| File name: | 1 (19) |
| Full analysis: | https://app.any.run/tasks/01839af0-28ee-4c10-9d6f-2502a8705796 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 16:25:24 |
| OS: | Windows 10 Professional (build: 19044, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 0C2EA7B2F93D328C26683AADBBBE3B80 |
| SHA1: | A552AB551FA2570AFD73FC6F789FE4C802ABE0C2 |
| SHA256: | D81BC64FF1328F1C67A1714C5E068B789AC97767D0CEEA9E3212548C5C2D5A62 |
| SSDEEP: | 6144:S74nAKIBMDbHAkRXTZeMvvfC4KBqlvJGBmIW2eMdak/8SwjwpyivEhCs5UtAsRGa:S0AxUHAkBTYDBMhamz2eMdqx4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (19).exe (PID: 5548)
- Unicorn-30519.exe (PID: 2904)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-61123.exe (PID: 6032)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-18488.exe (PID: 728)
- Unicorn-2706.exe (PID: 668)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-28083.exe (PID: 6752)
- Unicorn-22307.exe (PID: 5384)
- Unicorn-41958.exe (PID: 4464)
- Unicorn-12606.exe (PID: 736)
- Unicorn-40226.exe (PID: 1240)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-37080.exe (PID: 7260)
- Unicorn-42233.exe (PID: 7240)
- Unicorn-14844.exe (PID: 7184)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-35457.exe (PID: 7324)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-57339.exe (PID: 7316)
- Unicorn-10438.exe (PID: 7292)
- Unicorn-63204.exe (PID: 7300)
- Unicorn-13941.exe (PID: 7424)
- Unicorn-62165.exe (PID: 7468)
- Unicorn-10412.exe (PID: 7444)
- Unicorn-21088.exe (PID: 7516)
- Unicorn-12535.exe (PID: 7588)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-19997.exe (PID: 7560)
- Unicorn-16080.exe (PID: 7460)
- Unicorn-16250.exe (PID: 7492)
- Unicorn-61087.exe (PID: 7544)
- Unicorn-61113.exe (PID: 7608)
- Unicorn-64642.exe (PID: 7648)
- Unicorn-53459.exe (PID: 7628)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-33130.exe (PID: 7724)
- Unicorn-12104.exe (PID: 7700)
- Unicorn-19718.exe (PID: 7672)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-25364.exe (PID: 7816)
- Unicorn-46531.exe (PID: 7772)
- Unicorn-58036.exe (PID: 7760)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-13038.exe (PID: 7920)
- Unicorn-25364.exe (PID: 7800)
- Unicorn-7173.exe (PID: 7940)
- Unicorn-53375.exe (PID: 7892)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-19334.exe (PID: 7852)
- Unicorn-19334.exe (PID: 7864)
- Unicorn-4373.exe (PID: 7880)
- Unicorn-38938.exe (PID: 7984)
- Unicorn-19233.exe (PID: 7792)
- Unicorn-50838.exe (PID: 8052)
- Unicorn-61309.exe (PID: 8084)
- Unicorn-43812.exe (PID: 8028)
- Unicorn-43236.exe (PID: 8100)
- Unicorn-12601.exe (PID: 8108)
- Unicorn-21747.exe (PID: 8076)
- Unicorn-51103.exe (PID: 8068)
- Unicorn-23370.exe (PID: 8092)
- Unicorn-63007.exe (PID: 4988)
- Unicorn-61876.exe (PID: 968)
- Unicorn-56514.exe (PID: 8200)
- Unicorn-57216.exe (PID: 1244)
- Unicorn-37241.exe (PID: 4944)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-50392.exe (PID: 1452)
- Unicorn-17397.exe (PID: 8216)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-46278.exe (PID: 8264)
- Unicorn-47507.exe (PID: 8384)
- Unicorn-23688.exe (PID: 8340)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-46146.exe (PID: 8308)
- Unicorn-11435.exe (PID: 8332)
- Unicorn-56723.exe (PID: 8412)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-56260.exe (PID: 8444)
- Unicorn-24456.exe (PID: 8468)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-31975.exe (PID: 8496)
- Unicorn-42738.exe (PID: 8568)
- Unicorn-6941.exe (PID: 8648)
- Unicorn-17064.exe (PID: 8552)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-20756.exe (PID: 8836)
- Unicorn-28239.exe (PID: 8596)
- Unicorn-25970.exe (PID: 8664)
- Unicorn-9058.exe (PID: 8724)
- Unicorn-28239.exe (PID: 8604)
- Unicorn-33562.exe (PID: 8756)
- Unicorn-6941.exe (PID: 8656)
- Unicorn-12265.exe (PID: 8872)
- Unicorn-53428.exe (PID: 8768)
- Unicorn-44575.exe (PID: 8916)
- Unicorn-16864.exe (PID: 8952)
- Unicorn-53428.exe (PID: 8776)
- Unicorn-18709.exe (PID: 8828)
- Unicorn-25760.exe (PID: 8980)
- Unicorn-37284.exe (PID: 8864)
- Unicorn-54580.exe (PID: 9020)
- Unicorn-62535.exe (PID: 8944)
- Unicorn-53428.exe (PID: 8784)
- Unicorn-54315.exe (PID: 9004)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-47159.exe (PID: 9036)
- Unicorn-54580.exe (PID: 9012)
- Unicorn-12970.exe (PID: 9112)
- Unicorn-15777.exe (PID: 9096)
- Unicorn-30822.exe (PID: 9120)
- Unicorn-54990.exe (PID: 8584)
- Unicorn-22270.exe (PID: 1088)
- Unicorn-29945.exe (PID: 9144)
- Unicorn-5498.exe (PID: 9156)
- Unicorn-5763.exe (PID: 9168)
- Unicorn-10615.exe (PID: 8512)
- Unicorn-55540.exe (PID: 8180)
- Unicorn-2426.exe (PID: 4424)
- Unicorn-38057.exe (PID: 2504)
- Unicorn-21415.exe (PID: 2192)
- Unicorn-51072.exe (PID: 2088)
- Unicorn-39972.exe (PID: 9288)
- Unicorn-14123.exe (PID: 1012)
- Unicorn-60563.exe (PID: 9336)
- Unicorn-56116.exe (PID: 9264)
- Unicorn-64019.exe (PID: 9360)
- Unicorn-39950.exe (PID: 9320)
- Unicorn-27890.exe (PID: 9352)
Executable content was dropped or overwritten
- 1 (19).exe (PID: 5548)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-30519.exe (PID: 2904)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-61123.exe (PID: 6032)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-18488.exe (PID: 728)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-2706.exe (PID: 668)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-22307.exe (PID: 5384)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-28083.exe (PID: 6752)
- Unicorn-41958.exe (PID: 4464)
- Unicorn-12606.exe (PID: 736)
- Unicorn-40226.exe (PID: 1240)
- Unicorn-14844.exe (PID: 7184)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-37080.exe (PID: 7260)
- Unicorn-42233.exe (PID: 7240)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-10438.exe (PID: 7292)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-63204.exe (PID: 7300)
- Unicorn-13941.exe (PID: 7424)
- Unicorn-62165.exe (PID: 7468)
- Unicorn-10412.exe (PID: 7444)
- Unicorn-16250.exe (PID: 7492)
- Unicorn-16080.exe (PID: 7460)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-21088.exe (PID: 7516)
- Unicorn-19997.exe (PID: 7560)
- Unicorn-12535.exe (PID: 7588)
- Unicorn-61087.exe (PID: 7544)
- Unicorn-61113.exe (PID: 7608)
- Unicorn-64642.exe (PID: 7648)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-53459.exe (PID: 7628)
- Unicorn-33130.exe (PID: 7724)
- Unicorn-12104.exe (PID: 7700)
- Unicorn-19718.exe (PID: 7672)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-25364.exe (PID: 7816)
- Unicorn-58036.exe (PID: 7760)
- Unicorn-53375.exe (PID: 7892)
- Unicorn-57339.exe (PID: 7316)
- Unicorn-25364.exe (PID: 7800)
- Unicorn-4373.exe (PID: 7880)
- Unicorn-19334.exe (PID: 7864)
- Unicorn-19334.exe (PID: 7852)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-19233.exe (PID: 7792)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-35457.exe (PID: 7324)
- Unicorn-50838.exe (PID: 8052)
- Unicorn-61309.exe (PID: 8084)
- Unicorn-51103.exe (PID: 8068)
- Unicorn-43812.exe (PID: 8028)
- Unicorn-12601.exe (PID: 8108)
- Unicorn-21747.exe (PID: 8076)
- Unicorn-43236.exe (PID: 8100)
- Unicorn-57216.exe (PID: 1244)
- Unicorn-23370.exe (PID: 8092)
- Unicorn-61876.exe (PID: 968)
- Unicorn-56514.exe (PID: 8200)
- Unicorn-63007.exe (PID: 4988)
- Unicorn-37241.exe (PID: 4944)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-17397.exe (PID: 8216)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-50392.exe (PID: 1452)
- Unicorn-46278.exe (PID: 8264)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-47507.exe (PID: 8384)
- Unicorn-23688.exe (PID: 8340)
- Unicorn-11435.exe (PID: 8332)
- Unicorn-56723.exe (PID: 8412)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-46146.exe (PID: 8308)
- Unicorn-56260.exe (PID: 8444)
- Unicorn-24456.exe (PID: 8468)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-46531.exe (PID: 7772)
- Unicorn-42738.exe (PID: 8568)
- Unicorn-31975.exe (PID: 8496)
- Unicorn-6941.exe (PID: 8648)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-31638.exe (PID: 8676)
- Unicorn-17064.exe (PID: 8552)
- Unicorn-25970.exe (PID: 8664)
- Unicorn-20756.exe (PID: 8836)
- Unicorn-6941.exe (PID: 8656)
- Unicorn-54990.exe (PID: 8584)
- Unicorn-28239.exe (PID: 8604)
- Unicorn-33562.exe (PID: 8756)
- Unicorn-53428.exe (PID: 8776)
- Unicorn-9058.exe (PID: 8724)
- Unicorn-16864.exe (PID: 8952)
- Unicorn-53428.exe (PID: 8784)
- Unicorn-12265.exe (PID: 8872)
- Unicorn-44575.exe (PID: 8916)
- Unicorn-25760.exe (PID: 8980)
- Unicorn-18709.exe (PID: 8828)
- Unicorn-62535.exe (PID: 8944)
- Unicorn-37284.exe (PID: 8864)
- Unicorn-54315.exe (PID: 9004)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-12970.exe (PID: 9112)
- Unicorn-15777.exe (PID: 9096)
- Unicorn-30822.exe (PID: 9120)
- Unicorn-13038.exe (PID: 7920)
- Unicorn-5763.exe (PID: 9168)
- Unicorn-11885.exe (PID: 9176)
- Unicorn-22270.exe (PID: 1088)
- Unicorn-10615.exe (PID: 8512)
- Unicorn-55540.exe (PID: 8180)
- Unicorn-14123.exe (PID: 1012)
- Unicorn-38057.exe (PID: 2504)
- Unicorn-2426.exe (PID: 4424)
- Unicorn-39972.exe (PID: 9288)
- Unicorn-56116.exe (PID: 9264)
- Unicorn-60563.exe (PID: 9336)
- Unicorn-39950.exe (PID: 9320)
- Unicorn-64019.exe (PID: 9360)
- Unicorn-42586.exe (PID: 9388)
- Unicorn-27890.exe (PID: 9352)
- Unicorn-38938.exe (PID: 7984)
- Unicorn-28239.exe (PID: 8596)
- Unicorn-37750.exe (PID: 9444)
- Unicorn-53428.exe (PID: 8768)
- Unicorn-5498.exe (PID: 9156)
- Unicorn-64314.exe (PID: 9516)
- Unicorn-12313.exe (PID: 9492)
- Unicorn-29945.exe (PID: 9144)
- Unicorn-41856.exe (PID: 9540)
- Unicorn-55452.exe (PID: 9620)
- Unicorn-21628.exe (PID: 9468)
- Unicorn-54580.exe (PID: 9020)
- Unicorn-47159.exe (PID: 9036)
- Unicorn-42743.exe (PID: 9600)
- Unicorn-51072.exe (PID: 2088)
- Unicorn-65082.exe (PID: 9652)
- Unicorn-33064.exe (PID: 9680)
- Unicorn-1783.exe (PID: 9672)
- Unicorn-36354.exe (PID: 9720)
- Unicorn-35032.exe (PID: 9752)
- Unicorn-55260.exe (PID: 9580)
- Unicorn-43754.exe (PID: 9632)
- Unicorn-21415.exe (PID: 2192)
- Unicorn-31140.exe (PID: 9804)
- Unicorn-61958.exe (PID: 9820)
- Unicorn-52520.exe (PID: 9860)
- Unicorn-7173.exe (PID: 7940)
- Unicorn-61435.exe (PID: 9884)
- Unicorn-2166.exe (PID: 9920)
- Unicorn-27632.exe (PID: 9928)
- Unicorn-56988.exe (PID: 9900)
- Unicorn-48991.exe (PID: 10012)
- Unicorn-51259.exe (PID: 9988)
- Unicorn-52966.exe (PID: 10052)
- Unicorn-36629.exe (PID: 10100)
- Unicorn-47450.exe (PID: 10132)
- Unicorn-54580.exe (PID: 9012)
- Unicorn-48052.exe (PID: 9952)
- Unicorn-28186.exe (PID: 9960)
- Unicorn-48991.exe (PID: 10020)
- Unicorn-46080.exe (PID: 9536)
- Unicorn-41347.exe (PID: 7036)
- Unicorn-37528.exe (PID: 9716)
- Unicorn-35866.exe (PID: 9568)
- Unicorn-39426.exe (PID: 10292)
- Unicorn-11186.exe (PID: 10384)
- Unicorn-11186.exe (PID: 10188)
- Unicorn-43842.exe (PID: 5892)
- Unicorn-51835.exe (PID: 10504)
- Unicorn-9162.exe (PID: 9244)
- Unicorn-64087.exe (PID: 10468)
- Unicorn-30289.exe (PID: 10412)
- Unicorn-52816.exe (PID: 11212)
- Unicorn-26776.exe (PID: 10512)
- Unicorn-41503.exe (PID: 10356)
- Unicorn-31052.exe (PID: 10400)
- Unicorn-21741.exe (PID: 10444)
- Unicorn-27522.exe (PID: 10568)
- Unicorn-52987.exe (PID: 10668)
- Unicorn-60278.exe (PID: 10684)
- Unicorn-4008.exe (PID: 10856)
- Unicorn-55810.exe (PID: 10872)
- Unicorn-50210.exe (PID: 10848)
- Unicorn-18970.exe (PID: 10484)
- Unicorn-52027.exe (PID: 10584)
- Unicorn-23579.exe (PID: 10708)
- Unicorn-8083.exe (PID: 11088)
- Unicorn-48348.exe (PID: 10644)
- Unicorn-45552.exe (PID: 10784)
- Unicorn-7315.exe (PID: 10692)
- Unicorn-11098.exe (PID: 11008)
- Unicorn-41258.exe (PID: 10576)
- Unicorn-46302.exe (PID: 10624)
- Unicorn-27522.exe (PID: 10560)
- Unicorn-1185.exe (PID: 10716)
- Unicorn-60176.exe (PID: 10916)
- Unicorn-37964.exe (PID: 10812)
- Unicorn-24612.exe (PID: 11104)
- Unicorn-20336.exe (PID: 10964)
- Unicorn-8275.exe (PID: 11164)
- Unicorn-3615.exe (PID: 11236)
- Unicorn-2774.exe (PID: 10932)
- Unicorn-43880.exe (PID: 11016)
- Unicorn-61923.exe (PID: 10924)
- Unicorn-61383.exe (PID: 10080)
- Unicorn-56023.exe (PID: 5164)
- Unicorn-7321.exe (PID: 10992)
- Unicorn-62446.exe (PID: 10940)
- Unicorn-3816.exe (PID: 10800)
- Unicorn-55618.exe (PID: 10820)
- Unicorn-46895.exe (PID: 10828)
- Unicorn-59815.exe (PID: 10700)
- Unicorn-15986.exe (PID: 10972)
- Unicorn-46080.exe (PID: 10676)
- Unicorn-57476.exe (PID: 11148)
- Unicorn-2738.exe (PID: 11256)
- Unicorn-14803.exe (PID: 9840)
- Unicorn-19952.exe (PID: 11184)
- Unicorn-52816.exe (PID: 11204)
- Unicorn-34817.exe (PID: 11128)
INFO
Checks supported languages
- Unicorn-30519.exe (PID: 2904)
- 1 (19).exe (PID: 5548)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-61123.exe (PID: 6032)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-22307.exe (PID: 5384)
- Unicorn-2706.exe (PID: 668)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-18488.exe (PID: 728)
- Unicorn-41958.exe (PID: 4464)
- Unicorn-28083.exe (PID: 6752)
- Unicorn-12606.exe (PID: 736)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-10438.exe (PID: 7292)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-62165.exe (PID: 7468)
- Unicorn-16080.exe (PID: 7460)
- Unicorn-21088.exe (PID: 7516)
- Unicorn-61087.exe (PID: 7544)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-58036.exe (PID: 7760)
- Unicorn-46531.exe (PID: 7772)
- Unicorn-12535.exe (PID: 7588)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-64642.exe (PID: 7648)
- Unicorn-19718.exe (PID: 7672)
- Unicorn-33130.exe (PID: 7724)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-25364.exe (PID: 7800)
- Unicorn-19334.exe (PID: 7852)
- Unicorn-53375.exe (PID: 7892)
- Unicorn-19334.exe (PID: 7864)
- Unicorn-4373.exe (PID: 7880)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-38938.exe (PID: 7984)
- Unicorn-43812.exe (PID: 8028)
- Unicorn-50838.exe (PID: 8052)
- Unicorn-7173.exe (PID: 7940)
- Unicorn-37241.exe (PID: 4944)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-61309.exe (PID: 8084)
- Unicorn-43236.exe (PID: 8100)
- Unicorn-17397.exe (PID: 8216)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-56514.exe (PID: 8200)
- Unicorn-11435.exe (PID: 8332)
- Unicorn-47507.exe (PID: 8384)
- Unicorn-24456.exe (PID: 8468)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-31975.exe (PID: 8496)
- Unicorn-17064.exe (PID: 8552)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-56260.exe (PID: 8444)
- Unicorn-28239.exe (PID: 8604)
- Unicorn-53428.exe (PID: 8768)
- Unicorn-53428.exe (PID: 8784)
- Unicorn-53428.exe (PID: 8776)
- Unicorn-31638.exe (PID: 8676)
- Unicorn-20756.exe (PID: 8836)
- Unicorn-12265.exe (PID: 8872)
- Unicorn-44575.exe (PID: 8916)
- Unicorn-25760.exe (PID: 8980)
- Unicorn-47159.exe (PID: 9036)
- Unicorn-54580.exe (PID: 9020)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-62535.exe (PID: 8944)
- Unicorn-16864.exe (PID: 8952)
- Unicorn-12970.exe (PID: 9112)
- Unicorn-5498.exe (PID: 9156)
- Unicorn-11885.exe (PID: 9176)
- Unicorn-5763.exe (PID: 9168)
- Unicorn-30822.exe (PID: 9120)
- Unicorn-14123.exe (PID: 1012)
- Unicorn-55540.exe (PID: 8180)
- Unicorn-51072.exe (PID: 2088)
- Unicorn-9162.exe (PID: 9244)
- Unicorn-56116.exe (PID: 9264)
- Unicorn-64019.exe (PID: 9360)
- Unicorn-42586.exe (PID: 9388)
- Unicorn-39972.exe (PID: 9288)
- Unicorn-27890.exe (PID: 9352)
- Unicorn-37750.exe (PID: 9444)
- Unicorn-64314.exe (PID: 9516)
- Unicorn-42743.exe (PID: 9600)
- Unicorn-55452.exe (PID: 9620)
- Unicorn-43754.exe (PID: 9632)
- Unicorn-65082.exe (PID: 9652)
- Unicorn-41856.exe (PID: 9540)
- Unicorn-33064.exe (PID: 9680)
- Unicorn-35032.exe (PID: 9752)
- Unicorn-31140.exe (PID: 9804)
- Unicorn-1783.exe (PID: 9672)
- Unicorn-36354.exe (PID: 9720)
- Unicorn-52520.exe (PID: 9860)
- Unicorn-56988.exe (PID: 9900)
- Unicorn-61958.exe (PID: 9820)
- Unicorn-14803.exe (PID: 9840)
- Unicorn-48052.exe (PID: 9952)
- Unicorn-48991.exe (PID: 10020)
- Unicorn-52966.exe (PID: 10052)
- Unicorn-61383.exe (PID: 10080)
- Unicorn-47450.exe (PID: 10132)
- Unicorn-43842.exe (PID: 5892)
- Unicorn-46080.exe (PID: 9536)
- Unicorn-35866.exe (PID: 9568)
- Unicorn-37528.exe (PID: 9716)
- Unicorn-41347.exe (PID: 7036)
- Unicorn-11186.exe (PID: 10188)
- Unicorn-41503.exe (PID: 10356)
- Unicorn-21741.exe (PID: 10444)
- Unicorn-11186.exe (PID: 10384)
- Unicorn-31052.exe (PID: 10400)
- Unicorn-64087.exe (PID: 10468)
- Unicorn-26776.exe (PID: 10512)
- Unicorn-51835.exe (PID: 10504)
- Unicorn-6910.exe (PID: 10520)
- Unicorn-27522.exe (PID: 10568)
- Unicorn-27522.exe (PID: 10560)
- Unicorn-41258.exe (PID: 10576)
- Unicorn-48348.exe (PID: 10644)
- Unicorn-46302.exe (PID: 10624)
- Unicorn-46080.exe (PID: 10676)
- Unicorn-7315.exe (PID: 10692)
- Unicorn-59815.exe (PID: 10700)
- Unicorn-45552.exe (PID: 10784)
- Unicorn-52987.exe (PID: 10668)
- Unicorn-60278.exe (PID: 10684)
- Unicorn-52027.exe (PID: 10584)
- Unicorn-4008.exe (PID: 10856)
- Unicorn-55810.exe (PID: 10872)
- Unicorn-62446.exe (PID: 10940)
- Unicorn-60176.exe (PID: 10916)
- Unicorn-20336.exe (PID: 10964)
- Unicorn-46895.exe (PID: 10828)
- Unicorn-15986.exe (PID: 10972)
- Unicorn-34817.exe (PID: 11128)
- Unicorn-11098.exe (PID: 11008)
- Unicorn-8275.exe (PID: 11164)
- Unicorn-52816.exe (PID: 11212)
- Unicorn-3615.exe (PID: 11236)
- Unicorn-52816.exe (PID: 11204)
- Unicorn-2738.exe (PID: 11256)
- Unicorn-3807.exe (PID: 6988)
- Unicorn-49479.exe (PID: 3968)
- Unicorn-21104.exe (PID: 6228)
- Unicorn-27417.exe (PID: 6136)
- Unicorn-4959.exe (PID: 4980)
- Unicorn-3422.exe (PID: 1672)
- Unicorn-25358.exe (PID: 6876)
- Unicorn-45224.exe (PID: 11292)
- Unicorn-45224.exe (PID: 11276)
- Unicorn-29464.exe (PID: 6112)
- Unicorn-5130.exe (PID: 11396)
- Unicorn-33667.exe (PID: 11816)
- Unicorn-3105.exe (PID: 11756)
- Unicorn-9619.exe (PID: 11556)
- Unicorn-28185.exe (PID: 11608)
- Unicorn-39194.exe (PID: 11332)
- Unicorn-38108.exe (PID: 11848)
- Unicorn-22832.exe (PID: 11912)
- Unicorn-63864.exe (PID: 11944)
- Unicorn-22701.exe (PID: 12096)
- Unicorn-44238.exe (PID: 11856)
- Unicorn-56086.exe (PID: 12276)
- Unicorn-58327.exe (PID: 11736)
- Unicorn-6525.exe (PID: 11716)
- Unicorn-28919.exe (PID: 7640)
- Unicorn-574.exe (PID: 12296)
- Unicorn-56656.exe (PID: 12208)
- Unicorn-16548.exe (PID: 12376)
- Unicorn-16548.exe (PID: 12352)
- Unicorn-16548.exe (PID: 12364)
- Unicorn-19.exe (PID: 12344)
- Unicorn-41052.exe (PID: 12328)
- Unicorn-42758.exe (PID: 12476)
- Unicorn-211.exe (PID: 12444)
- Unicorn-58540.exe (PID: 12496)
- Unicorn-54648.exe (PID: 12520)
- Unicorn-12774.exe (PID: 12548)
- Unicorn-5426.exe (PID: 12564)
- Unicorn-55534.exe (PID: 12420)
- Unicorn-19022.exe (PID: 12740)
- Unicorn-16421.exe (PID: 12716)
- Unicorn-7677.exe (PID: 12764)
- Unicorn-7677.exe (PID: 12772)
- Unicorn-36458.exe (PID: 12828)
- Unicorn-9723.exe (PID: 12796)
- Unicorn-22560.exe (PID: 12604)
- Unicorn-55779.exe (PID: 12636)
- Unicorn-26212.exe (PID: 12668)
- Unicorn-23106.exe (PID: 12692)
- Unicorn-38565.exe (PID: 12708)
- Unicorn-24066.exe (PID: 12996)
- Unicorn-56216.exe (PID: 12872)
- Unicorn-7346.exe (PID: 12940)
- Unicorn-18175.exe (PID: 12908)
- Unicorn-36355.exe (PID: 12168)
Reads the computer name
- 1 (19).exe (PID: 5548)
- Unicorn-30519.exe (PID: 2904)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-18488.exe (PID: 728)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-2706.exe (PID: 668)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-14844.exe (PID: 7184)
- Unicorn-12606.exe (PID: 736)
- Unicorn-40226.exe (PID: 1240)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-10412.exe (PID: 7444)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-37080.exe (PID: 7260)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-13038.exe (PID: 7920)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-19334.exe (PID: 7864)
- Unicorn-25364.exe (PID: 7816)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-43236.exe (PID: 8100)
- Unicorn-12601.exe (PID: 8108)
- Unicorn-51103.exe (PID: 8068)
- Unicorn-57216.exe (PID: 1244)
- Unicorn-56514.exe (PID: 8200)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-46278.exe (PID: 8264)
- Unicorn-46146.exe (PID: 8308)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-24456.exe (PID: 8468)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-44575.exe (PID: 8916)
- Unicorn-28239.exe (PID: 8596)
- Unicorn-53428.exe (PID: 8768)
- Unicorn-18709.exe (PID: 8828)
- Unicorn-62535.exe (PID: 8944)
- Unicorn-25760.exe (PID: 8980)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-12970.exe (PID: 9112)
- Unicorn-15777.exe (PID: 9096)
- Unicorn-22270.exe (PID: 1088)
- Unicorn-29945.exe (PID: 9144)
- Unicorn-2426.exe (PID: 4424)
- Unicorn-21415.exe (PID: 2192)
- Unicorn-51072.exe (PID: 2088)
- Unicorn-39972.exe (PID: 9288)
- Unicorn-56116.exe (PID: 9264)
- Unicorn-39950.exe (PID: 9320)
- Unicorn-27890.exe (PID: 9352)
The sample compiled with chinese language support
- 1 (19).exe (PID: 5548)
- Unicorn-21088.exe (PID: 7516)
- Unicorn-61087.exe (PID: 7544)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-53459.exe (PID: 7628)
- Unicorn-64642.exe (PID: 7648)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-18488.exe (PID: 728)
- Unicorn-33130.exe (PID: 7724)
- Unicorn-19718.exe (PID: 7672)
- Unicorn-61123.exe (PID: 6032)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-12104.exe (PID: 7700)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-25364.exe (PID: 7816)
- Unicorn-58036.exe (PID: 7760)
- Unicorn-42233.exe (PID: 7240)
- Unicorn-25364.exe (PID: 7800)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-57339.exe (PID: 7316)
- Unicorn-2706.exe (PID: 668)
- Unicorn-53375.exe (PID: 7892)
- Unicorn-37080.exe (PID: 7260)
- Unicorn-19334.exe (PID: 7852)
- Unicorn-63204.exe (PID: 7300)
- Unicorn-19334.exe (PID: 7864)
- Unicorn-4373.exe (PID: 7880)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-30519.exe (PID: 2904)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-19233.exe (PID: 7792)
- Unicorn-10438.exe (PID: 7292)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-28083.exe (PID: 6752)
- Unicorn-43812.exe (PID: 8028)
- Unicorn-35457.exe (PID: 7324)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-50838.exe (PID: 8052)
- Unicorn-61309.exe (PID: 8084)
- Unicorn-62165.exe (PID: 7468)
- Unicorn-13941.exe (PID: 7424)
- Unicorn-43236.exe (PID: 8100)
- Unicorn-12601.exe (PID: 8108)
- Unicorn-21747.exe (PID: 8076)
- Unicorn-51103.exe (PID: 8068)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-16250.exe (PID: 7492)
- Unicorn-10412.exe (PID: 7444)
- Unicorn-16080.exe (PID: 7460)
- Unicorn-22307.exe (PID: 5384)
- Unicorn-57216.exe (PID: 1244)
- Unicorn-23370.exe (PID: 8092)
- Unicorn-41958.exe (PID: 4464)
- Unicorn-63007.exe (PID: 4988)
- Unicorn-12606.exe (PID: 736)
- Unicorn-61876.exe (PID: 968)
- Unicorn-56514.exe (PID: 8200)
- Unicorn-37241.exe (PID: 4944)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-40226.exe (PID: 1240)
- Unicorn-12535.exe (PID: 7588)
- Unicorn-17397.exe (PID: 8216)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-14844.exe (PID: 7184)
- Unicorn-50392.exe (PID: 1452)
- Unicorn-19997.exe (PID: 7560)
- Unicorn-46278.exe (PID: 8264)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-47507.exe (PID: 8384)
- Unicorn-23688.exe (PID: 8340)
- Unicorn-46146.exe (PID: 8308)
- Unicorn-61113.exe (PID: 7608)
- Unicorn-11435.exe (PID: 8332)
- Unicorn-56723.exe (PID: 8412)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-56260.exe (PID: 8444)
- Unicorn-24456.exe (PID: 8468)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-31975.exe (PID: 8496)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-42738.exe (PID: 8568)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-6941.exe (PID: 8648)
- Unicorn-46531.exe (PID: 7772)
- Unicorn-17064.exe (PID: 8552)
- Unicorn-31638.exe (PID: 8676)
- Unicorn-54990.exe (PID: 8584)
- Unicorn-20756.exe (PID: 8836)
- Unicorn-25970.exe (PID: 8664)
- Unicorn-6941.exe (PID: 8656)
- Unicorn-9058.exe (PID: 8724)
- Unicorn-28239.exe (PID: 8604)
- Unicorn-33562.exe (PID: 8756)
- Unicorn-53428.exe (PID: 8776)
- Unicorn-12265.exe (PID: 8872)
- Unicorn-44575.exe (PID: 8916)
- Unicorn-16864.exe (PID: 8952)
- Unicorn-25760.exe (PID: 8980)
- Unicorn-37284.exe (PID: 8864)
- Unicorn-62535.exe (PID: 8944)
- Unicorn-53428.exe (PID: 8784)
- Unicorn-18709.exe (PID: 8828)
- Unicorn-54315.exe (PID: 9004)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-12970.exe (PID: 9112)
- Unicorn-30822.exe (PID: 9120)
- Unicorn-5763.exe (PID: 9168)
- Unicorn-15777.exe (PID: 9096)
- Unicorn-13038.exe (PID: 7920)
- Unicorn-11885.exe (PID: 9176)
- Unicorn-22270.exe (PID: 1088)
- Unicorn-10615.exe (PID: 8512)
- Unicorn-55540.exe (PID: 8180)
- Unicorn-14123.exe (PID: 1012)
- Unicorn-2426.exe (PID: 4424)
- Unicorn-38057.exe (PID: 2504)
- Unicorn-39972.exe (PID: 9288)
- Unicorn-56116.exe (PID: 9264)
- Unicorn-39950.exe (PID: 9320)
- Unicorn-60563.exe (PID: 9336)
- Unicorn-64019.exe (PID: 9360)
- Unicorn-42586.exe (PID: 9388)
- Unicorn-38938.exe (PID: 7984)
- Unicorn-28239.exe (PID: 8596)
- Unicorn-53428.exe (PID: 8768)
- Unicorn-27890.exe (PID: 9352)
- Unicorn-37750.exe (PID: 9444)
- Unicorn-5498.exe (PID: 9156)
- Unicorn-29945.exe (PID: 9144)
- Unicorn-12313.exe (PID: 9492)
- Unicorn-64314.exe (PID: 9516)
- Unicorn-41856.exe (PID: 9540)
- Unicorn-21628.exe (PID: 9468)
- Unicorn-54580.exe (PID: 9020)
- Unicorn-47159.exe (PID: 9036)
- Unicorn-55260.exe (PID: 9580)
- Unicorn-43754.exe (PID: 9632)
- Unicorn-42743.exe (PID: 9600)
- Unicorn-21415.exe (PID: 2192)
- Unicorn-51072.exe (PID: 2088)
- Unicorn-65082.exe (PID: 9652)
- Unicorn-33064.exe (PID: 9680)
- Unicorn-1783.exe (PID: 9672)
- Unicorn-36354.exe (PID: 9720)
- Unicorn-55452.exe (PID: 9620)
- Unicorn-35032.exe (PID: 9752)
- Unicorn-52520.exe (PID: 9860)
- Unicorn-7173.exe (PID: 7940)
- Unicorn-61435.exe (PID: 9884)
- Unicorn-2166.exe (PID: 9920)
- Unicorn-27632.exe (PID: 9928)
- Unicorn-56988.exe (PID: 9900)
- Unicorn-31140.exe (PID: 9804)
- Unicorn-61958.exe (PID: 9820)
- Unicorn-51259.exe (PID: 9988)
- Unicorn-28186.exe (PID: 9960)
- Unicorn-52966.exe (PID: 10052)
- Unicorn-36629.exe (PID: 10100)
- Unicorn-47450.exe (PID: 10132)
- Unicorn-54580.exe (PID: 9012)
- Unicorn-48052.exe (PID: 9952)
- Unicorn-48991.exe (PID: 10012)
- Unicorn-48991.exe (PID: 10020)
- Unicorn-43842.exe (PID: 5892)
- Unicorn-46080.exe (PID: 9536)
- Unicorn-37528.exe (PID: 9716)
- Unicorn-35866.exe (PID: 9568)
- Unicorn-39426.exe (PID: 10292)
- Unicorn-41347.exe (PID: 7036)
- Unicorn-11186.exe (PID: 10188)
- Unicorn-51835.exe (PID: 10504)
- Unicorn-9162.exe (PID: 9244)
- Unicorn-21741.exe (PID: 10444)
- Unicorn-30289.exe (PID: 10412)
- Unicorn-64087.exe (PID: 10468)
- Unicorn-52816.exe (PID: 11212)
- Unicorn-26776.exe (PID: 10512)
- Unicorn-11186.exe (PID: 10384)
- Unicorn-41503.exe (PID: 10356)
- Unicorn-31052.exe (PID: 10400)
- Unicorn-60278.exe (PID: 10684)
- Unicorn-27522.exe (PID: 10568)
- Unicorn-52987.exe (PID: 10668)
- Unicorn-4008.exe (PID: 10856)
- Unicorn-55810.exe (PID: 10872)
- Unicorn-18970.exe (PID: 10484)
- Unicorn-52027.exe (PID: 10584)
- Unicorn-23579.exe (PID: 10708)
- Unicorn-8083.exe (PID: 11088)
- Unicorn-46302.exe (PID: 10624)
- Unicorn-27522.exe (PID: 10560)
- Unicorn-48348.exe (PID: 10644)
- Unicorn-45552.exe (PID: 10784)
- Unicorn-7315.exe (PID: 10692)
- Unicorn-11098.exe (PID: 11008)
- Unicorn-50210.exe (PID: 10848)
- Unicorn-41258.exe (PID: 10576)
- Unicorn-43880.exe (PID: 11016)
- Unicorn-60176.exe (PID: 10916)
- Unicorn-20336.exe (PID: 10964)
- Unicorn-24612.exe (PID: 11104)
- Unicorn-37964.exe (PID: 10812)
- Unicorn-8275.exe (PID: 11164)
- Unicorn-2774.exe (PID: 10932)
- Unicorn-1185.exe (PID: 10716)
- Unicorn-61383.exe (PID: 10080)
- Unicorn-56023.exe (PID: 5164)
- Unicorn-7321.exe (PID: 10992)
- Unicorn-62446.exe (PID: 10940)
- Unicorn-3816.exe (PID: 10800)
- Unicorn-55618.exe (PID: 10820)
- Unicorn-3615.exe (PID: 11236)
- Unicorn-46895.exe (PID: 10828)
- Unicorn-61923.exe (PID: 10924)
- Unicorn-59815.exe (PID: 10700)
- Unicorn-57476.exe (PID: 11148)
- Unicorn-34817.exe (PID: 11128)
- Unicorn-15986.exe (PID: 10972)
- Unicorn-2738.exe (PID: 11256)
- Unicorn-46080.exe (PID: 10676)
- Unicorn-14803.exe (PID: 9840)
- Unicorn-19952.exe (PID: 11184)
- Unicorn-52816.exe (PID: 11204)
- Unicorn-1238.exe (PID: 4560)
Create files in a temporary directory
- 1 (19).exe (PID: 5548)
- Unicorn-46396.exe (PID: 5212)
- Unicorn-61123.exe (PID: 6032)
- Unicorn-47631.exe (PID: 5392)
- Unicorn-18488.exe (PID: 4724)
- Unicorn-37713.exe (PID: 6372)
- Unicorn-30519.exe (PID: 2904)
- Unicorn-28083.exe (PID: 6752)
- Unicorn-51160.exe (PID: 7084)
- Unicorn-41958.exe (PID: 4464)
- Unicorn-22307.exe (PID: 5384)
- Unicorn-12606.exe (PID: 736)
- Unicorn-18488.exe (PID: 2096)
- Unicorn-2706.exe (PID: 668)
- Unicorn-42233.exe (PID: 7240)
- Unicorn-1523.exe (PID: 7224)
- Unicorn-37080.exe (PID: 7260)
- Unicorn-10438.exe (PID: 7292)
- Unicorn-16441.exe (PID: 5244)
- Unicorn-23620.exe (PID: 4452)
- Unicorn-62165.exe (PID: 7468)
- Unicorn-16080.exe (PID: 7460)
- Unicorn-13941.exe (PID: 7424)
- Unicorn-21088.exe (PID: 7516)
- Unicorn-19997.exe (PID: 7560)
- Unicorn-12535.exe (PID: 7588)
- Unicorn-14844.exe (PID: 7184)
- Unicorn-61087.exe (PID: 7544)
- Unicorn-64642.exe (PID: 7648)
- Unicorn-43900.exe (PID: 7664)
- Unicorn-18488.exe (PID: 728)
- Unicorn-53459.exe (PID: 7628)
- Unicorn-12104.exe (PID: 7700)
- Unicorn-33130.exe (PID: 7724)
- Unicorn-25364.exe (PID: 7816)
- Unicorn-63189.exe (PID: 7740)
- Unicorn-56946.exe (PID: 7264)
- Unicorn-57339.exe (PID: 7316)
- Unicorn-4373.exe (PID: 7880)
- Unicorn-1606.exe (PID: 7928)
- Unicorn-19334.exe (PID: 7852)
- Unicorn-19233.exe (PID: 7792)
- Unicorn-33825.exe (PID: 1812)
- Unicorn-22624.exe (PID: 7968)
- Unicorn-64460.exe (PID: 2092)
- Unicorn-51103.exe (PID: 8068)
- Unicorn-50838.exe (PID: 8052)
- Unicorn-43812.exe (PID: 8028)
- Unicorn-12601.exe (PID: 8108)
- Unicorn-16250.exe (PID: 7492)
- Unicorn-23370.exe (PID: 8092)
- Unicorn-10412.exe (PID: 7444)
- Unicorn-57216.exe (PID: 1244)
- Unicorn-63007.exe (PID: 4988)
- Unicorn-61876.exe (PID: 968)
- Unicorn-37241.exe (PID: 4944)
- Unicorn-50968.exe (PID: 6972)
- Unicorn-40226.exe (PID: 1240)
- Unicorn-17397.exe (PID: 8216)
- Unicorn-43340.exe (PID: 8236)
- Unicorn-61113.exe (PID: 7608)
- Unicorn-34980.exe (PID: 8280)
- Unicorn-11435.exe (PID: 8332)
- Unicorn-56723.exe (PID: 8412)
- Unicorn-56723.exe (PID: 8420)
- Unicorn-58892.exe (PID: 7204)
- Unicorn-16480.exe (PID: 8488)
- Unicorn-19718.exe (PID: 7672)
- Unicorn-42738.exe (PID: 8568)
- Unicorn-25364.exe (PID: 7808)
- Unicorn-17064.exe (PID: 8552)
- Unicorn-53375.exe (PID: 7892)
- Unicorn-25364.exe (PID: 7800)
- Unicorn-63204.exe (PID: 7300)
- Unicorn-31638.exe (PID: 8676)
- Unicorn-20756.exe (PID: 8836)
- Unicorn-54539.exe (PID: 7308)
- Unicorn-33562.exe (PID: 8756)
- Unicorn-53428.exe (PID: 8776)
- Unicorn-9058.exe (PID: 8724)
- Unicorn-61309.exe (PID: 8084)
- Unicorn-26298.exe (PID: 9060)
- Unicorn-15777.exe (PID: 9096)
- Unicorn-30822.exe (PID: 9120)
- Unicorn-13038.exe (PID: 7920)
- Unicorn-10615.exe (PID: 8512)
- Unicorn-45016.exe (PID: 7532)
- Unicorn-38057.exe (PID: 2504)
- Unicorn-60563.exe (PID: 9336)
- Unicorn-27890.exe (PID: 9352)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:20 00:32:00+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
459
Monitored processes
327
Malicious processes
51
Suspicious processes
49
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 668 | C:\Users\admin\AppData\Local\Temp\Unicorn-2706.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2706.exe | Unicorn-37713.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 728 | C:\Users\admin\AppData\Local\Temp\Unicorn-18488.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18488.exe | Unicorn-61123.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 736 | C:\Users\admin\AppData\Local\Temp\Unicorn-12606.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12606.exe | Unicorn-46396.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 968 | C:\Users\admin\AppData\Local\Temp\Unicorn-61876.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61876.exe | Unicorn-45016.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1012 | C:\Users\admin\AppData\Local\Temp\Unicorn-14123.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14123.exe | Unicorn-61309.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1088 | C:\Users\admin\AppData\Local\Temp\Unicorn-22270.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22270.exe | Unicorn-13941.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-40226.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40226.exe | Unicorn-47631.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1244 | C:\Users\admin\AppData\Local\Temp\Unicorn-57216.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57216.exe | Unicorn-21088.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1452 | C:\Users\admin\AppData\Local\Temp\Unicorn-50392.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-50392.exe | Unicorn-12535.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1672 | C:\Users\admin\AppData\Local\Temp\Unicorn-3422.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-3422.exe | — | Unicorn-64460.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
6 979
Read events
6 979
Write events
0
Delete events
0
Modification events
Executable files
1 025
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 5212 | Unicorn-46396.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64460.exe | executable | |
MD5:C53C9D04DB4D8DFDDC5D4D86A0479968 | SHA256:415BC83BCD95024566DF345DCF4FD3920491C8F0F1DE6830A2D564D31A9C9A1F | |||
| 5548 | 1 (19).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37713.exe | executable | |
MD5:118649561F9910550247819D1B4845BC | SHA256:F21EE0B95C7ECC8E36B1B4C7FA533D34BC1C2A7FB0E063F64C84FA6D86E28C81 | |||
| 2904 | Unicorn-30519.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46396.exe | executable | |
MD5:93B0DADC5BAFF0E76C0C33DA259AD3E3 | SHA256:B59B6B931A0525AACD7B75E72E84839E5E9BB04A13A1D074C5A266D9A1775738 | |||
| 6372 | Unicorn-37713.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23620.exe | executable | |
MD5:1EECA6FFCFEFD654CCFA289B4E4C1FA5 | SHA256:5DA42F7746A4CC86FD0AD08C9B26C29534C27FDD550D688EF7892D79D0E40802 | |||
| 2904 | Unicorn-30519.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16441.exe | executable | |
MD5:F5450C8C07CCABE0FCD88FB9D2BC2E68 | SHA256:9E27179E1E8FB5A6EC57B75C0D277D4BFC2AE3E828BAD3191A54F1F57F611538 | |||
| 5548 | 1 (19).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-33825.exe | executable | |
MD5:3859A8B3A8B410803F842FE66BE1C6EB | SHA256:— | |||
| 2904 | Unicorn-30519.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61123.exe | executable | |
MD5:4CB931549AA4BB3E8162C3B7B86E60FF | SHA256:F89DAE78551EB6639BB1383AB5F99DEA0E6B5D46E6AADEBB9EBC01A5FCCEDC28 | |||
| 2092 | Unicorn-64460.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-51160.exe | executable | |
MD5:1DE6C6C5BDD42E14A0AB9B60992FF781 | SHA256:4F0C9F1820933A8FB3334EC6CC83BDF59C284A22A872B32438B49BE506A61CBE | |||
| 7084 | Unicorn-51160.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28083.exe | executable | |
MD5:4E424F92883654C86BF95CF3E2ACF917 | SHA256:0BCF097FABEC6E9713EF18767BC40225BF8C1803A33AD639D3BFA5AEEB7FD337 | |||
| 5212 | Unicorn-46396.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47631.exe | executable | |
MD5:5AF0607C632DAFF5DFFB03D2204BCFC4 | SHA256:0E11A99D15E112A82F8EA3C1E056C781D126BF3B676E9DFB509A5746042F2301 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
24
DNS requests
15
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 2.19.11.120:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6740 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
6272 | SIHClient.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
6272 | SIHClient.exe | GET | 200 | 23.35.229.160:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 2.19.11.120:80 | crl.microsoft.com | Elisa Oyj | NL | whitelisted |
3216 | svchost.exe | 20.197.71.89:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 40.126.32.74:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
6740 | backgroundTaskHost.exe | 20.223.36.55:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6740 | backgroundTaskHost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
2104 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |