| File name: | 1 (314) |
| Full analysis: | https://app.any.run/tasks/cfb1de9f-2339-417d-b844-c8bdf632e814 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 21:24:52 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 6DE0593B4F89C1C6E1F2B87251307A20 |
| SHA1: | F3F14851D1CC22E7503EE55B19B13E4E8D271A77 |
| SHA256: | 44225667771C11042C2CF3011A0F1D8C725F7295897EFFC9B93CAFB642FE073C |
| SSDEEP: | 6144:z7N9DsItNDKoA5lohuYQA2Tx5tBqZvJG5R/W0eah8k/8S3jwpyAAEgeKTUmpe5cT:zh1baoA5uhTaBghaRO0eahlu4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- Unicorn-23654.exe (PID: 4688)
- 1 (314).exe (PID: 4776)
- Unicorn-42175.exe (PID: 5528)
- Unicorn-65288.exe (PID: 1628)
- Unicorn-60218.exe (PID: 6640)
- Unicorn-4240.exe (PID: 1676)
- Unicorn-10462.exe (PID: 6436)
- Unicorn-7338.exe (PID: 6108)
- Unicorn-24421.exe (PID: 6700)
- Unicorn-65375.exe (PID: 720)
- Unicorn-40779.exe (PID: 4164)
- Unicorn-16275.exe (PID: 1388)
- Unicorn-4332.exe (PID: 5864)
- Unicorn-16275.exe (PID: 6512)
- Unicorn-57862.exe (PID: 632)
- Unicorn-26965.exe (PID: 1040)
- Unicorn-33741.exe (PID: 2984)
- Unicorn-990.exe (PID: 736)
- Unicorn-52600.exe (PID: 6004)
- Unicorn-6928.exe (PID: 6272)
- Unicorn-16969.exe (PID: 1324)
- Unicorn-25403.exe (PID: 3240)
- Unicorn-36263.exe (PID: 6192)
- Unicorn-56129.exe (PID: 7180)
- Unicorn-11925.exe (PID: 4068)
- Unicorn-38999.exe (PID: 7344)
- Unicorn-60166.exe (PID: 7364)
- Unicorn-32777.exe (PID: 7380)
- Unicorn-20525.exe (PID: 7424)
- Unicorn-57373.exe (PID: 7388)
- Unicorn-27301.exe (PID: 7440)
- Unicorn-41931.exe (PID: 1240)
- Unicorn-36263.exe (PID: 4408)
- Unicorn-35277.exe (PID: 7512)
- Unicorn-28501.exe (PID: 7504)
- Unicorn-29487.exe (PID: 6156)
- Unicorn-6518.exe (PID: 7548)
- Unicorn-16825.exe (PID: 7564)
- Unicorn-41421.exe (PID: 7584)
- Unicorn-50052.exe (PID: 7600)
- Unicorn-44651.exe (PID: 7636)
- Unicorn-12548.exe (PID: 7612)
- Unicorn-22855.exe (PID: 7704)
- Unicorn-12548.exe (PID: 7620)
- Unicorn-56082.exe (PID: 7780)
- Unicorn-21271.exe (PID: 7820)
- Unicorn-22855.exe (PID: 7720)
- Unicorn-13150.exe (PID: 4180)
- Unicorn-60113.exe (PID: 7236)
- Unicorn-25403.exe (PID: 5436)
- Unicorn-52367.exe (PID: 7988)
- Unicorn-40015.exe (PID: 8048)
- Unicorn-7250.exe (PID: 8032)
- Unicorn-58781.exe (PID: 6040)
- Unicorn-26663.exe (PID: 7904)
- Unicorn-55444.exe (PID: 660)
- Unicorn-8703.exe (PID: 8176)
- Unicorn-9772.exe (PID: 4892)
- Unicorn-58781.exe (PID: 7148)
- Unicorn-23870.exe (PID: 7984)
- Unicorn-64241.exe (PID: 4488)
- Unicorn-46902.exe (PID: 7460)
- Unicorn-21510.exe (PID: 2392)
- Unicorn-38915.exe (PID: 7332)
- Unicorn-59165.exe (PID: 8080)
- Unicorn-20525.exe (PID: 7416)
- Unicorn-9772.exe (PID: 3304)
- Unicorn-50997.exe (PID: 8200)
- Unicorn-34560.exe (PID: 8240)
- Unicorn-8957.exe (PID: 8284)
- Unicorn-21231.exe (PID: 8376)
- Unicorn-44344.exe (PID: 8400)
- Unicorn-49243.exe (PID: 8348)
- Unicorn-13062.exe (PID: 8428)
- Unicorn-15008.exe (PID: 8464)
- Unicorn-26663.exe (PID: 7940)
- Unicorn-61879.exe (PID: 8624)
- Unicorn-64017.exe (PID: 8528)
- Unicorn-15671.exe (PID: 7828)
- Unicorn-14743.exe (PID: 8448)
- Unicorn-45351.exe (PID: 8268)
- Unicorn-57665.exe (PID: 7688)
- Unicorn-61879.exe (PID: 8616)
- Unicorn-15008.exe (PID: 8456)
- Unicorn-44173.exe (PID: 8668)
- Unicorn-12870.exe (PID: 8572)
- Unicorn-49938.exe (PID: 8828)
- Unicorn-61879.exe (PID: 8600)
- Unicorn-33715.exe (PID: 7656)
- Unicorn-64017.exe (PID: 8516)
- Unicorn-4280.exe (PID: 7788)
- Unicorn-61879.exe (PID: 8632)
- Unicorn-22855.exe (PID: 7712)
- Unicorn-7779.exe (PID: 8724)
- Unicorn-13103.exe (PID: 7728)
- Unicorn-26939.exe (PID: 7696)
- Unicorn-35006.exe (PID: 7812)
- Unicorn-57313.exe (PID: 7228)
- Unicorn-21514.exe (PID: 8732)
- Unicorn-29268.exe (PID: 8768)
- Unicorn-63632.exe (PID: 8760)
- Unicorn-40734.exe (PID: 8776)
- Unicorn-13346.exe (PID: 8820)
- Unicorn-22169.exe (PID: 8788)
- Unicorn-42127.exe (PID: 8696)
- Unicorn-3695.exe (PID: 8812)
- Unicorn-17531.exe (PID: 8688)
- Unicorn-42419.exe (PID: 9036)
- Unicorn-20249.exe (PID: 8004)
- Unicorn-27645.exe (PID: 8752)
- Unicorn-5641.exe (PID: 8844)
- Unicorn-7151.exe (PID: 9120)
- Unicorn-44073.exe (PID: 8900)
- Unicorn-29326.exe (PID: 8868)
- Unicorn-26690.exe (PID: 8932)
- Unicorn-54479.exe (PID: 9092)
- Unicorn-41411.exe (PID: 9164)
- Unicorn-62739.exe (PID: 9056)
- Unicorn-19376.exe (PID: 8852)
- Unicorn-42419.exe (PID: 9048)
- Unicorn-20245.exe (PID: 8108)
- Unicorn-22191.exe (PID: 6044)
- Unicorn-57001.exe (PID: 7012)
- Unicorn-22169.exe (PID: 8800)
- Unicorn-61085.exe (PID: 5680)
- Unicorn-5854.exe (PID: 9248)
- Unicorn-57001.exe (PID: 2980)
- Unicorn-55531.exe (PID: 9356)
- Unicorn-55610.exe (PID: 9232)
- Unicorn-46695.exe (PID: 9340)
- Unicorn-14193.exe (PID: 9064)
- Unicorn-3716.exe (PID: 4424)
- Unicorn-24713.exe (PID: 9400)
- Unicorn-21229.exe (PID: 9348)
- Unicorn-47250.exe (PID: 9292)
- Unicorn-42611.exe (PID: 9304)
- Unicorn-2154.exe (PID: 9452)
- Unicorn-24713.exe (PID: 9408)
- Unicorn-55439.exe (PID: 9432)
- Unicorn-27213.exe (PID: 9588)
- Unicorn-37441.exe (PID: 9668)
- Unicorn-19621.exe (PID: 9636)
- Unicorn-33356.exe (PID: 9612)
- Unicorn-42995.exe (PID: 9580)
- Unicorn-48594.exe (PID: 9824)
- Unicorn-33000.exe (PID: 9620)
- Unicorn-57861.exe (PID: 9652)
- Unicorn-56378.exe (PID: 9692)
- Unicorn-39871.exe (PID: 9860)
- Unicorn-62329.exe (PID: 9832)
- Unicorn-33192.exe (PID: 9888)
- Unicorn-64759.exe (PID: 9916)
- Unicorn-9891.exe (PID: 9992)
- Unicorn-6902.exe (PID: 8676)
- Unicorn-53856.exe (PID: 9660)
- Unicorn-34277.exe (PID: 5776)
- Unicorn-17723.exe (PID: 9080)
- Unicorn-48402.exe (PID: 7308)
- Unicorn-46669.exe (PID: 10024)
- Unicorn-61343.exe (PID: 10092)
- Unicorn-54737.exe (PID: 10044)
- Unicorn-54863.exe (PID: 9280)
- Unicorn-26441.exe (PID: 10112)
- Unicorn-27017.exe (PID: 10168)
- Unicorn-10580.exe (PID: 8364)
- Unicorn-374.exe (PID: 10184)
- Unicorn-16737.exe (PID: 9760)
- Unicorn-49938.exe (PID: 8360)
- Unicorn-2704.exe (PID: 10248)
- Unicorn-21371.exe (PID: 9364)
- Unicorn-2704.exe (PID: 5740)
- Unicorn-42153.exe (PID: 10276)
- Unicorn-60613.exe (PID: 10300)
- Unicorn-3244.exe (PID: 10356)
- Unicorn-42885.exe (PID: 10320)
- Unicorn-42885.exe (PID: 10324)
- Unicorn-26165.exe (PID: 10440)
- Unicorn-35917.exe (PID: 10420)
- Unicorn-27645.exe (PID: 8744)
- Unicorn-5745.exe (PID: 10392)
- Unicorn-35931.exe (PID: 10148)
- Unicorn-17827.exe (PID: 10544)
- Unicorn-15689.exe (PID: 10572)
- Unicorn-28133.exe (PID: 10500)
- Unicorn-46415.exe (PID: 10596)
- Unicorn-3436.exe (PID: 10620)
- Unicorn-27941.exe (PID: 10604)
- Unicorn-7520.exe (PID: 10652)
- Unicorn-12927.exe (PID: 10732)
- Unicorn-49108.exe (PID: 10612)
- Unicorn-31209.exe (PID: 10772)
- Unicorn-63519.exe (PID: 10740)
- Unicorn-62158.exe (PID: 10904)
- Unicorn-31838.exe (PID: 10896)
- Unicorn-2429.exe (PID: 10864)
- Unicorn-13399.exe (PID: 9604)
- Unicorn-45417.exe (PID: 9752)
- Unicorn-27562.exe (PID: 10480)
- Unicorn-57852.exe (PID: 10836)
- Unicorn-53576.exe (PID: 11036)
- Unicorn-4012.exe (PID: 10820)
- Unicorn-45408.exe (PID: 10984)
- Unicorn-24332.exe (PID: 10996)
- Unicorn-34282.exe (PID: 10956)
- Unicorn-3555.exe (PID: 10932)
- Unicorn-32500.exe (PID: 11044)
- Unicorn-56873.exe (PID: 10976)
- Unicorn-63903.exe (PID: 11148)
- Unicorn-532.exe (PID: 11004)
- Unicorn-22871.exe (PID: 11096)
- Unicorn-61765.exe (PID: 11076)
- Unicorn-44467.exe (PID: 11252)
- Unicorn-49492.exe (PID: 10940)
- Unicorn-13725.exe (PID: 11128)
- Unicorn-24987.exe (PID: 10880)
- Unicorn-12870.exe (PID: 8580)
- Unicorn-18595.exe (PID: 11284)
- Unicorn-63638.exe (PID: 11140)
- Unicorn-28636.exe (PID: 11216)
- Unicorn-19970.exe (PID: 11212)
- Unicorn-4396.exe (PID: 11244)
- Unicorn-404.exe (PID: 11196)
- Unicorn-18595.exe (PID: 11292)
- Unicorn-43291.exe (PID: 11268)
- Unicorn-53497.exe (PID: 11260)
- Unicorn-39377.exe (PID: 10804)
- Unicorn-6342.exe (PID: 11356)
- Unicorn-48252.exe (PID: 11444)
- Unicorn-17779.exe (PID: 11516)
- Unicorn-34115.exe (PID: 11468)
- Unicorn-59435.exe (PID: 11412)
- Unicorn-13725.exe (PID: 11112)
- Unicorn-19590.exe (PID: 11120)
- Unicorn-18595.exe (PID: 11300)
- Unicorn-45548.exe (PID: 11500)
- Unicorn-39683.exe (PID: 11508)
- Unicorn-16737.exe (PID: 9768)
- Unicorn-26270.exe (PID: 11612)
- Unicorn-696.exe (PID: 11596)
- Unicorn-50452.exe (PID: 11560)
- Unicorn-50452.exe (PID: 11564)
- Unicorn-57965.exe (PID: 11648)
- Unicorn-10048.exe (PID: 11632)
- Unicorn-64095.exe (PID: 11656)
- Unicorn-60073.exe (PID: 11752)
- Unicorn-48890.exe (PID: 11824)
- Unicorn-58449.exe (PID: 11788)
- Unicorn-15370.exe (PID: 11892)
- Unicorn-3773.exe (PID: 11800)
- Unicorn-46197.exe (PID: 11860)
- Unicorn-34931.exe (PID: 11452)
- Unicorn-16457.exe (PID: 11392)
- Unicorn-3773.exe (PID: 11796)
- Unicorn-25676.exe (PID: 11972)
- Unicorn-5719.exe (PID: 11928)
- Unicorn-1635.exe (PID: 11900)
- Unicorn-65034.exe (PID: 11996)
- Unicorn-2761.exe (PID: 12076)
- Unicorn-35891.exe (PID: 11952)
- Unicorn-15833.exe (PID: 12236)
- Unicorn-3026.exe (PID: 12084)
- Unicorn-5527.exe (PID: 12188)
- Unicorn-19363.exe (PID: 12016)
- Unicorn-38583.exe (PID: 11780)
- Unicorn-38391.exe (PID: 12040)
- Unicorn-60163.exe (PID: 12068)
Starts itself from another location
- 1 (314).exe (PID: 4776)
- Unicorn-42175.exe (PID: 5528)
- Unicorn-23654.exe (PID: 4688)
- Unicorn-65288.exe (PID: 1628)
- Unicorn-60218.exe (PID: 6640)
- Unicorn-10462.exe (PID: 6436)
- Unicorn-4332.exe (PID: 5864)
- Unicorn-7338.exe (PID: 6108)
- Unicorn-24421.exe (PID: 6700)
- Unicorn-40779.exe (PID: 4164)
- Unicorn-4240.exe (PID: 1676)
- Unicorn-16275.exe (PID: 1388)
- Unicorn-16275.exe (PID: 6512)
- Unicorn-11925.exe (PID: 4068)
- Unicorn-57862.exe (PID: 632)
- Unicorn-26965.exe (PID: 1040)
- Unicorn-33741.exe (PID: 2984)
- Unicorn-990.exe (PID: 736)
- Unicorn-41931.exe (PID: 1240)
- Unicorn-29487.exe (PID: 6156)
- Unicorn-6928.exe (PID: 6272)
- Unicorn-16969.exe (PID: 1324)
- Unicorn-13150.exe (PID: 4180)
- Unicorn-65375.exe (PID: 720)
- Unicorn-25403.exe (PID: 5436)
- Unicorn-36263.exe (PID: 6192)
- Unicorn-25403.exe (PID: 3240)
- Unicorn-57313.exe (PID: 7228)
- Unicorn-60113.exe (PID: 7236)
- Unicorn-38999.exe (PID: 7344)
- Unicorn-32777.exe (PID: 7380)
- Unicorn-57373.exe (PID: 7388)
- Unicorn-20525.exe (PID: 7424)
- Unicorn-20525.exe (PID: 7416)
- Unicorn-46902.exe (PID: 7460)
- Unicorn-27301.exe (PID: 7440)
- Unicorn-36263.exe (PID: 4408)
- Unicorn-56129.exe (PID: 7180)
- Unicorn-28501.exe (PID: 7504)
- Unicorn-35277.exe (PID: 7512)
- Unicorn-6518.exe (PID: 7548)
- Unicorn-52600.exe (PID: 6004)
- Unicorn-41421.exe (PID: 7584)
- Unicorn-33715.exe (PID: 7656)
- Unicorn-44651.exe (PID: 7636)
- Unicorn-22855.exe (PID: 7712)
- Unicorn-57665.exe (PID: 7688)
- Unicorn-50052.exe (PID: 7600)
- Unicorn-12548.exe (PID: 7620)
- Unicorn-13103.exe (PID: 7728)
- Unicorn-4280.exe (PID: 7788)
- Unicorn-22855.exe (PID: 7704)
- Unicorn-26939.exe (PID: 7696)
- Unicorn-15671.exe (PID: 7828)
- Unicorn-56082.exe (PID: 7780)
- Unicorn-21271.exe (PID: 7820)
- Unicorn-22855.exe (PID: 7720)
- Unicorn-35006.exe (PID: 7812)
- Unicorn-40015.exe (PID: 8048)
- Unicorn-7250.exe (PID: 8032)
- Unicorn-16825.exe (PID: 7564)
- Unicorn-58781.exe (PID: 6040)
- Unicorn-26663.exe (PID: 7904)
- Unicorn-55444.exe (PID: 660)
- Unicorn-34277.exe (PID: 5776)
- Unicorn-9772.exe (PID: 4892)
- Unicorn-8703.exe (PID: 8176)
- Unicorn-12548.exe (PID: 7612)
- Unicorn-58781.exe (PID: 7148)
- Unicorn-23870.exe (PID: 7984)
- Unicorn-21510.exe (PID: 2392)
- Unicorn-9772.exe (PID: 3304)
- Unicorn-26663.exe (PID: 7940)
- Unicorn-59165.exe (PID: 8080)
- Unicorn-48402.exe (PID: 7308)
- Unicorn-31131.exe (PID: 8212)
- Unicorn-50997.exe (PID: 8200)
- Unicorn-34560.exe (PID: 8240)
- Unicorn-45351.exe (PID: 8268)
- Unicorn-21231.exe (PID: 8376)
- Unicorn-8957.exe (PID: 8284)
- Unicorn-44344.exe (PID: 8400)
- Unicorn-49243.exe (PID: 8348)
- Unicorn-13062.exe (PID: 8428)
- Unicorn-15008.exe (PID: 8464)
- Unicorn-12870.exe (PID: 8580)
- Unicorn-38915.exe (PID: 7332)
- Unicorn-61879.exe (PID: 8624)
- Unicorn-64017.exe (PID: 8528)
- Unicorn-14743.exe (PID: 8448)
- Unicorn-61879.exe (PID: 8616)
- Unicorn-15008.exe (PID: 8456)
- Unicorn-44173.exe (PID: 8668)
- Unicorn-12870.exe (PID: 8572)
- Unicorn-49938.exe (PID: 8828)
- Unicorn-61879.exe (PID: 8600)
- Unicorn-64017.exe (PID: 8516)
- Unicorn-61879.exe (PID: 8632)
- Unicorn-7779.exe (PID: 8724)
- Unicorn-21514.exe (PID: 8732)
- Unicorn-29268.exe (PID: 8768)
- Unicorn-63632.exe (PID: 8760)
- Unicorn-40734.exe (PID: 8776)
- Unicorn-13346.exe (PID: 8820)
- Unicorn-6902.exe (PID: 8676)
- Unicorn-42127.exe (PID: 8696)
- Unicorn-27645.exe (PID: 8744)
- Unicorn-22169.exe (PID: 8788)
- Unicorn-3695.exe (PID: 8812)
- Unicorn-27645.exe (PID: 8752)
- Unicorn-42419.exe (PID: 9036)
- Unicorn-17531.exe (PID: 8688)
- Unicorn-52367.exe (PID: 7988)
- Unicorn-20249.exe (PID: 8004)
- Unicorn-5641.exe (PID: 8844)
- Unicorn-7151.exe (PID: 9120)
- Unicorn-17723.exe (PID: 9080)
- Unicorn-26690.exe (PID: 8932)
- Unicorn-60166.exe (PID: 7364)
- Unicorn-44073.exe (PID: 8900)
- Unicorn-64241.exe (PID: 4488)
- Unicorn-54479.exe (PID: 9092)
- Unicorn-41411.exe (PID: 9164)
- Unicorn-42419.exe (PID: 9048)
- Unicorn-62739.exe (PID: 9056)
- Unicorn-19376.exe (PID: 8852)
- Unicorn-22169.exe (PID: 8800)
- Unicorn-20245.exe (PID: 8108)
- Unicorn-57001.exe (PID: 7012)
- Unicorn-22191.exe (PID: 6044)
- Unicorn-5854.exe (PID: 9248)
- Unicorn-57001.exe (PID: 2980)
- Unicorn-55531.exe (PID: 9356)
- Unicorn-54863.exe (PID: 9280)
- Unicorn-55610.exe (PID: 9232)
- Unicorn-46695.exe (PID: 9340)
- Unicorn-3716.exe (PID: 4424)
- Unicorn-47250.exe (PID: 9292)
- Unicorn-24713.exe (PID: 9400)
- Unicorn-29326.exe (PID: 8868)
- Unicorn-42611.exe (PID: 9304)
- Unicorn-2154.exe (PID: 9452)
- Unicorn-24713.exe (PID: 9408)
- Unicorn-37441.exe (PID: 9668)
- Unicorn-13399.exe (PID: 9604)
- Unicorn-16737.exe (PID: 9768)
- Unicorn-19621.exe (PID: 9636)
- Unicorn-27213.exe (PID: 9588)
- Unicorn-53856.exe (PID: 9660)
- Unicorn-33356.exe (PID: 9612)
- Unicorn-42995.exe (PID: 9580)
- Unicorn-45417.exe (PID: 9752)
- Unicorn-48594.exe (PID: 9824)
- Unicorn-33000.exe (PID: 9620)
- Unicorn-16737.exe (PID: 9760)
- Unicorn-57861.exe (PID: 9652)
- Unicorn-39871.exe (PID: 9860)
- Unicorn-55439.exe (PID: 9432)
- Unicorn-62329.exe (PID: 9832)
- Unicorn-33192.exe (PID: 9888)
- Unicorn-64759.exe (PID: 9916)
- Unicorn-9891.exe (PID: 9992)
- Unicorn-46669.exe (PID: 10024)
Executes application which crashes
- Unicorn-10145.exe (PID: 7772)
- Unicorn-57271.exe (PID: 12936)
INFO
Checks supported languages
- Unicorn-23654.exe (PID: 4688)
- 1 (314).exe (PID: 4776)
- Unicorn-42175.exe (PID: 5528)
- Unicorn-65288.exe (PID: 1628)
- Unicorn-4240.exe (PID: 1676)
- Unicorn-4332.exe (PID: 5864)
- Unicorn-10462.exe (PID: 6436)
- Unicorn-60218.exe (PID: 6640)
- Unicorn-7338.exe (PID: 6108)
- Unicorn-24421.exe (PID: 6700)
- Unicorn-40779.exe (PID: 4164)
- Unicorn-65375.exe (PID: 720)
- Unicorn-16275.exe (PID: 6512)
- Unicorn-11925.exe (PID: 4068)
- Unicorn-16275.exe (PID: 1388)
- Unicorn-57862.exe (PID: 632)
- Unicorn-990.exe (PID: 736)
- Unicorn-52600.exe (PID: 6004)
- Unicorn-29487.exe (PID: 6156)
- Unicorn-16969.exe (PID: 1324)
- Unicorn-26965.exe (PID: 1040)
- Unicorn-13150.exe (PID: 4180)
- Unicorn-36263.exe (PID: 4408)
- Unicorn-25403.exe (PID: 5436)
- Unicorn-36263.exe (PID: 6192)
- Unicorn-25403.exe (PID: 3240)
- Unicorn-56129.exe (PID: 7180)
- Unicorn-57313.exe (PID: 7228)
- Unicorn-60113.exe (PID: 7236)
- Unicorn-38999.exe (PID: 7344)
- Unicorn-60166.exe (PID: 7364)
- Unicorn-57373.exe (PID: 7388)
- Unicorn-32777.exe (PID: 7380)
- Unicorn-20525.exe (PID: 7424)
- Unicorn-46902.exe (PID: 7460)
- Unicorn-27301.exe (PID: 7440)
- Unicorn-6518.exe (PID: 7548)
- Unicorn-35277.exe (PID: 7512)
- Unicorn-16825.exe (PID: 7564)
- Unicorn-44651.exe (PID: 7636)
- Unicorn-12548.exe (PID: 7612)
- Unicorn-50052.exe (PID: 7600)
- Unicorn-41421.exe (PID: 7584)
- Unicorn-12548.exe (PID: 7620)
- Unicorn-33715.exe (PID: 7656)
- Unicorn-10145.exe (PID: 7772)
- Unicorn-26939.exe (PID: 7696)
- Unicorn-22855.exe (PID: 7712)
- Unicorn-57665.exe (PID: 7688)
- Unicorn-22855.exe (PID: 7720)
- Unicorn-22855.exe (PID: 7704)
- Unicorn-56082.exe (PID: 7780)
- Unicorn-4280.exe (PID: 7788)
- Unicorn-13103.exe (PID: 7728)
- Unicorn-35006.exe (PID: 7812)
- Unicorn-21271.exe (PID: 7820)
- Unicorn-15671.exe (PID: 7828)
- Unicorn-52367.exe (PID: 7988)
- Unicorn-20249.exe (PID: 8004)
- Unicorn-7250.exe (PID: 8032)
- Unicorn-40015.exe (PID: 8048)
- Unicorn-8703.exe (PID: 8176)
- Unicorn-34277.exe (PID: 5776)
- Unicorn-9772.exe (PID: 4892)
- Unicorn-38915.exe (PID: 7332)
- Unicorn-58781.exe (PID: 6040)
- Unicorn-58781.exe (PID: 7148)
- Unicorn-21510.exe (PID: 2392)
- Unicorn-23870.exe (PID: 7984)
- Unicorn-50997.exe (PID: 8200)
- Unicorn-64241.exe (PID: 4488)
- Unicorn-20525.exe (PID: 7416)
- Unicorn-26663.exe (PID: 7904)
- Unicorn-45351.exe (PID: 8268)
- Unicorn-8957.exe (PID: 8284)
- Unicorn-28501.exe (PID: 7504)
- Unicorn-49243.exe (PID: 8348)
- Unicorn-21231.exe (PID: 8376)
- Unicorn-13062.exe (PID: 8428)
- Unicorn-15008.exe (PID: 8464)
- Unicorn-15008.exe (PID: 8456)
- Unicorn-14743.exe (PID: 8448)
- Unicorn-64017.exe (PID: 8528)
- Unicorn-12870.exe (PID: 8580)
- Unicorn-12870.exe (PID: 8572)
- Unicorn-61879.exe (PID: 8600)
- Unicorn-64017.exe (PID: 8516)
- Unicorn-61879.exe (PID: 8632)
- Unicorn-61879.exe (PID: 8624)
- Unicorn-44173.exe (PID: 8668)
- Unicorn-42127.exe (PID: 8696)
- Unicorn-17531.exe (PID: 8688)
- Unicorn-40734.exe (PID: 8776)
- Unicorn-27645.exe (PID: 8744)
- Unicorn-21514.exe (PID: 8732)
- Unicorn-27645.exe (PID: 8752)
- Unicorn-29268.exe (PID: 8768)
- Unicorn-7779.exe (PID: 8724)
- Unicorn-49938.exe (PID: 8828)
- Unicorn-3695.exe (PID: 8812)
- Unicorn-13346.exe (PID: 8820)
- Unicorn-6902.exe (PID: 8676)
- Unicorn-22169.exe (PID: 8800)
- Unicorn-5641.exe (PID: 8844)
- Unicorn-26690.exe (PID: 8932)
- Unicorn-44073.exe (PID: 8900)
- Unicorn-29326.exe (PID: 8868)
- Unicorn-22169.exe (PID: 8788)
- Unicorn-42419.exe (PID: 9036)
- Unicorn-19376.exe (PID: 8852)
- Unicorn-54479.exe (PID: 9092)
- Unicorn-62739.exe (PID: 9056)
- Unicorn-7151.exe (PID: 9120)
- Unicorn-41411.exe (PID: 9164)
- Unicorn-20245.exe (PID: 8108)
- Unicorn-31131.exe (PID: 8212)
- Unicorn-42419.exe (PID: 9048)
- Unicorn-14193.exe (PID: 9064)
- Unicorn-17723.exe (PID: 9080)
- Unicorn-57001.exe (PID: 2980)
- Unicorn-57001.exe (PID: 7012)
- Unicorn-61085.exe (PID: 5680)
- Unicorn-22191.exe (PID: 6044)
- Unicorn-5854.exe (PID: 9248)
- Unicorn-54863.exe (PID: 9280)
- Unicorn-47250.exe (PID: 9292)
- Unicorn-42611.exe (PID: 9304)
- Unicorn-21229.exe (PID: 9348)
- Unicorn-55531.exe (PID: 9356)
- Unicorn-3716.exe (PID: 4424)
- Unicorn-55610.exe (PID: 9232)
- Unicorn-24713.exe (PID: 9408)
- Unicorn-24713.exe (PID: 9400)
- Unicorn-55439.exe (PID: 9432)
- Unicorn-2154.exe (PID: 9452)
- Unicorn-27213.exe (PID: 9588)
- Unicorn-33356.exe (PID: 9612)
- Unicorn-24334.exe (PID: 9628)
- Unicorn-13399.exe (PID: 9604)
- Unicorn-56378.exe (PID: 9692)
- Unicorn-53856.exe (PID: 9660)
- Unicorn-57861.exe (PID: 9652)
- Unicorn-37441.exe (PID: 9668)
- Unicorn-16737.exe (PID: 9768)
- Unicorn-16737.exe (PID: 9760)
- Unicorn-48594.exe (PID: 9824)
- Unicorn-62329.exe (PID: 9832)
- Unicorn-33000.exe (PID: 9620)
- Unicorn-39871.exe (PID: 9860)
- Unicorn-64759.exe (PID: 9916)
- Unicorn-46669.exe (PID: 10024)
- Unicorn-54737.exe (PID: 10044)
- Unicorn-9891.exe (PID: 9992)
- Unicorn-61343.exe (PID: 10092)
- Unicorn-26441.exe (PID: 10112)
- Unicorn-27017.exe (PID: 10168)
- Unicorn-374.exe (PID: 10184)
- Unicorn-10580.exe (PID: 8364)
- Unicorn-49938.exe (PID: 8360)
- Unicorn-21371.exe (PID: 9364)
- Unicorn-2704.exe (PID: 5740)
- Unicorn-2704.exe (PID: 10248)
- Unicorn-42153.exe (PID: 10276)
- Unicorn-42885.exe (PID: 10324)
- Unicorn-60613.exe (PID: 10300)
- Unicorn-3244.exe (PID: 10356)
- Unicorn-5745.exe (PID: 10392)
- Unicorn-35917.exe (PID: 10420)
- Unicorn-26165.exe (PID: 10440)
- Unicorn-27562.exe (PID: 10480)
- Unicorn-17827.exe (PID: 10544)
- Unicorn-28133.exe (PID: 10500)
- Unicorn-27941.exe (PID: 10604)
- Unicorn-15689.exe (PID: 10572)
- Unicorn-3436.exe (PID: 10620)
- Unicorn-46415.exe (PID: 10596)
- Unicorn-49108.exe (PID: 10612)
- Unicorn-7520.exe (PID: 10652)
- Unicorn-12927.exe (PID: 10732)
- Unicorn-63519.exe (PID: 10740)
- Unicorn-31209.exe (PID: 10772)
- Unicorn-39377.exe (PID: 10804)
- Unicorn-4012.exe (PID: 10820)
- Unicorn-57852.exe (PID: 10836)
- Unicorn-2429.exe (PID: 10864)
- Unicorn-24987.exe (PID: 10880)
- Unicorn-31838.exe (PID: 10896)
- Unicorn-62158.exe (PID: 10904)
- Unicorn-34282.exe (PID: 10956)
- Unicorn-3555.exe (PID: 10932)
- Unicorn-45408.exe (PID: 10984)
- Unicorn-56873.exe (PID: 10976)
- Unicorn-532.exe (PID: 11004)
- Unicorn-53576.exe (PID: 11036)
- Unicorn-13725.exe (PID: 11128)
- Unicorn-19590.exe (PID: 11120)
- Unicorn-63638.exe (PID: 11140)
- Unicorn-13725.exe (PID: 11112)
- Unicorn-404.exe (PID: 11196)
- Unicorn-19970.exe (PID: 11212)
- Unicorn-28636.exe (PID: 11216)
- Unicorn-4396.exe (PID: 11244)
- Unicorn-53497.exe (PID: 11260)
- Unicorn-43291.exe (PID: 11268)
- Unicorn-22871.exe (PID: 11096)
- Unicorn-44467.exe (PID: 11252)
- Unicorn-18595.exe (PID: 11284)
- Unicorn-18595.exe (PID: 11300)
- Unicorn-18595.exe (PID: 11292)
- Unicorn-6342.exe (PID: 11356)
- Unicorn-16457.exe (PID: 11392)
- Unicorn-59435.exe (PID: 11412)
- Unicorn-34931.exe (PID: 11452)
- Unicorn-48252.exe (PID: 11444)
- Unicorn-34115.exe (PID: 11468)
- Unicorn-39683.exe (PID: 11508)
- Unicorn-50452.exe (PID: 11560)
- Unicorn-10048.exe (PID: 11632)
- Unicorn-696.exe (PID: 11596)
- Unicorn-50452.exe (PID: 11564)
- Unicorn-26270.exe (PID: 11612)
- Unicorn-45548.exe (PID: 11500)
- Unicorn-17779.exe (PID: 11516)
- Unicorn-64095.exe (PID: 11656)
- Unicorn-57965.exe (PID: 11648)
- Unicorn-60073.exe (PID: 11752)
- Unicorn-3773.exe (PID: 11796)
- Unicorn-38583.exe (PID: 11780)
- Unicorn-48890.exe (PID: 11824)
- Unicorn-58449.exe (PID: 11788)
- Unicorn-65034.exe (PID: 11996)
- Unicorn-1635.exe (PID: 11900)
- Unicorn-15370.exe (PID: 11892)
- Unicorn-25676.exe (PID: 11972)
- Unicorn-5719.exe (PID: 11928)
- Unicorn-35891.exe (PID: 11952)
- Unicorn-19363.exe (PID: 12016)
- Unicorn-48890.exe (PID: 11828)
- Unicorn-46197.exe (PID: 11860)
- Unicorn-3026.exe (PID: 12084)
- Unicorn-38391.exe (PID: 12040)
- Unicorn-60163.exe (PID: 12068)
- Unicorn-52035.exe (PID: 12160)
- Unicorn-36253.exe (PID: 12204)
- Unicorn-31615.exe (PID: 12268)
- Unicorn-54557.exe (PID: 6208)
- Unicorn-15833.exe (PID: 12236)
- Unicorn-5527.exe (PID: 12188)
- Unicorn-25393.exe (PID: 12196)
- Unicorn-3410.exe (PID: 12300)
- Unicorn-21693.exe (PID: 12328)
- Unicorn-29045.exe (PID: 12364)
- Unicorn-42781.exe (PID: 12372)
- Unicorn-35697.exe (PID: 12396)
- Unicorn-55033.exe (PID: 12392)
- Unicorn-50473.exe (PID: 4736)
- Unicorn-42305.exe (PID: 12316)
- Unicorn-36394.exe (PID: 12468)
- Unicorn-3886.exe (PID: 12528)
- Unicorn-43243.exe (PID: 12572)
- Unicorn-7878.exe (PID: 12616)
- Unicorn-55033.exe (PID: 12408)
- Unicorn-52233.exe (PID: 12424)
- Unicorn-65339.exe (PID: 12448)
- Unicorn-5667.exe (PID: 12452)
- Unicorn-19865.exe (PID: 12552)
- Unicorn-43243.exe (PID: 12580)
- Unicorn-7878.exe (PID: 12608)
- Unicorn-44635.exe (PID: 12692)
- Unicorn-40551.exe (PID: 12720)
- Unicorn-20685.exe (PID: 12712)
- Unicorn-48719.exe (PID: 12640)
- Unicorn-1391.exe (PID: 12664)
- Unicorn-35097.exe (PID: 12768)
- Unicorn-58839.exe (PID: 12856)
- Unicorn-32959.exe (PID: 12872)
- Unicorn-24599.exe (PID: 12892)
- Unicorn-50042.exe (PID: 12760)
- Unicorn-50042.exe (PID: 12752)
- Unicorn-12901.exe (PID: 12960)
- Unicorn-43549.exe (PID: 13028)
- Unicorn-29067.exe (PID: 13084)
- Unicorn-12346.exe (PID: 12912)
- Unicorn-58978.exe (PID: 13196)
- Unicorn-31324.exe (PID: 13212)
- Unicorn-1173.exe (PID: 13264)
- Unicorn-38095.exe (PID: 12988)
- Unicorn-30411.exe (PID: 13252)
- Unicorn-40717.exe (PID: 1600)
- Unicorn-20105.exe (PID: 11708)
- Unicorn-7831.exe (PID: 2416)
- Unicorn-50255.exe (PID: 13168)
- Unicorn-18137.exe (PID: 13024)
- Unicorn-20105.exe (PID: 11692)
- Unicorn-63175.exe (PID: 11684)
- Unicorn-22051.exe (PID: 13328)
- Unicorn-20105.exe (PID: 4652)
- Unicorn-53846.exe (PID: 13380)
- Unicorn-53846.exe (PID: 13388)
- Unicorn-19036.exe (PID: 13396)
- Unicorn-8215.exe (PID: 13436)
- Unicorn-28081.exe (PID: 13444)
- Unicorn-56861.exe (PID: 13344)
- Unicorn-25319.exe (PID: 13556)
- Unicorn-25319.exe (PID: 13548)
- Unicorn-45185.exe (PID: 13564)
- Unicorn-22435.exe (PID: 13652)
- Unicorn-29211.exe (PID: 13676)
- Unicorn-9668.exe (PID: 13720)
- Unicorn-37955.exe (PID: 13728)
- Unicorn-53061.exe (PID: 13740)
- Unicorn-41485.exe (PID: 13784)
- Unicorn-1007.exe (PID: 13828)
- Unicorn-33216.exe (PID: 13852)
- Unicorn-39347.exe (PID: 13860)
- Unicorn-25941.exe (PID: 13916)
- Unicorn-38339.exe (PID: 13944)
- Unicorn-35324.exe (PID: 13992)
- Unicorn-50592.exe (PID: 14032)
- Unicorn-58760.exe (PID: 14060)
- Unicorn-23949.exe (PID: 14076)
- Unicorn-37685.exe (PID: 14084)
- Unicorn-43523.exe (PID: 13812)
- Unicorn-2682.exe (PID: 14280)
- Unicorn-40171.exe (PID: 14324)
- Unicorn-26435.exe (PID: 14332)
- Unicorn-36087.exe (PID: 13780)
- Unicorn-27918.exe (PID: 14372)
- Unicorn-60691.exe (PID: 14348)
- Unicorn-15474.exe (PID: 14392)
- Unicorn-23478.exe (PID: 14448)
- Unicorn-2361.exe (PID: 14424)
- Unicorn-51569.exe (PID: 14508)
- Unicorn-49745.exe (PID: 14208)
- Unicorn-31925.exe (PID: 14244)
- Unicorn-50285.exe (PID: 14524)
- Unicorn-54369.exe (PID: 14532)
- Unicorn-37676.exe (PID: 14552)
- Unicorn-34469.exe (PID: 14636)
- Unicorn-14868.exe (PID: 14660)
- Unicorn-177.exe (PID: 14712)
- Unicorn-7028.exe (PID: 14744)
- Unicorn-30903.exe (PID: 14696)
- Unicorn-15693.exe (PID: 14736)
- Unicorn-25233.exe (PID: 14484)
- Unicorn-60234.exe (PID: 14500)
- Unicorn-30568.exe (PID: 14492)
- Unicorn-51569.exe (PID: 14516)
- Unicorn-61630.exe (PID: 14784)
- Unicorn-56030.exe (PID: 14752)
- Unicorn-61630.exe (PID: 14792)
- Unicorn-7558.exe (PID: 14760)
- Unicorn-18651.exe (PID: 14800)
- Unicorn-15693.exe (PID: 14776)
- Unicorn-56991.exe (PID: 14768)
- Unicorn-16513.exe (PID: 15016)
- Unicorn-14567.exe (PID: 14840)
- Unicorn-32849.exe (PID: 14968)
- Unicorn-61438.exe (PID: 15052)
- Unicorn-3414.exe (PID: 15128)
- Unicorn-614.exe (PID: 15136)
- Unicorn-9279.exe (PID: 15120)
- Unicorn-8345.exe (PID: 14992)
- Unicorn-28494.exe (PID: 15428)
- Unicorn-31287.exe (PID: 15252)
- Unicorn-40939.exe (PID: 15204)
- Unicorn-40939.exe (PID: 15200)
- Unicorn-1183.exe (PID: 15280)
- Unicorn-9855.exe (PID: 15300)
- Unicorn-28494.exe (PID: 15420)
- Unicorn-32578.exe (PID: 15376)
- Unicorn-32578.exe (PID: 15384)
- Unicorn-18843.exe (PID: 15368)
- Unicorn-55600.exe (PID: 15500)
- Unicorn-32578.exe (PID: 15392)
- Unicorn-28138.exe (PID: 15536)
- Unicorn-30440.exe (PID: 15572)
- Unicorn-53846.exe (PID: 15224)
- Unicorn-62398.exe (PID: 15632)
- Unicorn-43104.exe (PID: 15604)
- Unicorn-33154.exe (PID: 15668)
- Unicorn-26270.exe (PID: 15704)
- Unicorn-10596.exe (PID: 15640)
- Unicorn-5270.exe (PID: 15696)
- Unicorn-15335.exe (PID: 15712)
- Unicorn-39839.exe (PID: 15748)
- Unicorn-22272.exe (PID: 15544)
- Unicorn-50669.exe (PID: 15084)
Reads the computer name
- Unicorn-23654.exe (PID: 4688)
- 1 (314).exe (PID: 4776)
- Unicorn-42175.exe (PID: 5528)
- Unicorn-65288.exe (PID: 1628)
- Unicorn-60218.exe (PID: 6640)
- Unicorn-4332.exe (PID: 5864)
- Unicorn-10462.exe (PID: 6436)
- Unicorn-4240.exe (PID: 1676)
- Unicorn-7338.exe (PID: 6108)
- Unicorn-24421.exe (PID: 6700)
- Unicorn-57862.exe (PID: 632)
- Unicorn-16275.exe (PID: 6512)
- Unicorn-40779.exe (PID: 4164)
- Unicorn-16275.exe (PID: 1388)
- Unicorn-11925.exe (PID: 4068)
- Unicorn-65375.exe (PID: 720)
- Unicorn-41931.exe (PID: 1240)
- Unicorn-26965.exe (PID: 1040)
- Unicorn-990.exe (PID: 736)
- Unicorn-33741.exe (PID: 2984)
- Unicorn-6928.exe (PID: 6272)
- Unicorn-52600.exe (PID: 6004)
- Unicorn-25403.exe (PID: 5436)
- Unicorn-13150.exe (PID: 4180)
- Unicorn-36263.exe (PID: 6192)
- Unicorn-56129.exe (PID: 7180)
- Unicorn-36263.exe (PID: 4408)
- Unicorn-60113.exe (PID: 7236)
- Unicorn-25403.exe (PID: 3240)
- Unicorn-57313.exe (PID: 7228)
- Unicorn-38999.exe (PID: 7344)
- Unicorn-60166.exe (PID: 7364)
- Unicorn-32777.exe (PID: 7380)
- Unicorn-20525.exe (PID: 7416)
- Unicorn-20525.exe (PID: 7424)
- Unicorn-57373.exe (PID: 7388)
- Unicorn-46902.exe (PID: 7460)
- Unicorn-27301.exe (PID: 7440)
- Unicorn-35277.exe (PID: 7512)
- Unicorn-28501.exe (PID: 7504)
- Unicorn-6518.exe (PID: 7548)
- Unicorn-16825.exe (PID: 7564)
- Unicorn-50052.exe (PID: 7600)
- Unicorn-57665.exe (PID: 7688)
- Unicorn-33715.exe (PID: 7656)
- Unicorn-44651.exe (PID: 7636)
- Unicorn-15671.exe (PID: 7828)
- Unicorn-12548.exe (PID: 7620)
- Unicorn-21271.exe (PID: 7820)
- Unicorn-35006.exe (PID: 7812)
- Unicorn-52367.exe (PID: 7988)
- Unicorn-40015.exe (PID: 8048)
- Unicorn-7250.exe (PID: 8032)
- Unicorn-20249.exe (PID: 8004)
- Unicorn-58781.exe (PID: 6040)
- Unicorn-55444.exe (PID: 660)
- Unicorn-26663.exe (PID: 7904)
- Unicorn-9772.exe (PID: 4892)
- Unicorn-34277.exe (PID: 5776)
- Unicorn-58781.exe (PID: 7148)
- Unicorn-21510.exe (PID: 2392)
- Unicorn-8703.exe (PID: 8176)
- Unicorn-23870.exe (PID: 7984)
- Unicorn-9772.exe (PID: 3304)
- Unicorn-38915.exe (PID: 7332)
- Unicorn-26663.exe (PID: 7940)
- Unicorn-59165.exe (PID: 8080)
- Unicorn-34560.exe (PID: 8240)
- Unicorn-50997.exe (PID: 8200)
- Unicorn-21231.exe (PID: 8376)
- Unicorn-31131.exe (PID: 8212)
- Unicorn-13062.exe (PID: 8428)
- Unicorn-61879.exe (PID: 8624)
- Unicorn-49243.exe (PID: 8348)
- Unicorn-49938.exe (PID: 8828)
- Unicorn-61879.exe (PID: 8600)
- Unicorn-44173.exe (PID: 8668)
- Unicorn-64017.exe (PID: 8516)
- Unicorn-21514.exe (PID: 8732)
- Unicorn-63632.exe (PID: 8760)
- Unicorn-29268.exe (PID: 8768)
- Unicorn-13346.exe (PID: 8820)
- Unicorn-27645.exe (PID: 8744)
- Unicorn-6902.exe (PID: 8676)
- Unicorn-42127.exe (PID: 8696)
- Unicorn-27645.exe (PID: 8752)
- Unicorn-3695.exe (PID: 8812)
- Unicorn-42419.exe (PID: 9036)
- Unicorn-5641.exe (PID: 8844)
- Unicorn-29326.exe (PID: 8868)
- Unicorn-14193.exe (PID: 9064)
- Unicorn-41411.exe (PID: 9164)
- Unicorn-42419.exe (PID: 9048)
- Unicorn-62739.exe (PID: 9056)
- Unicorn-22191.exe (PID: 6044)
- Unicorn-57001.exe (PID: 7012)
- Unicorn-57001.exe (PID: 2980)
- Unicorn-5854.exe (PID: 9248)
- Unicorn-61085.exe (PID: 5680)
- Unicorn-55531.exe (PID: 9356)
- Unicorn-3716.exe (PID: 4424)
- Unicorn-46695.exe (PID: 9340)
- Unicorn-55610.exe (PID: 9232)
- Unicorn-47250.exe (PID: 9292)
- Unicorn-42611.exe (PID: 9304)
- Unicorn-24713.exe (PID: 9400)
- Unicorn-24713.exe (PID: 9408)
- Unicorn-55439.exe (PID: 9432)
- Unicorn-2154.exe (PID: 9452)
- Unicorn-27213.exe (PID: 9588)
- Unicorn-13399.exe (PID: 9604)
- Unicorn-19621.exe (PID: 9636)
- Unicorn-24334.exe (PID: 9628)
- Unicorn-56378.exe (PID: 9692)
- Unicorn-48594.exe (PID: 9824)
- Unicorn-62329.exe (PID: 9832)
- Unicorn-33192.exe (PID: 9888)
- Unicorn-33356.exe (PID: 9612)
- Unicorn-16737.exe (PID: 9760)
- Unicorn-57861.exe (PID: 9652)
- Unicorn-9891.exe (PID: 9992)
Create files in a temporary directory
- Unicorn-23654.exe (PID: 4688)
- Unicorn-65288.exe (PID: 1628)
- Unicorn-42175.exe (PID: 5528)
- 1 (314).exe (PID: 4776)
- Unicorn-4240.exe (PID: 1676)
- Unicorn-60218.exe (PID: 6640)
- Unicorn-10462.exe (PID: 6436)
- Unicorn-40779.exe (PID: 4164)
- Unicorn-65375.exe (PID: 720)
- Unicorn-24421.exe (PID: 6700)
- Unicorn-16275.exe (PID: 6512)
- Unicorn-4332.exe (PID: 5864)
- Unicorn-26965.exe (PID: 1040)
- Unicorn-7338.exe (PID: 6108)
- Unicorn-33741.exe (PID: 2984)
- Unicorn-990.exe (PID: 736)
- Unicorn-52600.exe (PID: 6004)
- Unicorn-16969.exe (PID: 1324)
- Unicorn-16275.exe (PID: 1388)
- Unicorn-56129.exe (PID: 7180)
- Unicorn-36263.exe (PID: 6192)
- Unicorn-25403.exe (PID: 3240)
- Unicorn-11925.exe (PID: 4068)
- Unicorn-57862.exe (PID: 632)
- Unicorn-38999.exe (PID: 7344)
- Unicorn-32777.exe (PID: 7380)
- Unicorn-57373.exe (PID: 7388)
- Unicorn-27301.exe (PID: 7440)
- Unicorn-41931.exe (PID: 1240)
- Unicorn-36263.exe (PID: 4408)
- Unicorn-28501.exe (PID: 7504)
- Unicorn-35277.exe (PID: 7512)
- Unicorn-29487.exe (PID: 6156)
- Unicorn-16825.exe (PID: 7564)
- Unicorn-41421.exe (PID: 7584)
- Unicorn-6928.exe (PID: 6272)
- Unicorn-50052.exe (PID: 7600)
- Unicorn-12548.exe (PID: 7620)
- Unicorn-56082.exe (PID: 7780)
- Unicorn-21271.exe (PID: 7820)
- Unicorn-22855.exe (PID: 7720)
- Unicorn-13150.exe (PID: 4180)
- Unicorn-25403.exe (PID: 5436)
- Unicorn-60113.exe (PID: 7236)
- Unicorn-40015.exe (PID: 8048)
- Unicorn-7250.exe (PID: 8032)
- Unicorn-60166.exe (PID: 7364)
- Unicorn-58781.exe (PID: 6040)
- Unicorn-55444.exe (PID: 660)
- Unicorn-26663.exe (PID: 7904)
- Unicorn-8703.exe (PID: 8176)
- Unicorn-9772.exe (PID: 4892)
- Unicorn-12548.exe (PID: 7612)
- Unicorn-58781.exe (PID: 7148)
- Unicorn-46902.exe (PID: 7460)
- Unicorn-64241.exe (PID: 4488)
- Unicorn-38915.exe (PID: 7332)
- Unicorn-59165.exe (PID: 8080)
- Unicorn-20525.exe (PID: 7424)
- Unicorn-20525.exe (PID: 7416)
- Unicorn-9772.exe (PID: 3304)
- Unicorn-50997.exe (PID: 8200)
- Unicorn-34560.exe (PID: 8240)
- Unicorn-8957.exe (PID: 8284)
- Unicorn-6518.exe (PID: 7548)
- Unicorn-44344.exe (PID: 8400)
- Unicorn-49243.exe (PID: 8348)
- Unicorn-13062.exe (PID: 8428)
- Unicorn-15008.exe (PID: 8464)
- Unicorn-61879.exe (PID: 8624)
- Unicorn-44651.exe (PID: 7636)
- Unicorn-15671.exe (PID: 7828)
- Unicorn-14743.exe (PID: 8448)
- Unicorn-57665.exe (PID: 7688)
- Unicorn-61879.exe (PID: 8616)
- Unicorn-15008.exe (PID: 8456)
- Unicorn-44173.exe (PID: 8668)
- Unicorn-49938.exe (PID: 8828)
- Unicorn-61879.exe (PID: 8600)
- Unicorn-12870.exe (PID: 8572)
- Unicorn-64017.exe (PID: 8516)
- Unicorn-61879.exe (PID: 8632)
- Unicorn-4280.exe (PID: 7788)
- Unicorn-22855.exe (PID: 7712)
- Unicorn-13103.exe (PID: 7728)
- Unicorn-7779.exe (PID: 8724)
- Unicorn-22855.exe (PID: 7704)
- Unicorn-26939.exe (PID: 7696)
- Unicorn-57313.exe (PID: 7228)
- Unicorn-35006.exe (PID: 7812)
- Unicorn-21514.exe (PID: 8732)
- Unicorn-63632.exe (PID: 8760)
- Unicorn-40734.exe (PID: 8776)
- Unicorn-13346.exe (PID: 8820)
- Unicorn-22169.exe (PID: 8788)
- Unicorn-3695.exe (PID: 8812)
- Unicorn-42127.exe (PID: 8696)
- Unicorn-17531.exe (PID: 8688)
- Unicorn-42419.exe (PID: 9036)
- Unicorn-52367.exe (PID: 7988)
- Unicorn-20249.exe (PID: 8004)
- Unicorn-27645.exe (PID: 8752)
- Unicorn-5641.exe (PID: 8844)
- Unicorn-7151.exe (PID: 9120)
- Unicorn-44073.exe (PID: 8900)
- Unicorn-29326.exe (PID: 8868)
- Unicorn-26690.exe (PID: 8932)
- Unicorn-54479.exe (PID: 9092)
- Unicorn-23870.exe (PID: 7984)
- Unicorn-21510.exe (PID: 2392)
- Unicorn-62739.exe (PID: 9056)
- Unicorn-19376.exe (PID: 8852)
- Unicorn-26663.exe (PID: 7940)
- Unicorn-42419.exe (PID: 9048)
- Unicorn-22191.exe (PID: 6044)
- Unicorn-5854.exe (PID: 9248)
- Unicorn-61085.exe (PID: 5680)
- Unicorn-55531.exe (PID: 9356)
- Unicorn-3716.exe (PID: 4424)
- Unicorn-55610.exe (PID: 9232)
- Unicorn-46695.exe (PID: 9340)
- Unicorn-14193.exe (PID: 9064)
- Unicorn-47250.exe (PID: 9292)
- Unicorn-55439.exe (PID: 9432)
- Unicorn-45351.exe (PID: 8268)
- Unicorn-2154.exe (PID: 9452)
- Unicorn-24713.exe (PID: 9408)
- Unicorn-27213.exe (PID: 9588)
- Unicorn-21231.exe (PID: 8376)
- Unicorn-53856.exe (PID: 9660)
- Unicorn-37441.exe (PID: 9668)
- Unicorn-19621.exe (PID: 9636)
- Unicorn-33356.exe (PID: 9612)
- Unicorn-56378.exe (PID: 9692)
- Unicorn-48594.exe (PID: 9824)
- Unicorn-33000.exe (PID: 9620)
- Unicorn-57861.exe (PID: 9652)
- Unicorn-64017.exe (PID: 8528)
- Unicorn-62329.exe (PID: 9832)
- Unicorn-39871.exe (PID: 9860)
- Unicorn-33192.exe (PID: 9888)
- Unicorn-33715.exe (PID: 7656)
- Unicorn-64759.exe (PID: 9916)
- Unicorn-9891.exe (PID: 9992)
- Unicorn-29268.exe (PID: 8768)
- Unicorn-6902.exe (PID: 8676)
- Unicorn-34277.exe (PID: 5776)
- Unicorn-48402.exe (PID: 7308)
- Unicorn-46669.exe (PID: 10024)
- Unicorn-57001.exe (PID: 2980)
The sample compiled with chinese language support
- 1 (314).exe (PID: 4776)
- Unicorn-57001.exe (PID: 2980)
- Unicorn-12927.exe (PID: 10732)
- Unicorn-3026.exe (PID: 12084)
Creates files or folders in the user directory
- WerFault.exe (PID: 7960)
- WerFault.exe (PID: 8104)
- WerFault.exe (PID: 13008)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
585
Monitored processes
447
Malicious processes
76
Suspicious processes
51
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-57862.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-57862.exe | Unicorn-65288.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 660 | C:\Users\admin\AppData\Local\Temp\Unicorn-55444.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-55444.exe | Unicorn-33741.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 720 | C:\Users\admin\AppData\Local\Temp\Unicorn-65375.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-65375.exe | Unicorn-23654.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 736 | C:\Users\admin\AppData\Local\Temp\Unicorn-990.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-990.exe | Unicorn-42175.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1040 | C:\Users\admin\AppData\Local\Temp\Unicorn-26965.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26965.exe | Unicorn-7338.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1240 | C:\Users\admin\AppData\Local\Temp\Unicorn-41931.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41931.exe | Unicorn-24421.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1324 | C:\Users\admin\AppData\Local\Temp\Unicorn-16969.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16969.exe | Unicorn-23654.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1388 | C:\Users\admin\AppData\Local\Temp\Unicorn-16275.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16275.exe | Unicorn-10462.exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1600 | C:\Users\admin\AppData\Local\Temp\Unicorn-40717.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40717.exe | — | Unicorn-37441.exe | |||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
| 1628 | C:\Users\admin\AppData\Local\Temp\Unicorn-65288.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-65288.exe | 1 (314).exe | ||||||||||||
User: admin Integrity Level: MEDIUM Modules
| |||||||||||||||
Total events
14 269
Read events
14 269
Write events
0
Delete events
0
Modification events
Executable files
1 201
Suspicious files
6
Text files
2
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 4688 | Unicorn-23654.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-42175.exe | executable | |
MD5:A0FA0A50884B3E5309AF1B17E3BA1745 | SHA256:E127C91BFCFE17BF9169EB6B1D881C5F3AC33E93965BF6596F1D819045E56967 | |||
| 4776 | 1 (314).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-23654.exe | executable | |
MD5:BDB85F4FF5DC5306ED331BE0ABBFC1ED | SHA256:C85E0BF0B5D06CDC0120D85FEA3F88CD6936A762BAA69BAB3DD3908700DD3E21 | |||
| 4776 | 1 (314).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-65288.exe | executable | |
MD5:9A8C8ED65CB9F91290F9EE2FCA77502B | SHA256:C1DA45E13E5D7686CB28CB05BFA9AC5D3E50578AB089EBB13CB68E23C272169A | |||
| 6640 | Unicorn-60218.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-40779.exe | executable | |
MD5:EE4DB69FD647138532B85F33F5A0DB1E | SHA256:3A8231ACEF0B4448581D0C4C6268104680C520FE9C91F416BBD481360770BC29 | |||
| 4776 | 1 (314).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11925.exe | executable | |
MD5:CB60D7C994E99C7C4B546BBC0F345910 | SHA256:FA47FD783DC6378B9799B590117E6836C82AC38D7E6DBADAF2858924E5436A4C | |||
| 5528 | Unicorn-42175.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-4240.exe | executable | |
MD5:83F559E29D9F572836573A508AFFBB93 | SHA256:82CBBF29FC103F317B334D62D3CFDA076E2569A9F799421EB25813AE2D060121 | |||
| 6436 | Unicorn-10462.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16275.exe | executable | |
MD5:9B923B333B51C80B3237C50AF86F0482 | SHA256:330D2ACE5C2691752031D4D927D1CF1153C985F8D9B60DAC80165F798345EC7B | |||
| 1676 | Unicorn-4240.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-7338.exe | executable | |
MD5:38D1AC2377B7295E4FA2F31E51135AF9 | SHA256:0231391F294E3D8B7D705ADCEAA0D1579C430DBD34B6FE2CD5E1EDCDA18E326D | |||
| 5528 | Unicorn-42175.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24421.exe | executable | |
MD5:CDAC4916FF2D2084490356848862765F | SHA256:6A5A25640C2CD92454160D4D3C71358F40297C83DE3FA6CBC0D798B81EE9DF0A | |||
| 6108 | Unicorn-7338.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26965.exe | executable | |
MD5:66993C7D014E12E908341850C4C14E11 | SHA256:9011957F111813EE988CF71005A30B95B32B364B17FB19D175A3AD10E1DF251C | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
23
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
— | — | GET | 200 | 23.48.23.173:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
6544 | svchost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
1052 | backgroundTaskHost.exe | GET | 200 | 23.54.109.203:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
9024 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
9024 | SIHClient.exe | GET | 200 | 2.23.246.101:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 192.168.100.255:137 | — | — | — | whitelisted |
2104 | svchost.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6268 | RUXIMICS.exe | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
— | — | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 23.48.23.173:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2112 | svchost.exe | 20.73.194.208:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
3216 | svchost.exe | 20.198.162.78:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | SG | whitelisted |
6544 | svchost.exe | 20.190.159.128:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 23.54.109.203:80 | ocsp.digicert.com | AKAMAI-AS | DE | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
settings-win.data.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |