    • The sample compiled with chinese language support

      • 1 (1274).exe (PID: 5796)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-32260.exe (PID: 7324)
      • Unicorn-58574.exe (PID: 8880)
      • Unicorn-33329.exe (PID: 7264)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-53421.exe (PID: 8912)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-14396.exe (PID: 8848)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-56210.exe (PID: 7308)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-33849.exe (PID: 7688)
      • Unicorn-39661.exe (PID: 6272)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-35930.exe (PID: 8068)
      • Unicorn-19405.exe (PID: 8564)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-33219.exe (PID: 8688)
      • Unicorn-27775.exe (PID: 1056)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-19322.exe (PID: 8476)
      • Unicorn-43695.exe (PID: 8456)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-13841.exe (PID: 8796)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-41086.exe (PID: 8520)
      • Unicorn-58383.exe (PID: 7660)
      • Unicorn-50429.exe (PID: 7556)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-12010.exe (PID: 8824)
      • Unicorn-25331.exe (PID: 8812)
      • Unicorn-59064.exe (PID: 7532)
      • Unicorn-43714.exe (PID: 8180)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-22394.exe (PID: 9068)
      • Unicorn-7040.exe (PID: 3900)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-49941.exe (PID: 7632)
      • Unicorn-340.exe (PID: 680)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-37299.exe (PID: 8060)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-9100.exe (PID: 7608)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-6856.exe (PID: 9856)
      • Unicorn-45769.exe (PID: 7768)
      • Unicorn-8029.exe (PID: 8588)
      • Unicorn-39471.exe (PID: 9900)
      • Unicorn-28878.exe (PID: 7740)
      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-31610.exe (PID: 2692)
      • Unicorn-54364.exe (PID: 9120)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-23324.exe (PID: 6424)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-34816.exe (PID: 8832)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-54181.exe (PID: 4228)
      • Unicorn-25671.exe (PID: 7812)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-2711.exe (PID: 7444)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-46331.exe (PID: 8776)
      • Unicorn-27822.exe (PID: 9220)
      • Unicorn-1012.exe (PID: 9060)
      • Unicorn-61342.exe (PID: 4688)

    • Create files in a temporary directory

      • Unicorn-56521.exe (PID: 2268)
      • Unicorn-61238.exe (PID: 4172)
      • Unicorn-340.exe (PID: 680)
      • Unicorn-37741.exe (PID: 6112)
      • Unicorn-31610.exe (PID: 2692)
      • Unicorn-43448.exe (PID: 6744)
      • 1 (1274).exe (PID: 5796)
      • Unicorn-42894.exe (PID: 5800)
      • Unicorn-61342.exe (PID: 4688)
      • Unicorn-12888.exe (PID: 4464)
      • Unicorn-12696.exe (PID: 6656)
      • Unicorn-11684.exe (PID: 6960)
      • Unicorn-11949.exe (PID: 3676)
      • Unicorn-26854.exe (PID: 5156)
      • Unicorn-10600.exe (PID: 7188)
      • Unicorn-4470.exe (PID: 7180)
      • Unicorn-32260.exe (PID: 7324)
      • Unicorn-57341.exe (PID: 6816)
      • Unicorn-33329.exe (PID: 7264)
      • Unicorn-46211.exe (PID: 7340)
      • Unicorn-50464.exe (PID: 7196)
      • Unicorn-53195.exe (PID: 7284)
      • Unicorn-56210.exe (PID: 7308)
      • Unicorn-20798.exe (PID: 7548)
      • Unicorn-8249.exe (PID: 2552)
      • Unicorn-6774.exe (PID: 7720)
      • Unicorn-49941.exe (PID: 7632)
      • Unicorn-13973.exe (PID: 7704)
      • Unicorn-53195.exe (PID: 7276)
      • Unicorn-54181.exe (PID: 4228)
      • Unicorn-37600.exe (PID: 7788)
      • Unicorn-25671.exe (PID: 7812)
      • Unicorn-11596.exe (PID: 7204)
      • Unicorn-26639.exe (PID: 7848)
      • Unicorn-7040.exe (PID: 3900)
      • Unicorn-9100.exe (PID: 7608)
      • Unicorn-60169.exe (PID: 8080)
      • Unicorn-24040.exe (PID: 8124)
      • Unicorn-36314.exe (PID: 4300)
      • Unicorn-37299.exe (PID: 8060)
      • Unicorn-1249.exe (PID: 7644)
      • Unicorn-45769.exe (PID: 7768)
      • Unicorn-34114.exe (PID: 7888)
      • Unicorn-18746.exe (PID: 7944)
      • Unicorn-33849.exe (PID: 7688)
      • Unicorn-50429.exe (PID: 7556)
      • Unicorn-58383.exe (PID: 7660)
      • Unicorn-52157.exe (PID: 7716)
      • Unicorn-2711.exe (PID: 7444)
      • Unicorn-43714.exe (PID: 8180)
      • Unicorn-41846.exe (PID: 8240)
      • Unicorn-8088.exe (PID: 4696)
      • Unicorn-49225.exe (PID: 7692)
      • Unicorn-23324.exe (PID: 6424)
      • Unicorn-41197.exe (PID: 8272)
      • Unicorn-59064.exe (PID: 2136)
      • Unicorn-52458.exe (PID: 6620)
      • Unicorn-8405.exe (PID: 7600)
      • Unicorn-2977.exe (PID: 7336)
      • Unicorn-40677.exe (PID: 8252)
      • Unicorn-62856.exe (PID: 6640)
      • Unicorn-17342.exe (PID: 8228)
      • Unicorn-15016.exe (PID: 4880)
      • Unicorn-8597.exe (PID: 4180)
      • Unicorn-35930.exe (PID: 8068)
      • Unicorn-58574.exe (PID: 8880)
      • Unicorn-45170.exe (PID: 8508)
      • Unicorn-39661.exe (PID: 6272)
      • Unicorn-37387.exe (PID: 7376)
      • Unicorn-63226.exe (PID: 8288)
      • Unicorn-46558.exe (PID: 8156)
      • Unicorn-38560.exe (PID: 8016)
      • Unicorn-49372.exe (PID: 8364)
      • Unicorn-61294.exe (PID: 4628)
      • Unicorn-30362.exe (PID: 8296)
      • Unicorn-48037.exe (PID: 7668)
      • Unicorn-58692.exe (PID: 8416)
      • Unicorn-43695.exe (PID: 8456)
      • Unicorn-41086.exe (PID: 8520)
      • Unicorn-46666.exe (PID: 9088)
      • Unicorn-12010.exe (PID: 8824)
      • Unicorn-47645.exe (PID: 9052)
      • Unicorn-22394.exe (PID: 9068)
      • Unicorn-59064.exe (PID: 7532)
      • Unicorn-25829.exe (PID: 8804)
      • Unicorn-57391.exe (PID: 9848)
      • Unicorn-53421.exe (PID: 8912)
      • Unicorn-45769.exe (PID: 8048)
      • Unicorn-51861.exe (PID: 7316)
      • Unicorn-54364.exe (PID: 9120)
      • Unicorn-27775.exe (PID: 1056)
      • Unicorn-34816.exe (PID: 8832)
      • Unicorn-38006.exe (PID: 7992)
      • Unicorn-33219.exe (PID: 8688)
      • Unicorn-42622.exe (PID: 8784)
      • Unicorn-31315.exe (PID: 7436)
      • Unicorn-28634.exe (PID: 7904)
      • Unicorn-3236.exe (PID: 7244)
      • Unicorn-5564.exe (PID: 9448)
      • Unicorn-1012.exe (PID: 9060)
      • Unicorn-46331.exe (PID: 8776)
      • Unicorn-7697.exe (PID: 9716)
      • Unicorn-48834.exe (PID: 10628)
      • Unicorn-39803.exe (PID: 9496)
      • Unicorn-19020.exe (PID: 11140)
      • Unicorn-37246.exe (PID: 9908)
      • Unicorn-59861.exe (PID: 11300)
      • Unicorn-14396.exe (PID: 8848)
      • Unicorn-38621.exe (PID: 11272)
      • Unicorn-23538.exe (PID: 7292)
      • Unicorn-35266.exe (PID: 4108)
      • Unicorn-23126.exe (PID: 11664)
      • Unicorn-49630.exe (PID: 8264)
      • Unicorn-19042.exe (PID: 11760)
      • Unicorn-31576.exe (PID: 7592)
      • Unicorn-26211.exe (PID: 8652)
      • Unicorn-49638.exe (PID: 8740)
      • Unicorn-44957.exe (PID: 8408)
      • Unicorn-23022.exe (PID: 8344)
      • Unicorn-20312.exe (PID: 9780)
      • Unicorn-40178.exe (PID: 9800)
      • Unicorn-53722.exe (PID: 8732)
      • Unicorn-34707.exe (PID: 8984)
      • Unicorn-18195.exe (PID: 10456)
      • Unicorn-10333.exe (PID: 9020)
      • Unicorn-12269.exe (PID: 10600)
      • Unicorn-17270.exe (PID: 11776)
      • Unicorn-33494.exe (PID: 8716)
      • Unicorn-16494.exe (PID: 9316)
      • Unicorn-17676.exe (PID: 10980)
      • Unicorn-56734.exe (PID: 3304)
      • Unicorn-5997.exe (PID: 8008)
      • Unicorn-7012.exe (PID: 12996)
      • Unicorn-30422.exe (PID: 6264)
      • Unicorn-45289.exe (PID: 6068)
      • Unicorn-17676.exe (PID: 10956)
      • Unicorn-9823.exe (PID: 3024)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 7436)
      • BackgroundTransferHost.exe (PID: 7656)
      • BackgroundTransferHost.exe (PID: 7360)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 7436)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 7436)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 7436)
      • slui.exe (PID: 1760)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (90.6)
.exe | Win32 Executable (generic) (4.9)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:20 00:32:00+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit, No debug, Removable run from swap, Net run from swap, Uniprocessor only, Bytes reversed hi
PEType: PE32
LinkerVersion: 6
CodeSize: 176128
InitializedDataSize: 299008
UninitializedDataSize: -
EntryPoint: 0x13d4
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: UEFI
ProductName: Kawaii-Unicorn
FileVersion: 1
ProductVersion: 1
InternalName: Kawaii-Unicorn
OriginalFileName: Kawaii-Unicorn.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
609
Monitored processes
478
Malicious processes
75
Suspicious processes
56

Behavior graph

Click at the process to see the details
start 1 (1274).exe sppextcomobj.exe no specs slui.exe unicorn-56521.exe unicorn-61238.exe unicorn-340.exe unicorn-42894.exe unicorn-43448.exe unicorn-31610.exe unicorn-37741.exe unicorn-8249.exe unicorn-12888.exe unicorn-61342.exe unicorn-12696.exe unicorn-39661.exe unicorn-11949.exe unicorn-11684.exe unicorn-27775.exe backgroundtransferhost.exe no specs unicorn-26854.exe unicorn-23324.exe unicorn-29677.exe no specs unicorn-54181.exe unicorn-57341.exe unicorn-4470.exe unicorn-10600.exe unicorn-50464.exe unicorn-33329.exe unicorn-53195.exe unicorn-53195.exe unicorn-23538.exe unicorn-56210.exe unicorn-51861.exe unicorn-32260.exe unicorn-46211.exe backgroundtransferhost.exe unicorn-20798.exe unicorn-9100.exe unicorn-49941.exe backgroundtransferhost.exe no specs unicorn-13973.exe unicorn-6774.exe backgroundtransferhost.exe no specs unicorn-5997.exe unicorn-45769.exe unicorn-35930.exe unicorn-60169.exe unicorn-24040.exe unicorn-43714.exe unicorn-11596.exe unicorn-3236.exe backgroundtransferhost.exe no specs unicorn-7040.exe unicorn-61294.exe unicorn-59064.exe unicorn-59064.exe unicorn-15016.exe unicorn-36314.exe unicorn-56734.exe unicorn-62856.exe unicorn-8088.exe unicorn-52458.exe unicorn-50429.exe unicorn-2711.exe unicorn-32583.exe unicorn-56781.exe unicorn-31315.exe unicorn-20902.exe unicorn-49225.exe unicorn-28878.exe unicorn-45769.exe unicorn-37600.exe unicorn-25671.exe unicorn-26639.exe unicorn-48037.exe unicorn-33849.exe unicorn-34114.exe unicorn-1249.exe unicorn-18746.exe unicorn-38006.exe unicorn-38560.exe unicorn-37299.exe unicorn-46558.exe unicorn-35266.exe unicorn-52157.exe unicorn-37387.exe unicorn-53439.exe unicorn-2977.exe unicorn-8597.exe unicorn-24934.exe unicorn-8405.exe unicorn-31576.exe unicorn-53885.exe unicorn-28634.exe unicorn-58383.exe unicorn-56460.exe unicorn-683.exe unicorn-17342.exe unicorn-41846.exe unicorn-40677.exe unicorn-49630.exe unicorn-41197.exe unicorn-63226.exe unicorn-30362.exe unicorn-23022.exe unicorn-49372.exe unicorn-44957.exe unicorn-58692.exe unicorn-7261.exe no specs unicorn-65185.exe unicorn-43695.exe unicorn-19322.exe unicorn-45170.exe unicorn-41086.exe unicorn-19405.exe unicorn-8029.exe unicorn-36618.exe no specs unicorn-52954.exe no specs unicorn-32077.exe no specs unicorn-26211.exe unicorn-7645.exe unicorn-33219.exe unicorn-33494.exe unicorn-53722.exe unicorn-49638.exe unicorn-52461.exe no specs unicorn-52196.exe unicorn-46331.exe unicorn-42622.exe unicorn-13841.exe unicorn-25829.exe unicorn-25331.exe unicorn-12010.exe unicorn-34816.exe unicorn-28131.exe no specs unicorn-14396.exe unicorn-58574.exe unicorn-53421.exe unicorn-45061.exe unicorn-4335.exe unicorn-47474.exe no specs unicorn-34707.exe unicorn-48443.exe unicorn-10333.exe unicorn-47645.exe unicorn-1012.exe unicorn-22394.exe unicorn-46666.exe unicorn-54364.exe unicorn-60229.exe no specs unicorn-2611.exe no specs unicorn-40436.exe no specs unicorn-60302.exe unicorn-13924.exe unicorn-59918.exe no specs unicorn-34345.exe no specs unicorn-61817.exe no specs unicorn-23245.exe no specs unicorn-45289.exe unicorn-9823.exe unicorn-57541.exe no specs unicorn-28760.exe unicorn-44350.exe no specs unicorn-48989.exe unicorn-48989.exe unicorn-27822.exe unicorn-19107.exe unicorn-45393.exe no specs unicorn-4625.exe no specs unicorn-28938.exe unicorn-62579.exe unicorn-16494.exe unicorn-12409.exe unicorn-37495.exe no specs unicorn-3347.exe unicorn-5948.exe no specs unicorn-42150.exe no specs unicorn-57972.exe unicorn-5564.exe unicorn-39026.exe no specs unicorn-46125.exe unicorn-38834.exe no specs unicorn-39803.exe unicorn-31028.exe no specs unicorn-4708.exe no specs unicorn-57993.exe no specs unicorn-14500.exe no specs unicorn-15791.exe unicorn-64853.exe no specs unicorn-14136.exe no specs unicorn-5668.exe unicorn-22617.exe unicorn-7697.exe unicorn-53177.exe unicorn-39913.exe unicorn-20312.exe unicorn-40178.exe unicorn-53307.exe unicorn-14412.exe unicorn-57391.exe unicorn-6856.exe unicorn-39471.exe unicorn-37246.exe unicorn-20526.exe no specs unicorn-53753.exe no specs unicorn-62518.exe no specs unicorn-29654.exe no specs unicorn-34292.exe no specs unicorn-2497.exe unicorn-58050.exe no specs unicorn-36287.exe no specs unicorn-681.exe unicorn-15949.exe no specs unicorn-12741.exe no specs unicorn-30422.exe unicorn-26892.exe no specs unicorn-54661.exe no specs unicorn-13893.exe no specs unicorn-64018.exe no specs unicorn-42644.exe no specs unicorn-31708.exe unicorn-1412.exe unicorn-20747.exe unicorn-7012.exe unicorn-18195.exe unicorn-47488.exe unicorn-1287.exe unicorn-2876.exe no specs unicorn-48813.exe no specs unicorn-50505.exe no specs unicorn-53302.exe no specs unicorn-12269.exe unicorn-53110.exe no specs unicorn-48834.exe unicorn-7609.exe no specs unicorn-7609.exe no specs unicorn-13784.exe no specs unicorn-15267.exe no specs unicorn-553.exe no specs unicorn-60208.exe no specs unicorn-17676.exe unicorn-17676.exe no specs unicorn-17676.exe unicorn-15952.exe no specs unicorn-2217.exe unicorn-17676.exe unicorn-17676.exe no specs unicorn-11206.exe no specs unicorn-31411.exe no specs unicorn-11014.exe no specs unicorn-13814.exe unicorn-47556.exe no specs unicorn-44756.exe no specs unicorn-33820.exe no specs unicorn-7500.exe no specs unicorn-43280.exe no specs unicorn-57945.exe no specs unicorn-63810.exe no specs unicorn-54646.exe no specs unicorn-46649.exe unicorn-60384.exe no specs unicorn-58713.exe no specs unicorn-55414.exe no specs unicorn-19020.exe unicorn-38621.exe unicorn-59861.exe unicorn-55860.exe no specs unicorn-14884.exe unicorn-55917.exe no specs unicorn-50052.exe unicorn-15512.exe unicorn-29247.exe no specs unicorn-23126.exe unicorn-21791.exe no specs unicorn-19042.exe unicorn-16110.exe no specs unicorn-17270.exe unicorn-10111.exe no specs unicorn-59120.exe no specs unicorn-32062.exe no specs unicorn-41199.exe no specs unicorn-41538.exe no specs unicorn-45430.exe no specs unicorn-6343.exe no specs unicorn-36307.exe no specs unicorn-45238.exe no specs unicorn-12141.exe no specs unicorn-53214.exe no specs unicorn-48185.exe no specs unicorn-22877.exe no specs unicorn-44864.exe no specs unicorn-2191.exe no specs unicorn-7203.exe no specs unicorn-59005.exe no specs unicorn-13068.exe no specs unicorn-13068.exe no specs unicorn-1081.exe no specs unicorn-57936.exe no specs unicorn-32420.exe no specs unicorn-23754.exe no specs unicorn-12819.exe no specs unicorn-12819.exe no specs unicorn-12819.exe no specs unicorn-12819.exe no specs unicorn-12819.exe no specs unicorn-12819.exe no specs unicorn-26554.exe no specs unicorn-64188.exe no specs unicorn-25669.exe no specs unicorn-53088.exe no specs unicorn-53088.exe unicorn-50288.exe no specs unicorn-33752.exe no specs unicorn-39352.exe no specs unicorn-58953.exe unicorn-63665.exe no specs unicorn-33261.exe no specs unicorn-40452.exe no specs unicorn-2809.exe no specs unicorn-11641.exe unicorn-37328.exe no specs unicorn-13608.exe no specs unicorn-42016.exe no specs unicorn-29818.exe no specs unicorn-13281.exe no specs unicorn-27571.exe no specs unicorn-13836.exe no specs unicorn-29818.exe unicorn-7012.exe unicorn-27898.exe unicorn-53088.exe no specs unicorn-42180.exe no specs unicorn-54432.exe no specs unicorn-31572.exe no specs unicorn-58953.exe no specs unicorn-27018.exe no specs unicorn-29818.exe no specs unicorn-50239.exe no specs unicorn-15336.exe no specs unicorn-41678.exe no specs unicorn-42424.exe no specs unicorn-2508.exe unicorn-13452.exe no specs unicorn-8429.exe no specs unicorn-24771.exe no specs unicorn-60453.exe no specs unicorn-60453.exe no specs unicorn-60453.exe no specs unicorn-24795.exe no specs unicorn-32598.exe unicorn-37833.exe no specs unicorn-27994.exe no specs slui.exe no specs unicorn-52041.exe no specs unicorn-6120.exe no specs unicorn-60090.exe no specs unicorn-36665.exe no specs unicorn-17064.exe no specs unicorn-17064.exe no specs unicorn-11464.exe no specs unicorn-28530.exe no specs unicorn-61989.exe no specs unicorn-10187.exe no specs unicorn-17064.exe no specs unicorn-27999.exe no specs unicorn-12980.exe no specs unicorn-30799.exe no specs unicorn-30799.exe no specs unicorn-30799.exe no specs unicorn-30799.exe no specs unicorn-30799.exe no specs unicorn-27501.exe no specs unicorn-39753.exe no specs unicorn-32462.exe no specs unicorn-48990.exe no specs unicorn-20210.exe no specs unicorn-15934.exe no specs unicorn-36354.exe no specs unicorn-20018.exe no specs unicorn-61937.exe no specs unicorn-51813.exe no specs unicorn-61937.exe unicorn-19887.exe no specs unicorn-53802.exe no specs unicorn-56072.exe no specs unicorn-56072.exe no specs unicorn-41782.exe no specs unicorn-53272.exe no specs unicorn-61937.exe no specs unicorn-42336.exe no specs unicorn-61937.exe no specs unicorn-1910.exe no specs unicorn-56072.exe unicorn-61937.exe unicorn-56072.exe unicorn-36736.exe no specs unicorn-30799.exe no specs unicorn-28251.exe no specs unicorn-53501.exe no specs unicorn-42035.exe no specs unicorn-42035.exe no specs unicorn-52971.exe no specs unicorn-42035.exe no specs unicorn-36435.exe no specs unicorn-36435.exe no specs unicorn-61636.exe no specs unicorn-55771.exe no specs unicorn-49440.exe no specs unicorn-49440.exe no specs unicorn-61692.exe no specs unicorn-61636.exe no specs unicorn-61636.exe no specs unicorn-61636.exe no specs unicorn-55771.exe no specs unicorn-55771.exe no specs unicorn-55771.exe no specs unicorn-55771.exe no specs unicorn-55771.exe no specs unicorn-17972.exe no specs unicorn-6540.exe no specs unicorn-65082.exe no specs unicorn-65082.exe no specs unicorn-65082.exe no specs unicorn-5603.exe no specs unicorn-35193.exe no specs unicorn-45217.exe no specs unicorn-64817.exe no specs unicorn-56152.exe no specs unicorn-36302.exe no specs unicorn-56400.exe no specs unicorn-44470.exe no specs unicorn-45321.exe no specs unicorn-12913.exe no specs unicorn-23666.exe no specs unicorn-9960.exe no specs unicorn-64817.exe unicorn-58952.exe unicorn-32435.exe no specs unicorn-32435.exe no specs unicorn-1269.exe no specs unicorn-1269.exe no specs unicorn-1269.exe no specs unicorn-9934.exe no specs unicorn-55871.exe no specs unicorn-33312.exe no specs unicorn-1269.exe no specs unicorn-33312.exe no specs unicorn-4069.exe no specs unicorn-4069.exe no specs unicorn-32435.exe no specs unicorn-33312.exe no specs unicorn-4069.exe no specs unicorn-4069.exe no specs unicorn-44248.exe no specs unicorn-52913.exe no specs unicorn-56395.exe no specs unicorn-4069.exe unicorn-36794.exe unicorn-56692.exe unicorn-27712.exe no specs unicorn-50271.exe no specs unicorn-27712.exe unicorn-26835.exe no specs unicorn-56692.exe no specs unicorn-46171.exe no specs unicorn-26835.exe no specs unicorn-52301.exe unicorn-52036.exe unicorn-65357.exe no specs unicorn-12535.exe no specs unicorn-15335.exe no specs unicorn-21200.exe no specs unicorn-21200.exe unicorn-1600.exe no specs unicorn-17917.exe no specs unicorn-852.exe no specs unicorn-26053.exe no specs unicorn-26053.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
680C:\Users\admin\AppData\Local\Temp\Unicorn-340.exeC:\Users\admin\AppData\Local\Temp\Unicorn-340.exe
1 (1274).exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-340.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1040"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1C:\Windows\System32\BackgroundTransferHost.exesvchost.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Download/Upload Host
Exit code:
1
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\backgroundtransferhost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\combase.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\kernel.appcore.dll
c:\windows\system32\bcryptprimitives.dll
1056C:\Users\admin\AppData\Local\Temp\Unicorn-27775.exeC:\Users\admin\AppData\Local\Temp\Unicorn-27775.exe
Unicorn-56521.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-27775.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1760"C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEventC:\Windows\System32\slui.exe
SppExtComObj.Exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Windows Activation Client
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\slui.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\user32.dll
2104C:\Users\admin\AppData\Local\Temp\Unicorn-29677.exeC:\Users\admin\AppData\Local\Temp\Unicorn-29677.exeUnicorn-61342.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Exit code:
3221225785
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-29677.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2136C:\Users\admin\AppData\Local\Temp\Unicorn-59064.exeC:\Users\admin\AppData\Local\Temp\Unicorn-59064.exe
Unicorn-33329.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-59064.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvbvm60.dll
c:\windows\syswow64\user32.dll
2268C:\Users\admin\AppData\Local\Temp\Unicorn-56521.exeC:\Users\admin\AppData\Local\Temp\Unicorn-56521.exe
1 (1274).exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-56521.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2288C:\Users\admin\AppData\Local\Temp\Unicorn-57541.exeC:\Users\admin\AppData\Local\Temp\Unicorn-57541.exeUnicorn-20798.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-57541.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2504C:\Users\admin\AppData\Local\Temp\Unicorn-48989.exeC:\Users\admin\AppData\Local\Temp\Unicorn-48989.exe
Unicorn-57341.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-48989.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
2552C:\Users\admin\AppData\Local\Temp\Unicorn-8249.exeC:\Users\admin\AppData\Local\Temp\Unicorn-8249.exe
Unicorn-42894.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-8249.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
10 941
Read events
10 926
Write events
15
Delete events
0

Modification events

(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1040) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7436) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7436) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7436) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7936) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7936) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7936) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7656) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
666
Suspicious files
5
Text files
0
Unknown types
0

Dropped files

PID
Process
Filename
Type
6112Unicorn-37741.exeC:\Users\admin\AppData\Local\Temp\Unicorn-57341.exeexecutable
MD5:5182D5A5CDCE93220FEFB43307A6B54A
SHA256:E1036FA4DDB8DD9643B3C563A2E6C8CD40E711233DF4543EBE9665B0399265C1
680Unicorn-340.exeC:\Users\admin\AppData\Local\Temp\Unicorn-37741.exeexecutable
MD5:229FA1E65B7443B1326DCC7BFE119741
SHA256:D3D4965CCABD6CBC0D18D57AB44FD1ED3F38FC10C5F5CED02C36CC545140DDBB
680Unicorn-340.exeC:\Users\admin\AppData\Local\Temp\Unicorn-12696.exeexecutable
MD5:CEE34C1701F795B8CCD6C3756632867C
SHA256:7BB6830C798B96CDAD5B129EE436A480AC0EBF93A58B345EDE1E20A4CEB6AA98
2268Unicorn-56521.exeC:\Users\admin\AppData\Local\Temp\Unicorn-27775.exeexecutable
MD5:D7A01937FBC3214DF1E7CBAD1670D45D
SHA256:E53545504EFDA534C57582E71584BBDE144AB703C43D52E6F75E35E6BA77AA61
2692Unicorn-31610.exeC:\Users\admin\AppData\Local\Temp\Unicorn-39661.exeexecutable
MD5:26E29157BA4ABA770AF1A344CFBEA79A
SHA256:494EDB2068A4A3C47A037AA2AFA4273FB40682EC3197C2052F1EB34D7634E403
6744Unicorn-43448.exeC:\Users\admin\AppData\Local\Temp\Unicorn-11949.exeexecutable
MD5:FF06F4DC9D402CEDCF461A6F11789785
SHA256:3A6F2AC3137CB4575BACCD763F70D2E20B3CD04AED6280E769E2405F90A4DDB7
57961 (1274).exeC:\Users\admin\AppData\Local\Temp\Unicorn-11684.exeexecutable
MD5:6E7BB78D623D27D600A07114291F0E8B
SHA256:4974B37D8A3B981FC3289412C0D88D503EE59A271C4583391700A652D4468B07
6112Unicorn-37741.exeC:\Users\admin\AppData\Local\Temp\Unicorn-61342.exeexecutable
MD5:90ABBD673ADF5FDFD78F0A14E9C1892A
SHA256:4F3C751F69928EEEA24D3E527B87F421DCFD3A46971746152B64EAA78535DA67
2268Unicorn-56521.exeC:\Users\admin\AppData\Local\Temp\Unicorn-61238.exeexecutable
MD5:EB3586D49279A403A9DBB4C3B6E8C597
SHA256:383FCEE66F68BFC6977D902CC1CE78F5AB11183330290D6306147B1F3F702B1C
2552Unicorn-8249.exeC:\Users\admin\AppData\Local\Temp\Unicorn-26854.exeexecutable
MD5:6CD44C6D04954C487F35C7355B9CBDFE
SHA256:4A3F599FF811C53A15C24AED53E32612F51539BCDD36A55C1F1C7743C8789FE7
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
25
DNS requests
16
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
6544
svchost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5496
MoUsoCoreWorker.exe
GET
200
2.16.164.113:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
6620
backgroundTaskHost.exe
GET
200
2.23.77.188:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
8188
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
8188
SIHClient.exe
GET
200
23.219.150.101:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
3268
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
5496
MoUsoCoreWorker.exe
2.16.164.113:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
2112
svchost.exe
20.73.194.208:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
3216
svchost.exe
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
40.126.32.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6620
backgroundTaskHost.exe
20.223.35.26:443
arc.msn.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6620
backgroundTaskHost.exe
2.23.77.188:80
ocsp.digicert.com
AKAMAI-AS
DE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 20.73.194.208
whitelisted
google.com
  • 142.250.185.142
whitelisted
crl.microsoft.com
  • 2.16.164.113
  • 2.16.164.122
  • 2.16.164.74
  • 2.16.164.112
  • 2.16.164.120
  • 2.16.164.51
  • 2.16.164.64
  • 2.16.164.72
  • 2.16.164.9
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.14
  • 20.190.160.130
  • 20.190.160.2
  • 20.190.160.64
  • 20.190.160.4
  • 20.190.160.67
  • 20.190.160.65
whitelisted
ocsp.digicert.com
  • 2.23.77.188
whitelisted
arc.msn.com
  • 20.223.35.26
whitelisted
www.bing.com
  • 2.23.227.215
  • 2.23.227.221
  • 2.23.227.208
whitelisted
slscr.update.microsoft.com
  • 20.12.23.50
whitelisted
www.microsoft.com
  • 23.219.150.101
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (1274)