| File name: | 1 (298) |
| Full analysis: | https://app.any.run/tasks/dccb5320-c4f1-421c-8ee9-770d3df4317e |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 18:01:33 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 6BAE89AD0B01FDBB5A97BF7328F250A0 |
| SHA1: | A76E5B1C5CAA74BB46CE024B31DD6603FBA104B7 |
| SHA256: | E3639D8550FD539325C49C06DAD2A239BE214E9F0608E82218507CD435887C4B |
| SSDEEP: | 6144:jhNgUsctBDJLA5lwrcYl13ex5tcqlvJGBO/W0mmdTk/8SwjwpyAAEh/kOS6p17ha:jHNntLA5urp4cMhaOO0mmdux4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (298).exe (PID: 6244)
- Unicorn-52086.exe (PID: 1852)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-45672.exe (PID: 960)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-2688.exe (PID: 864)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-49061.exe (PID: 896)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-19710.exe (PID: 7216)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-57997.exe (PID: 744)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-15267.exe (PID: 7696)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-29814.exe (PID: 7780)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-20769.exe (PID: 7932)
- Unicorn-62605.exe (PID: 7972)
- Unicorn-50426.exe (PID: 7876)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-348.exe (PID: 8000)
- Unicorn-56740.exe (PID: 8016)
- Unicorn-903.exe (PID: 7896)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-56740.exe (PID: 8008)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-22859.exe (PID: 208)
- Unicorn-22998.exe (PID: 8104)
- Unicorn-19290.exe (PID: 4212)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-43301.exe (PID: 5280)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-37140.exe (PID: 5084)
- Unicorn-49414.exe (PID: 7572)
- Unicorn-10250.exe (PID: 6824)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-45776.exe (PID: 2244)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-13856.exe (PID: 8560)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-26616.exe (PID: 8444)
- Unicorn-3036.exe (PID: 8488)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-43514.exe (PID: 8544)
- Unicorn-36092.exe (PID: 8624)
- Unicorn-54889.exe (PID: 8604)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-14309.exe (PID: 8796)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-62781.exe (PID: 8888)
- Unicorn-23539.exe (PID: 9044)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-46949.exe (PID: 8732)
- Unicorn-16579.exe (PID: 8860)
- Unicorn-6108.exe (PID: 8832)
- Unicorn-2844.exe (PID: 8804)
- Unicorn-60618.exe (PID: 8912)
- Unicorn-16579.exe (PID: 8812)
- Unicorn-42445.exe (PID: 8528)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-30769.exe (PID: 8852)
- Unicorn-46913.exe (PID: 9120)
- Unicorn-48366.exe (PID: 9020)
- Unicorn-34661.exe (PID: 9132)
- Unicorn-8302.exe (PID: 8868)
- Unicorn-15694.exe (PID: 9012)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-3612.exe (PID: 9160)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-60488.exe (PID: 9256)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-22720.exe (PID: 9232)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-36306.exe (PID: 9240)
- Unicorn-22414.exe (PID: 9292)
- Unicorn-41411.exe (PID: 9436)
- Unicorn-56041.exe (PID: 9332)
- Unicorn-36581.exe (PID: 9388)
- Unicorn-12496.exe (PID: 9492)
- Unicorn-43663.exe (PID: 9540)
- Unicorn-26166.exe (PID: 9508)
- Unicorn-29957.exe (PID: 9588)
- Unicorn-29927.exe (PID: 9532)
- Unicorn-25289.exe (PID: 9640)
- Unicorn-26550.exe (PID: 9660)
Executable content was dropped or overwritten
- 1 (298).exe (PID: 6244)
- Unicorn-52086.exe (PID: 1852)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-45672.exe (PID: 960)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-57997.exe (PID: 744)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-19710.exe (PID: 7216)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-2688.exe (PID: 864)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-15267.exe (PID: 7696)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-29814.exe (PID: 7780)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-49061.exe (PID: 896)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-20769.exe (PID: 7932)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-62605.exe (PID: 7972)
- Unicorn-903.exe (PID: 7896)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-56740.exe (PID: 8008)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-22859.exe (PID: 208)
- Unicorn-22998.exe (PID: 8104)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-19290.exe (PID: 4212)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-37140.exe (PID: 5084)
- Unicorn-49414.exe (PID: 7572)
- Unicorn-10250.exe (PID: 6824)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-45776.exe (PID: 2244)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-56740.exe (PID: 8016)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-348.exe (PID: 8000)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-13856.exe (PID: 8560)
- Unicorn-3036.exe (PID: 8488)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-43514.exe (PID: 8544)
- Unicorn-36092.exe (PID: 8624)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-54889.exe (PID: 8604)
- Unicorn-57857.exe (PID: 8468)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-6108.exe (PID: 8832)
- Unicorn-62781.exe (PID: 8888)
- Unicorn-2844.exe (PID: 8804)
- Unicorn-43301.exe (PID: 5280)
- Unicorn-16579.exe (PID: 8812)
- Unicorn-46913.exe (PID: 9120)
- Unicorn-30769.exe (PID: 8852)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-34661.exe (PID: 9132)
- Unicorn-8302.exe (PID: 8868)
- Unicorn-48366.exe (PID: 9020)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-3612.exe (PID: 9160)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-60488.exe (PID: 9256)
- Unicorn-22720.exe (PID: 9232)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-36306.exe (PID: 9240)
- Unicorn-56041.exe (PID: 9328)
- Unicorn-22414.exe (PID: 9292)
- Unicorn-41411.exe (PID: 9436)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-56041.exe (PID: 9332)
- Unicorn-36581.exe (PID: 9388)
- Unicorn-12496.exe (PID: 9492)
- Unicorn-43663.exe (PID: 9540)
- Unicorn-26166.exe (PID: 9508)
- Unicorn-29927.exe (PID: 9532)
- Unicorn-25289.exe (PID: 9640)
- Unicorn-29957.exe (PID: 9588)
- Unicorn-26550.exe (PID: 9660)
- Unicorn-42445.exe (PID: 8528)
- Unicorn-32754.exe (PID: 9704)
- Unicorn-26616.exe (PID: 8444)
- Unicorn-6565.exe (PID: 8516)
- Unicorn-14309.exe (PID: 8796)
- Unicorn-60618.exe (PID: 8912)
- Unicorn-48890.exe (PID: 9752)
- Unicorn-11219.exe (PID: 9912)
- Unicorn-16579.exe (PID: 8860)
- Unicorn-21588.exe (PID: 9804)
- Unicorn-5273.exe (PID: 9848)
- Unicorn-46949.exe (PID: 8732)
- Unicorn-21226.exe (PID: 9892)
- Unicorn-50426.exe (PID: 7876)
- Unicorn-47800.exe (PID: 9724)
- Unicorn-36685.exe (PID: 9924)
- Unicorn-43959.exe (PID: 9992)
- Unicorn-29093.exe (PID: 10060)
- Unicorn-63965.exe (PID: 9964)
- Unicorn-42283.exe (PID: 10100)
- Unicorn-64105.exe (PID: 10184)
- Unicorn-31314.exe (PID: 10136)
Executes application which crashes
- Unicorn-29134.exe (PID: 6824)
INFO
Checks supported languages
- 1 (298).exe (PID: 6244)
- Unicorn-52086.exe (PID: 1852)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-45672.exe (PID: 960)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-2688.exe (PID: 864)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-29134.exe (PID: 6824)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-57997.exe (PID: 744)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-49061.exe (PID: 896)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-19710.exe (PID: 7216)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-15267.exe (PID: 7696)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-29814.exe (PID: 7780)
- Unicorn-50426.exe (PID: 7876)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-903.exe (PID: 7896)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-20769.exe (PID: 7932)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-62605.exe (PID: 7972)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-348.exe (PID: 8000)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-22998.exe (PID: 8104)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-56740.exe (PID: 8016)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-56740.exe (PID: 8008)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-22859.exe (PID: 208)
- Unicorn-19290.exe (PID: 4212)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-43301.exe (PID: 5280)
- Unicorn-49414.exe (PID: 7572)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-37140.exe (PID: 5084)
- Unicorn-10250.exe (PID: 6824)
- Unicorn-45776.exe (PID: 2244)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-26616.exe (PID: 8444)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-57857.exe (PID: 8468)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-6565.exe (PID: 8516)
- Unicorn-42445.exe (PID: 8528)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-3036.exe (PID: 8488)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-13856.exe (PID: 8560)
- Unicorn-54889.exe (PID: 8604)
- Unicorn-43514.exe (PID: 8544)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-46949.exe (PID: 8732)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-14309.exe (PID: 8796)
- Unicorn-36092.exe (PID: 8624)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-8302.exe (PID: 8868)
- Unicorn-6108.exe (PID: 8832)
- Unicorn-60618.exe (PID: 8912)
- Unicorn-62781.exe (PID: 8888)
- Unicorn-16579.exe (PID: 8860)
- Unicorn-2844.exe (PID: 8804)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-16579.exe (PID: 8812)
- Unicorn-30769.exe (PID: 8852)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-23539.exe (PID: 9044)
- Unicorn-46913.exe (PID: 9120)
- Unicorn-34661.exe (PID: 9132)
- Unicorn-3612.exe (PID: 9160)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-15694.exe (PID: 9012)
- Unicorn-48366.exe (PID: 9020)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-60488.exe (PID: 9256)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-36306.exe (PID: 9240)
- Unicorn-22414.exe (PID: 9292)
- Unicorn-22720.exe (PID: 9232)
- Unicorn-56041.exe (PID: 9328)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-36581.exe (PID: 9388)
- Unicorn-41411.exe (PID: 9436)
- Unicorn-12496.exe (PID: 9492)
- Unicorn-29957.exe (PID: 9588)
- Unicorn-26166.exe (PID: 9508)
- Unicorn-43663.exe (PID: 9540)
- Unicorn-29927.exe (PID: 9532)
- Unicorn-56041.exe (PID: 9332)
- Unicorn-26550.exe (PID: 9660)
- Unicorn-32754.exe (PID: 9704)
- Unicorn-47800.exe (PID: 9724)
- Unicorn-48890.exe (PID: 9752)
- Unicorn-25289.exe (PID: 9640)
- Unicorn-5273.exe (PID: 9848)
- Unicorn-21226.exe (PID: 9892)
- Unicorn-36685.exe (PID: 9924)
- Unicorn-11219.exe (PID: 9912)
- Unicorn-21588.exe (PID: 9804)
- Unicorn-29093.exe (PID: 10060)
- Unicorn-42283.exe (PID: 10100)
- Unicorn-31314.exe (PID: 10136)
- Unicorn-64105.exe (PID: 10184)
- Unicorn-64370.exe (PID: 10192)
- Unicorn-63965.exe (PID: 9964)
- Unicorn-43959.exe (PID: 9992)
- Unicorn-28552.exe (PID: 8304)
- Unicorn-48418.exe (PID: 4784)
- Unicorn-3493.exe (PID: 5048)
- Unicorn-10763.exe (PID: 2084)
- Unicorn-18953.exe (PID: 872)
- Unicorn-10763.exe (PID: 5972)
- Unicorn-54563.exe (PID: 10244)
- Unicorn-43073.exe (PID: 10264)
- Unicorn-29843.exe (PID: 10284)
- Unicorn-14467.exe (PID: 10340)
- Unicorn-8080.exe (PID: 10356)
- Unicorn-25428.exe (PID: 10376)
- Unicorn-44889.exe (PID: 10316)
- Unicorn-37711.exe (PID: 10476)
- Unicorn-46455.exe (PID: 10400)
- Unicorn-7639.exe (PID: 10492)
- Unicorn-57738.exe (PID: 10432)
- Unicorn-28059.exe (PID: 10468)
- Unicorn-10846.exe (PID: 10512)
- Unicorn-32719.exe (PID: 10408)
- Unicorn-51608.exe (PID: 10416)
- Unicorn-48117.exe (PID: 10528)
- Unicorn-52756.exe (PID: 10536)
- Unicorn-52756.exe (PID: 10564)
- Unicorn-23975.exe (PID: 10484)
- Unicorn-52647.exe (PID: 10600)
- Unicorn-52756.exe (PID: 10552)
- Unicorn-10846.exe (PID: 10576)
- Unicorn-36419.exe (PID: 10520)
- Unicorn-15890.exe (PID: 10640)
- Unicorn-1500.exe (PID: 10624)
- Unicorn-21100.exe (PID: 10632)
- Unicorn-7639.exe (PID: 10500)
- Unicorn-845.exe (PID: 10700)
- Unicorn-845.exe (PID: 10592)
- Unicorn-44223.exe (PID: 10764)
- Unicorn-60759.exe (PID: 10772)
- Unicorn-11170.exe (PID: 10824)
- Unicorn-48292.exe (PID: 10832)
- Unicorn-45740.exe (PID: 10780)
- Unicorn-54422.exe (PID: 10848)
- Unicorn-57416.exe (PID: 10856)
- Unicorn-296.exe (PID: 10900)
- Unicorn-296.exe (PID: 10932)
- Unicorn-296.exe (PID: 10924)
- Unicorn-239.exe (PID: 10976)
- Unicorn-45492.exe (PID: 10840)
- Unicorn-57698.exe (PID: 10916)
- Unicorn-11936.exe (PID: 10968)
- Unicorn-57857.exe (PID: 11076)
- Unicorn-8921.exe (PID: 11032)
- Unicorn-24935.exe (PID: 11048)
- Unicorn-59968.exe (PID: 10908)
- Unicorn-44609.exe (PID: 10952)
- Unicorn-30310.exe (PID: 10940)
- Unicorn-24935.exe (PID: 11068)
- Unicorn-14157.exe (PID: 11252)
- Unicorn-58760.exe (PID: 11224)
- Unicorn-12896.exe (PID: 11140)
- Unicorn-644.exe (PID: 11164)
- Unicorn-14712.exe (PID: 11212)
- Unicorn-1713.exe (PID: 11192)
- Unicorn-12896.exe (PID: 11148)
- Unicorn-28255.exe (PID: 11120)
- Unicorn-39823.exe (PID: 3364)
- Unicorn-34002.exe (PID: 6728)
- Unicorn-1329.exe (PID: 11292)
- Unicorn-21750.exe (PID: 5072)
- Unicorn-22496.exe (PID: 11324)
- Unicorn-8620.exe (PID: 11380)
- Unicorn-21750.exe (PID: 8384)
- Unicorn-33125.exe (PID: 11316)
- Unicorn-41293.exe (PID: 11304)
- Unicorn-22496.exe (PID: 11332)
- Unicorn-21797.exe (PID: 11424)
- Unicorn-10613.exe (PID: 11448)
- Unicorn-54806.exe (PID: 11416)
- Unicorn-452.exe (PID: 11396)
- Unicorn-15444.exe (PID: 11508)
- Unicorn-35045.exe (PID: 11544)
- Unicorn-31226.exe (PID: 11536)
- Unicorn-50877.exe (PID: 11580)
- Unicorn-2445.exe (PID: 11456)
- Unicorn-42409.exe (PID: 11480)
- Unicorn-46800.exe (PID: 11472)
- Unicorn-24026.exe (PID: 11496)
- Unicorn-60006.exe (PID: 11608)
- Unicorn-60006.exe (PID: 11624)
- Unicorn-60006.exe (PID: 11600)
- Unicorn-55922.exe (PID: 11632)
- Unicorn-60006.exe (PID: 11616)
- Unicorn-30349.exe (PID: 11652)
- Unicorn-6700.exe (PID: 11712)
- Unicorn-54277.exe (PID: 11768)
- Unicorn-6700.exe (PID: 11704)
- Unicorn-54277.exe (PID: 11776)
- Unicorn-2699.exe (PID: 11824)
- Unicorn-47178.exe (PID: 11800)
- Unicorn-26566.exe (PID: 11720)
- Unicorn-30349.exe (PID: 11656)
- Unicorn-15465.exe (PID: 11856)
- Unicorn-61551.exe (PID: 11844)
- Unicorn-31994.exe (PID: 11876)
- Unicorn-55621.exe (PID: 11892)
- Unicorn-21610.exe (PID: 11924)
- Unicorn-44500.exe (PID: 11944)
- Unicorn-65434.exe (PID: 11964)
- Unicorn-65434.exe (PID: 11972)
- Unicorn-51136.exe (PID: 11980)
- Unicorn-32186.exe (PID: 12044)
- Unicorn-11500.exe (PID: 12060)
- Unicorn-23141.exe (PID: 12080)
- Unicorn-46337.exe (PID: 12124)
- Unicorn-31392.exe (PID: 12116)
- Unicorn-48833.exe (PID: 12008)
- Unicorn-3851.exe (PID: 12172)
- Unicorn-63680.exe (PID: 12180)
- Unicorn-64676.exe (PID: 12264)
- Unicorn-27975.exe (PID: 5740)
- Unicorn-26706.exe (PID: 12444)
- Unicorn-58693.exe (PID: 12500)
- Unicorn-30982.exe (PID: 12492)
- Unicorn-6477.exe (PID: 12532)
- Unicorn-13192.exe (PID: 12588)
- Unicorn-60347.exe (PID: 12608)
- Unicorn-24677.exe (PID: 12388)
- Unicorn-37998.exe (PID: 12396)
- Unicorn-63462.exe (PID: 12624)
- Unicorn-20033.exe (PID: 12812)
- Unicorn-34573.exe (PID: 12740)
- Unicorn-19668.exe (PID: 12716)
- Unicorn-31869.exe (PID: 12904)
- Unicorn-8568.exe (PID: 12804)
- Unicorn-12682.exe (PID: 12880)
- Unicorn-62393.exe (PID: 12960)
- Unicorn-8916.exe (PID: 13128)
- Unicorn-32373.exe (PID: 13032)
- Unicorn-31395.exe (PID: 13048)
- Unicorn-37526.exe (PID: 13064)
- Unicorn-27713.exe (PID: 13116)
- Unicorn-28211.exe (PID: 13168)
- Unicorn-58008.exe (PID: 13196)
The sample compiled with chinese language support
- 1 (298).exe (PID: 6244)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-29957.exe (PID: 9588)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-57997.exe (PID: 744)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-25289.exe (PID: 9640)
- Unicorn-26550.exe (PID: 9660)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-11219.exe (PID: 9912)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-52086.exe (PID: 1852)
- Unicorn-45672.exe (PID: 960)
- Unicorn-903.exe (PID: 7896)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-5273.exe (PID: 9848)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-26616.exe (PID: 8444)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-50426.exe (PID: 7876)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-47800.exe (PID: 9724)
- Unicorn-2688.exe (PID: 864)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-43959.exe (PID: 9992)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-29093.exe (PID: 10060)
- Unicorn-6565.exe (PID: 8516)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-48890.exe (PID: 9752)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-8302.exe (PID: 8868)
- Unicorn-63965.exe (PID: 9964)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-48366.exe (PID: 9020)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-57857.exe (PID: 8468)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-43301.exe (PID: 5280)
- Unicorn-34661.exe (PID: 9132)
- Unicorn-36685.exe (PID: 9924)
- Unicorn-3612.exe (PID: 9160)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-30769.exe (PID: 8852)
- Unicorn-21226.exe (PID: 9892)
- Unicorn-21588.exe (PID: 9804)
- Unicorn-46949.exe (PID: 8732)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-14309.exe (PID: 8796)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-26166.exe (PID: 9508)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-29927.exe (PID: 9532)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-36581.exe (PID: 9388)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-32754.exe (PID: 9704)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-60488.exe (PID: 9256)
- Unicorn-22859.exe (PID: 208)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-43663.exe (PID: 9540)
- Unicorn-42283.exe (PID: 10100)
- Unicorn-49061.exe (PID: 896)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-31314.exe (PID: 10136)
- Unicorn-64105.exe (PID: 10184)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-22414.exe (PID: 9292)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-15267.exe (PID: 7696)
Reads the computer name
- Unicorn-52086.exe (PID: 1852)
- 1 (298).exe (PID: 6244)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-45672.exe (PID: 960)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-2688.exe (PID: 864)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-29134.exe (PID: 6824)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-49061.exe (PID: 896)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-57997.exe (PID: 744)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-19710.exe (PID: 7216)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-15267.exe (PID: 7696)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-29814.exe (PID: 7780)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-20769.exe (PID: 7932)
- Unicorn-50426.exe (PID: 7876)
- Unicorn-62605.exe (PID: 7972)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-56740.exe (PID: 8016)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-348.exe (PID: 8000)
- Unicorn-903.exe (PID: 7896)
- Unicorn-56740.exe (PID: 8008)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-22859.exe (PID: 208)
- Unicorn-22998.exe (PID: 8104)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-43301.exe (PID: 5280)
- Unicorn-19290.exe (PID: 4212)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-49414.exe (PID: 7572)
- Unicorn-37140.exe (PID: 5084)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-10250.exe (PID: 6824)
- Unicorn-45776.exe (PID: 2244)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-13856.exe (PID: 8560)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-26616.exe (PID: 8444)
- Unicorn-3036.exe (PID: 8488)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-6565.exe (PID: 8516)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-54889.exe (PID: 8604)
- Unicorn-43514.exe (PID: 8544)
- Unicorn-36092.exe (PID: 8624)
- Unicorn-57857.exe (PID: 8468)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-62781.exe (PID: 8888)
- Unicorn-16579.exe (PID: 8812)
- Unicorn-14309.exe (PID: 8796)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-6108.exe (PID: 8832)
- Unicorn-16579.exe (PID: 8860)
- Unicorn-23539.exe (PID: 9044)
- Unicorn-46949.exe (PID: 8732)
- Unicorn-60618.exe (PID: 8912)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-42445.exe (PID: 8528)
- Unicorn-34661.exe (PID: 9132)
- Unicorn-46913.exe (PID: 9120)
- Unicorn-2844.exe (PID: 8804)
- Unicorn-30769.exe (PID: 8852)
- Unicorn-8302.exe (PID: 8868)
- Unicorn-48366.exe (PID: 9020)
- Unicorn-15694.exe (PID: 9012)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-3612.exe (PID: 9160)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-60488.exe (PID: 9256)
- Unicorn-22720.exe (PID: 9232)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-56041.exe (PID: 9328)
- Unicorn-41411.exe (PID: 9436)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-36306.exe (PID: 9240)
- Unicorn-56041.exe (PID: 9332)
- Unicorn-36581.exe (PID: 9388)
- Unicorn-26166.exe (PID: 9508)
- Unicorn-29957.exe (PID: 9588)
- Unicorn-25289.exe (PID: 9640)
- Unicorn-26550.exe (PID: 9660)
- Unicorn-29927.exe (PID: 9532)
Create files in a temporary directory
- Unicorn-45672.exe (PID: 960)
- Unicorn-52086.exe (PID: 1852)
- 1 (298).exe (PID: 6244)
- Unicorn-50419.exe (PID: 5260)
- Unicorn-5703.exe (PID: 5800)
- Unicorn-24754.exe (PID: 7052)
- Unicorn-8255.exe (PID: 5728)
- Unicorn-14120.exe (PID: 4244)
- Unicorn-21490.exe (PID: 2904)
- Unicorn-13316.exe (PID: 3900)
- Unicorn-55226.exe (PID: 5256)
- Unicorn-54385.exe (PID: 1912)
- Unicorn-4520.exe (PID: 3896)
- Unicorn-64996.exe (PID: 5332)
- Unicorn-57997.exe (PID: 744)
- Unicorn-49061.exe (PID: 4068)
- Unicorn-19710.exe (PID: 7216)
- Unicorn-22554.exe (PID: 6108)
- Unicorn-49865.exe (PID: 7192)
- Unicorn-2688.exe (PID: 864)
- Unicorn-8775.exe (PID: 7260)
- Unicorn-44328.exe (PID: 7456)
- Unicorn-51941.exe (PID: 7492)
- Unicorn-40037.exe (PID: 7676)
- Unicorn-41298.exe (PID: 7576)
- Unicorn-15267.exe (PID: 7696)
- Unicorn-8775.exe (PID: 7244)
- Unicorn-21049.exe (PID: 4688)
- Unicorn-52481.exe (PID: 7736)
- Unicorn-35936.exe (PID: 7760)
- Unicorn-29814.exe (PID: 7780)
- Unicorn-41146.exe (PID: 2960)
- Unicorn-32615.exe (PID: 7728)
- Unicorn-62678.exe (PID: 7828)
- Unicorn-49061.exe (PID: 7172)
- Unicorn-64717.exe (PID: 5200)
- Unicorn-50426.exe (PID: 7860)
- Unicorn-49061.exe (PID: 7180)
- Unicorn-20769.exe (PID: 7932)
- Unicorn-46020.exe (PID: 7964)
- Unicorn-37404.exe (PID: 7980)
- Unicorn-28937.exe (PID: 7852)
- Unicorn-46020.exe (PID: 7956)
- Unicorn-11838.exe (PID: 7888)
- Unicorn-62605.exe (PID: 7972)
- Unicorn-22510.exe (PID: 7208)
- Unicorn-41381.exe (PID: 8096)
- Unicorn-50296.exe (PID: 8152)
- Unicorn-4624.exe (PID: 8160)
- Unicorn-55048.exe (PID: 7508)
- Unicorn-22998.exe (PID: 8104)
- Unicorn-22859.exe (PID: 208)
- Unicorn-10929.exe (PID: 7388)
- Unicorn-19290.exe (PID: 4212)
- Unicorn-49039.exe (PID: 1164)
- Unicorn-12444.exe (PID: 7488)
- Unicorn-37140.exe (PID: 5084)
- Unicorn-3015.exe (PID: 4776)
- Unicorn-54297.exe (PID: 7600)
- Unicorn-49414.exe (PID: 7572)
- Unicorn-15532.exe (PID: 7704)
- Unicorn-24910.exe (PID: 7536)
- Unicorn-10250.exe (PID: 6824)
- Unicorn-65449.exe (PID: 7356)
- Unicorn-45776.exe (PID: 2244)
- Unicorn-18880.exe (PID: 8196)
- Unicorn-50767.exe (PID: 8240)
- Unicorn-65340.exe (PID: 8336)
- Unicorn-34157.exe (PID: 8308)
- Unicorn-14556.exe (PID: 8316)
- Unicorn-62678.exe (PID: 7820)
- Unicorn-43768.exe (PID: 8276)
- Unicorn-21210.exe (PID: 8268)
- Unicorn-49061.exe (PID: 896)
- Unicorn-50426.exe (PID: 7868)
- Unicorn-65340.exe (PID: 8344)
- Unicorn-33575.exe (PID: 7800)
- Unicorn-18670.exe (PID: 8396)
- Unicorn-903.exe (PID: 7896)
- Unicorn-348.exe (PID: 8000)
- Unicorn-56740.exe (PID: 8008)
- Unicorn-46020.exe (PID: 7948)
- Unicorn-13103.exe (PID: 8388)
- Unicorn-22554.exe (PID: 6068)
- Unicorn-36683.exe (PID: 5756)
- Unicorn-35107.exe (PID: 8404)
- Unicorn-41376.exe (PID: 8496)
- Unicorn-13856.exe (PID: 8560)
- Unicorn-16877.exe (PID: 8124)
- Unicorn-3036.exe (PID: 8488)
- Unicorn-35107.exe (PID: 8436)
- Unicorn-38284.exe (PID: 8724)
- Unicorn-41376.exe (PID: 8552)
- Unicorn-1604.exe (PID: 8592)
- Unicorn-23094.exe (PID: 8572)
- Unicorn-43514.exe (PID: 8544)
- Unicorn-36092.exe (PID: 8624)
- Unicorn-4359.exe (PID: 8144)
- Unicorn-43514.exe (PID: 8536)
- Unicorn-34770.exe (PID: 8664)
- Unicorn-57857.exe (PID: 8468)
- Unicorn-43130.exe (PID: 8740)
- Unicorn-54889.exe (PID: 8604)
- Unicorn-28639.exe (PID: 8656)
- Unicorn-62496.exe (PID: 8452)
- Unicorn-40176.exe (PID: 8616)
- Unicorn-2844.exe (PID: 8880)
- Unicorn-62781.exe (PID: 8888)
- Unicorn-2844.exe (PID: 8804)
- Unicorn-16579.exe (PID: 8812)
- Unicorn-6108.exe (PID: 8832)
- Unicorn-23094.exe (PID: 8580)
- Unicorn-46913.exe (PID: 9120)
- Unicorn-5479.exe (PID: 9036)
- Unicorn-35599.exe (PID: 8900)
- Unicorn-4017.exe (PID: 9192)
- Unicorn-4017.exe (PID: 9184)
- Unicorn-22720.exe (PID: 9232)
- Unicorn-36306.exe (PID: 9240)
- Unicorn-41411.exe (PID: 9436)
- Unicorn-8686.exe (PID: 9248)
- Unicorn-26166.exe (PID: 9508)
Creates files or folders in the user directory
- WerFault.exe (PID: 7532)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
470
Monitored processes
336
Malicious processes
47
Suspicious processes
40
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 208 | C:\Users\admin\AppData\Local\Temp\Unicorn-22859.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22859.exe | Unicorn-4520.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 744 | C:\Users\admin\AppData\Local\Temp\Unicorn-57997.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57997.exe | Unicorn-8255.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 864 | C:\Users\admin\AppData\Local\Temp\Unicorn-2688.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2688.exe | Unicorn-45672.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-18953.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-18953.exe | — | Unicorn-21210.exe | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 896 | C:\Users\admin\AppData\Local\Temp\Unicorn-49061.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49061.exe | Unicorn-22554.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 960 | C:\Users\admin\AppData\Local\Temp\Unicorn-45672.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45672.exe | 1 (298).exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 976 | C:\WINDOWS\system32\SppExtComObj.exe -Embedding | C:\Windows\System32\SppExtComObj.Exe | — | svchost.exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: KMS Connection Broker Version: 10.0.19041.3996 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1164 | C:\Users\admin\AppData\Local\Temp\Unicorn-49039.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49039.exe | Unicorn-5703.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1852 | C:\Users\admin\AppData\Local\Temp\Unicorn-52086.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52086.exe | 1 (298).exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1912 | C:\Users\admin\AppData\Local\Temp\Unicorn-54385.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-54385.exe | Unicorn-24754.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
Total events
8 447
Read events
8 447
Write events
0
Delete events
0
Modification events
Executable files
738
Suspicious files
3
Text files
1
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 6244 | 1 (298).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-52086.exe | executable | |
MD5:20482EF114B28066D58C12BAFFD60D06 | SHA256:26F7DD24202C16AC5669304679A87D31E63D5FF8FDB7A3278EB48858A190176C | |||
| 6244 | 1 (298).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-50419.exe | executable | |
MD5:5703CED03A576345320C16D77FA5FF37 | SHA256:2DA44CC3E5034C9B812FF520B1383A73C18E079A514DC7C10CC55749CE3807D2 | |||
| 960 | Unicorn-45672.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64717.exe | executable | |
MD5:C3FEED052FAD23E3DCCB310F3445AF4A | SHA256:4B02C126392F1DE19971F19AEB9969540D433D843F917503B49D02D0FE172918 | |||
| 6244 | 1 (298).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45672.exe | executable | |
MD5:A4E6C5354A406CEAF59B6C33C7D61BC5 | SHA256:D9B26E811C2990C58F87643D996F43DF5817F021CAD81EF5B5E193B356A0850D | |||
| 2904 | Unicorn-21490.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24754.exe | executable | |
MD5:8ED524F96BCDCC1438A131C5EF41755C | SHA256:FDC74ECAF1F36747DDC8774D5D245DCC1D6A6E8DF4CCDD665B263448447ADE39 | |||
| 1852 | Unicorn-52086.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-21490.exe | executable | |
MD5:00C720472E76DADC5405B42B3C3E3495 | SHA256:B5339D1BA8C69CBB9DA6026E0EC6A40292F99441E4A2DDFFA79909DCF7931615 | |||
| 5800 | Unicorn-5703.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4520.exe | executable | |
MD5:4DAEDBE4E0E0D52A95A326C7DF4D9DB2 | SHA256:DDC2776B3A97511665244771AE26B30D1530F4C8C5920B8BD1430A557DC9E343 | |||
| 5200 | Unicorn-64717.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-13316.exe | executable | |
MD5:8E64216E8A3D540D32292C9434AF3140 | SHA256:A9B4D1846DF5536C94D20C7155886E8B0A2033AF34721526E797918059CD32D3 | |||
| 2904 | Unicorn-21490.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-5703.exe | executable | |
MD5:B89C1AF5D29451BA47C590FC184D34E6 | SHA256:8D5DAD30608763ED4922A77CF8E2AE948CD741385F79C452293CE92A7166BE0A | |||
| 5256 | Unicorn-55226.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29134.exe | executable | |
MD5:0A05450ED2A1FF1C62E1DD5CBB6B086C | SHA256:B25E2E513BB9E7A50971342419A2ECE3FE597F64DAD065E72855797B12D921C3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 95.101.54.122:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
736 | backgroundTaskHost.exe | GET | 200 | 2.23.77.188:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
6004 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
6004 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
— | — | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 95.101.54.122:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
5496 | MoUsoCoreWorker.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2104 | svchost.exe | 40.127.240.158:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 20.190.160.130:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 2.23.77.188:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
736 | backgroundTaskHost.exe | 20.223.35.26:443 | arc.msn.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |