| File name: | 1 (159) |
| Full analysis: | https://app.any.run/tasks/792d5d8b-2b3d-417b-9425-ba0484400d4b |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 16:54:27 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 3D9417965D969032BE5589EBA1834D20 |
| SHA1: | 35E1E0DEFE8E37DDBE7C5DBC04E55CB7CAAAE7A0 |
| SHA256: | 9C61586BB051530C5462E0448D35BDEBD02B0356325E4EBDB1F3E0A5AD3F09A8 |
| SSDEEP: | 6144:o7/JcBKmKD1MA5aE7merBYnx5gDqQp8GByLWydbDrk/8SwuwpyAvEh4iMmndPc2Q:o7S0xMA5f75hDF+ay6ydbDOx4DxmDCR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-40461.exe (PID: 8168)
- Unicorn-20560.exe (PID: 7752)
- 1 (159).exe (PID: 7540)
- Unicorn-3616.exe (PID: 6668)
- Unicorn-35390.exe (PID: 6640)
- Unicorn-50144.exe (PID: 8184)
- Unicorn-28972.exe (PID: 4008)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-61789.exe (PID: 1628)
- Unicorn-42267.exe (PID: 5640)
- Unicorn-15852.exe (PID: 6372)
- Unicorn-6055.exe (PID: 5328)
- Unicorn-18038.exe (PID: 4164)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-310.exe (PID: 2316)
- Unicorn-34566.exe (PID: 7188)
- Unicorn-49880.exe (PID: 7252)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-37305.exe (PID: 7284)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-61710.exe (PID: 960)
- Unicorn-46792.exe (PID: 4448)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-49086.exe (PID: 7808)
- Unicorn-2992.exe (PID: 7780)
- Unicorn-30041.exe (PID: 7944)
- Unicorn-49963.exe (PID: 7872)
- Unicorn-50300.exe (PID: 7916)
- Unicorn-9397.exe (PID: 5984)
- Unicorn-54414.exe (PID: 1116)
- Unicorn-42371.exe (PID: 8092)
- Unicorn-36424.exe (PID: 7516)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-62443.exe (PID: 6080)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-26284.exe (PID: 4932)
- Unicorn-54535.exe (PID: 7536)
- Unicorn-51565.exe (PID: 2564)
- Unicorn-27491.exe (PID: 1132)
- Unicorn-25947.exe (PID: 8120)
- Unicorn-29351.exe (PID: 4220)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-33046.exe (PID: 1512)
- Unicorn-34499.exe (PID: 3896)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-47794.exe (PID: 6724)
- Unicorn-44457.exe (PID: 5408)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-10938.exe (PID: 516)
- Unicorn-31218.exe (PID: 5260)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-41484.exe (PID: 7568)
- Unicorn-41484.exe (PID: 7576)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-16596.exe (PID: 7628)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-7259.exe (PID: 1388)
- Unicorn-12957.exe (PID: 7852)
- Unicorn-57628.exe (PID: 4844)
- Unicorn-33627.exe (PID: 5964)
- Unicorn-41100.exe (PID: 6644)
- Unicorn-26470.exe (PID: 6512)
- Unicorn-45382.exe (PID: 7828)
- Unicorn-26108.exe (PID: 8240)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-48758.exe (PID: 8292)
- Unicorn-23730.exe (PID: 8348)
- Unicorn-11809.exe (PID: 8272)
- Unicorn-47872.exe (PID: 8448)
- Unicorn-22216.exe (PID: 8320)
- Unicorn-39704.exe (PID: 8404)
- Unicorn-55848.exe (PID: 8340)
- Unicorn-28006.exe (PID: 8436)
- Unicorn-60124.exe (PID: 8376)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-43788.exe (PID: 8464)
- Unicorn-46526.exe (PID: 8568)
- Unicorn-36196.exe (PID: 8704)
- Unicorn-17373.exe (PID: 8512)
- Unicorn-17373.exe (PID: 8520)
- Unicorn-48043.exe (PID: 8612)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-47488.exe (PID: 8656)
- Unicorn-47296.exe (PID: 8556)
- Unicorn-61447.exe (PID: 8740)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-22089.exe (PID: 8748)
- Unicorn-20052.exe (PID: 8780)
- Unicorn-3139.exe (PID: 8804)
- Unicorn-58462.exe (PID: 8812)
- Unicorn-64592.exe (PID: 8828)
- Unicorn-3886.exe (PID: 8864)
- Unicorn-21182.exe (PID: 8884)
- Unicorn-49268.exe (PID: 7348)
- Unicorn-12459.exe (PID: 8916)
- Unicorn-63314.exe (PID: 8988)
- Unicorn-20554.exe (PID: 8964)
- Unicorn-954.exe (PID: 8956)
- Unicorn-32496.exe (PID: 8980)
- Unicorn-3145.exe (PID: 9004)
- Unicorn-49038.exe (PID: 5588)
- Unicorn-20820.exe (PID: 8972)
- Unicorn-19943.exe (PID: 9104)
- Unicorn-26226.exe (PID: 9088)
- Unicorn-30554.exe (PID: 2092)
- Unicorn-5059.exe (PID: 9064)
- Unicorn-22896.exe (PID: 9200)
- Unicorn-47400.exe (PID: 9208)
- Unicorn-62964.exe (PID: 9156)
- Unicorn-23088.exe (PID: 5020)
- Unicorn-6559.exe (PID: 8300)
- Unicorn-23088.exe (PID: 7408)
- Unicorn-14343.exe (PID: 8736)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-47763.exe (PID: 8852)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-23280.exe (PID: 9316)
- Unicorn-7010.exe (PID: 8540)
- Unicorn-47872.exe (PID: 8456)
- Unicorn-60015.exe (PID: 2084)
- Unicorn-59543.exe (PID: 9268)
- Unicorn-27425.exe (PID: 9224)
- Unicorn-27425.exe (PID: 9220)
- Unicorn-64571.exe (PID: 8692)
- Unicorn-19580.exe (PID: 8652)
- Unicorn-65251.exe (PID: 2064)
- Unicorn-46506.exe (PID: 9296)
- Unicorn-27918.exe (PID: 9332)
- Unicorn-34655.exe (PID: 9352)
- Unicorn-34655.exe (PID: 9356)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-4897.exe (PID: 9368)
- Unicorn-48936.exe (PID: 9432)
- Unicorn-15501.exe (PID: 9408)
- Unicorn-50097.exe (PID: 9464)
- Unicorn-6704.exe (PID: 9448)
- Unicorn-12459.exe (PID: 8912)
- Unicorn-46713.exe (PID: 9508)
- Unicorn-42614.exe (PID: 9540)
- Unicorn-62942.exe (PID: 9496)
Executable content was dropped or overwritten
- Unicorn-50144.exe (PID: 8184)
- 1 (159).exe (PID: 7540)
- Unicorn-20560.exe (PID: 7752)
- Unicorn-40461.exe (PID: 8168)
- Unicorn-6055.exe (PID: 5328)
- Unicorn-28972.exe (PID: 4008)
- Unicorn-3616.exe (PID: 6668)
- Unicorn-35390.exe (PID: 6640)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-61710.exe (PID: 960)
- Unicorn-61789.exe (PID: 1628)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-42267.exe (PID: 5640)
- Unicorn-15852.exe (PID: 6372)
- Unicorn-18038.exe (PID: 4164)
- Unicorn-310.exe (PID: 2316)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-34566.exe (PID: 7188)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-49880.exe (PID: 7252)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-49086.exe (PID: 7808)
- Unicorn-46792.exe (PID: 4448)
- Unicorn-37305.exe (PID: 7284)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-49963.exe (PID: 7872)
- Unicorn-2992.exe (PID: 7780)
- Unicorn-30041.exe (PID: 7944)
- Unicorn-54414.exe (PID: 1116)
- Unicorn-7259.exe (PID: 1388)
- Unicorn-50300.exe (PID: 7916)
- Unicorn-36424.exe (PID: 7516)
- Unicorn-42371.exe (PID: 8092)
- Unicorn-62443.exe (PID: 6080)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-26284.exe (PID: 4932)
- Unicorn-54535.exe (PID: 7536)
- Unicorn-51565.exe (PID: 2564)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-33046.exe (PID: 1512)
- Unicorn-25947.exe (PID: 8120)
- Unicorn-34499.exe (PID: 3896)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-44457.exe (PID: 5408)
- Unicorn-49038.exe (PID: 5588)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-10938.exe (PID: 516)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-31218.exe (PID: 5260)
- Unicorn-41484.exe (PID: 7568)
- Unicorn-41484.exe (PID: 7576)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-9397.exe (PID: 5984)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-49268.exe (PID: 7348)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-12957.exe (PID: 7852)
- Unicorn-33627.exe (PID: 5964)
- Unicorn-57628.exe (PID: 4844)
- Unicorn-26470.exe (PID: 6512)
- Unicorn-45382.exe (PID: 7828)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-26108.exe (PID: 8240)
- Unicorn-11809.exe (PID: 8272)
- Unicorn-30554.exe (PID: 2092)
- Unicorn-48758.exe (PID: 8292)
- Unicorn-23730.exe (PID: 8348)
- Unicorn-22216.exe (PID: 8320)
- Unicorn-47872.exe (PID: 8448)
- Unicorn-55848.exe (PID: 8340)
- Unicorn-29351.exe (PID: 4220)
- Unicorn-28006.exe (PID: 8436)
- Unicorn-39704.exe (PID: 8404)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-43788.exe (PID: 8464)
- Unicorn-27491.exe (PID: 1132)
- Unicorn-7010.exe (PID: 8540)
- Unicorn-46526.exe (PID: 8568)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-47794.exe (PID: 6724)
- Unicorn-64571.exe (PID: 8692)
- Unicorn-17373.exe (PID: 8512)
- Unicorn-48043.exe (PID: 8612)
- Unicorn-61447.exe (PID: 8740)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-47488.exe (PID: 8656)
- Unicorn-20052.exe (PID: 8780)
- Unicorn-58462.exe (PID: 8812)
- Unicorn-3139.exe (PID: 8804)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-64592.exe (PID: 8828)
- Unicorn-3886.exe (PID: 8864)
- Unicorn-21182.exe (PID: 8884)
- Unicorn-12459.exe (PID: 8912)
- Unicorn-16596.exe (PID: 7628)
- Unicorn-954.exe (PID: 8956)
- Unicorn-20554.exe (PID: 8964)
- Unicorn-12459.exe (PID: 8916)
- Unicorn-63314.exe (PID: 8988)
- Unicorn-20820.exe (PID: 8972)
- Unicorn-5059.exe (PID: 9064)
- Unicorn-32496.exe (PID: 8980)
- Unicorn-3145.exe (PID: 9004)
- Unicorn-26226.exe (PID: 9088)
- Unicorn-62964.exe (PID: 9156)
- Unicorn-19943.exe (PID: 9104)
- Unicorn-22896.exe (PID: 9200)
- Unicorn-47400.exe (PID: 9208)
- Unicorn-6559.exe (PID: 8300)
- Unicorn-23088.exe (PID: 5020)
- Unicorn-14343.exe (PID: 8736)
- Unicorn-23088.exe (PID: 7408)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-60124.exe (PID: 8376)
- Unicorn-23280.exe (PID: 9316)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-47872.exe (PID: 8456)
- Unicorn-36196.exe (PID: 8704)
- Unicorn-65251.exe (PID: 2064)
- Unicorn-60015.exe (PID: 2084)
- Unicorn-27425.exe (PID: 9220)
- Unicorn-19580.exe (PID: 8652)
- Unicorn-46506.exe (PID: 9296)
- Unicorn-34655.exe (PID: 9352)
- Unicorn-22089.exe (PID: 8748)
- Unicorn-34655.exe (PID: 9356)
- Unicorn-4897.exe (PID: 9368)
- Unicorn-15501.exe (PID: 9408)
- Unicorn-50097.exe (PID: 9464)
- Unicorn-48936.exe (PID: 9432)
- Unicorn-6704.exe (PID: 9448)
- Unicorn-46713.exe (PID: 9508)
- Unicorn-62942.exe (PID: 9496)
- Unicorn-42614.exe (PID: 9540)
- Unicorn-57680.exe (PID: 9596)
- Unicorn-51219.exe (PID: 9620)
- Unicorn-2039.exe (PID: 9840)
- Unicorn-55407.exe (PID: 9920)
- Unicorn-11530.exe (PID: 9928)
- Unicorn-59543.exe (PID: 9268)
- Unicorn-60871.exe (PID: 10004)
- Unicorn-28007.exe (PID: 9984)
- Unicorn-27504.exe (PID: 9868)
- Unicorn-19144.exe (PID: 9968)
- Unicorn-17373.exe (PID: 8520)
- Unicorn-23804.exe (PID: 10044)
- Unicorn-46505.exe (PID: 10152)
- Unicorn-59504.exe (PID: 10184)
- Unicorn-62649.exe (PID: 6852)
- Unicorn-26085.exe (PID: 10168)
- Unicorn-48500.exe (PID: 10116)
- Unicorn-13589.exe (PID: 10080)
- Unicorn-55036.exe (PID: 3124)
- Unicorn-9562.exe (PID: 8012)
- Unicorn-45336.exe (PID: 8208)
- Unicorn-34615.exe (PID: 4452)
- Unicorn-9562.exe (PID: 8004)
- Unicorn-54844.exe (PID: 10212)
- Unicorn-53263.exe (PID: 6248)
- Unicorn-10516.exe (PID: 9860)
- Unicorn-41100.exe (PID: 6644)
- Unicorn-39851.exe (PID: 10316)
- Unicorn-14600.exe (PID: 10256)
- Unicorn-10516.exe (PID: 7224)
- Unicorn-17533.exe (PID: 8212)
- Unicorn-34615.exe (PID: 536)
- Unicorn-302.exe (PID: 10272)
- Unicorn-10827.exe (PID: 10468)
- Unicorn-26588.exe (PID: 3156)
- Unicorn-4962.exe (PID: 10512)
- Unicorn-2924.exe (PID: 10496)
- Unicorn-28890.exe (PID: 3396)
- Unicorn-14600.exe (PID: 10264)
- Unicorn-61179.exe (PID: 10292)
- Unicorn-39851.exe (PID: 10324)
- Unicorn-2924.exe (PID: 10504)
- Unicorn-14216.exe (PID: 10428)
- Unicorn-56188.exe (PID: 4284)
- Unicorn-59717.exe (PID: 10308)
- Unicorn-11092.exe (PID: 10476)
- Unicorn-47763.exe (PID: 8852)
- Unicorn-48596.exe (PID: 10488)
- Unicorn-47296.exe (PID: 8556)
- Unicorn-52872.exe (PID: 10700)
- Unicorn-17533.exe (PID: 5452)
- Unicorn-9364.exe (PID: 10236)
- Unicorn-64376.exe (PID: 10744)
- Unicorn-27918.exe (PID: 9332)
- Unicorn-52893.exe (PID: 10828)
- Unicorn-64569.exe (PID: 10752)
- Unicorn-44704.exe (PID: 10728)
- Unicorn-52126.exe (PID: 11224)
- Unicorn-48517.exe (PID: 10952)
- Unicorn-64304.exe (PID: 10736)
- Unicorn-54647.exe (PID: 10912)
- Unicorn-27626.exe (PID: 10760)
- Unicorn-52509.exe (PID: 10944)
- Unicorn-33027.exe (PID: 10804)
- Unicorn-57745.exe (PID: 11032)
- Unicorn-21674.exe (PID: 11196)
- Unicorn-22834.exe (PID: 11128)
- Unicorn-54647.exe (PID: 11008)
- Unicorn-38093.exe (PID: 11252)
- Unicorn-11647.exe (PID: 10972)
- Unicorn-52628.exe (PID: 10796)
- Unicorn-30426.exe (PID: 10876)
- Unicorn-19453.exe (PID: 10868)
- Unicorn-931.exe (PID: 10988)
- Unicorn-28559.exe (PID: 10920)
- Unicorn-30151.exe (PID: 10812)
- Unicorn-51113.exe (PID: 11384)
- Unicorn-4142.exe (PID: 11424)
- Unicorn-9675.exe (PID: 11284)
- Unicorn-50708.exe (PID: 11192)
- Unicorn-55197.exe (PID: 11376)
- Unicorn-16691.exe (PID: 10820)
- Unicorn-19453.exe (PID: 10840)
- Unicorn-17843.exe (PID: 7000)
- Unicorn-22119.exe (PID: 11304)
- Unicorn-26609.exe (PID: 11472)
- Unicorn-11834.exe (PID: 11572)
- Unicorn-22119.exe (PID: 11308)
- Unicorn-27425.exe (PID: 9224)
Executes application which crashes
- Unicorn-63780.exe (PID: 10300)
INFO
The sample compiled with chinese language support
- 1 (159).exe (PID: 7540)
- Unicorn-20560.exe (PID: 7752)
- Unicorn-40461.exe (PID: 8168)
- Unicorn-50144.exe (PID: 8184)
- Unicorn-35390.exe (PID: 6640)
- Unicorn-6055.exe (PID: 5328)
- Unicorn-3616.exe (PID: 6668)
- Unicorn-28972.exe (PID: 4008)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-61710.exe (PID: 960)
- Unicorn-61789.exe (PID: 1628)
- Unicorn-42267.exe (PID: 5640)
- Unicorn-15852.exe (PID: 6372)
- Unicorn-18038.exe (PID: 4164)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-310.exe (PID: 2316)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-34566.exe (PID: 7188)
- Unicorn-49880.exe (PID: 7252)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-46792.exe (PID: 4448)
- Unicorn-37305.exe (PID: 7284)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-49963.exe (PID: 7872)
- Unicorn-49086.exe (PID: 7808)
- Unicorn-2992.exe (PID: 7780)
- Unicorn-30041.exe (PID: 7944)
- Unicorn-50300.exe (PID: 7916)
- Unicorn-54414.exe (PID: 1116)
- Unicorn-36424.exe (PID: 7516)
- Unicorn-62443.exe (PID: 6080)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-26284.exe (PID: 4932)
- Unicorn-54535.exe (PID: 7536)
- Unicorn-51565.exe (PID: 2564)
- Unicorn-25947.exe (PID: 8120)
- Unicorn-33046.exe (PID: 1512)
- Unicorn-34499.exe (PID: 3896)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-44457.exe (PID: 5408)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-49038.exe (PID: 5588)
- Unicorn-10938.exe (PID: 516)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-31218.exe (PID: 5260)
- Unicorn-41484.exe (PID: 7568)
- Unicorn-41484.exe (PID: 7576)
- Unicorn-49268.exe (PID: 7348)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-9397.exe (PID: 5984)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-57628.exe (PID: 4844)
- Unicorn-12957.exe (PID: 7852)
- Unicorn-33627.exe (PID: 5964)
- Unicorn-7259.exe (PID: 1388)
- Unicorn-26470.exe (PID: 6512)
- Unicorn-45382.exe (PID: 7828)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-42371.exe (PID: 8092)
- Unicorn-26108.exe (PID: 8240)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-30554.exe (PID: 2092)
- Unicorn-48758.exe (PID: 8292)
- Unicorn-23730.exe (PID: 8348)
- Unicorn-11809.exe (PID: 8272)
- Unicorn-22216.exe (PID: 8320)
- Unicorn-47872.exe (PID: 8448)
- Unicorn-55848.exe (PID: 8340)
- Unicorn-29351.exe (PID: 4220)
- Unicorn-28006.exe (PID: 8436)
- Unicorn-39704.exe (PID: 8404)
- Unicorn-27491.exe (PID: 1132)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-43788.exe (PID: 8464)
- Unicorn-7010.exe (PID: 8540)
- Unicorn-46526.exe (PID: 8568)
- Unicorn-47794.exe (PID: 6724)
- Unicorn-17373.exe (PID: 8512)
- Unicorn-64571.exe (PID: 8692)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-48043.exe (PID: 8612)
- Unicorn-47488.exe (PID: 8656)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-20052.exe (PID: 8780)
- Unicorn-58462.exe (PID: 8812)
- Unicorn-61447.exe (PID: 8740)
- Unicorn-64592.exe (PID: 8828)
- Unicorn-3886.exe (PID: 8864)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-3139.exe (PID: 8804)
- Unicorn-12459.exe (PID: 8912)
- Unicorn-16596.exe (PID: 7628)
- Unicorn-21182.exe (PID: 8884)
- Unicorn-63314.exe (PID: 8988)
- Unicorn-20820.exe (PID: 8972)
- Unicorn-954.exe (PID: 8956)
- Unicorn-20554.exe (PID: 8964)
- Unicorn-12459.exe (PID: 8916)
- Unicorn-32496.exe (PID: 8980)
- Unicorn-3145.exe (PID: 9004)
- Unicorn-5059.exe (PID: 9064)
- Unicorn-26226.exe (PID: 9088)
- Unicorn-62964.exe (PID: 9156)
- Unicorn-19943.exe (PID: 9104)
- Unicorn-22896.exe (PID: 9200)
- Unicorn-47400.exe (PID: 9208)
- Unicorn-23088.exe (PID: 5020)
- Unicorn-6559.exe (PID: 8300)
- Unicorn-23088.exe (PID: 7408)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-60124.exe (PID: 8376)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-23280.exe (PID: 9316)
- Unicorn-14343.exe (PID: 8736)
- Unicorn-47872.exe (PID: 8456)
- Unicorn-60015.exe (PID: 2084)
- Unicorn-36196.exe (PID: 8704)
- Unicorn-27425.exe (PID: 9220)
- Unicorn-19580.exe (PID: 8652)
- Unicorn-65251.exe (PID: 2064)
- Unicorn-46506.exe (PID: 9296)
- Unicorn-34655.exe (PID: 9352)
- Unicorn-4897.exe (PID: 9368)
- Unicorn-22089.exe (PID: 8748)
- Unicorn-34655.exe (PID: 9356)
- Unicorn-48936.exe (PID: 9432)
- Unicorn-15501.exe (PID: 9408)
- Unicorn-6704.exe (PID: 9448)
- Unicorn-50097.exe (PID: 9464)
- Unicorn-46713.exe (PID: 9508)
- Unicorn-42614.exe (PID: 9540)
- Unicorn-57680.exe (PID: 9596)
- Unicorn-51219.exe (PID: 9620)
- Unicorn-2039.exe (PID: 9840)
- Unicorn-62942.exe (PID: 9496)
- Unicorn-11530.exe (PID: 9928)
- Unicorn-19144.exe (PID: 9968)
- Unicorn-60871.exe (PID: 10004)
- Unicorn-28007.exe (PID: 9984)
- Unicorn-59543.exe (PID: 9268)
- Unicorn-27504.exe (PID: 9868)
- Unicorn-55407.exe (PID: 9920)
- Unicorn-13589.exe (PID: 10080)
- Unicorn-23804.exe (PID: 10044)
- Unicorn-17373.exe (PID: 8520)
- Unicorn-62649.exe (PID: 6852)
- Unicorn-59504.exe (PID: 10184)
- Unicorn-48500.exe (PID: 10116)
- Unicorn-46505.exe (PID: 10152)
- Unicorn-45336.exe (PID: 8208)
- Unicorn-55036.exe (PID: 3124)
- Unicorn-53263.exe (PID: 6248)
- Unicorn-9562.exe (PID: 8012)
- Unicorn-9562.exe (PID: 8004)
- Unicorn-34615.exe (PID: 4452)
- Unicorn-26085.exe (PID: 10168)
- Unicorn-54844.exe (PID: 10212)
- Unicorn-34615.exe (PID: 536)
- Unicorn-10516.exe (PID: 7224)
- Unicorn-39851.exe (PID: 10316)
- Unicorn-14600.exe (PID: 10256)
- Unicorn-17533.exe (PID: 8212)
- Unicorn-10516.exe (PID: 9860)
- Unicorn-41100.exe (PID: 6644)
- Unicorn-39851.exe (PID: 10324)
- Unicorn-10827.exe (PID: 10468)
- Unicorn-26588.exe (PID: 3156)
- Unicorn-4962.exe (PID: 10512)
- Unicorn-2924.exe (PID: 10496)
- Unicorn-28890.exe (PID: 3396)
- Unicorn-61179.exe (PID: 10292)
- Unicorn-302.exe (PID: 10272)
- Unicorn-2924.exe (PID: 10504)
- Unicorn-59717.exe (PID: 10308)
- Unicorn-14216.exe (PID: 10428)
- Unicorn-48596.exe (PID: 10488)
- Unicorn-11092.exe (PID: 10476)
- Unicorn-47763.exe (PID: 8852)
- Unicorn-14600.exe (PID: 10264)
- Unicorn-56188.exe (PID: 4284)
- Unicorn-47296.exe (PID: 8556)
- Unicorn-52872.exe (PID: 10700)
- Unicorn-52893.exe (PID: 10828)
- Unicorn-17533.exe (PID: 5452)
- Unicorn-64376.exe (PID: 10744)
- Unicorn-27918.exe (PID: 9332)
- Unicorn-54647.exe (PID: 10912)
- Unicorn-27626.exe (PID: 10760)
- Unicorn-44704.exe (PID: 10728)
- Unicorn-64569.exe (PID: 10752)
- Unicorn-52126.exe (PID: 11224)
- Unicorn-48517.exe (PID: 10952)
- Unicorn-9364.exe (PID: 10236)
- Unicorn-64304.exe (PID: 10736)
- Unicorn-52509.exe (PID: 10944)
- Unicorn-57745.exe (PID: 11032)
- Unicorn-33027.exe (PID: 10804)
- Unicorn-21674.exe (PID: 11196)
- Unicorn-22834.exe (PID: 11128)
- Unicorn-54647.exe (PID: 11008)
- Unicorn-11647.exe (PID: 10972)
- Unicorn-38093.exe (PID: 11252)
- Unicorn-16691.exe (PID: 10820)
- Unicorn-52628.exe (PID: 10796)
- Unicorn-30426.exe (PID: 10876)
- Unicorn-19453.exe (PID: 10868)
- Unicorn-931.exe (PID: 10988)
- Unicorn-28559.exe (PID: 10920)
- Unicorn-30151.exe (PID: 10812)
- Unicorn-50708.exe (PID: 11192)
- Unicorn-55197.exe (PID: 11376)
- Unicorn-51113.exe (PID: 11384)
- Unicorn-4142.exe (PID: 11424)
- Unicorn-19453.exe (PID: 10840)
- Unicorn-17843.exe (PID: 7000)
- Unicorn-22119.exe (PID: 11304)
- Unicorn-9675.exe (PID: 11284)
- Unicorn-11834.exe (PID: 11572)
- Unicorn-22119.exe (PID: 11308)
- Unicorn-26609.exe (PID: 11472)
- Unicorn-27425.exe (PID: 9224)
Checks supported languages
- 1 (159).exe (PID: 7540)
- Unicorn-20560.exe (PID: 7752)
- Unicorn-50144.exe (PID: 8184)
- Unicorn-40461.exe (PID: 8168)
- Unicorn-3616.exe (PID: 6668)
- Unicorn-6055.exe (PID: 5328)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-35390.exe (PID: 6640)
- Unicorn-61710.exe (PID: 960)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-15852.exe (PID: 6372)
- Unicorn-18038.exe (PID: 4164)
- Unicorn-34566.exe (PID: 7188)
- Unicorn-310.exe (PID: 2316)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-37305.exe (PID: 7284)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-46792.exe (PID: 4448)
- Unicorn-49963.exe (PID: 7872)
- Unicorn-49880.exe (PID: 7252)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-30041.exe (PID: 7944)
- Unicorn-50300.exe (PID: 7916)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-36424.exe (PID: 7516)
- Unicorn-54414.exe (PID: 1116)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-51565.exe (PID: 2564)
- Unicorn-25947.exe (PID: 8120)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-26284.exe (PID: 4932)
- Unicorn-54535.exe (PID: 7536)
- Unicorn-33046.exe (PID: 1512)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-29351.exe (PID: 4220)
- Unicorn-44457.exe (PID: 5408)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-31218.exe (PID: 5260)
- Unicorn-10938.exe (PID: 516)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-41484.exe (PID: 7568)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-41100.exe (PID: 6644)
- Unicorn-57628.exe (PID: 4844)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-33627.exe (PID: 5964)
- Unicorn-45382.exe (PID: 7828)
- Unicorn-16596.exe (PID: 7628)
- Unicorn-12957.exe (PID: 7852)
- Unicorn-30554.exe (PID: 2092)
- Unicorn-26108.exe (PID: 8240)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-60124.exe (PID: 8376)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-23730.exe (PID: 8348)
- Unicorn-43788.exe (PID: 8464)
- Unicorn-47872.exe (PID: 8448)
- Unicorn-47872.exe (PID: 8456)
- Unicorn-17373.exe (PID: 8520)
- Unicorn-7010.exe (PID: 8540)
- Unicorn-17373.exe (PID: 8512)
- Unicorn-46526.exe (PID: 8568)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-36196.exe (PID: 8704)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-61447.exe (PID: 8740)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-22089.exe (PID: 8748)
- Unicorn-58462.exe (PID: 8812)
- Unicorn-21182.exe (PID: 8884)
- Unicorn-20554.exe (PID: 8964)
- Unicorn-32496.exe (PID: 8980)
- Unicorn-20820.exe (PID: 8972)
- Unicorn-26226.exe (PID: 9088)
- Unicorn-62964.exe (PID: 9156)
- Unicorn-19943.exe (PID: 9104)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-19580.exe (PID: 8652)
- Unicorn-65251.exe (PID: 2064)
- Unicorn-59543.exe (PID: 9268)
- Unicorn-46506.exe (PID: 9296)
- Unicorn-27918.exe (PID: 9332)
- Unicorn-34655.exe (PID: 9356)
- Unicorn-4897.exe (PID: 9368)
- Unicorn-62942.exe (PID: 9496)
- Unicorn-42614.exe (PID: 9540)
- Unicorn-51219.exe (PID: 9620)
- Unicorn-2039.exe (PID: 9840)
- Unicorn-6704.exe (PID: 9448)
- Unicorn-11530.exe (PID: 9928)
- Unicorn-55407.exe (PID: 9920)
- Unicorn-28007.exe (PID: 9984)
- Unicorn-23804.exe (PID: 10044)
- Unicorn-13589.exe (PID: 10080)
- Unicorn-59504.exe (PID: 10184)
- Unicorn-46505.exe (PID: 10152)
- Unicorn-9364.exe (PID: 10236)
- Unicorn-63204.exe (PID: 7416)
- Unicorn-55036.exe (PID: 3124)
- Unicorn-62649.exe (PID: 6852)
- Unicorn-17533.exe (PID: 5452)
- Unicorn-17533.exe (PID: 8212)
- Unicorn-9562.exe (PID: 8012)
- Unicorn-45336.exe (PID: 8208)
- Unicorn-53263.exe (PID: 6248)
- Unicorn-56188.exe (PID: 4284)
- Unicorn-9562.exe (PID: 8004)
- Unicorn-28890.exe (PID: 3396)
- Unicorn-302.exe (PID: 10272)
- Unicorn-39851.exe (PID: 10324)
- Unicorn-14216.exe (PID: 10428)
- Unicorn-14600.exe (PID: 10256)
- Unicorn-27626.exe (PID: 10760)
- Unicorn-52872.exe (PID: 10700)
- Unicorn-10827.exe (PID: 10468)
- Unicorn-64569.exe (PID: 10752)
- Unicorn-16691.exe (PID: 10820)
- Unicorn-30426.exe (PID: 10876)
- Unicorn-52628.exe (PID: 10796)
- Unicorn-54647.exe (PID: 11008)
- Unicorn-11647.exe (PID: 10972)
- Unicorn-21674.exe (PID: 11196)
- Unicorn-22834.exe (PID: 11128)
- Unicorn-41912.exe (PID: 11244)
- Unicorn-62789.exe (PID: 10460)
- Unicorn-17843.exe (PID: 7000)
- Unicorn-22119.exe (PID: 11308)
- Unicorn-55197.exe (PID: 11376)
- Unicorn-51113.exe (PID: 11384)
- Unicorn-30784.exe (PID: 11432)
- Unicorn-44599.exe (PID: 11628)
- Unicorn-30117.exe (PID: 11544)
- Unicorn-30863.exe (PID: 11620)
- Unicorn-49478.exe (PID: 11696)
- Unicorn-19209.exe (PID: 11756)
- Unicorn-32015.exe (PID: 11728)
- Unicorn-75.exe (PID: 11944)
- Unicorn-39629.exe (PID: 11712)
- Unicorn-36291.exe (PID: 11792)
- Unicorn-21947.exe (PID: 11808)
- Unicorn-26499.exe (PID: 10584)
- Unicorn-19099.exe (PID: 12340)
- Unicorn-56432.exe (PID: 684)
- Unicorn-43049.exe (PID: 12364)
- Unicorn-28877.exe (PID: 12028)
- Unicorn-57008.exe (PID: 12400)
- Unicorn-11336.exe (PID: 12436)
- Unicorn-7179.exe (PID: 12460)
- Unicorn-5974.exe (PID: 12660)
- Unicorn-36779.exe (PID: 12492)
- Unicorn-41055.exe (PID: 12920)
- Unicorn-13043.exe (PID: 12784)
- Unicorn-26778.exe (PID: 12792)
- Unicorn-62073.exe (PID: 13108)
- Unicorn-32525.exe (PID: 13048)
- Unicorn-48099.exe (PID: 13064)
- Unicorn-2594.exe (PID: 13032)
- Unicorn-43691.exe (PID: 13224)
- Unicorn-49556.exe (PID: 13208)
- Unicorn-37163.exe (PID: 13080)
- Unicorn-32836.exe (PID: 7764)
- Unicorn-49556.exe (PID: 13200)
- Unicorn-57605.exe (PID: 12396)
- Unicorn-58736.exe (PID: 13256)
- Unicorn-4320.exe (PID: 7648)
- Unicorn-24170.exe (PID: 12524)
- Unicorn-13064.exe (PID: 13264)
- Unicorn-13235.exe (PID: 4884)
- Unicorn-8434.exe (PID: 13776)
- Unicorn-29941.exe (PID: 13704)
- Unicorn-10440.exe (PID: 13816)
- Unicorn-59660.exe (PID: 13856)
- Unicorn-62427.exe (PID: 13872)
- Unicorn-59660.exe (PID: 13864)
- Unicorn-59852.exe (PID: 14012)
- Unicorn-13915.exe (PID: 14148)
- Unicorn-59032.exe (PID: 14004)
- Unicorn-23095.exe (PID: 14108)
- Unicorn-52089.exe (PID: 14196)
- Unicorn-53167.exe (PID: 13996)
- Unicorn-23863.exe (PID: 7912)
- Unicorn-64347.exe (PID: 14344)
- Unicorn-58595.exe (PID: 14448)
- Unicorn-8295.exe (PID: 14572)
- Unicorn-50427.exe (PID: 14416)
- Unicorn-48316.exe (PID: 14580)
- Unicorn-43691.exe (PID: 13216)
Reads the computer name
- 1 (159).exe (PID: 7540)
- Unicorn-20560.exe (PID: 7752)
- Unicorn-40461.exe (PID: 8168)
- Unicorn-50144.exe (PID: 8184)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-28972.exe (PID: 4008)
- Unicorn-61710.exe (PID: 960)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-61789.exe (PID: 1628)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-310.exe (PID: 2316)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-2992.exe (PID: 7780)
- Unicorn-9397.exe (PID: 5984)
- Unicorn-7259.exe (PID: 1388)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-27491.exe (PID: 1132)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-42371.exe (PID: 8092)
- Unicorn-33046.exe (PID: 1512)
- Unicorn-34499.exe (PID: 3896)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-49038.exe (PID: 5588)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-41484.exe (PID: 7576)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-41100.exe (PID: 6644)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-48758.exe (PID: 8292)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-36196.exe (PID: 8704)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-48043.exe (PID: 8612)
- Unicorn-47488.exe (PID: 8656)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-64571.exe (PID: 8692)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-3139.exe (PID: 8804)
- Unicorn-12459.exe (PID: 8912)
- Unicorn-954.exe (PID: 8956)
- Unicorn-32496.exe (PID: 8980)
- Unicorn-23088.exe (PID: 7408)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-34655.exe (PID: 9356)
- Unicorn-48936.exe (PID: 9432)
Create files in a temporary directory
- 1 (159).exe (PID: 7540)
- Unicorn-50144.exe (PID: 8184)
- Unicorn-6055.exe (PID: 5328)
- Unicorn-28972.exe (PID: 4008)
- Unicorn-35390.exe (PID: 6640)
- Unicorn-20560.exe (PID: 7752)
- Unicorn-40461.exe (PID: 8168)
- Unicorn-52333.exe (PID: 5376)
- Unicorn-3616.exe (PID: 6668)
- Unicorn-61789.exe (PID: 1628)
- Unicorn-8525.exe (PID: 2152)
- Unicorn-18038.exe (PID: 4164)
- Unicorn-310.exe (PID: 2316)
- Unicorn-15328.exe (PID: 2392)
- Unicorn-3673.exe (PID: 7276)
- Unicorn-42267.exe (PID: 5640)
- Unicorn-7093.exe (PID: 6132)
- Unicorn-61710.exe (PID: 960)
- Unicorn-15852.exe (PID: 6372)
- Unicorn-47695.exe (PID: 7948)
- Unicorn-49963.exe (PID: 7872)
- Unicorn-2992.exe (PID: 7780)
- Unicorn-34566.exe (PID: 7188)
- Unicorn-54414.exe (PID: 1116)
- Unicorn-7259.exe (PID: 1388)
- Unicorn-23294.exe (PID: 6268)
- Unicorn-25947.exe (PID: 8120)
- Unicorn-54535.exe (PID: 7536)
- Unicorn-51565.exe (PID: 2564)
- Unicorn-7726.exe (PID: 1180)
- Unicorn-49880.exe (PID: 7252)
- Unicorn-46792.exe (PID: 4448)
- Unicorn-37305.exe (PID: 7284)
- Unicorn-3969.exe (PID: 7788)
- Unicorn-49086.exe (PID: 7808)
- Unicorn-44286.exe (PID: 5736)
- Unicorn-49038.exe (PID: 5588)
- Unicorn-31218.exe (PID: 5260)
- Unicorn-7337.exe (PID: 1188)
- Unicorn-31432.exe (PID: 7596)
- Unicorn-10938.exe (PID: 516)
- Unicorn-41484.exe (PID: 7568)
- Unicorn-49268.exe (PID: 7348)
- Unicorn-34829.exe (PID: 7832)
- Unicorn-50300.exe (PID: 7916)
- Unicorn-9397.exe (PID: 5984)
- Unicorn-6189.exe (PID: 3008)
- Unicorn-57991.exe (PID: 8044)
- Unicorn-12957.exe (PID: 7852)
- Unicorn-33627.exe (PID: 5964)
- Unicorn-42371.exe (PID: 8092)
- Unicorn-36424.exe (PID: 7516)
- Unicorn-26470.exe (PID: 6512)
- Unicorn-49048.exe (PID: 7212)
- Unicorn-45382.exe (PID: 7828)
- Unicorn-46528.exe (PID: 8248)
- Unicorn-26108.exe (PID: 8240)
- Unicorn-11809.exe (PID: 8272)
- Unicorn-30554.exe (PID: 2092)
- Unicorn-48758.exe (PID: 8292)
- Unicorn-62443.exe (PID: 6080)
- Unicorn-23730.exe (PID: 8348)
- Unicorn-47872.exe (PID: 8448)
- Unicorn-22216.exe (PID: 8320)
- Unicorn-26284.exe (PID: 4932)
- Unicorn-29351.exe (PID: 4220)
- Unicorn-28006.exe (PID: 8436)
- Unicorn-43788.exe (PID: 8464)
- Unicorn-39704.exe (PID: 8404)
- Unicorn-39704.exe (PID: 8400)
- Unicorn-46526.exe (PID: 8568)
- Unicorn-44457.exe (PID: 5408)
- Unicorn-34499.exe (PID: 3896)
- Unicorn-7010.exe (PID: 8540)
- Unicorn-17373.exe (PID: 8512)
- Unicorn-48043.exe (PID: 8612)
- Unicorn-64571.exe (PID: 8692)
- Unicorn-47488.exe (PID: 8664)
- Unicorn-61447.exe (PID: 8740)
- Unicorn-58462.exe (PID: 8812)
- Unicorn-20052.exe (PID: 8780)
- Unicorn-47488.exe (PID: 8656)
- Unicorn-4078.exe (PID: 8728)
- Unicorn-3139.exe (PID: 8804)
- Unicorn-30041.exe (PID: 7944)
- Unicorn-21182.exe (PID: 8884)
- Unicorn-12459.exe (PID: 8912)
- Unicorn-16596.exe (PID: 7628)
- Unicorn-20554.exe (PID: 8964)
- Unicorn-954.exe (PID: 8956)
- Unicorn-41100.exe (PID: 8148)
- Unicorn-12459.exe (PID: 8916)
- Unicorn-20820.exe (PID: 8972)
- Unicorn-3145.exe (PID: 9004)
- Unicorn-5059.exe (PID: 9064)
- Unicorn-57628.exe (PID: 4844)
- Unicorn-58224.exe (PID: 6576)
- Unicorn-26226.exe (PID: 9088)
- Unicorn-47400.exe (PID: 9208)
- Unicorn-23088.exe (PID: 7408)
- Unicorn-55848.exe (PID: 8340)
- Unicorn-14343.exe (PID: 8736)
- Unicorn-23088.exe (PID: 5020)
- Unicorn-47208.exe (PID: 9076)
- Unicorn-27491.exe (PID: 1132)
- Unicorn-60124.exe (PID: 8376)
- Unicorn-38775.exe (PID: 9152)
- Unicorn-60015.exe (PID: 2084)
- Unicorn-40420.exe (PID: 6620)
- Unicorn-52541.exe (PID: 8632)
- Unicorn-59423.exe (PID: 4120)
- Unicorn-34655.exe (PID: 9352)
- Unicorn-60129.exe (PID: 1852)
- Unicorn-15501.exe (PID: 9408)
- Unicorn-48936.exe (PID: 9432)
- Unicorn-46713.exe (PID: 9508)
- Unicorn-50097.exe (PID: 9464)
- Unicorn-6704.exe (PID: 9448)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 1188)
- BackgroundTransferHost.exe (PID: 6656)
- BackgroundTransferHost.exe (PID: 4920)
- BackgroundTransferHost.exe (PID: 472)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 6656)
- WerFault.exe (PID: 10580)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 6656)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 6656)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1.l0 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
532
Monitored processes
395
Malicious processes
59
Suspicious processes
52
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 472 | "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1 | C:\Windows\System32\BackgroundTransferHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Download/Upload Host Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 516 | C:\Users\admin\AppData\Local\Temp\Unicorn-10938.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10938.exe | Unicorn-50144.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 536 | C:\Users\admin\AppData\Local\Temp\Unicorn-34615.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-34615.exe | Unicorn-7726.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 684 | C:\Users\admin\AppData\Local\Temp\Unicorn-56432.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-56432.exe | — | Unicorn-48758.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 960 | C:\Users\admin\AppData\Local\Temp\Unicorn-61710.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61710.exe | Unicorn-20560.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1116 | C:\Users\admin\AppData\Local\Temp\Unicorn-54414.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54414.exe | Unicorn-3616.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1132 | C:\Users\admin\AppData\Local\Temp\Unicorn-27491.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27491.exe | Unicorn-35390.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1180 | C:\Users\admin\AppData\Local\Temp\Unicorn-7726.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-7726.exe | Unicorn-61710.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | "BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.1 | C:\Windows\System32\BackgroundTransferHost.exe | — | svchost.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Download/Upload Host Exit code: 1 Version: 10.0.19041.3636 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-7337.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-7337.exe | Unicorn-47695.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
11 832
Read events
11 817
Write events
15
Delete events
0
Modification events
| (PID) Process: | (1188) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (1188) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (1188) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (6656) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (6656) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (6656) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (4920) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (4920) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (4920) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (472) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
934
Suspicious files
7
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 7752 | Unicorn-20560.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40461.exe | executable | |
MD5:20E3D709B1D626E64610E3F7A907F8B1 | SHA256:D280557BB7883DFAC76952E3F3DE0975342EDA5CAE8DA8A38F0A4BCEC113C261 | |||
| 7540 | 1 (159).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-20560.exe | executable | |
MD5:09FDAE6DEDCE4804DC0AF8F03720CC8D | SHA256:9358E2C3313D009D783209A62330D9901294B9368CFB3E8D3E05A159D00A2516 | |||
| 8184 | Unicorn-50144.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61789.exe | executable | |
MD5:A0BF84657D32D2EC7D497983314B5244 | SHA256:24982F8171348D0947F83E81FADA3887CB9C58911BE63664BC360D5CB1DF9DBD | |||
| 7540 | 1 (159).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52333.exe | executable | |
MD5:045948A485A24017387D377851D16AB2 | SHA256:43A1B9075F995D146A6A14B981F57CC2B3089CE64DF87C024266C1AD47163BD8 | |||
| 7752 | Unicorn-20560.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35390.exe | executable | |
MD5:37D5D821CD2587429410B287AD5A0130 | SHA256:E02F767C948089E1AAFEE905BB187DCAFEC96E4DF6F860572D7B52B2DD21F875 | |||
| 8168 | Unicorn-40461.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-3616.exe | executable | |
MD5:1A372414974F2CC1AEBCEDE49B2D1E06 | SHA256:1313EA4ED4568D1B0572431BCD747608A1B51C4A0ECE089BE2C27362DC7B3E34 | |||
| 7752 | Unicorn-20560.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61710.exe | executable | |
MD5:7A0D3D4529299D86383B589E96D5F275 | SHA256:22B27AF43C9CD999DB83E2BE26BE67773ED81BE2EA853DC1A777D3E8A7C47EFE | |||
| 6668 | Unicorn-3616.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28972.exe | executable | |
MD5:384F5E179C07CFFEDDA87CCC48AD4263 | SHA256:B906D213E85188C3B89A4F954B7D50AABD89017642E4F93AB5831235EA4FAB12 | |||
| 6640 | Unicorn-35390.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42267.exe | executable | |
MD5:603D72947CDB22AAF5BCF4E4C7CF71A3 | SHA256:035934692337898FCE04FDCF3B6FB87971D64E4EB0CFA57D1212409211EC6068 | |||
| 8168 | Unicorn-40461.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15328.exe | executable | |
MD5:822B51647FE5A7DA249084A16371A534 | SHA256:CAAA71AB9F6480B73F2F4BA47691EB7527DBDDBAC674D3F9510D28FE860AF7C0 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
24
DNS requests
18
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
5496 | MoUsoCoreWorker.exe | GET | 200 | 2.16.168.124:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
7576 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
5436 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
5436 | SIHClient.exe | GET | 200 | 23.219.150.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
6656 | BackgroundTransferHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | 2.16.168.124:80 | crl.microsoft.com | Akamai International B.V. | RU | whitelisted |
2564 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 20.190.160.132:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
7576 | backgroundTaskHost.exe | 20.74.47.205:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | FR | whitelisted |
7576 | backgroundTaskHost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.bing.com |
| whitelisted |
www.microsoft.com |
| whitelisted |