File name:

1 (1342)

Full analysis: https://app.any.run/tasks/6e6816f3-6892-4065-9487-da9533f5834f
Verdict: Malicious activity
Analysis date: March 24, 2025, 12:07:29
OS: Windows 10 Professional (build: 19044, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections
MD5:

C7E0F85448AE6374441637B48C22C390

SHA1:

1917BCCAD44A911949E23BE852340049113D073A

SHA256:

E1F0C5B0A3E1CA62629177B590E86B5C6E04CA91424A2A54DC81AED665C8CFF1

SSDEEP:

6144:9778Rg9PQDceA5LjAGeEzTjx5wPe5p8GBf/4F1OdTk/8SwjwpyAvEhAzLG96sm7a:9P4mFeA5vAZzPQ+afgF1Odex4DxmDsR

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts itself from another location

      • 1 (1342).exe (PID: 5200)
      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-18942.exe (PID: 7248)
      • Unicorn-30051.exe (PID: 7392)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-2185.exe (PID: 2552)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-42699.exe (PID: 5892)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-21109.exe (PID: 672)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-13404.exe (PID: 2600)
      • Unicorn-33270.exe (PID: 7916)
      • Unicorn-14473.exe (PID: 7792)
      • Unicorn-64442.exe (PID: 8032)
      • Unicorn-31084.exe (PID: 7892)
      • Unicorn-64489.exe (PID: 5008)
      • Unicorn-13617.exe (PID: 5280)
      • Unicorn-18771.exe (PID: 1196)
      • Unicorn-42782.exe (PID: 208)
      • Unicorn-44820.exe (PID: 7908)
      • Unicorn-48402.exe (PID: 6700)
      • Unicorn-42782.exe (PID: 1852)
      • Unicorn-33270.exe (PID: 7692)
      • Unicorn-25484.exe (PID: 7688)
      • Unicorn-42782.exe (PID: 7752)
      • Unicorn-31324.exe (PID: 7716)
      • Unicorn-42517.exe (PID: 7696)
      • Unicorn-56643.exe (PID: 1052)
      • Unicorn-30878.exe (PID: 4980)
      • Unicorn-50685.exe (PID: 7736)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-20655.exe (PID: 8136)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-50950.exe (PID: 5056)
      • Unicorn-31628.exe (PID: 6476)
      • Unicorn-24695.exe (PID: 8476)
      • Unicorn-31511.exe (PID: 8536)
      • Unicorn-51884.exe (PID: 8564)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-50924.exe (PID: 8492)
      • Unicorn-42969.exe (PID: 8604)
      • Unicorn-2356.exe (PID: 8724)
      • Unicorn-64458.exe (PID: 8636)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-22147.exe (PID: 8808)
      • Unicorn-25263.exe (PID: 8896)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-22719.exe (PID: 8760)
      • Unicorn-11173.exe (PID: 8644)
      • Unicorn-48293.exe (PID: 8708)
      • Unicorn-9995.exe (PID: 8776)
      • Unicorn-22080.exe (PID: 8700)
      • Unicorn-35112.exe (PID: 8820)
      • Unicorn-39269.exe (PID: 8920)
      • Unicorn-9035.exe (PID: 9184)
      • Unicorn-52044.exe (PID: 9164)
      • Unicorn-52076.exe (PID: 8252)
      • Unicorn-20733.exe (PID: 9196)
      • Unicorn-33456.exe (PID: 8352)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-55575.exe (PID: 1228)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-64505.exe (PID: 456)
      • Unicorn-16457.exe (PID: 3268)
      • Unicorn-24734.exe (PID: 9228)
      • Unicorn-24049.exe (PID: 1184)
      • Unicorn-60997.exe (PID: 9012)
      • Unicorn-421.exe (PID: 9336)
      • Unicorn-41070.exe (PID: 9056)
      • Unicorn-12844.exe (PID: 8104)
      • Unicorn-43908.exe (PID: 6456)
      • Unicorn-25702.exe (PID: 9032)
      • Unicorn-8952.exe (PID: 8528)
      • Unicorn-19970.exe (PID: 7264)
      • Unicorn-51137.exe (PID: 9212)
      • Unicorn-47437.exe (PID: 9392)
      • Unicorn-976.exe (PID: 8756)
      • Unicorn-25886.exe (PID: 8348)
      • Unicorn-33753.exe (PID: 9260)
      • Unicorn-27868.exe (PID: 8596)
      • Unicorn-33753.exe (PID: 9256)
      • Unicorn-16333.exe (PID: 8424)
      • Unicorn-20925.exe (PID: 9480)
      • Unicorn-58375.exe (PID: 8500)
      • Unicorn-57681.exe (PID: 8588)
      • Unicorn-2917.exe (PID: 9572)
      • Unicorn-229.exe (PID: 9240)
      • Unicorn-28818.exe (PID: 8412)
      • Unicorn-31100.exe (PID: 9356)
      • Unicorn-44469.exe (PID: 9204)
      • Unicorn-11085.exe (PID: 9552)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-45792.exe (PID: 9224)
      • Unicorn-8765.exe (PID: 7680)
      • Unicorn-55818.exe (PID: 9620)
      • Unicorn-2725.exe (PID: 9592)
      • Unicorn-47349.exe (PID: 9728)
      • Unicorn-44142.exe (PID: 9696)
      • Unicorn-23722.exe (PID: 9688)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-27614.exe (PID: 9752)
      • Unicorn-64562.exe (PID: 9792)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-31973.exe (PID: 9912)
      • Unicorn-64562.exe (PID: 9788)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-28958.exe (PID: 9920)
      • Unicorn-3109.exe (PID: 9904)
      • Unicorn-37488.exe (PID: 10132)
      • Unicorn-44972.exe (PID: 9896)
      • Unicorn-48864.exe (PID: 9964)
      • Unicorn-30611.exe (PID: 10140)
      • Unicorn-60488.exe (PID: 9972)
      • Unicorn-7831.exe (PID: 9948)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-23805.exe (PID: 10072)
      • Unicorn-8708.exe (PID: 10056)
      • Unicorn-27126.exe (PID: 9988)
      • Unicorn-16876.exe (PID: 10116)
      • Unicorn-3384.exe (PID: 10004)
      • Unicorn-30611.exe (PID: 10148)
      • Unicorn-62185.exe (PID: 10048)
      • Unicorn-51224.exe (PID: 10156)
      • Unicorn-22443.exe (PID: 10012)
      • Unicorn-40369.exe (PID: 9568)
      • Unicorn-17290.exe (PID: 10172)
      • Unicorn-19726.exe (PID: 10308)
      • Unicorn-15361.exe (PID: 9856)
      • Unicorn-40369.exe (PID: 10232)
      • Unicorn-53654.exe (PID: 9980)
      • Unicorn-56394.exe (PID: 9848)
      • Unicorn-4432.exe (PID: 10212)

    • Executable content was dropped or overwritten

      • 1 (1342).exe (PID: 5200)
      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-18942.exe (PID: 7248)
      • Unicorn-30051.exe (PID: 7392)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-21109.exe (PID: 672)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-13404.exe (PID: 2600)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-33270.exe (PID: 7916)
      • Unicorn-14473.exe (PID: 7792)
      • Unicorn-64442.exe (PID: 8032)
      • Unicorn-8765.exe (PID: 7680)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-2185.exe (PID: 2552)
      • Unicorn-33270.exe (PID: 7692)
      • Unicorn-42782.exe (PID: 208)
      • Unicorn-44820.exe (PID: 7908)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-42782.exe (PID: 1852)
      • Unicorn-48402.exe (PID: 6700)
      • Unicorn-13617.exe (PID: 5280)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-31084.exe (PID: 7892)
      • Unicorn-64489.exe (PID: 5008)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-42517.exe (PID: 7696)
      • Unicorn-31324.exe (PID: 7716)
      • Unicorn-56643.exe (PID: 1052)
      • Unicorn-50685.exe (PID: 7736)
      • Unicorn-42782.exe (PID: 7752)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-50950.exe (PID: 5056)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-31628.exe (PID: 6476)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-20655.exe (PID: 8136)
      • Unicorn-24695.exe (PID: 8476)
      • Unicorn-50924.exe (PID: 8492)
      • Unicorn-31511.exe (PID: 8536)
      • Unicorn-51884.exe (PID: 8564)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-2356.exe (PID: 8724)
      • Unicorn-11173.exe (PID: 8644)
      • Unicorn-9995.exe (PID: 8776)
      • Unicorn-22147.exe (PID: 8808)
      • Unicorn-42969.exe (PID: 8604)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-22080.exe (PID: 8700)
      • Unicorn-42699.exe (PID: 5892)
      • Unicorn-35112.exe (PID: 8820)
      • Unicorn-25263.exe (PID: 8896)
      • Unicorn-48293.exe (PID: 8708)
      • Unicorn-39269.exe (PID: 8920)
      • Unicorn-9035.exe (PID: 9184)
      • Unicorn-20733.exe (PID: 9196)
      • Unicorn-52076.exe (PID: 8252)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-33456.exe (PID: 8352)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-24734.exe (PID: 9228)
      • Unicorn-24049.exe (PID: 1184)
      • Unicorn-64505.exe (PID: 456)
      • Unicorn-55575.exe (PID: 1228)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-16457.exe (PID: 3268)
      • Unicorn-60997.exe (PID: 9012)
      • Unicorn-25702.exe (PID: 9032)
      • Unicorn-41070.exe (PID: 9056)
      • Unicorn-43908.exe (PID: 6456)
      • Unicorn-19970.exe (PID: 7264)
      • Unicorn-51137.exe (PID: 9212)
      • Unicorn-18771.exe (PID: 1196)
      • Unicorn-25886.exe (PID: 8348)
      • Unicorn-20925.exe (PID: 9480)
      • Unicorn-976.exe (PID: 8756)
      • Unicorn-33753.exe (PID: 9260)
      • Unicorn-58375.exe (PID: 8500)
      • Unicorn-16333.exe (PID: 8424)
      • Unicorn-33753.exe (PID: 9256)
      • Unicorn-6596.exe (PID: 9156)
      • Unicorn-28818.exe (PID: 8412)
      • Unicorn-31100.exe (PID: 9356)
      • Unicorn-2917.exe (PID: 9572)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-57681.exe (PID: 8588)
      • Unicorn-45792.exe (PID: 9224)
      • Unicorn-44469.exe (PID: 9204)
      • Unicorn-25484.exe (PID: 7688)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-30878.exe (PID: 4980)
      • Unicorn-2725.exe (PID: 9592)
      • Unicorn-55818.exe (PID: 9620)
      • Unicorn-44142.exe (PID: 9696)
      • Unicorn-47349.exe (PID: 9728)
      • Unicorn-27614.exe (PID: 9752)
      • Unicorn-23722.exe (PID: 9688)
      • Unicorn-64562.exe (PID: 9792)
      • Unicorn-22719.exe (PID: 8760)
      • Unicorn-31973.exe (PID: 9912)
      • Unicorn-64562.exe (PID: 9788)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-48864.exe (PID: 9964)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-3109.exe (PID: 9904)
      • Unicorn-28958.exe (PID: 9920)
      • Unicorn-37488.exe (PID: 10132)
      • Unicorn-44972.exe (PID: 9896)
      • Unicorn-30611.exe (PID: 10140)
      • Unicorn-17290.exe (PID: 10164)
      • Unicorn-7831.exe (PID: 9948)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-62185.exe (PID: 10048)
      • Unicorn-60488.exe (PID: 9972)
      • Unicorn-3384.exe (PID: 10004)
      • Unicorn-24874.exe (PID: 9956)
      • Unicorn-15361.exe (PID: 9856)
      • Unicorn-30611.exe (PID: 10148)
      • Unicorn-40369.exe (PID: 9568)
      • Unicorn-17290.exe (PID: 10172)
      • Unicorn-57089.exe (PID: 10124)
      • Unicorn-19726.exe (PID: 10308)
      • Unicorn-22443.exe (PID: 10012)
      • Unicorn-4432.exe (PID: 10212)
      • Unicorn-52044.exe (PID: 9164)
      • Unicorn-12844.exe (PID: 8104)
      • Unicorn-421.exe (PID: 9336)
      • Unicorn-27868.exe (PID: 8596)
      • Unicorn-56394.exe (PID: 9848)
      • Unicorn-40369.exe (PID: 10232)
      • Unicorn-32234.exe (PID: 9612)
      • Unicorn-59513.exe (PID: 10432)
      • Unicorn-60198.exe (PID: 10528)
      • Unicorn-64458.exe (PID: 8636)
      • Unicorn-11085.exe (PID: 9552)
      • Unicorn-21478.exe (PID: 10580)
      • Unicorn-8236.exe (PID: 10660)
      • Unicorn-23805.exe (PID: 10072)
      • Unicorn-16876.exe (PID: 10116)
      • Unicorn-27126.exe (PID: 9988)
      • Unicorn-27609.exe (PID: 10600)
      • Unicorn-45242.exe (PID: 10668)
      • Unicorn-12424.exe (PID: 10932)
      • Unicorn-49565.exe (PID: 10912)
      • Unicorn-8952.exe (PID: 8528)
      • Unicorn-51329.exe (PID: 11044)
      • Unicorn-3362.exe (PID: 10996)
      • Unicorn-229.exe (PID: 9240)
      • Unicorn-8708.exe (PID: 10056)
      • Unicorn-43789.exe (PID: 11076)
      • Unicorn-63462.exe (PID: 11120)
      • Unicorn-29529.exe (PID: 11172)
      • Unicorn-19498.exe (PID: 11212)
      • Unicorn-43819.exe (PID: 11192)
      • Unicorn-63353.exe (PID: 2288)
      • Unicorn-18154.exe (PID: 11136)
      • Unicorn-30406.exe (PID: 11152)
      • Unicorn-64614.exe (PID: 8880)
      • Unicorn-39918.exe (PID: 11220)
      • Unicorn-22430.exe (PID: 11096)
      • Unicorn-18429.exe (PID: 11244)
      • Unicorn-60530.exe (PID: 1912)
      • Unicorn-52362.exe (PID: 8884)
      • Unicorn-60530.exe (PID: 10324)
      • Unicorn-30681.exe (PID: 10504)
      • Unicorn-27365.exe (PID: 11532)
      • Unicorn-63077.exe (PID: 11332)
      • Unicorn-64614.exe (PID: 10340)
      • Unicorn-9876.exe (PID: 10488)
      • Unicorn-53654.exe (PID: 9980)
      • Unicorn-51224.exe (PID: 10156)
      • Unicorn-35258.exe (PID: 11412)
      • Unicorn-22321.exe (PID: 7800)
      • Unicorn-58484.exe (PID: 8892)
      • Unicorn-35258.exe (PID: 11420)
      • Unicorn-55377.exe (PID: 8872)
      • Unicorn-4706.exe (PID: 11620)
      • Unicorn-23006.exe (PID: 11348)
      • Unicorn-11775.exe (PID: 11572)
      • Unicorn-51978.exe (PID: 11268)
      • Unicorn-64785.exe (PID: 10484)
      • Unicorn-18045.exe (PID: 2968)
      • Unicorn-3140.exe (PID: 11340)
      • Unicorn-32304.exe (PID: 10572)
      • Unicorn-26213.exe (PID: 6876)
      • Unicorn-51101.exe (PID: 10556)
      • Unicorn-9876.exe (PID: 10704)
      • Unicorn-20266.exe (PID: 11524)
      • Unicorn-57432.exe (PID: 12224)
      • Unicorn-42117.exe (PID: 11956)
      • Unicorn-54993.exe (PID: 11276)
      • Unicorn-59580.exe (PID: 11992)
      • Unicorn-44256.exe (PID: 11632)
      • Unicorn-18045.exe (PID: 5576)
      • Unicorn-60530.exe (PID: 7572)
      • Unicorn-1883.exe (PID: 11588)
      • Unicorn-57432.exe (PID: 12216)
      • Unicorn-26021.exe (PID: 11468)
      • Unicorn-24350.exe (PID: 11508)
      • Unicorn-23089.exe (PID: 11688)
      • Unicorn-40363.exe (PID: 11600)
      • Unicorn-22705.exe (PID: 12092)
      • Unicorn-36964.exe (PID: 11920)
      • Unicorn-19114.exe (PID: 3968)
      • Unicorn-24934.exe (PID: 12144)
      • Unicorn-50915.exe (PID: 12000)
      • Unicorn-34171.exe (PID: 11848)
      • Unicorn-3223.exe (PID: 11664)
      • Unicorn-55853.exe (PID: 11964)
      • Unicorn-27280.exe (PID: 11972)
      • Unicorn-16958.exe (PID: 11680)
      • Unicorn-16958.exe (PID: 11672)
      • Unicorn-23089.exe (PID: 11696)
      • Unicorn-26403.exe (PID: 11780)
      • Unicorn-30297.exe (PID: 11452)
      • Unicorn-56949.exe (PID: 11560)
      • Unicorn-63856.exe (PID: 11640)
      • Unicorn-36964.exe (PID: 11912)
      • Unicorn-36772.exe (PID: 12136)

    • Executes application which crashes

      • Unicorn-63181.exe (PID: 5404)
      • Unicorn-63768.exe (PID: 10480)
      • Unicorn-24054.exe (PID: 1312)
      • Unicorn-55325.exe (PID: 10036)

  • INFO

    • Checks supported languages

      • 1 (1342).exe (PID: 5200)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-2185.exe (PID: 2552)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-63181.exe (PID: 5404)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-13404.exe (PID: 2600)
      • Unicorn-21109.exe (PID: 672)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-8765.exe (PID: 7680)
      • Unicorn-33270.exe (PID: 7692)
      • Unicorn-31324.exe (PID: 7716)
      • Unicorn-14473.exe (PID: 7792)
      • Unicorn-42782.exe (PID: 208)
      • Unicorn-50685.exe (PID: 7736)
      • Unicorn-31084.exe (PID: 7892)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-25484.exe (PID: 7688)
      • Unicorn-42517.exe (PID: 7696)
      • Unicorn-44820.exe (PID: 7908)
      • Unicorn-13617.exe (PID: 5280)
      • Unicorn-48402.exe (PID: 6700)
      • Unicorn-64489.exe (PID: 5008)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-31628.exe (PID: 6476)
      • Unicorn-31511.exe (PID: 8536)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-64458.exe (PID: 8636)
      • Unicorn-22080.exe (PID: 8700)
      • Unicorn-22719.exe (PID: 8760)
      • Unicorn-48293.exe (PID: 8708)
      • Unicorn-2356.exe (PID: 8724)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-11173.exe (PID: 8644)
      • Unicorn-42782.exe (PID: 1852)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-6596.exe (PID: 9156)
      • Unicorn-28818.exe (PID: 8412)
      • Unicorn-9035.exe (PID: 9184)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-16457.exe (PID: 3268)
      • Unicorn-33456.exe (PID: 8352)
      • Unicorn-8952.exe (PID: 8528)
      • Unicorn-51137.exe (PID: 9212)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-24049.exe (PID: 1184)
      • Unicorn-45792.exe (PID: 9224)
      • Unicorn-25702.exe (PID: 9032)
      • Unicorn-43908.exe (PID: 6456)
      • Unicorn-421.exe (PID: 9336)
      • Unicorn-58375.exe (PID: 8500)
      • Unicorn-41070.exe (PID: 9056)
      • Unicorn-33753.exe (PID: 9256)
      • Unicorn-24734.exe (PID: 9228)
      • Unicorn-19970.exe (PID: 7264)
      • Unicorn-33753.exe (PID: 9260)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-24054.exe (PID: 1312)
      • Unicorn-11085.exe (PID: 9552)
      • Unicorn-2917.exe (PID: 9572)
      • Unicorn-20925.exe (PID: 9480)
      • Unicorn-60997.exe (PID: 9012)
      • Unicorn-47349.exe (PID: 9728)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-64562.exe (PID: 9792)
      • Unicorn-56394.exe (PID: 9848)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-7831.exe (PID: 9948)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-27126.exe (PID: 9988)
      • Unicorn-62185.exe (PID: 10048)
      • Unicorn-8708.exe (PID: 10056)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-16876.exe (PID: 10116)
      • Unicorn-51224.exe (PID: 10156)
      • Unicorn-22443.exe (PID: 10012)
      • Unicorn-40369.exe (PID: 9568)
      • Unicorn-37488.exe (PID: 10132)
      • Unicorn-31973.exe (PID: 9912)
      • Unicorn-28958.exe (PID: 9920)
      • Unicorn-57089.exe (PID: 10124)
      • Unicorn-19726.exe (PID: 10308)
      • Unicorn-59513.exe (PID: 10432)
      • Unicorn-27609.exe (PID: 10600)
      • Unicorn-45242.exe (PID: 10668)
      • Unicorn-40369.exe (PID: 10232)
      • Unicorn-30611.exe (PID: 10140)
      • Unicorn-49565.exe (PID: 10912)
      • Unicorn-12424.exe (PID: 10932)
      • Unicorn-51329.exe (PID: 11044)
      • Unicorn-22430.exe (PID: 11096)
      • Unicorn-43789.exe (PID: 11076)
      • Unicorn-30406.exe (PID: 11152)
      • Unicorn-43819.exe (PID: 11192)
      • Unicorn-29529.exe (PID: 11172)
      • Unicorn-39918.exe (PID: 11220)
      • Unicorn-63462.exe (PID: 11120)
      • Unicorn-52362.exe (PID: 8884)
      • Unicorn-60530.exe (PID: 10324)
      • Unicorn-60530.exe (PID: 1912)
      • Unicorn-32234.exe (PID: 9612)
      • Unicorn-22321.exe (PID: 7800)
      • Unicorn-30681.exe (PID: 10504)
      • Unicorn-60530.exe (PID: 7572)
      • Unicorn-55377.exe (PID: 8872)
      • Unicorn-51101.exe (PID: 10556)
      • Unicorn-9876.exe (PID: 10704)
      • Unicorn-18045.exe (PID: 5576)
      • Unicorn-3140.exe (PID: 11340)
      • Unicorn-19114.exe (PID: 3968)
      • Unicorn-64785.exe (PID: 10484)
      • Unicorn-18045.exe (PID: 2968)
      • Unicorn-20266.exe (PID: 11524)
      • Unicorn-44256.exe (PID: 11632)
      • Unicorn-4706.exe (PID: 11620)
      • Unicorn-23089.exe (PID: 11696)
      • Unicorn-16958.exe (PID: 11680)
      • Unicorn-30297.exe (PID: 11452)
      • Unicorn-55853.exe (PID: 11964)
      • Unicorn-26403.exe (PID: 11780)
      • Unicorn-27280.exe (PID: 11972)
      • Unicorn-36772.exe (PID: 12136)
      • Unicorn-50915.exe (PID: 12000)
      • Unicorn-59580.exe (PID: 11992)
      • Unicorn-55295.exe (PID: 12080)
      • Unicorn-31619.exe (PID: 12180)
      • Unicorn-37156.exe (PID: 11720)
      • Unicorn-34171.exe (PID: 11848)
      • Unicorn-31811.exe (PID: 12028)
      • Unicorn-61324.exe (PID: 11908)
      • Unicorn-31619.exe (PID: 12188)
      • Unicorn-57432.exe (PID: 12216)
      • Unicorn-54884.exe (PID: 12472)
      • Unicorn-26295.exe (PID: 12508)
      • Unicorn-2476.exe (PID: 12544)
      • Unicorn-11199.exe (PID: 12152)
      • Unicorn-57432.exe (PID: 12224)
      • Unicorn-51485.exe (PID: 12196)
      • Unicorn-54822.exe (PID: 12644)
      • Unicorn-52637.exe (PID: 12676)
      • Unicorn-835.exe (PID: 12692)
      • Unicorn-55652.exe (PID: 12712)
      • Unicorn-13494.exe (PID: 12776)
      • Unicorn-56529.exe (PID: 12860)
      • Unicorn-13607.exe (PID: 12916)
      • Unicorn-56529.exe (PID: 12932)
      • Unicorn-40607.exe (PID: 12948)
      • Unicorn-47044.exe (PID: 12968)
      • Unicorn-35039.exe (PID: 12960)
      • Unicorn-29439.exe (PID: 12940)
      • Unicorn-37784.exe (PID: 12796)
      • Unicorn-55652.exe (PID: 12736)
      • Unicorn-55652.exe (PID: 12720)
      • Unicorn-4727.exe (PID: 12908)
      • Unicorn-35039.exe (PID: 12876)
      • Unicorn-10592.exe (PID: 13184)
      • Unicorn-35039.exe (PID: 12868)
      • Unicorn-4727.exe (PID: 13052)
      • Unicorn-1927.exe (PID: 12896)
      • Unicorn-13607.exe (PID: 13004)
      • Unicorn-47541.exe (PID: 12924)
      • Unicorn-35039.exe (PID: 12884)
      • Unicorn-14256.exe (PID: 4692)
      • Unicorn-64526.exe (PID: 12564)
      • Unicorn-11516.exe (PID: 8024)
      • Unicorn-24646.exe (PID: 13344)
      • Unicorn-49342.exe (PID: 13352)
      • Unicorn-36021.exe (PID: 13360)
      • Unicorn-2964.exe (PID: 13392)
      • Unicorn-11132.exe (PID: 13420)
      • Unicorn-24454.exe (PID: 13412)
      • Unicorn-57318.exe (PID: 13468)
      • Unicorn-33774.exe (PID: 13548)
      • Unicorn-12284.exe (PID: 13568)
      • Unicorn-33774.exe (PID: 13540)
      • Unicorn-52165.exe (PID: 13448)
      • Unicorn-52165.exe (PID: 13444)
      • Unicorn-20178.exe (PID: 13480)
      • Unicorn-45149.exe (PID: 13620)
      • Unicorn-44957.exe (PID: 13660)
      • Unicorn-57017.exe (PID: 13668)
      • Unicorn-835.exe (PID: 12684)
      • Unicorn-33198.exe (PID: 13724)

    • Reads the computer name

      • 1 (1342).exe (PID: 5200)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-13404.exe (PID: 2600)
      • Unicorn-42782.exe (PID: 208)
      • Unicorn-25484.exe (PID: 7688)
      • Unicorn-14473.exe (PID: 7792)
      • Unicorn-64442.exe (PID: 8032)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-20655.exe (PID: 8136)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-42969.exe (PID: 8604)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-50950.exe (PID: 5056)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-51884.exe (PID: 8564)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-11173.exe (PID: 8644)
      • Unicorn-48293.exe (PID: 8708)
      • Unicorn-9995.exe (PID: 8776)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-39269.exe (PID: 8920)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-24734.exe (PID: 9228)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-58375.exe (PID: 8500)
      • Unicorn-41070.exe (PID: 9056)
      • Unicorn-47437.exe (PID: 9392)
      • Unicorn-24054.exe (PID: 1312)
      • Unicorn-6596.exe (PID: 9156)
      • Unicorn-57681.exe (PID: 8588)
      • Unicorn-2917.exe (PID: 9572)
      • Unicorn-45792.exe (PID: 9224)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-44469.exe (PID: 9204)
      • Unicorn-43908.exe (PID: 6456)
      • Unicorn-12844.exe (PID: 8104)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-11085.exe (PID: 9552)
      • Unicorn-2725.exe (PID: 9592)
      • Unicorn-55818.exe (PID: 9620)
      • Unicorn-44142.exe (PID: 9696)
      • Unicorn-23722.exe (PID: 9688)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-37488.exe (PID: 10132)
      • Unicorn-44972.exe (PID: 9896)
      • Unicorn-17290.exe (PID: 10164)
      • Unicorn-30611.exe (PID: 10140)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-48864.exe (PID: 9964)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-8708.exe (PID: 10056)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-27126.exe (PID: 9988)
      • Unicorn-16876.exe (PID: 10116)
      • Unicorn-30611.exe (PID: 10148)
      • Unicorn-40369.exe (PID: 9568)
      • Unicorn-17290.exe (PID: 10172)
      • Unicorn-56394.exe (PID: 9848)
      • Unicorn-53654.exe (PID: 9980)
      • Unicorn-3384.exe (PID: 10004)
      • Unicorn-4432.exe (PID: 10212)
      • Unicorn-32234.exe (PID: 9612)
      • Unicorn-40369.exe (PID: 10232)

    • The sample compiled with chinese language support

      • 1 (1342).exe (PID: 5200)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-9035.exe (PID: 9184)
      • Unicorn-17290.exe (PID: 10164)
      • Unicorn-20655.exe (PID: 8136)
      • Unicorn-8765.exe (PID: 7680)
      • Unicorn-2725.exe (PID: 9592)
      • Unicorn-42517.exe (PID: 7696)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-24695.exe (PID: 8476)
      • Unicorn-28818.exe (PID: 8412)
      • Unicorn-31324.exe (PID: 7716)
      • Unicorn-64458.exe (PID: 8636)
      • Unicorn-51884.exe (PID: 8564)
      • Unicorn-60198.exe (PID: 10528)
      • Unicorn-27614.exe (PID: 9752)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-45792.exe (PID: 9224)
      • Unicorn-42782.exe (PID: 1852)
      • Unicorn-47349.exe (PID: 9728)
      • Unicorn-11085.exe (PID: 9552)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-18942.exe (PID: 7248)
      • Unicorn-22080.exe (PID: 8700)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-23722.exe (PID: 9688)
      • Unicorn-22147.exe (PID: 8808)
      • Unicorn-11173.exe (PID: 8644)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-22719.exe (PID: 8760)
      • Unicorn-31973.exe (PID: 9912)
      • Unicorn-48864.exe (PID: 9964)
      • Unicorn-44972.exe (PID: 9896)
      • Unicorn-62185.exe (PID: 10048)
      • Unicorn-16876.exe (PID: 10116)
      • Unicorn-30611.exe (PID: 10148)
      • Unicorn-9995.exe (PID: 8776)
      • Unicorn-17290.exe (PID: 10172)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-27609.exe (PID: 10600)
      • Unicorn-60488.exe (PID: 9972)
      • Unicorn-7831.exe (PID: 9948)
      • Unicorn-40369.exe (PID: 10232)
      • Unicorn-39269.exe (PID: 8920)
      • Unicorn-45242.exe (PID: 10668)
      • Unicorn-52044.exe (PID: 9164)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-37488.exe (PID: 10132)
      • Unicorn-64442.exe (PID: 8032)
      • Unicorn-57089.exe (PID: 10124)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-24874.exe (PID: 9956)
      • Unicorn-52076.exe (PID: 8252)
      • Unicorn-12424.exe (PID: 10932)
      • Unicorn-19726.exe (PID: 10308)
      • Unicorn-40369.exe (PID: 9568)
      • Unicorn-32234.exe (PID: 9612)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-33456.exe (PID: 8352)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-24734.exe (PID: 9228)
      • Unicorn-2185.exe (PID: 2552)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-43908.exe (PID: 6456)
      • Unicorn-12844.exe (PID: 8104)
      • Unicorn-49565.exe (PID: 10912)
      • Unicorn-8952.exe (PID: 8528)
      • Unicorn-41070.exe (PID: 9056)
      • Unicorn-33270.exe (PID: 7916)
      • Unicorn-33753.exe (PID: 9256)
      • Unicorn-18771.exe (PID: 1196)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-20733.exe (PID: 9196)
      • Unicorn-55575.exe (PID: 1228)
      • Unicorn-31628.exe (PID: 6476)
      • Unicorn-31084.exe (PID: 7892)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-51329.exe (PID: 11044)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-50950.exe (PID: 5056)
      • Unicorn-27868.exe (PID: 8596)
      • Unicorn-42782.exe (PID: 208)
      • Unicorn-33270.exe (PID: 7692)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-56643.exe (PID: 1052)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-25886.exe (PID: 8348)
      • Unicorn-3362.exe (PID: 10996)
      • Unicorn-51137.exe (PID: 9212)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-50685.exe (PID: 7736)
      • Unicorn-48402.exe (PID: 6700)
      • Unicorn-33753.exe (PID: 9260)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-14473.exe (PID: 7792)
      • Unicorn-6596.exe (PID: 9156)
      • Unicorn-30051.exe (PID: 7392)
      • Unicorn-13617.exe (PID: 5280)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-229.exe (PID: 9240)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-55818.exe (PID: 9620)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-44469.exe (PID: 9204)
      • Unicorn-57681.exe (PID: 8588)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-42969.exe (PID: 8604)
      • Unicorn-31511.exe (PID: 8536)
      • Unicorn-21109.exe (PID: 672)
      • Unicorn-48293.exe (PID: 8708)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-42699.exe (PID: 5892)
      • Unicorn-64562.exe (PID: 9792)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-21478.exe (PID: 10580)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-8236.exe (PID: 10660)
      • Unicorn-59513.exe (PID: 10432)
      • Unicorn-44142.exe (PID: 9696)
      • Unicorn-50924.exe (PID: 8492)
      • Unicorn-43789.exe (PID: 11076)
      • Unicorn-8708.exe (PID: 10056)
      • Unicorn-27126.exe (PID: 9988)
      • Unicorn-3384.exe (PID: 10004)
      • Unicorn-4432.exe (PID: 10212)
      • Unicorn-63462.exe (PID: 11120)
      • Unicorn-29529.exe (PID: 11172)
      • Unicorn-19498.exe (PID: 11212)
      • Unicorn-43819.exe (PID: 11192)
      • Unicorn-3109.exe (PID: 9904)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-22430.exe (PID: 11096)
      • Unicorn-24049.exe (PID: 1184)
      • Unicorn-63353.exe (PID: 2288)
      • Unicorn-18154.exe (PID: 11136)
      • Unicorn-60997.exe (PID: 9012)
      • Unicorn-30406.exe (PID: 11152)
      • Unicorn-42782.exe (PID: 7752)
      • Unicorn-64614.exe (PID: 8880)
      • Unicorn-20925.exe (PID: 9480)
      • Unicorn-44820.exe (PID: 7908)
      • Unicorn-2917.exe (PID: 9572)
      • Unicorn-39918.exe (PID: 11220)
      • Unicorn-19970.exe (PID: 7264)
      • Unicorn-30878.exe (PID: 4980)
      • Unicorn-18429.exe (PID: 11244)
      • Unicorn-52362.exe (PID: 8884)
      • Unicorn-16333.exe (PID: 8424)
      • Unicorn-60530.exe (PID: 1912)
      • Unicorn-60530.exe (PID: 10324)
      • Unicorn-30681.exe (PID: 10504)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-27365.exe (PID: 11532)
      • Unicorn-63077.exe (PID: 11332)
      • Unicorn-31100.exe (PID: 9356)
      • Unicorn-25702.exe (PID: 9032)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-28958.exe (PID: 9920)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-9876.exe (PID: 10488)
      • Unicorn-64614.exe (PID: 10340)
      • Unicorn-22443.exe (PID: 10012)
      • Unicorn-35112.exe (PID: 8820)
      • Unicorn-53654.exe (PID: 9980)
      • Unicorn-25263.exe (PID: 8896)
      • Unicorn-51224.exe (PID: 10156)
      • Unicorn-58484.exe (PID: 8892)
      • Unicorn-64562.exe (PID: 9788)
      • Unicorn-18045.exe (PID: 2968)
      • Unicorn-35258.exe (PID: 11412)
      • Unicorn-22321.exe (PID: 7800)
      • Unicorn-35258.exe (PID: 11420)
      • Unicorn-55377.exe (PID: 8872)
      • Unicorn-4706.exe (PID: 11620)
      • Unicorn-11775.exe (PID: 11572)
      • Unicorn-23006.exe (PID: 11348)
      • Unicorn-51978.exe (PID: 11268)
      • Unicorn-64785.exe (PID: 10484)
      • Unicorn-976.exe (PID: 8756)
      • Unicorn-26213.exe (PID: 6876)
      • Unicorn-54993.exe (PID: 11276)
      • Unicorn-32304.exe (PID: 10572)
      • Unicorn-3140.exe (PID: 11340)
      • Unicorn-51101.exe (PID: 10556)
      • Unicorn-9876.exe (PID: 10704)
      • Unicorn-20266.exe (PID: 11524)
      • Unicorn-42117.exe (PID: 11956)
      • Unicorn-16457.exe (PID: 3268)
      • Unicorn-59580.exe (PID: 11992)
      • Unicorn-58375.exe (PID: 8500)
      • Unicorn-18045.exe (PID: 5576)
      • Unicorn-60530.exe (PID: 7572)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-1883.exe (PID: 11588)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-44256.exe (PID: 11632)
      • Unicorn-57432.exe (PID: 12224)
      • Unicorn-26021.exe (PID: 11468)
      • Unicorn-24350.exe (PID: 11508)
      • Unicorn-23089.exe (PID: 11688)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-24934.exe (PID: 12144)
      • Unicorn-50915.exe (PID: 12000)
      • Unicorn-40363.exe (PID: 11600)
      • Unicorn-22705.exe (PID: 12092)
      • Unicorn-57432.exe (PID: 12216)
      • Unicorn-19114.exe (PID: 3968)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-16958.exe (PID: 11680)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-34171.exe (PID: 11848)
      • Unicorn-23089.exe (PID: 11696)
      • Unicorn-16958.exe (PID: 11672)
      • Unicorn-3223.exe (PID: 11664)
      • Unicorn-27280.exe (PID: 11972)
      • Unicorn-55853.exe (PID: 11964)
      • Unicorn-36964.exe (PID: 11920)
      • Unicorn-30611.exe (PID: 10140)
      • Unicorn-36772.exe (PID: 12136)
      • Unicorn-26403.exe (PID: 11780)
      • Unicorn-56949.exe (PID: 11560)
      • Unicorn-30297.exe (PID: 11452)
      • Unicorn-64505.exe (PID: 456)
      • Unicorn-63856.exe (PID: 11640)
      • Unicorn-36964.exe (PID: 11912)

    • Create files in a temporary directory

      • Unicorn-54131.exe (PID: 7820)
      • Unicorn-18942.exe (PID: 7248)
      • Unicorn-30051.exe (PID: 7392)
      • 1 (1342).exe (PID: 5200)
      • Unicorn-57146.exe (PID: 7856)
      • Unicorn-22393.exe (PID: 8148)
      • Unicorn-33196.exe (PID: 7828)
      • Unicorn-40767.exe (PID: 8172)
      • Unicorn-31630.exe (PID: 4000)
      • Unicorn-15848.exe (PID: 4652)
      • Unicorn-2007.exe (PID: 7864)
      • Unicorn-59149.exe (PID: 1188)
      • Unicorn-33514.exe (PID: 7452)
      • Unicorn-61417.exe (PID: 3676)
      • Unicorn-34645.exe (PID: 8140)
      • Unicorn-37275.exe (PID: 7520)
      • Unicorn-29984.exe (PID: 7560)
      • Unicorn-58485.exe (PID: 7536)
      • Unicorn-354.exe (PID: 6576)
      • Unicorn-58485.exe (PID: 6752)
      • Unicorn-59454.exe (PID: 4188)
      • Unicorn-60514.exe (PID: 7604)
      • Unicorn-42132.exe (PID: 6004)
      • Unicorn-12143.exe (PID: 8016)
      • Unicorn-13425.exe (PID: 1452)
      • Unicorn-24225.exe (PID: 5332)
      • Unicorn-2827.exe (PID: 5640)
      • Unicorn-22393.exe (PID: 7640)
      • Unicorn-17318.exe (PID: 2392)
      • Unicorn-38942.exe (PID: 5384)
      • Unicorn-13404.exe (PID: 2600)
      • Unicorn-38942.exe (PID: 7524)
      • Unicorn-8765.exe (PID: 7680)
      • Unicorn-44820.exe (PID: 7908)
      • Unicorn-35449.exe (PID: 5552)
      • Unicorn-64442.exe (PID: 8032)
      • Unicorn-33270.exe (PID: 7692)
      • Unicorn-48402.exe (PID: 6700)
      • Unicorn-64489.exe (PID: 5008)
      • Unicorn-3154.exe (PID: 7616)
      • Unicorn-31084.exe (PID: 7892)
      • Unicorn-65319.exe (PID: 5756)
      • Unicorn-50685.exe (PID: 7736)
      • Unicorn-54956.exe (PID: 2268)
      • Unicorn-56643.exe (PID: 1052)
      • Unicorn-45168.exe (PID: 4724)
      • Unicorn-33078.exe (PID: 8044)
      • Unicorn-20655.exe (PID: 8136)
      • Unicorn-3612.exe (PID: 4976)
      • Unicorn-50950.exe (PID: 5056)
      • Unicorn-51884.exe (PID: 8564)
      • Unicorn-42969.exe (PID: 8600)
      • Unicorn-6513.exe (PID: 8448)
      • Unicorn-9995.exe (PID: 8776)
      • Unicorn-22147.exe (PID: 8808)
      • Unicorn-35112.exe (PID: 8820)
      • Unicorn-40722.exe (PID: 8784)
      • Unicorn-21109.exe (PID: 672)
      • Unicorn-22080.exe (PID: 8700)
      • Unicorn-42517.exe (PID: 7696)
      • Unicorn-42969.exe (PID: 8604)
      • Unicorn-30809.exe (PID: 7912)
      • Unicorn-31324.exe (PID: 7716)
      • Unicorn-42699.exe (PID: 6184)
      • Unicorn-39269.exe (PID: 8920)
      • Unicorn-5619.exe (PID: 9168)
      • Unicorn-27031.exe (PID: 8180)
      • Unicorn-25886.exe (PID: 8356)
      • Unicorn-39107.exe (PID: 7148)
      • Unicorn-16457.exe (PID: 3268)
      • Unicorn-33270.exe (PID: 7916)
      • Unicorn-60997.exe (PID: 9012)
      • Unicorn-51137.exe (PID: 9212)
      • Unicorn-25886.exe (PID: 8348)
      • Unicorn-20925.exe (PID: 9480)
      • Unicorn-19970.exe (PID: 7264)
      • Unicorn-33753.exe (PID: 9256)
      • Unicorn-6596.exe (PID: 9156)
      • Unicorn-16333.exe (PID: 8424)
      • Unicorn-33753.exe (PID: 9260)
      • Unicorn-31100.exe (PID: 9356)
      • Unicorn-25484.exe (PID: 7688)
      • Unicorn-60997.exe (PID: 9020)
      • Unicorn-42782.exe (PID: 1852)
      • Unicorn-29155.exe (PID: 8560)
      • Unicorn-30878.exe (PID: 4980)
      • Unicorn-31628.exe (PID: 6476)
      • Unicorn-44142.exe (PID: 9696)
      • Unicorn-31511.exe (PID: 8536)
      • Unicorn-23722.exe (PID: 9688)
      • Unicorn-42699.exe (PID: 5892)
      • Unicorn-64562.exe (PID: 9788)
      • Unicorn-40887.exe (PID: 9872)
      • Unicorn-23530.exe (PID: 9768)
      • Unicorn-60488.exe (PID: 9972)
      • Unicorn-28958.exe (PID: 9920)
      • Unicorn-3384.exe (PID: 9996)
      • Unicorn-40887.exe (PID: 9864)
      • Unicorn-62185.exe (PID: 10048)
      • Unicorn-30611.exe (PID: 10148)
      • Unicorn-19726.exe (PID: 10308)

    • Reads security settings of Internet Explorer

      • BackgroundTransferHost.exe (PID: 1812)
      • BackgroundTransferHost.exe (PID: 2140)
      • BackgroundTransferHost.exe (PID: 7484)
      • BackgroundTransferHost.exe (PID: 6700)
      • BackgroundTransferHost.exe (PID: 8088)
      • BackgroundTransferHost.exe (PID: 5056)
      • BackgroundTransferHost.exe (PID: 8860)

    • Checks proxy server information

      • BackgroundTransferHost.exe (PID: 2140)

    • Reads the software policy settings

      • BackgroundTransferHost.exe (PID: 2140)

    • Creates files or folders in the user directory

      • BackgroundTransferHost.exe (PID: 2140)
      • WerFault.exe (PID: 5344)
      • WerFault.exe (PID: 10536)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable Microsoft Visual Basic 6 (90.6)
.exe | Win32 Executable (generic) (4.9)
.exe | Generic Win/DOS Executable (2.2)
.exe | DOS Executable Generic (2.2)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:01:19 13:34:56+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 176128
InitializedDataSize: 299008
UninitializedDataSize: -
EntryPoint: 0x13d4
OSVersion: 4
ImageVersion: 1
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 1.0.0.0
ProductVersionNumber: 1.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Chinese (Simplified)
CharacterSet: Unicode
CompanyName: UEFI
ProductName: Kawaii-Unicorn
FileVersion: 1
ProductVersion: 1
InternalName: Kawaii-Unicorn
OriginalFileName: Kawaii-Unicorn.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
496
Monitored processes
356
Malicious processes
50
Suspicious processes
70

Behavior graph

Click at the process to see the details
start 1 (1342).exe unicorn-18942.exe sppextcomobj.exe no specs unicorn-30051.exe unicorn-54131.exe unicorn-33196.exe unicorn-57146.exe unicorn-2007.exe unicorn-34645.exe unicorn-22393.exe unicorn-40767.exe unicorn-27031.exe unicorn-31630.exe unicorn-15848.exe unicorn-35449.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe unicorn-59149.exe unicorn-61417.exe unicorn-33514.exe unicorn-29984.exe unicorn-37275.exe unicorn-38942.exe unicorn-38942.exe unicorn-59454.exe unicorn-65319.exe unicorn-58485.exe unicorn-58485.exe unicorn-2185.exe unicorn-3154.exe unicorn-54956.exe unicorn-354.exe backgroundtransferhost.exe no specs backgroundtransferhost.exe no specs unicorn-60514.exe unicorn-42132.exe unicorn-33078.exe unicorn-12143.exe backgroundtransferhost.exe no specs unicorn-13425.exe unicorn-63181.exe unicorn-17318.exe unicorn-24225.exe unicorn-21109.exe unicorn-2827.exe unicorn-42699.exe unicorn-42699.exe unicorn-13404.exe unicorn-22393.exe unicorn-30809.exe unicorn-33270.exe unicorn-33270.exe unicorn-8765.exe unicorn-31324.exe unicorn-42517.exe unicorn-25484.exe unicorn-44820.exe unicorn-14473.exe unicorn-50685.exe unicorn-42782.exe unicorn-42782.exe unicorn-42782.exe unicorn-31084.exe backgroundtransferhost.exe no specs unicorn-13617.exe unicorn-64442.exe unicorn-18771.exe unicorn-48402.exe unicorn-56643.exe unicorn-64489.exe unicorn-30878.exe unicorn-45168.exe werfault.exe no specs unicorn-20655.exe unicorn-3612.exe unicorn-50950.exe unicorn-31628.exe unicorn-6513.exe unicorn-24695.exe unicorn-50924.exe unicorn-31511.exe unicorn-51884.exe unicorn-42969.exe unicorn-42969.exe unicorn-64458.exe unicorn-11173.exe unicorn-22080.exe unicorn-48293.exe unicorn-2356.exe unicorn-22719.exe unicorn-9995.exe unicorn-40722.exe unicorn-22147.exe unicorn-35112.exe backgroundtransferhost.exe no specs unicorn-25263.exe unicorn-39269.exe unicorn-6596.exe unicorn-52044.exe unicorn-5619.exe unicorn-9035.exe unicorn-20733.exe unicorn-44469.exe unicorn-51137.exe unicorn-52076.exe unicorn-39107.exe unicorn-33456.exe unicorn-28818.exe unicorn-16333.exe unicorn-24049.exe unicorn-58375.exe unicorn-8952.exe unicorn-24054.exe unicorn-43908.exe unicorn-29155.exe unicorn-64505.exe unicorn-55575.exe unicorn-12844.exe unicorn-57681.exe unicorn-27868.exe unicorn-16457.exe unicorn-25886.exe unicorn-25886.exe unicorn-976.exe unicorn-60997.exe unicorn-25702.exe unicorn-60997.exe unicorn-19970.exe unicorn-41070.exe unicorn-45792.exe unicorn-24734.exe unicorn-229.exe unicorn-33753.exe unicorn-33753.exe unicorn-421.exe unicorn-31100.exe unicorn-47437.exe no specs unicorn-20925.exe unicorn-11085.exe unicorn-2917.exe unicorn-2725.exe unicorn-55818.exe unicorn-23722.exe unicorn-44142.exe unicorn-47349.exe unicorn-27614.exe unicorn-23530.exe unicorn-64562.exe unicorn-64562.exe unicorn-56394.exe unicorn-15361.exe unicorn-40887.exe unicorn-40887.exe unicorn-44972.exe unicorn-3109.exe unicorn-31973.exe unicorn-28958.exe unicorn-7831.exe unicorn-24874.exe unicorn-48864.exe unicorn-60488.exe unicorn-53654.exe unicorn-27126.exe unicorn-3384.exe unicorn-3384.exe unicorn-22443.exe unicorn-55325.exe unicorn-62185.exe unicorn-8708.exe unicorn-23805.exe unicorn-16876.exe unicorn-57089.exe unicorn-37488.exe unicorn-30611.exe unicorn-30611.exe unicorn-51224.exe unicorn-17290.exe unicorn-17290.exe unicorn-4432.exe unicorn-40369.exe unicorn-40369.exe unicorn-32234.exe unicorn-19726.exe unicorn-59513.exe unicorn-63768.exe unicorn-60198.exe werfault.exe no specs unicorn-21478.exe unicorn-27609.exe unicorn-8236.exe unicorn-45242.exe unicorn-49565.exe unicorn-12424.exe unicorn-3362.exe unicorn-51329.exe unicorn-43789.exe unicorn-22430.exe unicorn-63462.exe unicorn-18154.exe unicorn-30406.exe unicorn-29529.exe unicorn-43819.exe unicorn-19498.exe unicorn-39918.exe unicorn-18429.exe unicorn-60530.exe unicorn-60530.exe unicorn-60530.exe unicorn-52362.exe unicorn-55377.exe unicorn-58484.exe unicorn-64614.exe unicorn-64614.exe unicorn-63353.exe unicorn-22321.exe unicorn-30681.exe unicorn-32304.exe unicorn-51101.exe unicorn-9876.exe unicorn-9876.exe unicorn-64785.exe unicorn-19114.exe unicorn-26213.exe unicorn-18045.exe unicorn-18045.exe unicorn-51978.exe unicorn-54993.exe unicorn-63077.exe unicorn-3140.exe unicorn-23006.exe unicorn-35258.exe unicorn-35258.exe werfault.exe no specs unicorn-30297.exe unicorn-26021.exe unicorn-24350.exe unicorn-20266.exe unicorn-27365.exe unicorn-56949.exe unicorn-11775.exe unicorn-1883.exe unicorn-40363.exe unicorn-4706.exe unicorn-44256.exe unicorn-63856.exe unicorn-3223.exe unicorn-16958.exe unicorn-16958.exe unicorn-23089.exe unicorn-23089.exe unicorn-37156.exe no specs unicorn-26403.exe unicorn-34171.exe unicorn-7115.exe no specs unicorn-36964.exe unicorn-36964.exe unicorn-42117.exe unicorn-55853.exe unicorn-27280.exe unicorn-59580.exe unicorn-50915.exe unicorn-31811.exe no specs unicorn-65361.exe no specs unicorn-55295.exe no specs unicorn-22705.exe unicorn-36772.exe unicorn-24934.exe unicorn-11199.exe no specs unicorn-11199.exe no specs unicorn-49439.exe no specs unicorn-31619.exe no specs unicorn-31619.exe no specs unicorn-51485.exe no specs unicorn-57432.exe unicorn-57432.exe unicorn-32735.exe no specs unicorn-61324.exe no specs unicorn-6197.exe no specs unicorn-54884.exe no specs unicorn-54884.exe no specs unicorn-26295.exe no specs unicorn-55398.exe no specs unicorn-2476.exe no specs unicorn-22019.exe no specs unicorn-10452.exe no specs unicorn-10452.exe no specs unicorn-54822.exe no specs unicorn-15133.exe no specs unicorn-52637.exe no specs unicorn-52637.exe no specs unicorn-835.exe no specs unicorn-835.exe no specs unicorn-55652.exe no specs unicorn-55652.exe no specs unicorn-55652.exe no specs unicorn-13494.exe no specs unicorn-16294.exe no specs unicorn-37784.exe no specs unicorn-37784.exe no specs unicorn-51013.exe no specs unicorn-56529.exe no specs unicorn-35039.exe no specs unicorn-35039.exe no specs unicorn-35039.exe no specs unicorn-1927.exe no specs unicorn-4727.exe no specs unicorn-13607.exe no specs unicorn-47541.exe no specs unicorn-56529.exe no specs unicorn-29439.exe no specs unicorn-40607.exe no specs unicorn-35039.exe no specs unicorn-47044.exe no specs unicorn-26043.exe no specs unicorn-47044.exe no specs unicorn-13607.exe no specs unicorn-4727.exe no specs unicorn-4727.exe no specs unicorn-10592.exe no specs unicorn-10592.exe no specs unicorn-4727.exe no specs unicorn-10592.exe no specs unicorn-13980.exe no specs werfault.exe no specs unicorn-14256.exe no specs unicorn-64526.exe no specs unicorn-11516.exe no specs unicorn-52549.exe no specs unicorn-57702.exe no specs unicorn-24646.exe no specs unicorn-49342.exe no specs unicorn-36021.exe no specs unicorn-2964.exe no specs unicorn-19301.exe no specs unicorn-24454.exe no specs unicorn-11132.exe no specs unicorn-52165.exe no specs unicorn-52165.exe no specs unicorn-57318.exe no specs unicorn-20178.exe no specs unicorn-24262.exe no specs unicorn-33774.exe no specs unicorn-33774.exe no specs unicorn-12284.exe no specs unicorn-50302.exe no specs unicorn-45149.exe no specs unicorn-21330.exe no specs unicorn-44957.exe no specs unicorn-57017.exe no specs unicorn-17054.exe no specs unicorn-12777.exe no specs unicorn-33198.exe no specs unicorn-33198.exe no specs unicorn-49726.exe no specs unicorn-48657.exe no specs unicorn-28791.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
208C:\Users\admin\AppData\Local\Temp\Unicorn-42782.exeC:\Users\admin\AppData\Local\Temp\Unicorn-42782.exe
Unicorn-54956.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-42782.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
456C:\Users\admin\AppData\Local\Temp\Unicorn-64505.exeC:\Users\admin\AppData\Local\Temp\Unicorn-64505.exe
Unicorn-42782.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-64505.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
672C:\Users\admin\AppData\Local\Temp\Unicorn-21109.exeC:\Users\admin\AppData\Local\Temp\Unicorn-21109.exe
Unicorn-33196.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-21109.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1052C:\Users\admin\AppData\Local\Temp\Unicorn-56643.exeC:\Users\admin\AppData\Local\Temp\Unicorn-56643.exe
Unicorn-33078.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-56643.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1184C:\Users\admin\AppData\Local\Temp\Unicorn-24049.exeC:\Users\admin\AppData\Local\Temp\Unicorn-24049.exe
Unicorn-42782.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-24049.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1188C:\Users\admin\AppData\Local\Temp\Unicorn-59149.exeC:\Users\admin\AppData\Local\Temp\Unicorn-59149.exe
Unicorn-57146.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-59149.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1196C:\Users\admin\AppData\Local\Temp\Unicorn-18771.exeC:\Users\admin\AppData\Local\Temp\Unicorn-18771.exe
Unicorn-42132.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-18771.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1228C:\Users\admin\AppData\Local\Temp\Unicorn-55575.exeC:\Users\admin\AppData\Local\Temp\Unicorn-55575.exe
Unicorn-30051.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-55575.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1312C:\Users\admin\AppData\Local\Temp\Unicorn-24054.exeC:\Users\admin\AppData\Local\Temp\Unicorn-24054.exe
Unicorn-57146.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Exit code:
0
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-24054.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
1452C:\Users\admin\AppData\Local\Temp\Unicorn-13425.exeC:\Users\admin\AppData\Local\Temp\Unicorn-13425.exe
Unicorn-33514.exe
User:
admin
Company:
UEFI
Integrity Level:
MEDIUM
Version:
1.00
Modules
Images
c:\users\admin\appdata\local\temp\unicorn-13425.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\msvbvm60.dll
Total events
15 731
Read events
15 710
Write events
21
Delete events
0

Modification events

(PID) Process:(1812) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(1812) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(1812) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(2140) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(2140) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(2140) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(7484) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(7484) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(7484) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6700) BackgroundTransferHost.exeKey:HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content
Operation:writeName:CachePrefix
Value:
Executable files
947
Suspicious files
14
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
2140BackgroundTransferHost.exeC:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\0607cd52-5989-4885-b089-3940ee1d512f.down_data
MD5:
SHA256:
52001 (1342).exeC:\Users\admin\AppData\Local\Temp\Unicorn-18942.exeexecutable
MD5:BCB1A744B1C3E4AEE7BC91A7699146A2
SHA256:3BB8F14AD0D8681395CCABEEE4B8730C08C7BD9B59E095F6C814C5D047BF4D7B
7856Unicorn-57146.exeC:\Users\admin\AppData\Local\Temp\Unicorn-31630.exeexecutable
MD5:8E54A2950DAAE916E07C458FE917E667
SHA256:5568D682D2F117F8F1F189D0346B9778B8612D48C5A4DB708A668A72BD777F98
7392Unicorn-30051.exeC:\Users\admin\AppData\Local\Temp\Unicorn-57146.exeexecutable
MD5:53B93804B33F963ACADBAFAC57FA03F5
SHA256:150156658C6E24F9AC8116DE111BADCBF3A2047F6C76672F5D4D5D7B0B8034FD
7392Unicorn-30051.exeC:\Users\admin\AppData\Local\Temp\Unicorn-15848.exeexecutable
MD5:E1AB84508C142E6A03BBFE02E9F78BCC
SHA256:C439C3DBF9FB4CF44562B4B99522D358C41E769967F0078308252B0DEA8BCAE9
52001 (1342).exeC:\Users\admin\AppData\Local\Temp\Unicorn-35449.exeexecutable
MD5:FB6BB40319A1DA0F9E27D83F0F2B4A79
SHA256:619542DAB5D7CA884F215B34ADDA706806A91CA2B057325E219EFEA25A113B76
7856Unicorn-57146.exeC:\Users\admin\AppData\Local\Temp\Unicorn-59149.exeexecutable
MD5:16135530831367F9A7888858D3AC9954
SHA256:549864A8C9795EFAE0063670EB57CE0A7B9D508E9E8C08B3FB4E504930B298BF
7248Unicorn-18942.exeC:\Users\admin\AppData\Local\Temp\Unicorn-40767.exeexecutable
MD5:FBC84D80D7A1C09E0EACB55F9F9BC20D
SHA256:CD371C7AD96D8E21E1ED87C89559E966EA0B502049D3F360B9A717937AC249B6
7820Unicorn-54131.exeC:\Users\admin\AppData\Local\Temp\Unicorn-29984.exeexecutable
MD5:F3F2560A92EB1120DC9DEF2060276591
SHA256:C3265E88AC8D9618C9ED5CB36A20CF247EFC99D93AD5016CCC6D3866CA33746D
52001 (1342).exeC:\Users\admin\AppData\Local\Temp\Unicorn-2007.exeexecutable
MD5:9306907947A8A7806A6FA8A9D08056E2
SHA256:3C67D62ACB7C47FAEB223160DA056B4BF363175E7B03665560C99DFDD8EA7167
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
8
TCP/UDP connections
35
DNS requests
21
Threats
0

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
23.53.40.176:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6544
svchost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2140
BackgroundTransferHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
7208
backgroundTaskHost.exe
GET
200
184.30.131.245:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
516
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
516
SIHClient.exe
GET
200
23.35.229.160:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
3284
svchost.exe
GET
200
2.16.164.18:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
3284
svchost.exe
GET
200
2.23.246.101:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
2104
svchost.exe
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
23.53.40.176:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
40.113.103.199:443
client.wns.windows.com
MICROSOFT-CORP-MSN-AS-BLOCK
NL
whitelisted
6544
svchost.exe
20.190.159.0:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6544
svchost.exe
184.30.131.245:80
ocsp.digicert.com
AKAMAI-AS
US
whitelisted
2104
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2112
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
6708
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 4.231.128.59
  • 51.104.136.2
  • 40.127.240.158
whitelisted
google.com
  • 142.250.185.206
whitelisted
crl.microsoft.com
  • 23.53.40.176
  • 23.53.40.178
  • 2.16.164.18
  • 2.16.164.106
  • 2.16.164.120
  • 2.16.164.72
  • 2.16.164.24
  • 2.16.164.9
whitelisted
client.wns.windows.com
  • 40.113.103.199
whitelisted
login.live.com
  • 20.190.159.0
  • 40.126.31.3
  • 40.126.31.67
  • 20.190.159.130
  • 40.126.31.73
  • 40.126.31.131
  • 20.190.159.73
  • 20.190.159.2
  • 20.190.159.75
  • 40.126.31.129
  • 20.190.159.129
  • 40.126.31.69
  • 20.190.159.68
  • 40.126.31.71
whitelisted
ocsp.digicert.com
  • 184.30.131.245
whitelisted
arc.msn.com
  • 20.199.58.43
whitelisted
www.bing.com
  • 92.123.104.36
  • 92.123.104.35
  • 92.123.104.30
  • 92.123.104.33
  • 92.123.104.40
  • 92.123.104.37
  • 92.123.104.34
  • 92.123.104.32
  • 92.123.104.38
whitelisted
slscr.update.microsoft.com
  • 172.202.163.200
whitelisted
www.microsoft.com
  • 23.35.229.160
  • 2.23.246.101
whitelisted

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
1 (1342)