| File name: | 1 (642) |
| Full analysis: | https://app.any.run/tasks/db408d83-857b-43a4-a146-3c93eb4cbed2 |
| Verdict: | Malicious activity |
| Analysis date: | March 25, 2025, 01:51:48 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, 3 sections |
| MD5: | 63E35F1169D5F1F350363F6783262740 |
| SHA1: | A57ADBC34553F760F0ABEDB90BB7F14BB789E121 |
| SHA256: | B7FCBC18C599258F3C3E1C9E244C77DCDBC8DF879A009F90FBA3E24D321306CB |
| SSDEEP: | 6144:NwNGUsIkGD4HA5lqX7Pc7k/8SwjwpyAAEhpy9ChosArx4DxmDsR:Na3bKHA5AXDc1x4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Executable content was dropped or overwritten
- 1 (642).exe (PID: 3884)
- Unicorn-27950.exe (PID: 3900)
- Unicorn-15062.exe (PID: 4724)
- Unicorn-27767.exe (PID: 496)
- Unicorn-6561.exe (PID: 6768)
- Unicorn-15187.exe (PID: 5508)
- Unicorn-25114.exe (PID: 3020)
- Unicorn-10102.exe (PID: 2152)
- Unicorn-29323.exe (PID: 5728)
- Unicorn-20933.exe (PID: 5260)
- Unicorn-41253.exe (PID: 5984)
- Unicorn-53221.exe (PID: 2772)
- Unicorn-14445.exe (PID: 6752)
- Unicorn-60382.exe (PID: 5548)
- Unicorn-12794.exe (PID: 5404)
- Unicorn-61911.exe (PID: 4244)
- Unicorn-50536.exe (PID: 6540)
- Unicorn-12444.exe (PID: 1328)
- Unicorn-2451.exe (PID: 2108)
- Unicorn-54475.exe (PID: 6744)
- Unicorn-54475.exe (PID: 2040)
- Unicorn-28217.exe (PID: 632)
- Unicorn-27952.exe (PID: 7220)
- Unicorn-47383.exe (PID: 2240)
- Unicorn-29377.exe (PID: 7212)
- Unicorn-51860.exe (PID: 7576)
- Unicorn-51860.exe (PID: 7580)
- Unicorn-1398.exe (PID: 7556)
- Unicorn-35138.exe (PID: 1132)
- Unicorn-61979.exe (PID: 7612)
- Unicorn-43426.exe (PID: 7640)
- Unicorn-29690.exe (PID: 7632)
- Unicorn-8351.exe (PID: 7188)
- Unicorn-19286.exe (PID: 904)
- Unicorn-50059.exe (PID: 7680)
- Unicorn-44180.exe (PID: 7752)
- Unicorn-34740.exe (PID: 4408)
- Unicorn-59255.exe (PID: 7736)
- Unicorn-60443.exe (PID: 7804)
- Unicorn-60443.exe (PID: 7788)
- Unicorn-8351.exe (PID: 7196)
- Unicorn-48020.exe (PID: 7840)
- Unicorn-48020.exe (PID: 7844)
- Unicorn-36837.exe (PID: 7868)
- Unicorn-63390.exe (PID: 3240)
- Unicorn-17739.exe (PID: 7940)
- Unicorn-15539.exe (PID: 7884)
- Unicorn-28922.exe (PID: 7908)
- Unicorn-58907.exe (PID: 7984)
- Unicorn-28674.exe (PID: 7948)
- Unicorn-17719.exe (PID: 7204)
- Unicorn-12970.exe (PID: 7976)
- Unicorn-51671.exe (PID: 8088)
- Unicorn-29309.exe (PID: 8112)
- Unicorn-1427.exe (PID: 8128)
- Unicorn-14618.exe (PID: 8168)
- Unicorn-16503.exe (PID: 8120)
- Unicorn-59284.exe (PID: 7360)
- Unicorn-41971.exe (PID: 7388)
- Unicorn-26539.exe (PID: 7404)
- Unicorn-33524.exe (PID: 7460)
- Unicorn-8914.exe (PID: 7344)
- Unicorn-9014.exe (PID: 7368)
- Unicorn-26804.exe (PID: 7452)
- Unicorn-38181.exe (PID: 7648)
- Unicorn-42766.exe (PID: 7548)
- Unicorn-25469.exe (PID: 7348)
- Unicorn-25469.exe (PID: 7332)
- Unicorn-32075.exe (PID: 1184)
- Unicorn-32075.exe (PID: 7300)
- Unicorn-57172.exe (PID: 5084)
- Unicorn-57172.exe (PID: 5048)
- Unicorn-59255.exe (PID: 7744)
- Unicorn-23627.exe (PID: 8216)
- Unicorn-24395.exe (PID: 8260)
- Unicorn-34810.exe (PID: 2644)
- Unicorn-10689.exe (PID: 8412)
- Unicorn-11204.exe (PID: 8236)
- Unicorn-30202.exe (PID: 8448)
- Unicorn-27863.exe (PID: 8308)
- Unicorn-12211.exe (PID: 8300)
- Unicorn-47956.exe (PID: 8284)
- Unicorn-54597.exe (PID: 8324)
- Unicorn-62491.exe (PID: 8420)
- Unicorn-39653.exe (PID: 8544)
- Unicorn-65335.exe (PID: 8464)
- Unicorn-58651.exe (PID: 8344)
- Unicorn-46228.exe (PID: 8380)
- Unicorn-39653.exe (PID: 8536)
- Unicorn-28666.exe (PID: 8552)
- Unicorn-12979.exe (PID: 8360)
- Unicorn-60443.exe (PID: 7796)
- Unicorn-39653.exe (PID: 8520)
- Unicorn-31474.exe (PID: 7960)
- Unicorn-374.exe (PID: 8500)
- Unicorn-56508.exe (PID: 8612)
- Unicorn-20201.exe (PID: 8512)
- Unicorn-42658.exe (PID: 7932)
- Unicorn-63799.exe (PID: 8560)
- Unicorn-30916.exe (PID: 8728)
- Unicorn-39653.exe (PID: 8580)
- Unicorn-33377.exe (PID: 8800)
- Unicorn-39653.exe (PID: 8568)
- Unicorn-6404.exe (PID: 8492)
- Unicorn-58245.exe (PID: 8588)
- Unicorn-13850.exe (PID: 8708)
- Unicorn-3965.exe (PID: 8640)
- Unicorn-30385.exe (PID: 8772)
- Unicorn-8106.exe (PID: 8656)
- Unicorn-48788.exe (PID: 7924)
- Unicorn-7489.exe (PID: 8964)
- Unicorn-43452.exe (PID: 8900)
- Unicorn-20183.exe (PID: 8972)
- Unicorn-18874.exe (PID: 9048)
- Unicorn-37509.exe (PID: 9104)
- Unicorn-13498.exe (PID: 8932)
- Unicorn-52279.exe (PID: 9084)
- Unicorn-64706.exe (PID: 9008)
- Unicorn-42871.exe (PID: 9168)
- Unicorn-56549.exe (PID: 8184)
- Unicorn-9014.exe (PID: 7380)
- Unicorn-11734.exe (PID: 9116)
- Unicorn-14806.exe (PID: 9204)
- Unicorn-20453.exe (PID: 9192)
- Unicorn-14806.exe (PID: 668)
- Unicorn-46711.exe (PID: 9184)
- Unicorn-45870.exe (PID: 616)
- Unicorn-30077.exe (PID: 8156)
- Unicorn-30868.exe (PID: 4424)
- Unicorn-30868.exe (PID: 4180)
- Unicorn-35924.exe (PID: 9288)
- Unicorn-46135.exe (PID: 5968)
- Unicorn-20453.exe (PID: 9212)
- Unicorn-17345.exe (PID: 9336)
- Unicorn-41715.exe (PID: 9320)
- Unicorn-3610.exe (PID: 9348)
- Unicorn-37050.exe (PID: 9400)
- Unicorn-61467.exe (PID: 9428)
- Unicorn-15530.exe (PID: 9444)
- Unicorn-5981.exe (PID: 9436)
- Unicorn-3610.exe (PID: 9356)
- Unicorn-57413.exe (PID: 9508)
- Unicorn-1654.exe (PID: 9536)
- Unicorn-65079.exe (PID: 9480)
- Unicorn-2422.exe (PID: 9588)
- Unicorn-36962.exe (PID: 9700)
- Unicorn-34034.exe (PID: 9676)
- Unicorn-56631.exe (PID: 9732)
- Unicorn-41509.exe (PID: 9600)
- Unicorn-40034.exe (PID: 9752)
- Unicorn-39051.exe (PID: 8720)
- Unicorn-60357.exe (PID: 9784)
- Unicorn-53118.exe (PID: 9916)
- Unicorn-50290.exe (PID: 9312)
- Unicorn-50612.exe (PID: 9968)
- Unicorn-21940.exe (PID: 4164)
- Unicorn-46135.exe (PID: 6656)
- Unicorn-51380.exe (PID: 9984)
- Unicorn-59365.exe (PID: 10040)
- Unicorn-22309.exe (PID: 9872)
- Unicorn-61566.exe (PID: 9856)
- Unicorn-57083.exe (PID: 3768)
- Unicorn-36107.exe (PID: 9708)
- Unicorn-765.exe (PID: 10260)
- Unicorn-57637.exe (PID: 8864)
- Unicorn-30690.exe (PID: 8892)
- Unicorn-14483.exe (PID: 6004)
- Unicorn-23432.exe (PID: 10244)
- Unicorn-39188.exe (PID: 4040)
- Unicorn-61803.exe (PID: 10320)
- Unicorn-42452.exe (PID: 10312)
- Unicorn-63781.exe (PID: 10084)
- Unicorn-36802.exe (PID: 10232)
- Unicorn-8676.exe (PID: 10144)
- Unicorn-3030.exe (PID: 10180)
- Unicorn-12179.exe (PID: 10196)
- Unicorn-2070.exe (PID: 10112)
- Unicorn-4836.exe (PID: 9132)
- Unicorn-25166.exe (PID: 10356)
- Unicorn-32468.exe (PID: 10476)
- Unicorn-55991.exe (PID: 10404)
- Unicorn-8243.exe (PID: 10436)
- Unicorn-26913.exe (PID: 10524)
- Unicorn-46043.exe (PID: 10576)
- Unicorn-65332.exe (PID: 10508)
- Unicorn-33044.exe (PID: 10532)
- Unicorn-64564.exe (PID: 10636)
- Unicorn-44699.exe (PID: 10628)
- Unicorn-32468.exe (PID: 10468)
- Unicorn-30932.exe (PID: 10592)
- Unicorn-28445.exe (PID: 10540)
- Unicorn-64190.exe (PID: 10724)
- Unicorn-23703.exe (PID: 10424)
- Unicorn-46562.exe (PID: 10384)
- Unicorn-21626.exe (PID: 10280)
- Unicorn-38114.exe (PID: 10656)
- Unicorn-2532.exe (PID: 9684)
- Unicorn-7162.exe (PID: 9148)
- Unicorn-26132.exe (PID: 10920)
- Unicorn-36308.exe (PID: 10768)
- Unicorn-62462.exe (PID: 10848)
- Unicorn-12979.exe (PID: 8352)
- Unicorn-27681.exe (PID: 10812)
- Unicorn-874.exe (PID: 10832)
- Unicorn-63422.exe (PID: 10900)
- Unicorn-53307.exe (PID: 7968)
- Unicorn-26132.exe (PID: 10928)
- Unicorn-33314.exe (PID: 11000)
- Unicorn-1139.exe (PID: 10840)
- Unicorn-9302.exe (PID: 10964)
- Unicorn-30749.exe (PID: 10692)
- Unicorn-2675.exe (PID: 10704)
- Unicorn-45253.exe (PID: 10748)
- Unicorn-33506.exe (PID: 11028)
- Unicorn-38554.exe (PID: 11096)
- Unicorn-38362.exe (PID: 11080)
- Unicorn-6938.exe (PID: 7436)
- Unicorn-7574.exe (PID: 11048)
- Unicorn-1128.exe (PID: 11352)
- Unicorn-4516.exe (PID: 11236)
- Unicorn-11917.exe (PID: 11140)
- Unicorn-57854.exe (PID: 11120)
- Unicorn-57854.exe (PID: 11116)
- Unicorn-43162.exe (PID: 11196)
- Unicorn-51383.exe (PID: 10756)
- Unicorn-40098.exe (PID: 8388)
- Unicorn-52587.exe (PID: 11280)
- Unicorn-43922.exe (PID: 11296)
- Unicorn-9037.exe (PID: 10956)
- Unicorn-13448.exe (PID: 10992)
- Unicorn-1716.exe (PID: 11244)
- Unicorn-38764.exe (PID: 11336)
- Unicorn-53620.exe (PID: 11368)
- Unicorn-44452.exe (PID: 11288)
- Unicorn-52478.exe (PID: 11464)
- Unicorn-6806.exe (PID: 11476)
- Unicorn-37018.exe (PID: 11484)
- Unicorn-8176.exe (PID: 11436)
- Unicorn-3734.exe (PID: 11388)
- Unicorn-54580.exe (PID: 11540)
Starts itself from another location
- Unicorn-27950.exe (PID: 3900)
- 1 (642).exe (PID: 3884)
- Unicorn-12794.exe (PID: 5404)
- Unicorn-15187.exe (PID: 5508)
- Unicorn-27767.exe (PID: 496)
- Unicorn-6561.exe (PID: 6768)
- Unicorn-25114.exe (PID: 3020)
- Unicorn-29323.exe (PID: 5728)
- Unicorn-10102.exe (PID: 2152)
- Unicorn-41253.exe (PID: 5984)
- Unicorn-53221.exe (PID: 2772)
- Unicorn-47383.exe (PID: 2240)
- Unicorn-20933.exe (PID: 5260)
- Unicorn-60382.exe (PID: 5548)
- Unicorn-14445.exe (PID: 6752)
- Unicorn-15062.exe (PID: 4724)
- Unicorn-61911.exe (PID: 4244)
- Unicorn-50536.exe (PID: 6540)
- Unicorn-35138.exe (PID: 1132)
- Unicorn-12444.exe (PID: 1328)
- Unicorn-34740.exe (PID: 4408)
- Unicorn-2451.exe (PID: 2108)
- Unicorn-54475.exe (PID: 6744)
- Unicorn-63390.exe (PID: 3240)
- Unicorn-54475.exe (PID: 2040)
- Unicorn-17719.exe (PID: 7204)
- Unicorn-8351.exe (PID: 7196)
- Unicorn-28217.exe (PID: 632)
- Unicorn-1398.exe (PID: 7556)
- Unicorn-51860.exe (PID: 7580)
- Unicorn-51860.exe (PID: 7576)
- Unicorn-61979.exe (PID: 7612)
- Unicorn-29690.exe (PID: 7632)
- Unicorn-43426.exe (PID: 7640)
- Unicorn-50059.exe (PID: 7680)
- Unicorn-8351.exe (PID: 7188)
- Unicorn-27952.exe (PID: 7220)
- Unicorn-29377.exe (PID: 7212)
- Unicorn-19286.exe (PID: 904)
- Unicorn-44180.exe (PID: 7752)
- Unicorn-59255.exe (PID: 7744)
- Unicorn-59255.exe (PID: 7736)
- Unicorn-60443.exe (PID: 7804)
- Unicorn-60443.exe (PID: 7788)
- Unicorn-36837.exe (PID: 7868)
- Unicorn-48020.exe (PID: 7840)
- Unicorn-60443.exe (PID: 7796)
- Unicorn-48020.exe (PID: 7844)
- Unicorn-17739.exe (PID: 7940)
- Unicorn-28674.exe (PID: 7948)
- Unicorn-42658.exe (PID: 7932)
- Unicorn-53307.exe (PID: 7968)
- Unicorn-58907.exe (PID: 7984)
- Unicorn-48788.exe (PID: 7924)
- Unicorn-28922.exe (PID: 7908)
- Unicorn-31474.exe (PID: 7960)
- Unicorn-12970.exe (PID: 7976)
- Unicorn-51671.exe (PID: 8088)
- Unicorn-1427.exe (PID: 8128)
- Unicorn-14618.exe (PID: 8168)
- Unicorn-16503.exe (PID: 8120)
- Unicorn-26539.exe (PID: 7404)
- Unicorn-33524.exe (PID: 7460)
- Unicorn-56549.exe (PID: 8184)
- Unicorn-59284.exe (PID: 7360)
- Unicorn-9014.exe (PID: 7380)
- Unicorn-41971.exe (PID: 7388)
- Unicorn-9014.exe (PID: 7368)
- Unicorn-30077.exe (PID: 8156)
- Unicorn-26804.exe (PID: 7452)
- Unicorn-6938.exe (PID: 7436)
- Unicorn-25469.exe (PID: 7332)
- Unicorn-32075.exe (PID: 1184)
- Unicorn-42766.exe (PID: 7548)
- Unicorn-25469.exe (PID: 7348)
- Unicorn-32075.exe (PID: 7300)
- Unicorn-57172.exe (PID: 5084)
- Unicorn-57172.exe (PID: 5048)
- Unicorn-23627.exe (PID: 8216)
- Unicorn-24395.exe (PID: 8260)
- Unicorn-34810.exe (PID: 2644)
- Unicorn-11204.exe (PID: 8236)
- Unicorn-10689.exe (PID: 8412)
- Unicorn-27863.exe (PID: 8308)
- Unicorn-30202.exe (PID: 8448)
- Unicorn-54597.exe (PID: 8324)
- Unicorn-12211.exe (PID: 8300)
- Unicorn-47956.exe (PID: 8284)
- Unicorn-39653.exe (PID: 8544)
- Unicorn-12979.exe (PID: 8352)
- Unicorn-65335.exe (PID: 8464)
- Unicorn-39653.exe (PID: 8536)
- Unicorn-28666.exe (PID: 8552)
- Unicorn-40098.exe (PID: 8388)
- Unicorn-46228.exe (PID: 8380)
- Unicorn-12979.exe (PID: 8360)
- Unicorn-58651.exe (PID: 8344)
- Unicorn-39653.exe (PID: 8520)
- Unicorn-374.exe (PID: 8500)
- Unicorn-56508.exe (PID: 8612)
- Unicorn-20201.exe (PID: 8512)
- Unicorn-63799.exe (PID: 8560)
- Unicorn-39653.exe (PID: 8580)
- Unicorn-30916.exe (PID: 8728)
- Unicorn-6404.exe (PID: 8492)
- Unicorn-39653.exe (PID: 8568)
- Unicorn-33377.exe (PID: 8800)
- Unicorn-39051.exe (PID: 8720)
- Unicorn-3965.exe (PID: 8640)
- Unicorn-58245.exe (PID: 8588)
- Unicorn-13850.exe (PID: 8708)
- Unicorn-15539.exe (PID: 7884)
- Unicorn-30385.exe (PID: 8772)
- Unicorn-62491.exe (PID: 8420)
- Unicorn-43452.exe (PID: 8900)
- Unicorn-7489.exe (PID: 8964)
- Unicorn-8106.exe (PID: 8656)
- Unicorn-20183.exe (PID: 8972)
- Unicorn-18874.exe (PID: 9048)
- Unicorn-37509.exe (PID: 9104)
- Unicorn-29309.exe (PID: 8112)
- Unicorn-64706.exe (PID: 9008)
- Unicorn-7162.exe (PID: 9148)
- Unicorn-52279.exe (PID: 9084)
- Unicorn-13498.exe (PID: 8932)
- Unicorn-42871.exe (PID: 9168)
- Unicorn-11734.exe (PID: 9116)
- Unicorn-14806.exe (PID: 9204)
- Unicorn-20453.exe (PID: 9192)
- Unicorn-14806.exe (PID: 668)
- Unicorn-8914.exe (PID: 7344)
- Unicorn-45870.exe (PID: 616)
- Unicorn-46711.exe (PID: 9184)
- Unicorn-38181.exe (PID: 7648)
- Unicorn-21940.exe (PID: 4164)
- Unicorn-30868.exe (PID: 4180)
- Unicorn-46135.exe (PID: 6656)
- Unicorn-46135.exe (PID: 5968)
- Unicorn-35924.exe (PID: 9288)
- Unicorn-17345.exe (PID: 9336)
- Unicorn-50290.exe (PID: 9312)
- Unicorn-3610.exe (PID: 9348)
- Unicorn-20453.exe (PID: 9212)
- Unicorn-15530.exe (PID: 9444)
- Unicorn-41715.exe (PID: 9320)
- Unicorn-61467.exe (PID: 9428)
- Unicorn-65079.exe (PID: 9480)
- Unicorn-2422.exe (PID: 9588)
- Unicorn-1654.exe (PID: 9536)
- Unicorn-5981.exe (PID: 9436)
- Unicorn-41509.exe (PID: 9600)
- Unicorn-56631.exe (PID: 9732)
- Unicorn-36962.exe (PID: 9700)
- Unicorn-34034.exe (PID: 9676)
- Unicorn-57413.exe (PID: 9508)
- Unicorn-40034.exe (PID: 9752)
- Unicorn-36107.exe (PID: 9708)
INFO
Checks supported languages
- Unicorn-27950.exe (PID: 3900)
- 1 (642).exe (PID: 3884)
- Unicorn-15062.exe (PID: 4724)
- Unicorn-12794.exe (PID: 5404)
- Unicorn-25114.exe (PID: 3020)
- Unicorn-6561.exe (PID: 6768)
- Unicorn-10102.exe (PID: 2152)
- Unicorn-29323.exe (PID: 5728)
- Unicorn-27767.exe (PID: 496)
- Unicorn-53221.exe (PID: 2772)
- Unicorn-14445.exe (PID: 6752)
- Unicorn-20933.exe (PID: 5260)
- Unicorn-60382.exe (PID: 5548)
- Unicorn-41253.exe (PID: 5984)
- Unicorn-47383.exe (PID: 2240)
- Unicorn-50536.exe (PID: 6540)
- Unicorn-35138.exe (PID: 1132)
- Unicorn-61911.exe (PID: 4244)
- Unicorn-12444.exe (PID: 1328)
- Unicorn-54475.exe (PID: 2040)
- Unicorn-34740.exe (PID: 4408)
- Unicorn-2451.exe (PID: 2108)
- Unicorn-15187.exe (PID: 5508)
- Unicorn-8351.exe (PID: 7196)
- Unicorn-28217.exe (PID: 632)
- Unicorn-63390.exe (PID: 3240)
- Unicorn-19286.exe (PID: 904)
- Unicorn-8351.exe (PID: 7188)
- Unicorn-29377.exe (PID: 7212)
- Unicorn-54475.exe (PID: 6744)
- Unicorn-17719.exe (PID: 7204)
- Unicorn-43426.exe (PID: 7640)
- Unicorn-38181.exe (PID: 7648)
- Unicorn-50059.exe (PID: 7680)
- Unicorn-51860.exe (PID: 7580)
- Unicorn-61979.exe (PID: 7612)
- Unicorn-29690.exe (PID: 7632)
- Unicorn-59255.exe (PID: 7744)
- Unicorn-59255.exe (PID: 7736)
- Unicorn-60443.exe (PID: 7796)
- Unicorn-60443.exe (PID: 7804)
- Unicorn-60443.exe (PID: 7788)
- Unicorn-48020.exe (PID: 7844)
- Unicorn-48020.exe (PID: 7840)
- Unicorn-15539.exe (PID: 7884)
- Unicorn-28922.exe (PID: 7908)
- Unicorn-12970.exe (PID: 7976)
- Unicorn-31474.exe (PID: 7960)
- Unicorn-53307.exe (PID: 7968)
- Unicorn-17739.exe (PID: 7940)
- Unicorn-28674.exe (PID: 7948)
- Unicorn-42658.exe (PID: 7932)
- Unicorn-58907.exe (PID: 7984)
- Unicorn-36837.exe (PID: 7868)
- Unicorn-51671.exe (PID: 8088)
- Unicorn-1427.exe (PID: 8128)
- Unicorn-14618.exe (PID: 8168)
- Unicorn-30077.exe (PID: 8156)
- Unicorn-56549.exe (PID: 8184)
- Unicorn-59284.exe (PID: 7360)
- Unicorn-29309.exe (PID: 8112)
- Unicorn-9014.exe (PID: 7368)
- Unicorn-41971.exe (PID: 7388)
- Unicorn-26804.exe (PID: 7452)
- Unicorn-26539.exe (PID: 7404)
- Unicorn-6938.exe (PID: 7436)
- Unicorn-33524.exe (PID: 7460)
- Unicorn-25469.exe (PID: 7332)
- Unicorn-25469.exe (PID: 7348)
- Unicorn-9014.exe (PID: 7380)
- Unicorn-32075.exe (PID: 1184)
- Unicorn-57172.exe (PID: 5048)
- Unicorn-34810.exe (PID: 2644)
- Unicorn-11204.exe (PID: 8236)
- Unicorn-24395.exe (PID: 8260)
- Unicorn-42766.exe (PID: 7548)
- Unicorn-27863.exe (PID: 8308)
- Unicorn-12211.exe (PID: 8300)
- Unicorn-54597.exe (PID: 8324)
- Unicorn-58651.exe (PID: 8344)
- Unicorn-47956.exe (PID: 8284)
- Unicorn-12979.exe (PID: 8360)
- Unicorn-40098.exe (PID: 8388)
- Unicorn-62491.exe (PID: 8420)
- Unicorn-10689.exe (PID: 8412)
- Unicorn-30202.exe (PID: 8448)
- Unicorn-65335.exe (PID: 8464)
- Unicorn-12979.exe (PID: 8352)
- Unicorn-46228.exe (PID: 8380)
- Unicorn-6404.exe (PID: 8492)
- Unicorn-20201.exe (PID: 8512)
- Unicorn-39653.exe (PID: 8520)
- Unicorn-63799.exe (PID: 8560)
- Unicorn-39653.exe (PID: 8568)
- Unicorn-39653.exe (PID: 8580)
- Unicorn-58245.exe (PID: 8588)
- Unicorn-374.exe (PID: 8500)
- Unicorn-56508.exe (PID: 8612)
- Unicorn-39653.exe (PID: 8544)
- Unicorn-39653.exe (PID: 8536)
- Unicorn-33377.exe (PID: 8800)
- Unicorn-30916.exe (PID: 8728)
- Unicorn-8106.exe (PID: 8656)
- Unicorn-43452.exe (PID: 8900)
- Unicorn-13498.exe (PID: 8932)
- Unicorn-7489.exe (PID: 8964)
- Unicorn-13850.exe (PID: 8708)
- Unicorn-3965.exe (PID: 8640)
- Unicorn-30385.exe (PID: 8772)
- Unicorn-11734.exe (PID: 9116)
- Unicorn-7162.exe (PID: 9148)
- Unicorn-20183.exe (PID: 8972)
- Unicorn-64706.exe (PID: 9008)
- Unicorn-18874.exe (PID: 9048)
- Unicorn-52279.exe (PID: 9084)
- Unicorn-46711.exe (PID: 9184)
- Unicorn-14806.exe (PID: 9204)
- Unicorn-42871.exe (PID: 9168)
- Unicorn-45870.exe (PID: 616)
- Unicorn-30868.exe (PID: 4424)
- Unicorn-46135.exe (PID: 6656)
- Unicorn-20453.exe (PID: 9212)
- Unicorn-20453.exe (PID: 9192)
- Unicorn-14806.exe (PID: 668)
- Unicorn-46135.exe (PID: 5968)
- Unicorn-61467.exe (PID: 9428)
- Unicorn-41715.exe (PID: 9320)
- Unicorn-3610.exe (PID: 9348)
- Unicorn-3610.exe (PID: 9356)
- Unicorn-17345.exe (PID: 9336)
- Unicorn-5981.exe (PID: 9436)
- Unicorn-37050.exe (PID: 9400)
- Unicorn-15530.exe (PID: 9444)
- Unicorn-21940.exe (PID: 4164)
- Unicorn-35924.exe (PID: 9288)
- Unicorn-50290.exe (PID: 9312)
- Unicorn-1654.exe (PID: 9536)
- Unicorn-41509.exe (PID: 9600)
- Unicorn-65079.exe (PID: 9480)
- Unicorn-57413.exe (PID: 9508)
- Unicorn-56631.exe (PID: 9732)
- Unicorn-40034.exe (PID: 9752)
- Unicorn-2422.exe (PID: 9588)
- Unicorn-34034.exe (PID: 9676)
- Unicorn-36962.exe (PID: 9700)
- Unicorn-36107.exe (PID: 9708)
- Unicorn-61566.exe (PID: 9856)
- Unicorn-22309.exe (PID: 9872)
- Unicorn-53118.exe (PID: 9916)
- Unicorn-60357.exe (PID: 9784)
- Unicorn-50612.exe (PID: 9968)
- Unicorn-51380.exe (PID: 9984)
- Unicorn-59365.exe (PID: 10040)
- Unicorn-2070.exe (PID: 10112)
- Unicorn-8676.exe (PID: 10144)
- Unicorn-63781.exe (PID: 10084)
- Unicorn-30690.exe (PID: 8892)
- Unicorn-57637.exe (PID: 8864)
- Unicorn-3030.exe (PID: 10180)
- Unicorn-12179.exe (PID: 10196)
- Unicorn-36802.exe (PID: 10232)
- Unicorn-57083.exe (PID: 3768)
- Unicorn-14483.exe (PID: 6004)
- Unicorn-39188.exe (PID: 4040)
- Unicorn-23432.exe (PID: 10244)
- Unicorn-765.exe (PID: 10260)
- Unicorn-4836.exe (PID: 9132)
- Unicorn-2532.exe (PID: 9684)
- Unicorn-42452.exe (PID: 10312)
- Unicorn-25166.exe (PID: 10356)
- Unicorn-21626.exe (PID: 10280)
- Unicorn-61803.exe (PID: 10320)
- Unicorn-8243.exe (PID: 10436)
- Unicorn-23703.exe (PID: 10424)
- Unicorn-46562.exe (PID: 10384)
- Unicorn-55991.exe (PID: 10404)
- Unicorn-65332.exe (PID: 10508)
- Unicorn-26913.exe (PID: 10524)
- Unicorn-28445.exe (PID: 10540)
- Unicorn-46043.exe (PID: 10576)
- Unicorn-32468.exe (PID: 10468)
- Unicorn-32468.exe (PID: 10476)
- Unicorn-33044.exe (PID: 10532)
- Unicorn-30932.exe (PID: 10592)
- Unicorn-44699.exe (PID: 10628)
- Unicorn-38114.exe (PID: 10656)
- Unicorn-45253.exe (PID: 10748)
- Unicorn-2675.exe (PID: 10704)
- Unicorn-64190.exe (PID: 10724)
- Unicorn-36308.exe (PID: 10768)
- Unicorn-51383.exe (PID: 10756)
- Unicorn-64564.exe (PID: 10636)
- Unicorn-30749.exe (PID: 10692)
- Unicorn-27681.exe (PID: 10812)
- Unicorn-1139.exe (PID: 10840)
- Unicorn-874.exe (PID: 10832)
- Unicorn-62462.exe (PID: 10848)
- Unicorn-63422.exe (PID: 10900)
- Unicorn-26132.exe (PID: 10928)
- Unicorn-26132.exe (PID: 10920)
- Unicorn-9037.exe (PID: 10956)
- Unicorn-9302.exe (PID: 10964)
- Unicorn-13448.exe (PID: 10992)
- Unicorn-33314.exe (PID: 11000)
- Unicorn-33506.exe (PID: 11028)
- Unicorn-7574.exe (PID: 11048)
- Unicorn-38362.exe (PID: 11080)
- Unicorn-38554.exe (PID: 11096)
- Unicorn-4516.exe (PID: 11236)
- Unicorn-57854.exe (PID: 11120)
- Unicorn-57854.exe (PID: 11116)
- Unicorn-11917.exe (PID: 11140)
- Unicorn-43162.exe (PID: 11196)
- Unicorn-52587.exe (PID: 11280)
- Unicorn-1716.exe (PID: 11244)
- Unicorn-44452.exe (PID: 11288)
- Unicorn-38764.exe (PID: 11336)
- Unicorn-53620.exe (PID: 11368)
- Unicorn-8176.exe (PID: 11436)
- Unicorn-3734.exe (PID: 11388)
- Unicorn-52478.exe (PID: 11464)
- Unicorn-6806.exe (PID: 11476)
- Unicorn-54580.exe (PID: 11540)
- Unicorn-49026.exe (PID: 11556)
- Unicorn-35202.exe (PID: 11580)
- Unicorn-37018.exe (PID: 11484)
- Unicorn-6998.exe (PID: 11512)
- Unicorn-57398.exe (PID: 11604)
- Unicorn-60283.exe (PID: 11612)
- Unicorn-53698.exe (PID: 11652)
- Unicorn-47668.exe (PID: 11680)
- Unicorn-45264.exe (PID: 11692)
- Unicorn-14611.exe (PID: 11620)
- Unicorn-4424.exe (PID: 11792)
- Unicorn-65358.exe (PID: 11776)
- Unicorn-54139.exe (PID: 11840)
- Unicorn-9249.exe (PID: 11808)
- Unicorn-8041.exe (PID: 11824)
- Unicorn-23735.exe (PID: 11848)
- Unicorn-61591.exe (PID: 11736)
- Unicorn-62587.exe (PID: 11756)
- Unicorn-41201.exe (PID: 11888)
- Unicorn-37309.exe (PID: 11904)
- Unicorn-54871.exe (PID: 11944)
- Unicorn-39220.exe (PID: 11936)
- Unicorn-55447.exe (PID: 11968)
- Unicorn-41201.exe (PID: 11880)
- Unicorn-10771.exe (PID: 11984)
- Unicorn-40928.exe (PID: 12000)
- Unicorn-29992.exe (PID: 12032)
- Unicorn-29992.exe (PID: 12024)
- Unicorn-23770.exe (PID: 12016)
- Unicorn-39613.exe (PID: 12056)
- Unicorn-36738.exe (PID: 12112)
- Unicorn-29992.exe (PID: 12008)
- Unicorn-55358.exe (PID: 12156)
- Unicorn-32619.exe (PID: 12180)
- Unicorn-26753.exe (PID: 12172)
- Unicorn-32619.exe (PID: 12224)
- Unicorn-26335.exe (PID: 12128)
- Unicorn-32884.exe (PID: 12192)
- Unicorn-49303.exe (PID: 872)
- Unicorn-47205.exe (PID: 12296)
- Unicorn-44935.exe (PID: 12312)
- Unicorn-38452.exe (PID: 12348)
- Unicorn-9924.exe (PID: 3272)
- Unicorn-9924.exe (PID: 12280)
- Unicorn-16055.exe (PID: 5352)
- Unicorn-44405.exe (PID: 12304)
- Unicorn-22717.exe (PID: 12432)
- Unicorn-38073.exe (PID: 12484)
- Unicorn-45736.exe (PID: 12504)
- Unicorn-16936.exe (PID: 12528)
- Unicorn-22539.exe (PID: 12548)
- Unicorn-31933.exe (PID: 12368)
- Unicorn-43662.exe (PID: 12388)
- Unicorn-57118.exe (PID: 12412)
- Unicorn-22717.exe (PID: 12440)
- Unicorn-46734.exe (PID: 12468)
- Unicorn-38106.exe (PID: 12596)
- Unicorn-64770.exe (PID: 12616)
- Unicorn-58932.exe (PID: 12644)
- Unicorn-55668.exe (PID: 12568)
- Unicorn-47988.exe (PID: 12848)
- Unicorn-7318.exe (PID: 12696)
- Unicorn-30754.exe (PID: 12716)
- Unicorn-64635.exe (PID: 12872)
- Unicorn-19732.exe (PID: 12892)
- Unicorn-41844.exe (PID: 13072)
- Unicorn-59031.exe (PID: 13008)
- Unicorn-14817.exe (PID: 13036)
- Unicorn-55973.exe (PID: 13180)
- Unicorn-52788.exe (PID: 12916)
- Unicorn-36482.exe (PID: 12956)
- Unicorn-5917.exe (PID: 12988)
- Unicorn-36468.exe (PID: 13260)
- Unicorn-52311.exe (PID: 13272)
- Unicorn-8673.exe (PID: 6852)
- Unicorn-62295.exe (PID: 13204)
- Unicorn-45108.exe (PID: 13236)
- Unicorn-58953.exe (PID: 13316)
- Unicorn-38964.exe (PID: 13376)
- Unicorn-59529.exe (PID: 13344)
- Unicorn-49197.exe (PID: 13388)
- Unicorn-46670.exe (PID: 13440)
- Unicorn-24765.exe (PID: 13464)
- Unicorn-9690.exe (PID: 13472)
- Unicorn-13530.exe (PID: 13512)
- Unicorn-9249.exe (PID: 4868)
- Unicorn-63961.exe (PID: 13724)
- Unicorn-15441.exe (PID: 13664)
- Unicorn-38216.exe (PID: 13920)
- Unicorn-3546.exe (PID: 13756)
- Unicorn-18127.exe (PID: 13848)
- Unicorn-36197.exe (PID: 13836)
- Unicorn-33914.exe (PID: 14016)
- Unicorn-38216.exe (PID: 13912)
- Unicorn-7569.exe (PID: 13936)
- Unicorn-45346.exe (PID: 13892)
- Unicorn-13053.exe (PID: 13972)
- Unicorn-23551.exe (PID: 13988)
- Unicorn-20520.exe (PID: 13540)
- Unicorn-31787.exe (PID: 13592)
- Unicorn-50914.exe (PID: 13636)
- Unicorn-18429.exe (PID: 13732)
- Unicorn-7578.exe (PID: 13780)
- Unicorn-47433.exe (PID: 13804)
- Unicorn-33914.exe (PID: 14004)
- Unicorn-34682.exe (PID: 14064)
- Unicorn-34682.exe (PID: 14056)
- Unicorn-5761.exe (PID: 14232)
- Unicorn-21802.exe (PID: 14104)
- Unicorn-15937.exe (PID: 14096)
- Unicorn-474.exe (PID: 14196)
- Unicorn-15937.exe (PID: 14120)
- Unicorn-63785.exe (PID: 14216)
- Unicorn-57563.exe (PID: 14240)
- Unicorn-31304.exe (PID: 14272)
- Unicorn-22372.exe (PID: 14308)
- Unicorn-22180.exe (PID: 14288)
- Unicorn-51673.exe (PID: 6248)
- Unicorn-32072.exe (PID: 7144)
- Unicorn-6141.exe (PID: 14368)
- Unicorn-27962.exe (PID: 14444)
- Unicorn-34682.exe (PID: 14048)
- Unicorn-2202.exe (PID: 14084)
- Unicorn-57541.exe (PID: 14536)
- Unicorn-41698.exe (PID: 14472)
- Unicorn-43806.exe (PID: 14512)
- Unicorn-43806.exe (PID: 14520)
- Unicorn-9213.exe (PID: 14640)
- Unicorn-59867.exe (PID: 14680)
- Unicorn-10173.exe (PID: 14704)
- Unicorn-53474.exe (PID: 14712)
- Unicorn-59867.exe (PID: 14696)
- Unicorn-289.exe (PID: 14760)
- Unicorn-47563.exe (PID: 14436)
- Unicorn-20148.exe (PID: 14632)
- Unicorn-33345.exe (PID: 14792)
- Unicorn-50175.exe (PID: 14752)
- Unicorn-30545.exe (PID: 14804)
- Unicorn-33345.exe (PID: 14788)
- Unicorn-47403.exe (PID: 11660)
Reads the computer name
- 1 (642).exe (PID: 3884)
- Unicorn-27950.exe (PID: 3900)
- Unicorn-15062.exe (PID: 4724)
- Unicorn-25114.exe (PID: 3020)
- Unicorn-15187.exe (PID: 5508)
- Unicorn-6561.exe (PID: 6768)
- Unicorn-27767.exe (PID: 496)
- Unicorn-10102.exe (PID: 2152)
- Unicorn-41253.exe (PID: 5984)
- Unicorn-53221.exe (PID: 2772)
- Unicorn-47383.exe (PID: 2240)
- Unicorn-14445.exe (PID: 6752)
- Unicorn-20933.exe (PID: 5260)
- Unicorn-60382.exe (PID: 5548)
- Unicorn-29323.exe (PID: 5728)
- Unicorn-50536.exe (PID: 6540)
- Unicorn-35138.exe (PID: 1132)
- Unicorn-61911.exe (PID: 4244)
- Unicorn-12794.exe (PID: 5404)
- Unicorn-54475.exe (PID: 6744)
- Unicorn-2451.exe (PID: 2108)
- Unicorn-34740.exe (PID: 4408)
- Unicorn-63390.exe (PID: 3240)
- Unicorn-54475.exe (PID: 2040)
- Unicorn-8351.exe (PID: 7188)
- Unicorn-8351.exe (PID: 7196)
- Unicorn-28217.exe (PID: 632)
- Unicorn-29377.exe (PID: 7212)
- Unicorn-19286.exe (PID: 904)
- Unicorn-17719.exe (PID: 7204)
- Unicorn-29690.exe (PID: 7632)
- Unicorn-51860.exe (PID: 7580)
- Unicorn-1398.exe (PID: 7556)
- Unicorn-51860.exe (PID: 7576)
- Unicorn-38181.exe (PID: 7648)
- Unicorn-61979.exe (PID: 7612)
- Unicorn-50059.exe (PID: 7680)
- Unicorn-59255.exe (PID: 7736)
- Unicorn-59255.exe (PID: 7744)
- Unicorn-44180.exe (PID: 7752)
- Unicorn-60443.exe (PID: 7804)
- Unicorn-36837.exe (PID: 7868)
- Unicorn-60443.exe (PID: 7796)
- Unicorn-48020.exe (PID: 7840)
- Unicorn-17739.exe (PID: 7940)
- Unicorn-48788.exe (PID: 7924)
- Unicorn-15539.exe (PID: 7884)
- Unicorn-28922.exe (PID: 7908)
- Unicorn-12970.exe (PID: 7976)
- Unicorn-31474.exe (PID: 7960)
- Unicorn-28674.exe (PID: 7948)
- Unicorn-58907.exe (PID: 7984)
- Unicorn-29309.exe (PID: 8112)
- Unicorn-51671.exe (PID: 8088)
- Unicorn-16503.exe (PID: 8120)
- Unicorn-41971.exe (PID: 7388)
- Unicorn-56549.exe (PID: 8184)
- Unicorn-6938.exe (PID: 7436)
- Unicorn-9014.exe (PID: 7368)
- Unicorn-33524.exe (PID: 7460)
- Unicorn-26804.exe (PID: 7452)
- Unicorn-59284.exe (PID: 7360)
- Unicorn-26539.exe (PID: 7404)
- Unicorn-8914.exe (PID: 7344)
- Unicorn-25469.exe (PID: 7348)
- Unicorn-42766.exe (PID: 7548)
- Unicorn-32075.exe (PID: 1184)
- Unicorn-32075.exe (PID: 7300)
- Unicorn-25469.exe (PID: 7332)
- Unicorn-57172.exe (PID: 5084)
- Unicorn-23627.exe (PID: 8216)
- Unicorn-24395.exe (PID: 8260)
- Unicorn-34810.exe (PID: 2644)
- Unicorn-12211.exe (PID: 8300)
- Unicorn-27863.exe (PID: 8308)
- Unicorn-47956.exe (PID: 8284)
- Unicorn-54597.exe (PID: 8324)
- Unicorn-11204.exe (PID: 8236)
- Unicorn-30202.exe (PID: 8448)
- Unicorn-28666.exe (PID: 8552)
- Unicorn-40098.exe (PID: 8388)
- Unicorn-12979.exe (PID: 8360)
- Unicorn-20201.exe (PID: 8512)
- Unicorn-62491.exe (PID: 8420)
- Unicorn-12979.exe (PID: 8352)
- Unicorn-65335.exe (PID: 8464)
- Unicorn-39653.exe (PID: 8544)
- Unicorn-46228.exe (PID: 8380)
- Unicorn-39653.exe (PID: 8520)
- Unicorn-30916.exe (PID: 8728)
- Unicorn-63799.exe (PID: 8560)
- Unicorn-374.exe (PID: 8500)
- Unicorn-56508.exe (PID: 8612)
- Unicorn-33377.exe (PID: 8800)
- Unicorn-39653.exe (PID: 8568)
- Unicorn-3965.exe (PID: 8640)
- Unicorn-39051.exe (PID: 8720)
- Unicorn-6404.exe (PID: 8492)
- Unicorn-13850.exe (PID: 8708)
- Unicorn-8106.exe (PID: 8656)
- Unicorn-30385.exe (PID: 8772)
- Unicorn-58245.exe (PID: 8588)
- Unicorn-7489.exe (PID: 8964)
- Unicorn-43452.exe (PID: 8900)
- Unicorn-20183.exe (PID: 8972)
- Unicorn-18874.exe (PID: 9048)
- Unicorn-64706.exe (PID: 9008)
- Unicorn-52279.exe (PID: 9084)
- Unicorn-7162.exe (PID: 9148)
- Unicorn-13498.exe (PID: 8932)
- Unicorn-11734.exe (PID: 9116)
- Unicorn-42871.exe (PID: 9168)
- Unicorn-14806.exe (PID: 9204)
- Unicorn-20453.exe (PID: 9192)
- Unicorn-14806.exe (PID: 668)
- Unicorn-46711.exe (PID: 9184)
- Unicorn-30868.exe (PID: 4424)
- Unicorn-21940.exe (PID: 4164)
- Unicorn-30868.exe (PID: 4180)
- Unicorn-46135.exe (PID: 6656)
- Unicorn-45870.exe (PID: 616)
- Unicorn-35924.exe (PID: 9288)
- Unicorn-37050.exe (PID: 9400)
- Unicorn-17345.exe (PID: 9336)
- Unicorn-3610.exe (PID: 9348)
- Unicorn-50290.exe (PID: 9312)
- Unicorn-41715.exe (PID: 9320)
- Unicorn-3610.exe (PID: 9356)
- Unicorn-61467.exe (PID: 9428)
- Unicorn-65079.exe (PID: 9480)
- Unicorn-2422.exe (PID: 9588)
- Unicorn-1654.exe (PID: 9536)
- Unicorn-57413.exe (PID: 9508)
- Unicorn-15530.exe (PID: 9444)
- Unicorn-36107.exe (PID: 9708)
- Unicorn-36962.exe (PID: 9700)
- Unicorn-34034.exe (PID: 9676)
- Unicorn-53118.exe (PID: 9916)
Create files in a temporary directory
- 1 (642).exe (PID: 3884)
- Unicorn-27950.exe (PID: 3900)
- Unicorn-15062.exe (PID: 4724)
- Unicorn-25114.exe (PID: 3020)
- Unicorn-27767.exe (PID: 496)
- Unicorn-6561.exe (PID: 6768)
- Unicorn-12794.exe (PID: 5404)
- Unicorn-29323.exe (PID: 5728)
- Unicorn-10102.exe (PID: 2152)
- Unicorn-15187.exe (PID: 5508)
- Unicorn-53221.exe (PID: 2772)
- Unicorn-20933.exe (PID: 5260)
- Unicorn-14445.exe (PID: 6752)
- Unicorn-61911.exe (PID: 4244)
- Unicorn-50536.exe (PID: 6540)
- Unicorn-54475.exe (PID: 6744)
- Unicorn-2451.exe (PID: 2108)
- Unicorn-41253.exe (PID: 5984)
- Unicorn-27952.exe (PID: 7220)
- Unicorn-28217.exe (PID: 632)
- Unicorn-60382.exe (PID: 5548)
- Unicorn-1398.exe (PID: 7556)
- Unicorn-51860.exe (PID: 7580)
- Unicorn-51860.exe (PID: 7576)
- Unicorn-43426.exe (PID: 7640)
- Unicorn-61979.exe (PID: 7612)
- Unicorn-29690.exe (PID: 7632)
- Unicorn-12444.exe (PID: 1328)
- Unicorn-50059.exe (PID: 7680)
- Unicorn-8351.exe (PID: 7188)
- Unicorn-19286.exe (PID: 904)
- Unicorn-60443.exe (PID: 7804)
- Unicorn-34740.exe (PID: 4408)
- Unicorn-59255.exe (PID: 7736)
- Unicorn-60443.exe (PID: 7788)
- Unicorn-8351.exe (PID: 7196)
- Unicorn-48020.exe (PID: 7840)
- Unicorn-48020.exe (PID: 7844)
- Unicorn-17739.exe (PID: 7940)
- Unicorn-54475.exe (PID: 2040)
- Unicorn-28922.exe (PID: 7908)
- Unicorn-63390.exe (PID: 3240)
- Unicorn-12970.exe (PID: 7976)
- Unicorn-47383.exe (PID: 2240)
- Unicorn-28674.exe (PID: 7948)
- Unicorn-17719.exe (PID: 7204)
- Unicorn-51671.exe (PID: 8088)
- Unicorn-1427.exe (PID: 8128)
- Unicorn-14618.exe (PID: 8168)
- Unicorn-41971.exe (PID: 7388)
- Unicorn-33524.exe (PID: 7460)
- Unicorn-59284.exe (PID: 7360)
- Unicorn-26539.exe (PID: 7404)
- Unicorn-9014.exe (PID: 7368)
- Unicorn-26804.exe (PID: 7452)
- Unicorn-8914.exe (PID: 7344)
- Unicorn-25469.exe (PID: 7348)
- Unicorn-35138.exe (PID: 1132)
- Unicorn-32075.exe (PID: 1184)
- Unicorn-42766.exe (PID: 7548)
- Unicorn-25469.exe (PID: 7332)
- Unicorn-57172.exe (PID: 5084)
- Unicorn-32075.exe (PID: 7300)
- Unicorn-29377.exe (PID: 7212)
- Unicorn-57172.exe (PID: 5048)
- Unicorn-44180.exe (PID: 7752)
- Unicorn-59255.exe (PID: 7744)
- Unicorn-24395.exe (PID: 8260)
- Unicorn-34810.exe (PID: 2644)
- Unicorn-10689.exe (PID: 8412)
- Unicorn-27863.exe (PID: 8308)
- Unicorn-12211.exe (PID: 8300)
- Unicorn-54597.exe (PID: 8324)
- Unicorn-36837.exe (PID: 7868)
- Unicorn-47956.exe (PID: 8284)
- Unicorn-39653.exe (PID: 8544)
- Unicorn-46228.exe (PID: 8380)
- Unicorn-62491.exe (PID: 8420)
- Unicorn-39653.exe (PID: 8536)
- Unicorn-58651.exe (PID: 8344)
- Unicorn-28666.exe (PID: 8552)
- Unicorn-39653.exe (PID: 8520)
- Unicorn-60443.exe (PID: 7796)
- Unicorn-12979.exe (PID: 8360)
- Unicorn-31474.exe (PID: 7960)
- Unicorn-374.exe (PID: 8500)
- Unicorn-56508.exe (PID: 8612)
- Unicorn-20201.exe (PID: 8512)
- Unicorn-42658.exe (PID: 7932)
- Unicorn-63799.exe (PID: 8560)
- Unicorn-30916.exe (PID: 8728)
- Unicorn-6404.exe (PID: 8492)
- Unicorn-39653.exe (PID: 8580)
- Unicorn-33377.exe (PID: 8800)
- Unicorn-39653.exe (PID: 8568)
- Unicorn-13850.exe (PID: 8708)
- Unicorn-58245.exe (PID: 8588)
- Unicorn-58907.exe (PID: 7984)
- Unicorn-15539.exe (PID: 7884)
- Unicorn-3965.exe (PID: 8640)
- Unicorn-48788.exe (PID: 7924)
- Unicorn-30385.exe (PID: 8772)
- Unicorn-8106.exe (PID: 8656)
- Unicorn-43452.exe (PID: 8900)
- Unicorn-7489.exe (PID: 8964)
- Unicorn-20183.exe (PID: 8972)
- Unicorn-13498.exe (PID: 8932)
- Unicorn-37509.exe (PID: 9104)
- Unicorn-18874.exe (PID: 9048)
- Unicorn-29309.exe (PID: 8112)
- Unicorn-52279.exe (PID: 9084)
- Unicorn-64706.exe (PID: 9008)
- Unicorn-16503.exe (PID: 8120)
- Unicorn-42871.exe (PID: 9168)
- Unicorn-56549.exe (PID: 8184)
- Unicorn-9014.exe (PID: 7380)
- Unicorn-11734.exe (PID: 9116)
- Unicorn-14806.exe (PID: 9204)
- Unicorn-20453.exe (PID: 9192)
- Unicorn-14806.exe (PID: 668)
- Unicorn-46711.exe (PID: 9184)
- Unicorn-45870.exe (PID: 616)
- Unicorn-30077.exe (PID: 8156)
- Unicorn-30868.exe (PID: 4424)
- Unicorn-30868.exe (PID: 4180)
- Unicorn-46135.exe (PID: 5968)
- Unicorn-38181.exe (PID: 7648)
- Unicorn-35924.exe (PID: 9288)
- Unicorn-17345.exe (PID: 9336)
- Unicorn-3610.exe (PID: 9356)
- Unicorn-37050.exe (PID: 9400)
- Unicorn-41715.exe (PID: 9320)
- Unicorn-61467.exe (PID: 9428)
- Unicorn-5981.exe (PID: 9436)
- Unicorn-1654.exe (PID: 9536)
- Unicorn-2422.exe (PID: 9588)
- Unicorn-57413.exe (PID: 9508)
- Unicorn-34034.exe (PID: 9676)
- Unicorn-56631.exe (PID: 9732)
- Unicorn-41509.exe (PID: 9600)
- Unicorn-23627.exe (PID: 8216)
- Unicorn-40034.exe (PID: 9752)
- Unicorn-11204.exe (PID: 8236)
- Unicorn-30202.exe (PID: 8448)
- Unicorn-65335.exe (PID: 8464)
- Unicorn-39051.exe (PID: 8720)
- Unicorn-60357.exe (PID: 9784)
The sample compiled with chinese language support
- 1 (642).exe (PID: 3884)
- Unicorn-25469.exe (PID: 7332)
Reads security settings of Internet Explorer
- BackgroundTransferHost.exe (PID: 5544)
- BackgroundTransferHost.exe (PID: 2108)
- BackgroundTransferHost.exe (PID: 5972)
- BackgroundTransferHost.exe (PID: 6512)
- BackgroundTransferHost.exe (PID: 7316)
Checks proxy server information
- BackgroundTransferHost.exe (PID: 2108)
Reads the software policy settings
- BackgroundTransferHost.exe (PID: 2108)
Creates files or folders in the user directory
- BackgroundTransferHost.exe (PID: 2108)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable Microsoft Visual Basic 6 (90.6) |
|---|---|---|
| .exe | | | Win32 Executable (generic) (4.9) |
| .exe | | | Generic Win/DOS Executable (2.2) |
| .exe | | | DOS Executable Generic (2.2) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:34:56+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
529
Monitored processes
396
Malicious processes
60
Suspicious processes
62
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 496 | C:\Users\admin\AppData\Local\Temp\Unicorn-27767.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27767.exe | Unicorn-12794.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 616 | C:\Users\admin\AppData\Local\Temp\Unicorn-45870.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45870.exe | Unicorn-29323.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 632 | C:\Users\admin\AppData\Local\Temp\Unicorn-28217.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-28217.exe | Unicorn-60382.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 668 | C:\Users\admin\AppData\Local\Temp\Unicorn-14806.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14806.exe | Unicorn-9014.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-49303.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-49303.exe | — | Unicorn-46135.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 904 | C:\Users\admin\AppData\Local\Temp\Unicorn-19286.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19286.exe | 1 (642).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1132 | C:\Users\admin\AppData\Local\Temp\Unicorn-35138.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-35138.exe | Unicorn-15187.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1184 | C:\Users\admin\AppData\Local\Temp\Unicorn-32075.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-32075.exe | Unicorn-19286.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1280 | "C:\WINDOWS\System32\SLUI.exe" RuleId=3482d82e-ca2c-4e1f-8864-da0267b484b2;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=4de7cb65-cdf1-4de9-8ae8-e3cce27b9f2c;NotificationInterval=1440;Trigger=TimerEvent | C:\Windows\System32\slui.exe | — | SppExtComObj.Exe | |||||||||||
User: NETWORK SERVICE Company: Microsoft Corporation Integrity Level: SYSTEM Description: Windows Activation Client Version: 10.0.19041.1 (WinBuild.160101.0800) Modules
| |||||||||||||||
| 1328 | C:\Users\admin\AppData\Local\Temp\Unicorn-12444.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12444.exe | Unicorn-15062.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
9 874
Read events
9 859
Write events
15
Delete events
0
Modification events
| (PID) Process: | (5544) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5544) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5544) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (2108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (2108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (2108) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (5972) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
| (PID) Process: | (5972) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Cookies |
| Operation: | write | Name: | CachePrefix |
Value: Cookie: | |||
| (PID) Process: | (5972) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\History |
| Operation: | write | Name: | CachePrefix |
Value: Visited: | |||
| (PID) Process: | (6512) BackgroundTransferHost.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.windows.contentdeliverymanager_cw5n1h2txyewy\Internet Settings\Cache\Content |
| Operation: | write | Name: | CachePrefix |
Value: | |||
Executable files
1 173
Suspicious files
5
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2108 | BackgroundTransferHost.exe | C:\Users\admin\AppData\Local\Packages\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\AC\BackgroundTransferApi\a71f580b-e4d0-487d-9af9-77ad9f9459ba.down_data | — | |
MD5:— | SHA256:— | |||
| 3884 | 1 (642).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12794.exe | executable | |
MD5:9932A6C90C6C6077397A9349A07E1CBD | SHA256:B249F277379CA6E627E9E5FAE7C3E00DA03AE80B74AF13671A1BBDB1897B68EA | |||
| 3900 | Unicorn-27950.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15062.exe | executable | |
MD5:22EE2E838FFA8C8CDA2BADF3085ACE37 | SHA256:6629BC8CFBA6B8FF9302D4E7A13FC0697C6538599FD0A73C594A2723412D1E92 | |||
| 3884 | 1 (642).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27950.exe | executable | |
MD5:BFDCB31E9FD3ABACF87F3FD932541C36 | SHA256:32B6E9ED5FA65E59520F0F0BF682C8AE97C4604B365A5B637107217F2C2C9A1E | |||
| 3900 | Unicorn-27950.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-41253.exe | executable | |
MD5:66D137A89023A87BAB36ADC816CA5172 | SHA256:38B6364238DCADED23DF8ED23EDAC0ECBE4AD803892A641BBCE453088B590372 | |||
| 5404 | Unicorn-12794.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27767.exe | executable | |
MD5:E78EE4A9980B3F9D326B4657878B5E40 | SHA256:EAEB70585E8AAC8E7F54D757A1413D690A83761ED2EBF787460041AB856BD572 | |||
| 496 | Unicorn-27767.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-47383.exe | executable | |
MD5:BBB99612BA7A4AD57D8748D032373DCB | SHA256:72CF44D4AB2D863216092D1FBADBEEFCA44A5116F9A5C62858F2120A861F76C0 | |||
| 3900 | Unicorn-27950.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-25114.exe | executable | |
MD5:F58A140057906635E7927C6F4FA663F8 | SHA256:D30A3F0819D9E2B7C7E8DAA2422E4947ED27717A2FB06FC5BB1A31FDADA8E1AE | |||
| 4724 | Unicorn-15062.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-15187.exe | executable | |
MD5:43951765A6F3C00149D8CE0885447780 | SHA256:4CD10DBB2D80316CCC989782D34F5C6BEA380F622C6513E532F65B6679C9B17C | |||
| 3884 | 1 (642).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-14445.exe | executable | |
MD5:B142264CEE5AA3CB66EA1FEB4405B971 | SHA256:75122BC7902AA8FBEC0860C0476FDE88F62F2CF5716C0E619ECD00641E85BEE3 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
6
TCP/UDP connections
25
DNS requests
17
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
4688 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
— | — | GET | 200 | 23.53.40.178:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
8860 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
2108 | BackgroundTransferHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D | unknown | — | — | whitelisted |
8860 | SIHClient.exe | GET | 200 | 184.30.21.171:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
— | — | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
— | — | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 23.53.40.178:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
— | — | 4.231.128.59:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
2104 | svchost.exe | 51.124.78.146:443 | — | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2112 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.115.3.253:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.32.76:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
crl.microsoft.com |
| whitelisted |
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
www.bing.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |