| File name: | 1 (1331) |
| Full analysis: | https://app.any.run/tasks/381380c4-d5b7-49f7-b2e5-1b95876024f6 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 12:19:00 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | BFE3188800BFC1C2488E84BCD67AB900 |
| SHA1: | 2825FBAC7E432B22E13264CBBFAC3A2C4A9A7E14 |
| SHA256: | CCEBB535386F7B991594AF9F8928E33EB03FF1044FBD04AE5D0D50A4AAC897C5 |
| SSDEEP: | 12288:oaja5HA5+xGPpf/aCOAeiNh1x4DxmDsR:oa+G5Lpf/Ui |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- Unicorn-22194.exe (PID: 496)
- 1 (1331).exe (PID: 6476)
- Unicorn-36618.exe (PID: 6032)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-18200.exe (PID: 7616)
- Unicorn-4132.exe (PID: 7644)
- Unicorn-5393.exe (PID: 7580)
- Unicorn-38066.exe (PID: 7668)
- Unicorn-33717.exe (PID: 7684)
- Unicorn-31935.exe (PID: 7676)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-57261.exe (PID: 7772)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-44454.exe (PID: 7792)
- Unicorn-59512.exe (PID: 7860)
- Unicorn-4132.exe (PID: 7636)
- Unicorn-58543.exe (PID: 7884)
- Unicorn-468.exe (PID: 7904)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-22206.exe (PID: 7944)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-47723.exe (PID: 7928)
- Unicorn-468.exe (PID: 7920)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-25487.exe (PID: 7936)
- Unicorn-14640.exe (PID: 8096)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-19823.exe (PID: 8128)
- Unicorn-1449.exe (PID: 8120)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-28896.exe (PID: 8160)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-14625.exe (PID: 4696)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-55274.exe (PID: 2432)
- Unicorn-10904.exe (PID: 300)
- Unicorn-54973.exe (PID: 7188)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-59057.exe (PID: 7248)
- Unicorn-54973.exe (PID: 7192)
- Unicorn-59057.exe (PID: 7284)
- Unicorn-33436.exe (PID: 4844)
- Unicorn-23370.exe (PID: 7200)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-48256.exe (PID: 616)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-53857.exe (PID: 1196)
- Unicorn-23370.exe (PID: 5800)
- Unicorn-60017.exe (PID: 7452)
- Unicorn-15756.exe (PID: 7404)
- Unicorn-29491.exe (PID: 4452)
- Unicorn-2055.exe (PID: 7440)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-60764.exe (PID: 7380)
- Unicorn-55039.exe (PID: 2504)
- Unicorn-45518.exe (PID: 2240)
- Unicorn-16738.exe (PID: 1328)
- Unicorn-63286.exe (PID: 5360)
- Unicorn-41169.exe (PID: 2420)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-42010.exe (PID: 5084)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-45524.exe (PID: 5508)
- Unicorn-42756.exe (PID: 6112)
- Unicorn-19927.exe (PID: 4608)
- Unicorn-55009.exe (PID: 7740)
- Unicorn-34610.exe (PID: 8248)
- Unicorn-44786.exe (PID: 8216)
- Unicorn-49284.exe (PID: 5280)
- Unicorn-43354.exe (PID: 1188)
- Unicorn-55612.exe (PID: 8288)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-37625.exe (PID: 8240)
- Unicorn-23318.exe (PID: 8392)
- Unicorn-8635.exe (PID: 8444)
- Unicorn-59197.exe (PID: 8336)
- Unicorn-17571.exe (PID: 8316)
- Unicorn-52845.exe (PID: 8324)
- Unicorn-48377.exe (PID: 8360)
- Unicorn-25010.exe (PID: 8688)
- Unicorn-24086.exe (PID: 8588)
- Unicorn-8112.exe (PID: 8628)
- Unicorn-45430.exe (PID: 8672)
- Unicorn-39893.exe (PID: 8776)
- Unicorn-45793.exe (PID: 8724)
- Unicorn-57490.exe (PID: 8704)
- Unicorn-21288.exe (PID: 8744)
- Unicorn-37070.exe (PID: 8756)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-15563.exe (PID: 8912)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-12.exe (PID: 8972)
- Unicorn-62342.exe (PID: 8964)
- Unicorn-37838.exe (PID: 9012)
- Unicorn-33562.exe (PID: 9084)
- Unicorn-51010.exe (PID: 9092)
- Unicorn-21947.exe (PID: 9148)
- Unicorn-45212.exe (PID: 9104)
- Unicorn-13696.exe (PID: 9076)
- Unicorn-13141.exe (PID: 9068)
- Unicorn-25129.exe (PID: 9036)
- Unicorn-12.exe (PID: 8980)
- Unicorn-18112.exe (PID: 9196)
- Unicorn-15040.exe (PID: 9156)
- Unicorn-41164.exe (PID: 2152)
- Unicorn-36560.exe (PID: 3900)
- Unicorn-22078.exe (PID: 7344)
- Unicorn-33627.exe (PID: 6036)
- Unicorn-64262.exe (PID: 8652)
- Unicorn-60925.exe (PID: 8460)
- Unicorn-63613.exe (PID: 8184)
- Unicorn-61714.exe (PID: 8752)
- Unicorn-41102.exe (PID: 3956)
- Unicorn-41102.exe (PID: 6644)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-4516.exe (PID: 9284)
- Unicorn-14167.exe (PID: 9292)
- Unicorn-17558.exe (PID: 9344)
- Unicorn-1029.exe (PID: 9324)
- Unicorn-21812.exe (PID: 9420)
- Unicorn-20495.exe (PID: 9400)
- Unicorn-25150.exe (PID: 9464)
- Unicorn-5284.exe (PID: 9456)
- Unicorn-43192.exe (PID: 9500)
- Unicorn-25340.exe (PID: 9536)
- Unicorn-63058.exe (PID: 9508)
Executable content was dropped or overwritten
- 1 (1331).exe (PID: 6476)
- Unicorn-22194.exe (PID: 496)
- Unicorn-36618.exe (PID: 6032)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-5393.exe (PID: 7580)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-18200.exe (PID: 7616)
- Unicorn-4132.exe (PID: 7636)
- Unicorn-33717.exe (PID: 7684)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-38066.exe (PID: 7668)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-57261.exe (PID: 7772)
- Unicorn-44454.exe (PID: 7792)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-59512.exe (PID: 7860)
- Unicorn-58543.exe (PID: 7884)
- Unicorn-4132.exe (PID: 7644)
- Unicorn-47723.exe (PID: 7928)
- Unicorn-22206.exe (PID: 7944)
- Unicorn-25487.exe (PID: 7936)
- Unicorn-31935.exe (PID: 7676)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-14640.exe (PID: 8096)
- Unicorn-19823.exe (PID: 8128)
- Unicorn-1449.exe (PID: 8120)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-28896.exe (PID: 8160)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-14625.exe (PID: 4696)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-55274.exe (PID: 2432)
- Unicorn-10904.exe (PID: 300)
- Unicorn-54973.exe (PID: 7188)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-54973.exe (PID: 7192)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-59057.exe (PID: 7284)
- Unicorn-33436.exe (PID: 4844)
- Unicorn-468.exe (PID: 7904)
- Unicorn-23370.exe (PID: 7200)
- Unicorn-59057.exe (PID: 7248)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-53857.exe (PID: 1196)
- Unicorn-60017.exe (PID: 7452)
- Unicorn-15756.exe (PID: 7404)
- Unicorn-29491.exe (PID: 4452)
- Unicorn-23370.exe (PID: 5800)
- Unicorn-60764.exe (PID: 7380)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-55039.exe (PID: 2504)
- Unicorn-468.exe (PID: 7920)
- Unicorn-63286.exe (PID: 5360)
- Unicorn-41169.exe (PID: 2420)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-16738.exe (PID: 1328)
- Unicorn-42010.exe (PID: 5084)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-45524.exe (PID: 5508)
- Unicorn-42756.exe (PID: 6112)
- Unicorn-55009.exe (PID: 7740)
- Unicorn-19927.exe (PID: 4608)
- Unicorn-44786.exe (PID: 8216)
- Unicorn-43354.exe (PID: 1188)
- Unicorn-34610.exe (PID: 8248)
- Unicorn-49284.exe (PID: 5280)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-37625.exe (PID: 8240)
- Unicorn-52845.exe (PID: 8324)
- Unicorn-23318.exe (PID: 8392)
- Unicorn-17571.exe (PID: 8316)
- Unicorn-55612.exe (PID: 8288)
- Unicorn-8635.exe (PID: 8444)
- Unicorn-59197.exe (PID: 8336)
- Unicorn-48377.exe (PID: 8360)
- Unicorn-24086.exe (PID: 8588)
- Unicorn-8112.exe (PID: 8628)
- Unicorn-45430.exe (PID: 8672)
- Unicorn-25010.exe (PID: 8688)
- Unicorn-39893.exe (PID: 8776)
- Unicorn-57490.exe (PID: 8704)
- Unicorn-21288.exe (PID: 8744)
- Unicorn-37070.exe (PID: 8756)
- Unicorn-45793.exe (PID: 8724)
- Unicorn-51029.exe (PID: 8832)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-13717.exe (PID: 8864)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-42860.exe (PID: 8848)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-48256.exe (PID: 616)
- Unicorn-15563.exe (PID: 8912)
- Unicorn-12.exe (PID: 8972)
- Unicorn-2055.exe (PID: 7440)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-62342.exe (PID: 8964)
- Unicorn-33562.exe (PID: 9084)
- Unicorn-12.exe (PID: 8980)
- Unicorn-37838.exe (PID: 9012)
- Unicorn-21947.exe (PID: 9148)
- Unicorn-13696.exe (PID: 9076)
- Unicorn-13141.exe (PID: 9068)
- Unicorn-18112.exe (PID: 9196)
- Unicorn-15040.exe (PID: 9156)
- Unicorn-36560.exe (PID: 3900)
- Unicorn-41429.exe (PID: 7052)
- Unicorn-41164.exe (PID: 2152)
- Unicorn-22078.exe (PID: 7344)
- Unicorn-64262.exe (PID: 8652)
- Unicorn-33627.exe (PID: 6036)
- Unicorn-63613.exe (PID: 8184)
- Unicorn-61714.exe (PID: 8752)
- Unicorn-41102.exe (PID: 3956)
- Unicorn-41102.exe (PID: 6644)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-4516.exe (PID: 9284)
- Unicorn-17558.exe (PID: 9344)
- Unicorn-1029.exe (PID: 9324)
- Unicorn-14167.exe (PID: 9292)
- Unicorn-21812.exe (PID: 9420)
- Unicorn-5284.exe (PID: 9456)
- Unicorn-25150.exe (PID: 9464)
- Unicorn-25340.exe (PID: 9536)
- Unicorn-63058.exe (PID: 9508)
- Unicorn-43192.exe (PID: 9500)
- Unicorn-26110.exe (PID: 9576)
- Unicorn-5497.exe (PID: 9568)
- Unicorn-39478.exe (PID: 9652)
- Unicorn-344.exe (PID: 9624)
- Unicorn-11811.exe (PID: 9592)
- Unicorn-41516.exe (PID: 9644)
- Unicorn-13717.exe (PID: 8872)
- Unicorn-51010.exe (PID: 9092)
- Unicorn-11252.exe (PID: 9732)
- Unicorn-25129.exe (PID: 9036)
- Unicorn-38902.exe (PID: 9760)
- Unicorn-60925.exe (PID: 8460)
- Unicorn-23718.exe (PID: 9816)
- Unicorn-3852.exe (PID: 9800)
- Unicorn-3852.exe (PID: 9808)
- Unicorn-51922.exe (PID: 9856)
- Unicorn-45518.exe (PID: 2240)
- Unicorn-7966.exe (PID: 9896)
- Unicorn-45212.exe (PID: 9104)
- Unicorn-24678.exe (PID: 9956)
- Unicorn-49545.exe (PID: 9964)
- Unicorn-12233.exe (PID: 9988)
- Unicorn-16680.exe (PID: 10040)
- Unicorn-43944.exe (PID: 9980)
- Unicorn-20572.exe (PID: 10076)
- Unicorn-40438.exe (PID: 10084)
- Unicorn-65518.exe (PID: 9912)
- Unicorn-24486.exe (PID: 10000)
- Unicorn-4833.exe (PID: 10136)
- Unicorn-37868.exe (PID: 10224)
- Unicorn-9109.exe (PID: 10176)
- Unicorn-12736.exe (PID: 10208)
- Unicorn-27099.exe (PID: 9384)
- Unicorn-4568.exe (PID: 10120)
- Unicorn-64240.exe (PID: 10128)
- Unicorn-20495.exe (PID: 9400)
- Unicorn-55357.exe (PID: 9712)
- Unicorn-24743.exe (PID: 10396)
- Unicorn-42166.exe (PID: 10252)
- Unicorn-29722.exe (PID: 10312)
- Unicorn-35704.exe (PID: 10328)
- Unicorn-6177.exe (PID: 10372)
- Unicorn-35150.exe (PID: 10356)
- Unicorn-30874.exe (PID: 10424)
- Unicorn-8023.exe (PID: 10532)
- Unicorn-22514.exe (PID: 10464)
- Unicorn-14345.exe (PID: 10484)
- Unicorn-20136.exe (PID: 10628)
- Unicorn-33871.exe (PID: 10636)
- Unicorn-63354.exe (PID: 10440)
- Unicorn-55933.exe (PID: 10492)
- Unicorn-10453.exe (PID: 10388)
- Unicorn-39212.exe (PID: 10516)
- Unicorn-3053.exe (PID: 10596)
- Unicorn-7137.exe (PID: 10588)
- Unicorn-52809.exe (PID: 10580)
- Unicorn-28304.exe (PID: 10564)
- Unicorn-47838.exe (PID: 9868)
- Unicorn-6753.exe (PID: 10704)
- Unicorn-47786.exe (PID: 10688)
- Unicorn-39980.exe (PID: 10840)
- Unicorn-39618.exe (PID: 10760)
- Unicorn-29403.exe (PID: 10768)
- Unicorn-7500.exe (PID: 10784)
- Unicorn-47786.exe (PID: 10696)
- Unicorn-15860.exe (PID: 10660)
- Unicorn-2669.exe (PID: 10712)
- Unicorn-7500.exe (PID: 10788)
- Unicorn-41656.exe (PID: 10680)
- Unicorn-52830.exe (PID: 10988)
- Unicorn-2264.exe (PID: 9676)
- Unicorn-21043.exe (PID: 10876)
- Unicorn-61937.exe (PID: 10924)
- Unicorn-38357.exe (PID: 10812)
- Unicorn-27174.exe (PID: 10884)
- Unicorn-20350.exe (PID: 10932)
- Unicorn-24796.exe (PID: 11024)
- Unicorn-35077.exe (PID: 10860)
- Unicorn-60998.exe (PID: 11052)
- Unicorn-56722.exe (PID: 11140)
- Unicorn-57106.exe (PID: 10892)
- Unicorn-64128.exe (PID: 11196)
- Unicorn-64658.exe (PID: 11204)
- Unicorn-32410.exe (PID: 11120)
- Unicorn-40386.exe (PID: 8516)
- Unicorn-20904.exe (PID: 10940)
- Unicorn-60998.exe (PID: 11056)
- Unicorn-36494.exe (PID: 11096)
- Unicorn-16436.exe (PID: 11276)
- Unicorn-47403.exe (PID: 1272)
- Unicorn-32410.exe (PID: 11128)
- Unicorn-38148.exe (PID: 11308)
- Unicorn-56980.exe (PID: 6108)
- Unicorn-9751.exe (PID: 2084)
- Unicorn-7521.exe (PID: 11228)
- Unicorn-61553.exe (PID: 6208)
- Unicorn-15882.exe (PID: 3020)
Executes application which crashes
- Unicorn-29161.exe (PID: 8172)
- Unicorn-29161.exe (PID: 8176)
- Unicorn-453.exe (PID: 9436)
INFO
Checks supported languages
- 1 (1331).exe (PID: 6476)
- Unicorn-36618.exe (PID: 6032)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-4132.exe (PID: 7644)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-18200.exe (PID: 7616)
- Unicorn-4132.exe (PID: 7636)
- Unicorn-33717.exe (PID: 7684)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-57261.exe (PID: 7772)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-59512.exe (PID: 7860)
- Unicorn-58543.exe (PID: 7884)
- Unicorn-468.exe (PID: 7920)
- Unicorn-22206.exe (PID: 7944)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-25487.exe (PID: 7936)
- Unicorn-1449.exe (PID: 8120)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-28896.exe (PID: 8160)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-10904.exe (PID: 300)
- Unicorn-54973.exe (PID: 7192)
- Unicorn-59057.exe (PID: 7284)
- Unicorn-54973.exe (PID: 7188)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-23370.exe (PID: 5800)
- Unicorn-29491.exe (PID: 4452)
- Unicorn-33436.exe (PID: 4844)
- Unicorn-15756.exe (PID: 7404)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-2055.exe (PID: 7440)
- Unicorn-60764.exe (PID: 7380)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-55039.exe (PID: 2504)
- Unicorn-53857.exe (PID: 1196)
- Unicorn-41169.exe (PID: 2420)
- Unicorn-63286.exe (PID: 5360)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-19927.exe (PID: 4608)
- Unicorn-45524.exe (PID: 5508)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-55009.exe (PID: 7740)
- Unicorn-34610.exe (PID: 8248)
- Unicorn-17571.exe (PID: 8316)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-59197.exe (PID: 8336)
- Unicorn-48377.exe (PID: 8360)
- Unicorn-25010.exe (PID: 8688)
- Unicorn-57490.exe (PID: 8704)
- Unicorn-37070.exe (PID: 8756)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-42860.exe (PID: 8848)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-13717.exe (PID: 8872)
- Unicorn-25129.exe (PID: 9036)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-13141.exe (PID: 9068)
- Unicorn-51010.exe (PID: 9092)
- Unicorn-62342.exe (PID: 8964)
- Unicorn-12.exe (PID: 8980)
- Unicorn-18112.exe (PID: 9196)
- Unicorn-41164.exe (PID: 2152)
- Unicorn-36560.exe (PID: 3900)
- Unicorn-41429.exe (PID: 7052)
- Unicorn-33562.exe (PID: 9084)
- Unicorn-15040.exe (PID: 9156)
- Unicorn-63613.exe (PID: 8184)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-41102.exe (PID: 3956)
- Unicorn-4516.exe (PID: 9284)
- Unicorn-64262.exe (PID: 8652)
- Unicorn-60925.exe (PID: 8460)
- Unicorn-25150.exe (PID: 9464)
- Unicorn-21812.exe (PID: 9420)
- Unicorn-20495.exe (PID: 9400)
- Unicorn-43192.exe (PID: 9500)
- Unicorn-25340.exe (PID: 9536)
- Unicorn-5497.exe (PID: 9568)
- Unicorn-11811.exe (PID: 9592)
- Unicorn-344.exe (PID: 9624)
- Unicorn-63058.exe (PID: 9508)
- Unicorn-11252.exe (PID: 9732)
- Unicorn-55357.exe (PID: 9712)
- Unicorn-38902.exe (PID: 9760)
- Unicorn-3852.exe (PID: 9800)
- Unicorn-39478.exe (PID: 9652)
- Unicorn-41516.exe (PID: 9644)
- Unicorn-2264.exe (PID: 9676)
- Unicorn-47838.exe (PID: 9868)
- Unicorn-7966.exe (PID: 9896)
- Unicorn-65518.exe (PID: 9912)
- Unicorn-12233.exe (PID: 9988)
- Unicorn-24486.exe (PID: 10000)
- Unicorn-16680.exe (PID: 10040)
- Unicorn-4568.exe (PID: 10120)
- Unicorn-20572.exe (PID: 10076)
- Unicorn-40438.exe (PID: 10084)
- Unicorn-24678.exe (PID: 9956)
- Unicorn-12736.exe (PID: 10208)
- Unicorn-37868.exe (PID: 10224)
- Unicorn-9109.exe (PID: 10176)
- Unicorn-35704.exe (PID: 10328)
- Unicorn-6177.exe (PID: 10372)
- Unicorn-42166.exe (PID: 10252)
- Unicorn-24743.exe (PID: 10396)
- Unicorn-30874.exe (PID: 10424)
- Unicorn-22514.exe (PID: 10464)
- Unicorn-39212.exe (PID: 10516)
- Unicorn-8023.exe (PID: 10532)
- Unicorn-28304.exe (PID: 10564)
- Unicorn-3053.exe (PID: 10596)
- Unicorn-7137.exe (PID: 10588)
- Unicorn-14345.exe (PID: 10484)
- Unicorn-41656.exe (PID: 10680)
- Unicorn-47786.exe (PID: 10688)
- Unicorn-2669.exe (PID: 10712)
- Unicorn-33871.exe (PID: 10636)
- Unicorn-38357.exe (PID: 10812)
- Unicorn-7500.exe (PID: 10788)
- Unicorn-29403.exe (PID: 10768)
- Unicorn-57106.exe (PID: 10892)
- Unicorn-27174.exe (PID: 10884)
- Unicorn-21043.exe (PID: 10876)
- Unicorn-20904.exe (PID: 10940)
- Unicorn-52830.exe (PID: 10988)
- Unicorn-60998.exe (PID: 11056)
- Unicorn-20350.exe (PID: 10932)
- Unicorn-36494.exe (PID: 11096)
- Unicorn-32410.exe (PID: 11128)
- Unicorn-32410.exe (PID: 11120)
- Unicorn-56722.exe (PID: 11140)
- Unicorn-7521.exe (PID: 11228)
- Unicorn-61553.exe (PID: 6208)
- Unicorn-47403.exe (PID: 1272)
- Unicorn-40386.exe (PID: 8516)
- Unicorn-19011.exe (PID: 11392)
- Unicorn-25166.exe (PID: 11472)
- Unicorn-16436.exe (PID: 11276)
- Unicorn-54484.exe (PID: 11368)
- Unicorn-38148.exe (PID: 11308)
- Unicorn-53754.exe (PID: 11416)
- Unicorn-8637.exe (PID: 11548)
- Unicorn-1081.exe (PID: 11524)
- Unicorn-57454.exe (PID: 11636)
- Unicorn-44632.exe (PID: 11532)
- Unicorn-51569.exe (PID: 11924)
- Unicorn-61081.exe (PID: 11744)
- Unicorn-9000.exe (PID: 11696)
- Unicorn-30018.exe (PID: 11808)
- Unicorn-16487.exe (PID: 11896)
- Unicorn-40276.exe (PID: 11968)
- Unicorn-21339.exe (PID: 11992)
- Unicorn-23364.exe (PID: 12108)
- Unicorn-27086.exe (PID: 12080)
- Unicorn-23364.exe (PID: 12104)
- Unicorn-42735.exe (PID: 12148)
- Unicorn-30083.exe (PID: 12164)
- Unicorn-58480.exe (PID: 12192)
- Unicorn-18844.exe (PID: 12044)
- Unicorn-12979.exe (PID: 12052)
- Unicorn-13224.exe (PID: 12320)
- Unicorn-5195.exe (PID: 780)
- Unicorn-56997.exe (PID: 4692)
- Unicorn-33090.exe (PID: 12312)
- Unicorn-44885.exe (PID: 12352)
- Unicorn-32706.exe (PID: 12428)
- Unicorn-52861.exe (PID: 12404)
- Unicorn-15415.exe (PID: 12484)
- Unicorn-54086.exe (PID: 12528)
- Unicorn-25284.exe (PID: 12344)
- Unicorn-36358.exe (PID: 12544)
- Unicorn-5762.exe (PID: 12580)
- Unicorn-35180.exe (PID: 12644)
- Unicorn-12891.exe (PID: 12876)
- Unicorn-64693.exe (PID: 12868)
- Unicorn-31082.exe (PID: 12892)
- Unicorn-31082.exe (PID: 12900)
- Unicorn-48916.exe (PID: 12656)
- Unicorn-50740.exe (PID: 13048)
- Unicorn-60438.exe (PID: 13328)
- Unicorn-39826.exe (PID: 4880)
The sample compiled with chinese language support
- 1 (1331).exe (PID: 6476)
- Unicorn-48377.exe (PID: 8360)
- Unicorn-4132.exe (PID: 7644)
- Unicorn-55274.exe (PID: 2432)
- Unicorn-58543.exe (PID: 7884)
- Unicorn-24086.exe (PID: 8588)
- Unicorn-54973.exe (PID: 7188)
- Unicorn-8112.exe (PID: 8628)
- Unicorn-47723.exe (PID: 7928)
- Unicorn-59057.exe (PID: 7248)
- Unicorn-59057.exe (PID: 7284)
- Unicorn-51029.exe (PID: 8832)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-22206.exe (PID: 7944)
- Unicorn-23370.exe (PID: 7200)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-33436.exe (PID: 4844)
- Unicorn-468.exe (PID: 7904)
- Unicorn-13717.exe (PID: 8864)
- Unicorn-42860.exe (PID: 8848)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-54973.exe (PID: 7192)
- Unicorn-15563.exe (PID: 8912)
- Unicorn-12.exe (PID: 8972)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-48256.exe (PID: 616)
- Unicorn-62342.exe (PID: 8964)
- Unicorn-2055.exe (PID: 7440)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-31935.exe (PID: 7676)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-37838.exe (PID: 9012)
- Unicorn-60017.exe (PID: 7452)
- Unicorn-33562.exe (PID: 9084)
- Unicorn-12.exe (PID: 8980)
- Unicorn-21947.exe (PID: 9148)
- Unicorn-13696.exe (PID: 9076)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-22194.exe (PID: 496)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-13141.exe (PID: 9068)
- Unicorn-15040.exe (PID: 9156)
- Unicorn-18112.exe (PID: 9196)
- Unicorn-15756.exe (PID: 7404)
- Unicorn-29491.exe (PID: 4452)
- Unicorn-468.exe (PID: 7920)
- Unicorn-53857.exe (PID: 1196)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-36560.exe (PID: 3900)
- Unicorn-41429.exe (PID: 7052)
- Unicorn-41164.exe (PID: 2152)
- Unicorn-33717.exe (PID: 7684)
- Unicorn-25487.exe (PID: 7936)
- Unicorn-38066.exe (PID: 7668)
- Unicorn-22078.exe (PID: 7344)
- Unicorn-60764.exe (PID: 7380)
- Unicorn-64262.exe (PID: 8652)
- Unicorn-55039.exe (PID: 2504)
- Unicorn-33627.exe (PID: 6036)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-14640.exe (PID: 8096)
- Unicorn-5393.exe (PID: 7580)
- Unicorn-63613.exe (PID: 8184)
- Unicorn-16738.exe (PID: 1328)
- Unicorn-19823.exe (PID: 8128)
- Unicorn-63286.exe (PID: 5360)
- Unicorn-57261.exe (PID: 7772)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-41169.exe (PID: 2420)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-28896.exe (PID: 8160)
- Unicorn-45524.exe (PID: 5508)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-1449.exe (PID: 8120)
- Unicorn-61714.exe (PID: 8752)
- Unicorn-42756.exe (PID: 6112)
- Unicorn-41102.exe (PID: 3956)
- Unicorn-19927.exe (PID: 4608)
- Unicorn-41102.exe (PID: 6644)
- Unicorn-55009.exe (PID: 7740)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-36618.exe (PID: 6032)
- Unicorn-44454.exe (PID: 7792)
- Unicorn-43354.exe (PID: 1188)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-18200.exe (PID: 7616)
- Unicorn-14625.exe (PID: 4696)
- Unicorn-4516.exe (PID: 9284)
- Unicorn-49284.exe (PID: 5280)
- Unicorn-42010.exe (PID: 5084)
- Unicorn-1029.exe (PID: 9324)
- Unicorn-17558.exe (PID: 9344)
- Unicorn-44786.exe (PID: 8216)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-14167.exe (PID: 9292)
- Unicorn-34610.exe (PID: 8248)
- Unicorn-55612.exe (PID: 8288)
- Unicorn-37625.exe (PID: 8240)
- Unicorn-8635.exe (PID: 8444)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-21812.exe (PID: 9420)
- Unicorn-10904.exe (PID: 300)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-23318.exe (PID: 8392)
- Unicorn-4132.exe (PID: 7636)
- Unicorn-59512.exe (PID: 7860)
- Unicorn-25150.exe (PID: 9464)
- Unicorn-5284.exe (PID: 9456)
- Unicorn-59197.exe (PID: 8336)
- Unicorn-63058.exe (PID: 9508)
- Unicorn-26110.exe (PID: 9576)
- Unicorn-43192.exe (PID: 9500)
- Unicorn-45430.exe (PID: 8672)
- Unicorn-25010.exe (PID: 8688)
- Unicorn-39893.exe (PID: 8776)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-25340.exe (PID: 9536)
- Unicorn-45793.exe (PID: 8724)
- Unicorn-57490.exe (PID: 8704)
- Unicorn-39478.exe (PID: 9652)
- Unicorn-344.exe (PID: 9624)
- Unicorn-11811.exe (PID: 9592)
- Unicorn-41516.exe (PID: 9644)
- Unicorn-13717.exe (PID: 8872)
- Unicorn-51010.exe (PID: 9092)
- Unicorn-25129.exe (PID: 9036)
- Unicorn-11252.exe (PID: 9732)
- Unicorn-5497.exe (PID: 9568)
- Unicorn-37070.exe (PID: 8756)
- Unicorn-3852.exe (PID: 9808)
- Unicorn-60925.exe (PID: 8460)
- Unicorn-3852.exe (PID: 9800)
- Unicorn-23718.exe (PID: 9816)
- Unicorn-45518.exe (PID: 2240)
- Unicorn-51922.exe (PID: 9856)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-7966.exe (PID: 9896)
- Unicorn-45212.exe (PID: 9104)
- Unicorn-38902.exe (PID: 9760)
- Unicorn-24486.exe (PID: 10000)
- Unicorn-49545.exe (PID: 9964)
- Unicorn-24678.exe (PID: 9956)
- Unicorn-12233.exe (PID: 9988)
- Unicorn-43944.exe (PID: 9980)
- Unicorn-16680.exe (PID: 10040)
- Unicorn-20572.exe (PID: 10076)
- Unicorn-40438.exe (PID: 10084)
- Unicorn-65518.exe (PID: 9912)
- Unicorn-4833.exe (PID: 10136)
- Unicorn-64240.exe (PID: 10128)
- Unicorn-17571.exe (PID: 8316)
- Unicorn-20495.exe (PID: 9400)
- Unicorn-9109.exe (PID: 10176)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-12736.exe (PID: 10208)
- Unicorn-37868.exe (PID: 10224)
- Unicorn-21288.exe (PID: 8744)
- Unicorn-27099.exe (PID: 9384)
- Unicorn-4568.exe (PID: 10120)
- Unicorn-23370.exe (PID: 5800)
- Unicorn-42166.exe (PID: 10252)
- Unicorn-35704.exe (PID: 10328)
- Unicorn-29722.exe (PID: 10312)
- Unicorn-6177.exe (PID: 10372)
- Unicorn-24743.exe (PID: 10396)
- Unicorn-35150.exe (PID: 10356)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-55357.exe (PID: 9712)
- Unicorn-52845.exe (PID: 8324)
- Unicorn-55933.exe (PID: 10492)
- Unicorn-8023.exe (PID: 10532)
- Unicorn-20136.exe (PID: 10628)
- Unicorn-39212.exe (PID: 10516)
- Unicorn-22514.exe (PID: 10464)
- Unicorn-14345.exe (PID: 10484)
- Unicorn-33871.exe (PID: 10636)
- Unicorn-63354.exe (PID: 10440)
- Unicorn-30874.exe (PID: 10424)
- Unicorn-10453.exe (PID: 10388)
- Unicorn-3053.exe (PID: 10596)
- Unicorn-7137.exe (PID: 10588)
- Unicorn-52809.exe (PID: 10580)
- Unicorn-28304.exe (PID: 10564)
- Unicorn-15860.exe (PID: 10660)
- Unicorn-47838.exe (PID: 9868)
- Unicorn-39980.exe (PID: 10840)
- Unicorn-7500.exe (PID: 10788)
- Unicorn-29403.exe (PID: 10768)
- Unicorn-7500.exe (PID: 10784)
- Unicorn-6753.exe (PID: 10704)
- Unicorn-47786.exe (PID: 10696)
- Unicorn-2669.exe (PID: 10712)
- Unicorn-41656.exe (PID: 10680)
- Unicorn-47786.exe (PID: 10688)
- Unicorn-39618.exe (PID: 10760)
- Unicorn-52830.exe (PID: 10988)
- Unicorn-38357.exe (PID: 10812)
- Unicorn-2264.exe (PID: 9676)
- Unicorn-35077.exe (PID: 10860)
- Unicorn-21043.exe (PID: 10876)
- Unicorn-27174.exe (PID: 10884)
- Unicorn-20350.exe (PID: 10932)
- Unicorn-61937.exe (PID: 10924)
- Unicorn-24796.exe (PID: 11024)
- Unicorn-60998.exe (PID: 11052)
- Unicorn-60998.exe (PID: 11056)
- Unicorn-57106.exe (PID: 10892)
- Unicorn-56722.exe (PID: 11140)
- Unicorn-64128.exe (PID: 11196)
- Unicorn-64658.exe (PID: 11204)
- Unicorn-32410.exe (PID: 11120)
- Unicorn-20904.exe (PID: 10940)
- Unicorn-7521.exe (PID: 11228)
- Unicorn-36494.exe (PID: 11096)
- Unicorn-32410.exe (PID: 11128)
- Unicorn-47403.exe (PID: 1272)
- Unicorn-16436.exe (PID: 11276)
- Unicorn-56980.exe (PID: 6108)
- Unicorn-38148.exe (PID: 11308)
- Unicorn-40386.exe (PID: 8516)
- Unicorn-61553.exe (PID: 6208)
- Unicorn-9751.exe (PID: 2084)
- Unicorn-15882.exe (PID: 3020)
Reads the computer name
- 1 (1331).exe (PID: 6476)
- Unicorn-36618.exe (PID: 6032)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-38066.exe (PID: 7668)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-468.exe (PID: 7904)
- Unicorn-47723.exe (PID: 7928)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-468.exe (PID: 7920)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-14640.exe (PID: 8096)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-29161.exe (PID: 8176)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-14625.exe (PID: 4696)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-23370.exe (PID: 7200)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-15756.exe (PID: 7404)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-45518.exe (PID: 2240)
- Unicorn-16738.exe (PID: 1328)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-34610.exe (PID: 8248)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-37625.exe (PID: 8240)
- Unicorn-8635.exe (PID: 8444)
- Unicorn-45793.exe (PID: 8724)
- Unicorn-25010.exe (PID: 8688)
- Unicorn-39893.exe (PID: 8776)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-13717.exe (PID: 8872)
- Unicorn-13717.exe (PID: 8864)
- Unicorn-15563.exe (PID: 8912)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-51010.exe (PID: 9092)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-13141.exe (PID: 9068)
- Unicorn-45212.exe (PID: 9104)
- Unicorn-13696.exe (PID: 9076)
- Unicorn-18112.exe (PID: 9196)
- Unicorn-36560.exe (PID: 3900)
- Unicorn-25129.exe (PID: 9036)
- Unicorn-41164.exe (PID: 2152)
- Unicorn-33627.exe (PID: 6036)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-25340.exe (PID: 9536)
- Unicorn-453.exe (PID: 9436)
- Unicorn-5284.exe (PID: 9456)
- Unicorn-5497.exe (PID: 9568)
- Unicorn-26110.exe (PID: 9576)
- Unicorn-344.exe (PID: 9624)
- Unicorn-11811.exe (PID: 9592)
Create files in a temporary directory
- Unicorn-36618.exe (PID: 6032)
- Unicorn-29004.exe (PID: 2692)
- Unicorn-18118.exe (PID: 7480)
- Unicorn-4132.exe (PID: 7636)
- Unicorn-63234.exe (PID: 7508)
- Unicorn-38066.exe (PID: 7668)
- Unicorn-9247.exe (PID: 7536)
- Unicorn-22194.exe (PID: 496)
- 1 (1331).exe (PID: 6476)
- Unicorn-5393.exe (PID: 7580)
- Unicorn-57261.exe (PID: 7772)
- Unicorn-57666.exe (PID: 7840)
- Unicorn-28506.exe (PID: 7600)
- Unicorn-58543.exe (PID: 7884)
- Unicorn-4132.exe (PID: 7644)
- Unicorn-22206.exe (PID: 7944)
- Unicorn-47723.exe (PID: 7928)
- Unicorn-31935.exe (PID: 7676)
- Unicorn-25487.exe (PID: 7936)
- Unicorn-14780.exe (PID: 7500)
- Unicorn-62025.exe (PID: 8076)
- Unicorn-14640.exe (PID: 8096)
- Unicorn-9295.exe (PID: 8156)
- Unicorn-48045.exe (PID: 7228)
- Unicorn-14625.exe (PID: 4696)
- Unicorn-4511.exe (PID: 4120)
- Unicorn-4246.exe (PID: 7296)
- Unicorn-25294.exe (PID: 4408)
- Unicorn-59512.exe (PID: 7860)
- Unicorn-55274.exe (PID: 2432)
- Unicorn-54973.exe (PID: 7188)
- Unicorn-23370.exe (PID: 7200)
- Unicorn-58658.exe (PID: 7960)
- Unicorn-33436.exe (PID: 4844)
- Unicorn-468.exe (PID: 7904)
- Unicorn-26691.exe (PID: 7208)
- Unicorn-25487.exe (PID: 7952)
- Unicorn-47172.exe (PID: 4180)
- Unicorn-23370.exe (PID: 5800)
- Unicorn-23370.exe (PID: 7180)
- Unicorn-53857.exe (PID: 1196)
- Unicorn-29491.exe (PID: 4452)
- Unicorn-33717.exe (PID: 7684)
- Unicorn-55039.exe (PID: 2504)
- Unicorn-63286.exe (PID: 5360)
- Unicorn-19823.exe (PID: 8128)
- Unicorn-44646.exe (PID: 7748)
- Unicorn-3691.exe (PID: 1040)
- Unicorn-34226.exe (PID: 5228)
- Unicorn-42756.exe (PID: 6112)
- Unicorn-28896.exe (PID: 8160)
- Unicorn-55009.exe (PID: 7740)
- Unicorn-38324.exe (PID: 7800)
- Unicorn-49284.exe (PID: 5280)
- Unicorn-18200.exe (PID: 7616)
- Unicorn-44454.exe (PID: 7792)
- Unicorn-42010.exe (PID: 5084)
- Unicorn-23318.exe (PID: 8392)
- Unicorn-42778.exe (PID: 8272)
- Unicorn-10904.exe (PID: 300)
- Unicorn-48377.exe (PID: 8360)
- Unicorn-59197.exe (PID: 8336)
- Unicorn-8112.exe (PID: 8628)
- Unicorn-57490.exe (PID: 8704)
- Unicorn-39893.exe (PID: 8776)
- Unicorn-59057.exe (PID: 7212)
- Unicorn-16458.exe (PID: 8812)
- Unicorn-54973.exe (PID: 7192)
- Unicorn-1828.exe (PID: 8920)
- Unicorn-13717.exe (PID: 8864)
- Unicorn-20334.exe (PID: 7912)
- Unicorn-62342.exe (PID: 8964)
- Unicorn-15471.exe (PID: 8896)
- Unicorn-53213.exe (PID: 9052)
- Unicorn-2055.exe (PID: 7440)
- Unicorn-37838.exe (PID: 9012)
- Unicorn-60017.exe (PID: 7452)
- Unicorn-15040.exe (PID: 9156)
- Unicorn-468.exe (PID: 7920)
- Unicorn-36390.exe (PID: 5892)
- Unicorn-22078.exe (PID: 7344)
- Unicorn-1449.exe (PID: 8120)
- Unicorn-61714.exe (PID: 8752)
- Unicorn-41102.exe (PID: 3956)
- Unicorn-19927.exe (PID: 4608)
- Unicorn-62077.exe (PID: 9232)
- Unicorn-55612.exe (PID: 8288)
- Unicorn-25150.exe (PID: 9464)
- Unicorn-5284.exe (PID: 9456)
Creates files or folders in the user directory
- WerFault.exe (PID: 968)
- WerFault.exe (PID: 6240)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:20 00:32:00+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
465
Monitored processes
326
Malicious processes
51
Suspicious processes
54
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 300 | C:\Users\admin\AppData\Local\Temp\Unicorn-10904.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10904.exe | Unicorn-4132.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 496 | C:\Users\admin\AppData\Local\Temp\Unicorn-22194.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22194.exe | 1 (1331).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 | |||||||||||||||
| 616 | C:\Users\admin\AppData\Local\Temp\Unicorn-48256.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-48256.exe | 1 (1331).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 780 | C:\Users\admin\AppData\Local\Temp\Unicorn-5195.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-5195.exe | — | Unicorn-28896.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 968 | C:\WINDOWS\SysWOW64\WerFault.exe -u -p 8172 -s 668 | C:\Windows\SysWOW64\WerFault.exe | — | Unicorn-29161.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Problem Reporting Exit code: 0 Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-3691.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-3691.exe | Unicorn-9295.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1188 | C:\Users\admin\AppData\Local\Temp\Unicorn-43354.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-43354.exe | Unicorn-14625.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1196 | C:\Users\admin\AppData\Local\Temp\Unicorn-53857.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-53857.exe | Unicorn-38066.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1272 | C:\Users\admin\AppData\Local\Temp\Unicorn-47403.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47403.exe | 1 (1331).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1328 | C:\Users\admin\AppData\Local\Temp\Unicorn-16738.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16738.exe | Unicorn-19823.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
10 367
Read events
10 367
Write events
0
Delete events
0
Modification events
Executable files
1 057
Suspicious files
6
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6476 | 1 (1331).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22194.exe | executable | |
MD5:E8DFCE7579ED1AAD15E6437E97DA991F | SHA256:FFF2040223541A86042FD2F1FFE94F1B1555A296B8BE5D0167667F6D384AB7B9 | |||
| 7480 | Unicorn-18118.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-5393.exe | executable | |
MD5:ED89D1A5B4371CF08963A40084DBAD6F | SHA256:564B6B94CF14B5CD3C02730D4BB7D748CE82DBC40FE54A011798E0F48F0B7664 | |||
| 2692 | Unicorn-29004.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-63234.exe | executable | |
MD5:C3C80190DD61C8BDA8C670E21C1423D8 | SHA256:3498BC1D59E5D786BCE96A3C1788A9D0B49926F82DD68B3C6364E2D3FEBFE184 | |||
| 496 | Unicorn-22194.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14780.exe | executable | |
MD5:E4F13EEFF0C7C66648E2093707C040F3 | SHA256:8F5D3ECF257F347824D0501F8DA27ABA5DDABD023AB0EAB9BFBD53CF07DBA72E | |||
| 7536 | Unicorn-9247.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-38066.exe | executable | |
MD5:FF27D842E3C7444F0B4603405945DDD9 | SHA256:EDE3BBB0265203219AFD47E708C8B7AAFDD54021A8E7D0A8B496BF7DCFFE22EE | |||
| 6032 | Unicorn-36618.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28506.exe | executable | |
MD5:ED0FDF751EEB2F60B9A188696BF31378 | SHA256:141534F0FA2A410F5D6E7393C09E836ACC5464D575587E360A57732F1DEEE4EB | |||
| 6476 | 1 (1331).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-9247.exe | executable | |
MD5:D129D49C678B4E8F271F892880B07039 | SHA256:6695D545C581F0A11AC2DA0EDCB59CD0F14A6B7B6660DC0FE7979DC5D233DE49 | |||
| 7500 | Unicorn-14780.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4132.exe | executable | |
MD5:ABBCF0BDAF33DDC82D2EDD6ACA1F4C04 | SHA256:7BDCA2A9902385CFD1128C1EFE13F26CA185E421F5748B6ADEA777283E7B224C | |||
| 496 | Unicorn-22194.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-31935.exe | executable | |
MD5:DB5257C55A7D6F65F72AE69B66D256A7 | SHA256:DBB040BAB00EF17DFF24023E3794B26F8475C918DD38BDB89C9CEAE365F6E10E | |||
| 6476 | 1 (1331).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29004.exe | executable | |
MD5:A4DA1FC864356AF608052BD183F4A057 | SHA256:D824205073CDC4A008B735673A83E489F898237F59C1998D0438C71D62E30496 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
22
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 2.16.164.51:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
— | — | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
8296 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
3020 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8296 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 51.124.78.146:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.16.164.51:80 | crl.microsoft.com | Akamai International B.V. | NL | whitelisted |
3216 | svchost.exe | 40.113.110.67:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 20.190.160.67:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
2432 | RUXIMICS.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 20.190.160.67:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
2104 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3020 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |
activation-v2.sls.microsoft.com |
| whitelisted |