| File name: | 1 (1363) |
| Full analysis: | https://app.any.run/tasks/e5f957bd-b0fc-4bfd-83ec-11f490b59172 |
| Verdict: | Malicious activity |
| Analysis date: | March 24, 2025, 11:41:57 |
| OS: | Windows 10 Professional (build: 19045, 64 bit) |
| Indicators: | |
| MIME: | application/vnd.microsoft.portable-executable |
| File info: | PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, 3 sections |
| MD5: | C666C4A3B2991255B266586D04CD6CE0 |
| SHA1: | D6E48FE4C9F93754AB371FB5260500C400F17D47 |
| SHA256: | C4F29A51E53E4F0F87D63E23105BB9AFE94F373DA760B4922E58B662B8F79232 |
| SSDEEP: | 6144:PT7MLZIPNDonA5EwM7erUgfx5tBqcvJGB9/WyeFzTk/8SwjwpyAvEhSrp6u35sYa:P3iqKnA5bMabBdha9OyeFz0x4DxmDsR |
MALICIOUS
No malicious indicators.SUSPICIOUS
Starts itself from another location
- 1 (1363).exe (PID: 6112)
- Unicorn-2963.exe (PID: 2692)
- Unicorn-44977.exe (PID: 2340)
- Unicorn-37904.exe (PID: 5988)
- Unicorn-26206.exe (PID: 864)
- Unicorn-24234.exe (PID: 5344)
- Unicorn-63818.exe (PID: 4628)
- Unicorn-12304.exe (PID: 4996)
- Unicorn-43991.exe (PID: 6564)
- Unicorn-63472.exe (PID: 4024)
- Unicorn-26223.exe (PID: 6744)
- Unicorn-22440.exe (PID: 5504)
- Unicorn-41006.exe (PID: 4380)
- Unicorn-27270.exe (PID: 6876)
- Unicorn-45740.exe (PID: 3768)
- Unicorn-58355.exe (PID: 1348)
- Unicorn-33296.exe (PID: 6512)
- Unicorn-10187.exe (PID: 976)
- Unicorn-23081.exe (PID: 5384)
- Unicorn-42616.exe (PID: 2420)
- Unicorn-46871.exe (PID: 5436)
- Unicorn-5475.exe (PID: 2240)
- Unicorn-46871.exe (PID: 5756)
- Unicorn-4713.exe (PID: 2772)
- Unicorn-46871.exe (PID: 2096)
- Unicorn-13259.exe (PID: 5360)
- Unicorn-25512.exe (PID: 2040)
- Unicorn-30342.exe (PID: 2384)
- Unicorn-50208.exe (PID: 1672)
- Unicorn-45859.exe (PID: 856)
- Unicorn-32393.exe (PID: 2284)
- Unicorn-23902.exe (PID: 6768)
- Unicorn-53088.exe (PID: 1532)
- Unicorn-55126.exe (PID: 6488)
- Unicorn-40644.exe (PID: 6540)
- Unicorn-61619.exe (PID: 1116)
- Unicorn-11863.exe (PID: 1052)
- Unicorn-48547.exe (PID: 7172)
- Unicorn-4389.exe (PID: 5228)
- Unicorn-6657.exe (PID: 7260)
- Unicorn-19648.exe (PID: 7220)
- Unicorn-57119.exe (PID: 7548)
- Unicorn-32646.exe (PID: 7248)
- Unicorn-61427.exe (PID: 7188)
- Unicorn-44344.exe (PID: 7240)
- Unicorn-38828.exe (PID: 7600)
- Unicorn-47359.exe (PID: 7620)
- Unicorn-39330.exe (PID: 7344)
- Unicorn-22470.exe (PID: 7420)
- Unicorn-13098.exe (PID: 7484)
- Unicorn-45460.exe (PID: 7352)
- Unicorn-21148.exe (PID: 7288)
- Unicorn-3010.exe (PID: 7832)
- Unicorn-43680.exe (PID: 7780)
- Unicorn-52667.exe (PID: 7316)
- Unicorn-32824.exe (PID: 7380)
- Unicorn-54951.exe (PID: 7448)
- Unicorn-58480.exe (PID: 7436)
- Unicorn-4433.exe (PID: 7472)
- Unicorn-37484.exe (PID: 7268)
- Unicorn-23763.exe (PID: 7868)
- Unicorn-13342.exe (PID: 7324)
- Unicorn-25594.exe (PID: 7336)
- Unicorn-1614.exe (PID: 8004)
- Unicorn-9176.exe (PID: 7756)
- Unicorn-34287.exe (PID: 7636)
- Unicorn-24028.exe (PID: 7876)
- Unicorn-23068.exe (PID: 7804)
- Unicorn-3149.exe (PID: 7456)
- Unicorn-54567.exe (PID: 7508)
- Unicorn-42201.exe (PID: 7952)
- Unicorn-26384.exe (PID: 7628)
- Unicorn-45652.exe (PID: 7276)
- Unicorn-58672.exe (PID: 7400)
- Unicorn-13695.exe (PID: 8208)
- Unicorn-50120.exe (PID: 7500)
- Unicorn-64292.exe (PID: 7696)
- Unicorn-28688.exe (PID: 7980)
- Unicorn-58407.exe (PID: 8172)
- Unicorn-30084.exe (PID: 7412)
- Unicorn-63249.exe (PID: 7540)
- Unicorn-28304.exe (PID: 7852)
- Unicorn-62866.exe (PID: 8340)
- Unicorn-32086.exe (PID: 8500)
- Unicorn-26937.exe (PID: 8836)
- Unicorn-30328.exe (PID: 8876)
- Unicorn-33068.exe (PID: 8824)
- Unicorn-31340.exe (PID: 8264)
- Unicorn-22906.exe (PID: 2516)
- Unicorn-38932.exe (PID: 8396)
- Unicorn-20624.exe (PID: 8524)
- Unicorn-21288.exe (PID: 8084)
- Unicorn-18984.exe (PID: 7748)
- Unicorn-57062.exe (PID: 7920)
- Unicorn-14567.exe (PID: 9056)
- Unicorn-4405.exe (PID: 8280)
- Unicorn-33081.exe (PID: 7840)
- Unicorn-53104.exe (PID: 8552)
- Unicorn-11894.exe (PID: 7960)
- Unicorn-56188.exe (PID: 8436)
- Unicorn-20690.exe (PID: 7860)
- Unicorn-13202.exe (PID: 8812)
- Unicorn-51583.exe (PID: 5084)
- Unicorn-31877.exe (PID: 8040)
- Unicorn-58458.exe (PID: 8676)
- Unicorn-22906.exe (PID: 8012)
- Unicorn-24604.exe (PID: 7972)
- Unicorn-36450.exe (PID: 8884)
- Unicorn-7006.exe (PID: 8348)
- Unicorn-55268.exe (PID: 8384)
- Unicorn-8651.exe (PID: 8180)
- Unicorn-20240.exe (PID: 8632)
- Unicorn-30608.exe (PID: 3140)
- Unicorn-42004.exe (PID: 9028)
- Unicorn-12102.exe (PID: 10224)
- Unicorn-60466.exe (PID: 7996)
- Unicorn-35595.exe (PID: 7084)
- Unicorn-57624.exe (PID: 4736)
- Unicorn-22906.exe (PID: 8016)
- Unicorn-23992.exe (PID: 10108)
- Unicorn-48916.exe (PID: 8312)
- Unicorn-52398.exe (PID: 8232)
- Unicorn-35806.exe (PID: 8560)
- Unicorn-22264.exe (PID: 9668)
- Unicorn-44744.exe (PID: 8640)
- Unicorn-1910.exe (PID: 8964)
- Unicorn-51952.exe (PID: 8492)
- Unicorn-2979.exe (PID: 8320)
- Unicorn-38356.exe (PID: 10624)
- Unicorn-17692.exe (PID: 8972)
- Unicorn-59470.exe (PID: 6208)
- Unicorn-38710.exe (PID: 10704)
- Unicorn-19346.exe (PID: 2852)
- Unicorn-14863.exe (PID: 10024)
- Unicorn-7986.exe (PID: 8760)
- Unicorn-61812.exe (PID: 10900)
- Unicorn-45304.exe (PID: 7792)
- Unicorn-12611.exe (PID: 4108)
- Unicorn-63493.exe (PID: 9036)
- Unicorn-26553.exe (PID: 8600)
- Unicorn-30218.exe (PID: 9532)
- Unicorn-36170.exe (PID: 9464)
- Unicorn-64426.exe (PID: 812)
- Unicorn-21200.exe (PID: 8740)
- Unicorn-51931.exe (PID: 8332)
- Unicorn-54146.exe (PID: 11060)
- Unicorn-51916.exe (PID: 11100)
- Unicorn-33841.exe (PID: 7904)
- Unicorn-56835.exe (PID: 9756)
- Unicorn-27640.exe (PID: 8484)
- Unicorn-49634.exe (PID: 12780)
- Unicorn-8158.exe (PID: 3024)
- Unicorn-54095.exe (PID: 2288)
- Unicorn-6946.exe (PID: 12796)
- Unicorn-12014.exe (PID: 11020)
- Unicorn-39818.exe (PID: 12816)
- Unicorn-52580.exe (PID: 10088)
- Unicorn-28356.exe (PID: 9332)
- Unicorn-41428.exe (PID: 8792)
- Unicorn-53592.exe (PID: 9428)
- Unicorn-45263.exe (PID: 11200)
- Unicorn-51568.exe (PID: 8272)
- Unicorn-24137.exe (PID: 8804)
- Unicorn-43364.exe (PID: 10800)
- Unicorn-42559.exe (PID: 10528)
- Unicorn-36310.exe (PID: 9224)
- Unicorn-39662.exe (PID: 11184)
- Unicorn-16901.exe (PID: 1164)
- Unicorn-3571.exe (PID: 10072)
- Unicorn-21150.exe (PID: 12240)
- Unicorn-419.exe (PID: 14128)
- Unicorn-4311.exe (PID: 14164)
- Unicorn-60971.exe (PID: 11780)
- Unicorn-29729.exe (PID: 6620)
- Unicorn-19701.exe (PID: 12248)
- Unicorn-24488.exe (PID: 12232)
- Unicorn-19701.exe (PID: 776)
- Unicorn-5439.exe (PID: 8908)
- Unicorn-40468.exe (PID: 8696)
- Unicorn-50281.exe (PID: 12072)
- Unicorn-32251.exe (PID: 13868)
- Unicorn-31480.exe (PID: 9276)
- Unicorn-42802.exe (PID: 10652)
- Unicorn-16246.exe (PID: 12908)
- Unicorn-3903.exe (PID: 8576)
- Unicorn-21090.exe (PID: 9452)
- Unicorn-46503.exe (PID: 10352)
- Unicorn-5966.exe (PID: 5036)
- Unicorn-14183.exe (PID: 9180)
- Unicorn-27756.exe (PID: 10960)
- Unicorn-8587.exe (PID: 14156)
- Unicorn-40146.exe (PID: 8220)
Executable content was dropped or overwritten
- 1 (1363).exe (PID: 6112)
- Unicorn-2963.exe (PID: 2692)
- Unicorn-44977.exe (PID: 2340)
- Unicorn-37904.exe (PID: 5988)
- Unicorn-26206.exe (PID: 864)
- Unicorn-63818.exe (PID: 4628)
- Unicorn-12304.exe (PID: 4996)
- Unicorn-24234.exe (PID: 5344)
- Unicorn-43991.exe (PID: 6564)
- Unicorn-63472.exe (PID: 4024)
- Unicorn-10187.exe (PID: 976)
- Unicorn-26223.exe (PID: 6744)
- Unicorn-22440.exe (PID: 5504)
- Unicorn-41006.exe (PID: 4380)
- Unicorn-27270.exe (PID: 6876)
- Unicorn-58355.exe (PID: 1348)
- Unicorn-23081.exe (PID: 5384)
- Unicorn-45740.exe (PID: 3768)
- Unicorn-33296.exe (PID: 6512)
- Unicorn-42616.exe (PID: 2420)
- Unicorn-46871.exe (PID: 5436)
- Unicorn-5475.exe (PID: 2240)
- Unicorn-46871.exe (PID: 5756)
- Unicorn-4713.exe (PID: 2772)
- Unicorn-25512.exe (PID: 2040)
- Unicorn-46871.exe (PID: 2096)
- Unicorn-13259.exe (PID: 5360)
- Unicorn-30342.exe (PID: 2384)
- Unicorn-45859.exe (PID: 856)
- Unicorn-32393.exe (PID: 2284)
- Unicorn-23902.exe (PID: 6768)
- Unicorn-4389.exe (PID: 5228)
- Unicorn-53088.exe (PID: 1532)
- Unicorn-55126.exe (PID: 6488)
- Unicorn-48547.exe (PID: 7172)
- Unicorn-61619.exe (PID: 1116)
- Unicorn-40644.exe (PID: 6540)
- Unicorn-11863.exe (PID: 1052)
- Unicorn-19648.exe (PID: 7220)
- Unicorn-57119.exe (PID: 7548)
- Unicorn-21148.exe (PID: 7288)
- Unicorn-32646.exe (PID: 7248)
- Unicorn-6657.exe (PID: 7260)
- Unicorn-44344.exe (PID: 7240)
- Unicorn-38828.exe (PID: 7600)
- Unicorn-47359.exe (PID: 7620)
- Unicorn-39330.exe (PID: 7344)
- Unicorn-13098.exe (PID: 7484)
- Unicorn-45460.exe (PID: 7352)
- Unicorn-22470.exe (PID: 7420)
- Unicorn-32824.exe (PID: 7380)
- Unicorn-3010.exe (PID: 7832)
- Unicorn-43680.exe (PID: 7780)
- Unicorn-52667.exe (PID: 7316)
- Unicorn-54951.exe (PID: 7448)
- Unicorn-58480.exe (PID: 7436)
- Unicorn-37484.exe (PID: 7268)
- Unicorn-4433.exe (PID: 7472)
- Unicorn-25594.exe (PID: 7336)
- Unicorn-23763.exe (PID: 7868)
- Unicorn-13342.exe (PID: 7324)
- Unicorn-24028.exe (PID: 7876)
- Unicorn-34287.exe (PID: 7636)
- Unicorn-1614.exe (PID: 8004)
- Unicorn-9176.exe (PID: 7756)
- Unicorn-3149.exe (PID: 7456)
- Unicorn-54567.exe (PID: 7508)
- Unicorn-23068.exe (PID: 7804)
- Unicorn-42201.exe (PID: 7952)
- Unicorn-26384.exe (PID: 7628)
- Unicorn-60466.exe (PID: 7996)
- Unicorn-45652.exe (PID: 7276)
- Unicorn-58672.exe (PID: 7400)
- Unicorn-13695.exe (PID: 8208)
- Unicorn-50120.exe (PID: 7500)
- Unicorn-63249.exe (PID: 7540)
- Unicorn-64292.exe (PID: 7696)
- Unicorn-28688.exe (PID: 7980)
- Unicorn-28304.exe (PID: 7852)
- Unicorn-30084.exe (PID: 7412)
- Unicorn-58407.exe (PID: 8172)
- Unicorn-62866.exe (PID: 8340)
- Unicorn-61427.exe (PID: 7188)
- Unicorn-32086.exe (PID: 8500)
- Unicorn-50208.exe (PID: 1672)
- Unicorn-31340.exe (PID: 8264)
- Unicorn-26937.exe (PID: 8836)
- Unicorn-30328.exe (PID: 8876)
- Unicorn-20624.exe (PID: 8524)
- Unicorn-22906.exe (PID: 2516)
- Unicorn-38932.exe (PID: 8396)
- Unicorn-21288.exe (PID: 8084)
- Unicorn-57062.exe (PID: 7920)
- Unicorn-14567.exe (PID: 9056)
- Unicorn-18984.exe (PID: 7748)
- Unicorn-24604.exe (PID: 7972)
- Unicorn-4405.exe (PID: 8280)
- Unicorn-11894.exe (PID: 7960)
- Unicorn-7006.exe (PID: 8348)
- Unicorn-33081.exe (PID: 7840)
- Unicorn-30608.exe (PID: 3140)
- Unicorn-13202.exe (PID: 8812)
- Unicorn-51583.exe (PID: 5084)
- Unicorn-31877.exe (PID: 8040)
- Unicorn-56188.exe (PID: 8436)
- Unicorn-58458.exe (PID: 8676)
- Unicorn-22906.exe (PID: 8012)
- Unicorn-36450.exe (PID: 8884)
- Unicorn-55268.exe (PID: 8384)
- Unicorn-20240.exe (PID: 8632)
- Unicorn-42004.exe (PID: 9028)
- Unicorn-8651.exe (PID: 8180)
- Unicorn-35595.exe (PID: 7084)
- Unicorn-12102.exe (PID: 10224)
- Unicorn-57624.exe (PID: 4736)
- Unicorn-22906.exe (PID: 8016)
- Unicorn-23992.exe (PID: 10108)
- Unicorn-48916.exe (PID: 8312)
- Unicorn-52398.exe (PID: 8232)
- Unicorn-35806.exe (PID: 8560)
- Unicorn-44744.exe (PID: 8640)
- Unicorn-1910.exe (PID: 8964)
- Unicorn-22264.exe (PID: 9668)
- Unicorn-51952.exe (PID: 8492)
- Unicorn-38356.exe (PID: 10624)
- Unicorn-2979.exe (PID: 8320)
- Unicorn-17692.exe (PID: 8972)
- Unicorn-59470.exe (PID: 6208)
- Unicorn-33068.exe (PID: 8824)
- Unicorn-14863.exe (PID: 10024)
- Unicorn-7986.exe (PID: 8760)
- Unicorn-38710.exe (PID: 10704)
- Unicorn-19346.exe (PID: 2852)
- Unicorn-61812.exe (PID: 10900)
- Unicorn-45304.exe (PID: 7792)
- Unicorn-53452.exe (PID: 6852)
- Unicorn-63493.exe (PID: 9036)
- Unicorn-26553.exe (PID: 8600)
- Unicorn-30218.exe (PID: 9532)
- Unicorn-36170.exe (PID: 9464)
- Unicorn-64426.exe (PID: 812)
- Unicorn-51931.exe (PID: 8332)
- Unicorn-54146.exe (PID: 11060)
- Unicorn-51916.exe (PID: 11100)
- Unicorn-33841.exe (PID: 7904)
- Unicorn-56835.exe (PID: 9756)
- Unicorn-27640.exe (PID: 8484)
- Unicorn-9221.exe (PID: 11092)
- Unicorn-54095.exe (PID: 2288)
- Unicorn-49634.exe (PID: 12780)
- Unicorn-8158.exe (PID: 3024)
- Unicorn-6946.exe (PID: 12796)
- Unicorn-12014.exe (PID: 11020)
- Unicorn-36310.exe (PID: 9224)
- Unicorn-39818.exe (PID: 12816)
- Unicorn-28356.exe (PID: 9332)
- Unicorn-52580.exe (PID: 10088)
- Unicorn-59108.exe (PID: 8076)
- Unicorn-45263.exe (PID: 11200)
- Unicorn-51568.exe (PID: 8272)
- Unicorn-41428.exe (PID: 8792)
- Unicorn-53592.exe (PID: 9428)
- Unicorn-24137.exe (PID: 8804)
- Unicorn-20690.exe (PID: 7860)
- Unicorn-43364.exe (PID: 10800)
- Unicorn-42559.exe (PID: 10528)
- Unicorn-60971.exe (PID: 11780)
- Unicorn-3571.exe (PID: 10072)
- Unicorn-39662.exe (PID: 11184)
- Unicorn-47763.exe (PID: 12096)
- Unicorn-21150.exe (PID: 12240)
- Unicorn-29729.exe (PID: 6620)
- Unicorn-19701.exe (PID: 12248)
- Unicorn-19701.exe (PID: 776)
- Unicorn-14183.exe (PID: 9180)
- Unicorn-24488.exe (PID: 12232)
- Unicorn-40468.exe (PID: 8696)
- Unicorn-50281.exe (PID: 12072)
- Unicorn-31480.exe (PID: 9276)
- Unicorn-42802.exe (PID: 10652)
- Unicorn-3903.exe (PID: 8576)
- Unicorn-16246.exe (PID: 12908)
- Unicorn-46503.exe (PID: 10352)
- Unicorn-21200.exe (PID: 8740)
- Unicorn-21090.exe (PID: 9452)
- Unicorn-53104.exe (PID: 8552)
- Unicorn-5966.exe (PID: 5036)
- Unicorn-27756.exe (PID: 10960)
- Unicorn-40146.exe (PID: 8220)
- Unicorn-4311.exe (PID: 14164)
- Unicorn-45263.exe (PID: 11192)
- Unicorn-40489.exe (PID: 12088)
- Unicorn-39996.exe (PID: 11636)
- Unicorn-22906.exe (PID: 8052)
- Unicorn-15173.exe (PID: 9596)
- Unicorn-25964.exe (PID: 9492)
- Unicorn-419.exe (PID: 14128)
- Unicorn-41293.exe (PID: 9744)
- Unicorn-8587.exe (PID: 14156)
- Unicorn-19693.exe (PID: 11388)
- Unicorn-21038.exe (PID: 9588)
- Unicorn-49892.exe (PID: 9556)
- Unicorn-14147.exe (PID: 11628)
- Unicorn-60238.exe (PID: 10368)
- Unicorn-54268.exe (PID: 10640)
- Unicorn-3830.exe (PID: 3896)
- Unicorn-5439.exe (PID: 8908)
- Unicorn-16901.exe (PID: 1164)
- Unicorn-12611.exe (PID: 4108)
- Unicorn-43682.exe (PID: 12624)
- Unicorn-37124.exe (PID: 12204)
- Unicorn-45987.exe (PID: 12960)
- Unicorn-59139.exe (PID: 10320)
- Unicorn-34521.exe (PID: 8748)
- Unicorn-63512.exe (PID: 15468)
- Unicorn-5966.exe (PID: 4172)
- Unicorn-24568.exe (PID: 10264)
- Unicorn-46140.exe (PID: 10296)
- Unicorn-14119.exe (PID: 15540)
- Unicorn-22080.exe (PID: 13324)
- Unicorn-48904.exe (PID: 16624)
- Unicorn-40550.exe (PID: 16452)
- Unicorn-57684.exe (PID: 13008)
- Unicorn-53351.exe (PID: 16168)
- Unicorn-3801.exe (PID: 14644)
- Unicorn-53351.exe (PID: 16160)
- Unicorn-54552.exe (PID: 9480)
- Unicorn-15277.exe (PID: 16252)
- Unicorn-2346.exe (PID: 10564)
- Unicorn-5403.exe (PID: 11376)
- Unicorn-33120.exe (PID: 10232)
INFO
The sample compiled with chinese language support
- 1 (1363).exe (PID: 6112)
Checks supported languages
- 1 (1363).exe (PID: 6112)
- Unicorn-2963.exe (PID: 2692)
- Unicorn-37904.exe (PID: 5988)
- Unicorn-26206.exe (PID: 864)
- Unicorn-24234.exe (PID: 5344)
- Unicorn-12304.exe (PID: 4996)
- Unicorn-44977.exe (PID: 2340)
- Unicorn-63818.exe (PID: 4628)
- Unicorn-26223.exe (PID: 6744)
- Unicorn-63472.exe (PID: 4024)
- Unicorn-10187.exe (PID: 976)
- Unicorn-46871.exe (PID: 2096)
- Unicorn-22440.exe (PID: 5504)
- Unicorn-43991.exe (PID: 6564)
- Unicorn-45740.exe (PID: 3768)
- Unicorn-58355.exe (PID: 1348)
- Unicorn-5475.exe (PID: 2240)
- Unicorn-41006.exe (PID: 4380)
- Unicorn-27270.exe (PID: 6876)
- Unicorn-30342.exe (PID: 2384)
- Unicorn-25512.exe (PID: 2040)
- Unicorn-45859.exe (PID: 856)
- Unicorn-4389.exe (PID: 5228)
- Unicorn-46871.exe (PID: 5756)
- Unicorn-23902.exe (PID: 6768)
- Unicorn-53088.exe (PID: 1532)
- Unicorn-40644.exe (PID: 6540)
- Unicorn-11863.exe (PID: 1052)
- Unicorn-48547.exe (PID: 7172)
- Unicorn-61427.exe (PID: 7188)
- Unicorn-44344.exe (PID: 7240)
- Unicorn-32646.exe (PID: 7248)
- Unicorn-6657.exe (PID: 7260)
- Unicorn-21148.exe (PID: 7288)
- Unicorn-52667.exe (PID: 7316)
- Unicorn-45460.exe (PID: 7352)
- Unicorn-39330.exe (PID: 7344)
- Unicorn-30084.exe (PID: 7412)
- Unicorn-58672.exe (PID: 7400)
- Unicorn-22470.exe (PID: 7420)
- Unicorn-3149.exe (PID: 7456)
- Unicorn-4433.exe (PID: 7472)
- Unicorn-13098.exe (PID: 7484)
- Unicorn-50120.exe (PID: 7500)
- Unicorn-38828.exe (PID: 7600)
- Unicorn-47359.exe (PID: 7620)
- Unicorn-57119.exe (PID: 7548)
- Unicorn-34287.exe (PID: 7636)
- Unicorn-26384.exe (PID: 7628)
- Unicorn-64292.exe (PID: 7696)
- Unicorn-9176.exe (PID: 7756)
- Unicorn-43680.exe (PID: 7780)
- Unicorn-45304.exe (PID: 7792)
- Unicorn-23068.exe (PID: 7804)
- Unicorn-63249.exe (PID: 7540)
- Unicorn-3010.exe (PID: 7832)
- Unicorn-23763.exe (PID: 7868)
- Unicorn-24604.exe (PID: 7972)
- Unicorn-28688.exe (PID: 7980)
- Unicorn-58407.exe (PID: 8172)
- Unicorn-21288.exe (PID: 8084)
- Unicorn-20690.exe (PID: 7860)
- Unicorn-60466.exe (PID: 7996)
- Unicorn-13695.exe (PID: 8208)
- Unicorn-52398.exe (PID: 8232)
- Unicorn-31340.exe (PID: 8264)
- Unicorn-2979.exe (PID: 8320)
- Unicorn-51931.exe (PID: 8332)
- Unicorn-62866.exe (PID: 8340)
- Unicorn-4405.exe (PID: 8280)
- Unicorn-40146.exe (PID: 8220)
- Unicorn-55268.exe (PID: 8384)
- Unicorn-51568.exe (PID: 8272)
- Unicorn-15772.exe (PID: 8408)
- Unicorn-56188.exe (PID: 8436)
- Unicorn-27640.exe (PID: 8484)
- Unicorn-51952.exe (PID: 8492)
- Unicorn-32086.exe (PID: 8500)
- Unicorn-20624.exe (PID: 8524)
- Unicorn-12818.exe (PID: 8592)
- Unicorn-33068.exe (PID: 8824)
- Unicorn-53104.exe (PID: 8552)
- Unicorn-35806.exe (PID: 8560)
- Unicorn-3903.exe (PID: 8576)
- Unicorn-20240.exe (PID: 8632)
- Unicorn-44744.exe (PID: 8640)
- Unicorn-58458.exe (PID: 8676)
- Unicorn-34521.exe (PID: 8748)
- Unicorn-4671.exe (PID: 8728)
- Unicorn-21200.exe (PID: 8740)
- Unicorn-30328.exe (PID: 8876)
- Unicorn-40468.exe (PID: 8696)
- Unicorn-26553.exe (PID: 8600)
- Unicorn-41428.exe (PID: 8792)
- Unicorn-24137.exe (PID: 8804)
- Unicorn-5247.exe (PID: 8944)
- Unicorn-36450.exe (PID: 8884)
- Unicorn-5439.exe (PID: 8908)
- Unicorn-1910.exe (PID: 8964)
- Unicorn-17692.exe (PID: 8972)
- Unicorn-63493.exe (PID: 9036)
- Unicorn-14567.exe (PID: 9056)
- Unicorn-39072.exe (PID: 9128)
- Unicorn-7986.exe (PID: 8760)
- Unicorn-14183.exe (PID: 9180)
- Unicorn-30904.exe (PID: 9120)
- Unicorn-57062.exe (PID: 7920)
- Unicorn-22906.exe (PID: 2516)
- Unicorn-3830.exe (PID: 3896)
- Unicorn-13481.exe (PID: 3956)
- Unicorn-36310.exe (PID: 9224)
- Unicorn-59108.exe (PID: 8076)
- Unicorn-7530.exe (PID: 9284)
- Unicorn-31480.exe (PID: 9276)
- Unicorn-22906.exe (PID: 8052)
- Unicorn-56295.exe (PID: 9356)
- Unicorn-61007.exe (PID: 7916)
- Unicorn-25925.exe (PID: 9380)
- Unicorn-58615.exe (PID: 9408)
- Unicorn-53592.exe (PID: 9428)
- Unicorn-30218.exe (PID: 9532)
- Unicorn-54552.exe (PID: 9480)
- Unicorn-15173.exe (PID: 9596)
- Unicorn-62144.exe (PID: 9568)
- Unicorn-12190.exe (PID: 9372)
- Unicorn-49892.exe (PID: 9556)
- Unicorn-15335.exe (PID: 7896)
- Unicorn-54552.exe (PID: 9472)
- Unicorn-25964.exe (PID: 9492)
- Unicorn-41293.exe (PID: 9744)
- Unicorn-47131.exe (PID: 9700)
- Unicorn-1438.exe (PID: 9580)
- Unicorn-43836.exe (PID: 9736)
- Unicorn-38216.exe (PID: 9500)
- Unicorn-26156.exe (PID: 9728)
- Unicorn-20534.exe (PID: 9524)
- Unicorn-22264.exe (PID: 9668)
- Unicorn-56835.exe (PID: 9756)
- Unicorn-61329.exe (PID: 9244)
- Unicorn-14863.exe (PID: 10024)
- Unicorn-57115.exe (PID: 9928)
- Unicorn-3571.exe (PID: 10072)
- Unicorn-36170.exe (PID: 9464)
- Unicorn-52580.exe (PID: 10088)
- Unicorn-63872.exe (PID: 10044)
- Unicorn-12102.exe (PID: 10224)
- Unicorn-23992.exe (PID: 10108)
- Unicorn-21038.exe (PID: 9588)
- Unicorn-57624.exe (PID: 4736)
- Unicorn-26684.exe (PID: 10100)
- Unicorn-35595.exe (PID: 7084)
- Unicorn-29729.exe (PID: 872)
- Unicorn-59470.exe (PID: 6208)
- Unicorn-24568.exe (PID: 10264)
- Unicorn-28652.exe (PID: 10272)
- Unicorn-29729.exe (PID: 6620)
- Unicorn-8158.exe (PID: 3024)
- Unicorn-54095.exe (PID: 2288)
- Unicorn-59139.exe (PID: 10320)
- Unicorn-38334.exe (PID: 10336)
- Unicorn-45372.exe (PID: 4620)
- Unicorn-60238.exe (PID: 10368)
- Unicorn-50395.exe (PID: 10404)
- Unicorn-56665.exe (PID: 10464)
- Unicorn-5113.exe (PID: 10544)
- Unicorn-46140.exe (PID: 10296)
- Unicorn-17552.exe (PID: 10312)
- Unicorn-7913.exe (PID: 10556)
- Unicorn-46503.exe (PID: 10352)
- Unicorn-2346.exe (PID: 10564)
- Unicorn-54268.exe (PID: 10640)
- Unicorn-42802.exe (PID: 10652)
- Unicorn-38710.exe (PID: 10704)
- Unicorn-61812.exe (PID: 10900)
- Unicorn-4753.exe (PID: 10788)
- Unicorn-53452.exe (PID: 6852)
- Unicorn-12611.exe (PID: 4108)
- Unicorn-50254.exe (PID: 10988)
- Unicorn-54801.exe (PID: 11036)
- Unicorn-53523.exe (PID: 10676)
- Unicorn-40712.exe (PID: 10376)
- Unicorn-64723.exe (PID: 10780)
- Unicorn-9221.exe (PID: 11092)
- Unicorn-51916.exe (PID: 11100)
- Unicorn-10373.exe (PID: 11124)
- Unicorn-39662.exe (PID: 11184)
- Unicorn-65128.exe (PID: 11176)
- Unicorn-40816.exe (PID: 11136)
- Unicorn-45263.exe (PID: 11208)
- Unicorn-45263.exe (PID: 11200)
- Unicorn-60011.exe (PID: 11076)
- Unicorn-49944.exe (PID: 11252)
- Unicorn-64426.exe (PID: 812)
- Unicorn-12922.exe (PID: 744)
- Unicorn-23393.exe (PID: 10888)
- Unicorn-35942.exe (PID: 10736)
- Unicorn-45263.exe (PID: 11216)
- Unicorn-45263.exe (PID: 11224)
- Unicorn-37692.exe (PID: 11244)
- Unicorn-35942.exe (PID: 10748)
- Unicorn-49678.exe (PID: 10764)
- Unicorn-40114.exe (PID: 11360)
- Unicorn-61023.exe (PID: 11084)
- Unicorn-22700.exe (PID: 11524)
- Unicorn-59072.exe (PID: 11592)
- Unicorn-4225.exe (PID: 11536)
- Unicorn-52803.exe (PID: 11788)
- Unicorn-60971.exe (PID: 11780)
- Unicorn-2855.exe (PID: 11736)
- Unicorn-56140.exe (PID: 11728)
- Unicorn-47972.exe (PID: 11716)
- Unicorn-23638.exe (PID: 11900)
- Unicorn-57418.exe (PID: 12612)
- Unicorn-59071.exe (PID: 11936)
- Unicorn-50281.exe (PID: 12072)
- Unicorn-40380.exe (PID: 12080)
- Unicorn-24488.exe (PID: 12232)
- Unicorn-49184.exe (PID: 12296)
- Unicorn-21150.exe (PID: 12240)
- Unicorn-19701.exe (PID: 12264)
- Unicorn-39818.exe (PID: 12816)
- Unicorn-49634.exe (PID: 12780)
- Unicorn-26597.exe (PID: 11908)
- Unicorn-15662.exe (PID: 11916)
- Unicorn-19701.exe (PID: 12272)
- Unicorn-5966.exe (PID: 4172)
- Unicorn-19701.exe (PID: 12248)
- Unicorn-40166.exe (PID: 11840)
- Unicorn-37316.exe (PID: 12168)
- Unicorn-12235.exe (PID: 12216)
- Unicorn-5966.exe (PID: 10476)
- Unicorn-13731.exe (PID: 12680)
- Unicorn-366.exe (PID: 4452)
- Unicorn-16246.exe (PID: 12908)
- Unicorn-35847.exe (PID: 12916)
- Unicorn-29981.exe (PID: 12924)
- Unicorn-27181.exe (PID: 12892)
- Unicorn-19701.exe (PID: 5740)
- Unicorn-5966.exe (PID: 6248)
- Unicorn-5966.exe (PID: 5036)
- Unicorn-10521.exe (PID: 12968)
- Unicorn-25567.exe (PID: 4284)
- Unicorn-30586.exe (PID: 12952)
- Unicorn-57684.exe (PID: 13008)
- Unicorn-25374.exe (PID: 13036)
- Unicorn-30611.exe (PID: 13072)
- Unicorn-7141.exe (PID: 13020)
- Unicorn-34633.exe (PID: 13224)
- Unicorn-41540.exe (PID: 13288)
- Unicorn-507.exe (PID: 2092)
- Unicorn-18188.exe (PID: 13304)
- Unicorn-5743.exe (PID: 13316)
- Unicorn-419.exe (PID: 14128)
- Unicorn-40454.exe (PID: 13364)
- Unicorn-50403.exe (PID: 13384)
- Unicorn-40454.exe (PID: 13416)
- Unicorn-62655.exe (PID: 13424)
- Unicorn-62655.exe (PID: 13432)
- Unicorn-18920.exe (PID: 13464)
- Unicorn-43351.exe (PID: 13504)
- Unicorn-25041.exe (PID: 13552)
- Unicorn-51784.exe (PID: 13544)
- Unicorn-40454.exe (PID: 13356)
- Unicorn-40454.exe (PID: 13408)
- Unicorn-56039.exe (PID: 13600)
- Unicorn-47871.exe (PID: 13584)
- Unicorn-5329.exe (PID: 13680)
- Unicorn-12213.exe (PID: 13716)
- Unicorn-39651.exe (PID: 13752)
- Unicorn-35064.exe (PID: 13612)
- Unicorn-54530.exe (PID: 13636)
- Unicorn-39996.exe (PID: 11636)
- Unicorn-32251.exe (PID: 13868)
- Unicorn-51982.exe (PID: 13880)
- Unicorn-8587.exe (PID: 14156)
- Unicorn-11498.exe (PID: 14304)
- Unicorn-23750.exe (PID: 14320)
- Unicorn-19666.exe (PID: 14328)
- Unicorn-25233.exe (PID: 5428)
- Unicorn-54664.exe (PID: 14400)
- Unicorn-50507.exe (PID: 14344)
- Unicorn-43351.exe (PID: 14368)
- Unicorn-39075.exe (PID: 13572)
- Unicorn-31918.exe (PID: 14264)
- Unicorn-32197.exe (PID: 14384)
- Unicorn-46494.exe (PID: 14500)
- Unicorn-8129.exe (PID: 13688)
- Unicorn-55603.exe (PID: 14652)
- Unicorn-51156.exe (PID: 14604)
- Unicorn-65254.exe (PID: 14612)
- Unicorn-28497.exe (PID: 14676)
- Unicorn-24221.exe (PID: 14296)
- Unicorn-20137.exe (PID: 14312)
- Unicorn-37944.exe (PID: 14476)
- Unicorn-34363.exe (PID: 14684)
- Unicorn-14762.exe (PID: 14668)
- Unicorn-34363.exe (PID: 14740)
- Unicorn-36631.exe (PID: 15124)
- Unicorn-5582.exe (PID: 14628)
- Unicorn-14119.exe (PID: 15540)
- Unicorn-48416.exe (PID: 15004)
- Unicorn-61592.exe (PID: 15052)
- Unicorn-40300.exe (PID: 14516)
- Unicorn-2147.exe (PID: 14568)
- Unicorn-48468.exe (PID: 14540)
- Unicorn-9459.exe (PID: 15184)
- Unicorn-25697.exe (PID: 14716)
- Unicorn-39008.exe (PID: 15492)
- Unicorn-35182.exe (PID: 14748)
- Unicorn-25697.exe (PID: 14692)
- Unicorn-25697.exe (PID: 14732)
- Unicorn-19444.exe (PID: 14764)
- Unicorn-3470.exe (PID: 14800)
- Unicorn-47944.exe (PID: 15868)
- Unicorn-17436.exe (PID: 15376)
- Unicorn-3226.exe (PID: 14984)
- Unicorn-39267.exe (PID: 15268)
- Unicorn-3470.exe (PID: 14808)
- Unicorn-6719.exe (PID: 15884)
- Unicorn-26228.exe (PID: 14756)
- Unicorn-25697.exe (PID: 14700)
- Unicorn-27978.exe (PID: 15596)
- Unicorn-48883.exe (PID: 15100)
- Unicorn-43594.exe (PID: 13628)
- Unicorn-15277.exe (PID: 16252)
- Unicorn-15463.exe (PID: 16184)
- Unicorn-48395.exe (PID: 14888)
- Unicorn-62942.exe (PID: 16072)
- Unicorn-34353.exe (PID: 16084)
- Unicorn-64816.exe (PID: 16204)
- Unicorn-53351.exe (PID: 16160)
- Unicorn-4342.exe (PID: 16192)
- Unicorn-43666.exe (PID: 16176)
- Unicorn-53351.exe (PID: 16168)
- Unicorn-7414.exe (PID: 16132)
- Unicorn-53216.exe (PID: 13060)
- Unicorn-53351.exe (PID: 16236)
- Unicorn-53351.exe (PID: 16212)
- Unicorn-9059.exe (PID: 13232)
Reads the computer name
- 1 (1363).exe (PID: 6112)
- Unicorn-2963.exe (PID: 2692)
- Unicorn-37904.exe (PID: 5988)
- Unicorn-26206.exe (PID: 864)
- Unicorn-24234.exe (PID: 5344)
- Unicorn-44977.exe (PID: 2340)
- Unicorn-63818.exe (PID: 4628)
- Unicorn-12304.exe (PID: 4996)
- Unicorn-63472.exe (PID: 4024)
- Unicorn-10187.exe (PID: 976)
- Unicorn-26223.exe (PID: 6744)
- Unicorn-43991.exe (PID: 6564)
- Unicorn-41006.exe (PID: 4380)
- Unicorn-27270.exe (PID: 6876)
- Unicorn-45740.exe (PID: 3768)
- Unicorn-58355.exe (PID: 1348)
- Unicorn-33296.exe (PID: 6512)
- Unicorn-23081.exe (PID: 5384)
- Unicorn-46871.exe (PID: 5436)
- Unicorn-5475.exe (PID: 2240)
- Unicorn-13259.exe (PID: 5360)
- Unicorn-42616.exe (PID: 2420)
- Unicorn-32393.exe (PID: 2284)
- Unicorn-25512.exe (PID: 2040)
- Unicorn-50208.exe (PID: 1672)
- Unicorn-4389.exe (PID: 5228)
- Unicorn-45859.exe (PID: 856)
- Unicorn-40644.exe (PID: 6540)
- Unicorn-61619.exe (PID: 1116)
- Unicorn-11863.exe (PID: 1052)
- Unicorn-6657.exe (PID: 7260)
- Unicorn-19648.exe (PID: 7220)
- Unicorn-44344.exe (PID: 7240)
- Unicorn-57119.exe (PID: 7548)
- Unicorn-21148.exe (PID: 7288)
- Unicorn-32646.exe (PID: 7248)
- Unicorn-38828.exe (PID: 7600)
- Unicorn-47359.exe (PID: 7620)
- Unicorn-13098.exe (PID: 7484)
- Unicorn-22470.exe (PID: 7420)
- Unicorn-45460.exe (PID: 7352)
- Unicorn-39330.exe (PID: 7344)
- Unicorn-3010.exe (PID: 7832)
- Unicorn-43680.exe (PID: 7780)
- Unicorn-54951.exe (PID: 7448)
- Unicorn-58480.exe (PID: 7436)
- Unicorn-4433.exe (PID: 7472)
- Unicorn-37484.exe (PID: 7268)
- Unicorn-25594.exe (PID: 7336)
- Unicorn-23763.exe (PID: 7868)
- Unicorn-13342.exe (PID: 7324)
- Unicorn-1614.exe (PID: 8004)
- Unicorn-9176.exe (PID: 7756)
- Unicorn-24028.exe (PID: 7876)
- Unicorn-23068.exe (PID: 7804)
- Unicorn-34287.exe (PID: 7636)
- Unicorn-54567.exe (PID: 7508)
- Unicorn-60466.exe (PID: 7996)
- Unicorn-42201.exe (PID: 7952)
- Unicorn-26384.exe (PID: 7628)
- Unicorn-3149.exe (PID: 7456)
- Unicorn-45652.exe (PID: 7276)
- Unicorn-63249.exe (PID: 7540)
- Unicorn-28304.exe (PID: 7852)
- Unicorn-30084.exe (PID: 7412)
- Unicorn-58407.exe (PID: 8172)
- Unicorn-62866.exe (PID: 8340)
- Unicorn-18984.exe (PID: 7748)
- Unicorn-30328.exe (PID: 8876)
- Unicorn-32086.exe (PID: 8500)
- Unicorn-33068.exe (PID: 8824)
- Unicorn-22906.exe (PID: 2516)
- Unicorn-38932.exe (PID: 8396)
- Unicorn-14567.exe (PID: 9056)
- Unicorn-57062.exe (PID: 7920)
- Unicorn-4405.exe (PID: 8280)
- Unicorn-21288.exe (PID: 8084)
- Unicorn-56188.exe (PID: 8436)
- Unicorn-7006.exe (PID: 8348)
- Unicorn-53104.exe (PID: 8552)
- Unicorn-36450.exe (PID: 8884)
- Unicorn-11894.exe (PID: 7960)
- Unicorn-30608.exe (PID: 3140)
- Unicorn-13202.exe (PID: 8812)
- Unicorn-51583.exe (PID: 5084)
- Unicorn-58458.exe (PID: 8676)
- Unicorn-22906.exe (PID: 8012)
- Unicorn-8651.exe (PID: 8180)
- Unicorn-52398.exe (PID: 8232)
- Unicorn-57624.exe (PID: 4736)
- Unicorn-35595.exe (PID: 7084)
- Unicorn-42004.exe (PID: 9028)
- Unicorn-22906.exe (PID: 8016)
- Unicorn-48916.exe (PID: 8312)
- Unicorn-23992.exe (PID: 10108)
- Unicorn-35806.exe (PID: 8560)
- Unicorn-44744.exe (PID: 8640)
- Unicorn-1910.exe (PID: 8964)
- Unicorn-59470.exe (PID: 6208)
- Unicorn-51952.exe (PID: 8492)
- Unicorn-26553.exe (PID: 8600)
- Unicorn-45304.exe (PID: 7792)
- Unicorn-12611.exe (PID: 4108)
- Unicorn-53452.exe (PID: 6852)
- Unicorn-61812.exe (PID: 10900)
- Unicorn-56835.exe (PID: 9756)
- Unicorn-27640.exe (PID: 8484)
- Unicorn-54146.exe (PID: 11060)
- Unicorn-54095.exe (PID: 2288)
- Unicorn-49634.exe (PID: 12780)
- Unicorn-39818.exe (PID: 12816)
- Unicorn-9221.exe (PID: 11092)
- Unicorn-59108.exe (PID: 8076)
- Unicorn-51568.exe (PID: 8272)
- Unicorn-41428.exe (PID: 8792)
- Unicorn-28356.exe (PID: 9332)
- Unicorn-45263.exe (PID: 11200)
- Unicorn-42559.exe (PID: 10528)
- Unicorn-16901.exe (PID: 1164)
- Unicorn-53592.exe (PID: 9428)
- Unicorn-60971.exe (PID: 11780)
- Unicorn-24137.exe (PID: 8804)
- Unicorn-29729.exe (PID: 6620)
- Unicorn-21150.exe (PID: 12240)
- Unicorn-50281.exe (PID: 12072)
- Unicorn-19701.exe (PID: 776)
- Unicorn-14183.exe (PID: 9180)
- Unicorn-47763.exe (PID: 12096)
- Unicorn-42802.exe (PID: 10652)
- Unicorn-16246.exe (PID: 12908)
- Unicorn-21090.exe (PID: 9452)
- Unicorn-8587.exe (PID: 14156)
- Unicorn-40489.exe (PID: 12088)
Create files in a temporary directory
- 1 (1363).exe (PID: 6112)
- Unicorn-44977.exe (PID: 2340)
- Unicorn-37904.exe (PID: 5988)
- Unicorn-24234.exe (PID: 5344)
- Unicorn-63818.exe (PID: 4628)
- Unicorn-26206.exe (PID: 864)
- Unicorn-63472.exe (PID: 4024)
- Unicorn-10187.exe (PID: 976)
- Unicorn-22440.exe (PID: 5504)
- Unicorn-2963.exe (PID: 2692)
- Unicorn-43991.exe (PID: 6564)
- Unicorn-4713.exe (PID: 2772)
- Unicorn-5475.exe (PID: 2240)
- Unicorn-46871.exe (PID: 5756)
- Unicorn-13259.exe (PID: 5360)
- Unicorn-30342.exe (PID: 2384)
- Unicorn-25512.exe (PID: 2040)
- Unicorn-4389.exe (PID: 5228)
- Unicorn-12304.exe (PID: 4996)
- Unicorn-32393.exe (PID: 2284)
- Unicorn-23902.exe (PID: 6768)
- Unicorn-26223.exe (PID: 6744)
- Unicorn-53088.exe (PID: 1532)
- Unicorn-58355.exe (PID: 1348)
- Unicorn-48547.exe (PID: 7172)
- Unicorn-40644.exe (PID: 6540)
- Unicorn-61619.exe (PID: 1116)
- Unicorn-23081.exe (PID: 5384)
- Unicorn-6657.exe (PID: 7260)
- Unicorn-19648.exe (PID: 7220)
- Unicorn-57119.exe (PID: 7548)
- Unicorn-32646.exe (PID: 7248)
- Unicorn-42616.exe (PID: 2420)
- Unicorn-38828.exe (PID: 7600)
- Unicorn-22470.exe (PID: 7420)
- Unicorn-45460.exe (PID: 7352)
- Unicorn-13098.exe (PID: 7484)
- Unicorn-39330.exe (PID: 7344)
- Unicorn-21148.exe (PID: 7288)
- Unicorn-43680.exe (PID: 7780)
- Unicorn-58480.exe (PID: 7436)
- Unicorn-54951.exe (PID: 7448)
- Unicorn-41006.exe (PID: 4380)
- Unicorn-46871.exe (PID: 5436)
- Unicorn-13342.exe (PID: 7324)
- Unicorn-33296.exe (PID: 6512)
- Unicorn-25594.exe (PID: 7336)
- Unicorn-9176.exe (PID: 7756)
- Unicorn-24028.exe (PID: 7876)
- Unicorn-34287.exe (PID: 7636)
- Unicorn-1614.exe (PID: 8004)
- Unicorn-45859.exe (PID: 856)
- Unicorn-3149.exe (PID: 7456)
- Unicorn-54567.exe (PID: 7508)
- Unicorn-45740.exe (PID: 3768)
- Unicorn-23068.exe (PID: 7804)
- Unicorn-46871.exe (PID: 2096)
- Unicorn-42201.exe (PID: 7952)
- Unicorn-26384.exe (PID: 7628)
- Unicorn-60466.exe (PID: 7996)
- Unicorn-13695.exe (PID: 8208)
- Unicorn-58672.exe (PID: 7400)
- Unicorn-45652.exe (PID: 7276)
- Unicorn-64292.exe (PID: 7696)
- Unicorn-28688.exe (PID: 7980)
- Unicorn-50120.exe (PID: 7500)
- Unicorn-63249.exe (PID: 7540)
- Unicorn-27270.exe (PID: 6876)
- Unicorn-30084.exe (PID: 7412)
- Unicorn-58407.exe (PID: 8172)
- Unicorn-55126.exe (PID: 6488)
- Unicorn-28304.exe (PID: 7852)
- Unicorn-11863.exe (PID: 1052)
- Unicorn-62866.exe (PID: 8340)
- Unicorn-32086.exe (PID: 8500)
- Unicorn-61427.exe (PID: 7188)
- Unicorn-31340.exe (PID: 8264)
- Unicorn-38932.exe (PID: 8396)
- Unicorn-20624.exe (PID: 8524)
- Unicorn-21288.exe (PID: 8084)
- Unicorn-14567.exe (PID: 9056)
- Unicorn-44344.exe (PID: 7240)
- Unicorn-57062.exe (PID: 7920)
- Unicorn-18984.exe (PID: 7748)
- Unicorn-4405.exe (PID: 8280)
- Unicorn-47359.exe (PID: 7620)
- Unicorn-33081.exe (PID: 7840)
- Unicorn-7006.exe (PID: 8348)
- Unicorn-30608.exe (PID: 3140)
- Unicorn-13202.exe (PID: 8812)
- Unicorn-51583.exe (PID: 5084)
- Unicorn-58458.exe (PID: 8676)
- Unicorn-22906.exe (PID: 8012)
- Unicorn-37484.exe (PID: 7268)
- Unicorn-24604.exe (PID: 7972)
- Unicorn-55268.exe (PID: 8384)
- Unicorn-52667.exe (PID: 7316)
- Unicorn-4433.exe (PID: 7472)
- Unicorn-23763.exe (PID: 7868)
- Unicorn-42004.exe (PID: 9028)
- Unicorn-8651.exe (PID: 8180)
- Unicorn-20240.exe (PID: 8632)
- Unicorn-12102.exe (PID: 10224)
- Unicorn-35595.exe (PID: 7084)
- Unicorn-3010.exe (PID: 7832)
- Unicorn-22906.exe (PID: 8016)
- Unicorn-48916.exe (PID: 8312)
- Unicorn-23992.exe (PID: 10108)
- Unicorn-35806.exe (PID: 8560)
- Unicorn-52398.exe (PID: 8232)
- Unicorn-22264.exe (PID: 9668)
- Unicorn-44744.exe (PID: 8640)
- Unicorn-1910.exe (PID: 8964)
- Unicorn-51952.exe (PID: 8492)
- Unicorn-38356.exe (PID: 10624)
- Unicorn-2979.exe (PID: 8320)
- Unicorn-59470.exe (PID: 6208)
- Unicorn-38710.exe (PID: 10704)
- Unicorn-22906.exe (PID: 2516)
- Unicorn-33068.exe (PID: 8824)
- Unicorn-31877.exe (PID: 8040)
- Unicorn-30328.exe (PID: 8876)
- Unicorn-7986.exe (PID: 8760)
- Unicorn-19346.exe (PID: 2852)
- Unicorn-63493.exe (PID: 9036)
- Unicorn-61812.exe (PID: 10900)
- Unicorn-45304.exe (PID: 7792)
- Unicorn-53452.exe (PID: 6852)
- Unicorn-26553.exe (PID: 8600)
- Unicorn-64426.exe (PID: 812)
- Unicorn-33841.exe (PID: 7904)
- Unicorn-56835.exe (PID: 9756)
- Unicorn-32824.exe (PID: 7380)
- Unicorn-51931.exe (PID: 8332)
- Unicorn-51916.exe (PID: 11100)
- Unicorn-49634.exe (PID: 12780)
- Unicorn-11894.exe (PID: 7960)
- Unicorn-57624.exe (PID: 4736)
- Unicorn-36450.exe (PID: 8884)
- Unicorn-36310.exe (PID: 9224)
- Unicorn-6946.exe (PID: 12796)
- Unicorn-12014.exe (PID: 11020)
- Unicorn-59108.exe (PID: 8076)
- Unicorn-52580.exe (PID: 10088)
- Unicorn-53592.exe (PID: 9428)
- Unicorn-45263.exe (PID: 11200)
- Unicorn-24137.exe (PID: 8804)
- Unicorn-20690.exe (PID: 7860)
- Unicorn-26937.exe (PID: 8836)
- Unicorn-42559.exe (PID: 10528)
- Unicorn-21150.exe (PID: 12240)
- Unicorn-42802.exe (PID: 10652)
- Unicorn-16246.exe (PID: 12908)
- Unicorn-46503.exe (PID: 10352)
- Unicorn-8587.exe (PID: 14156)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | Win32 Executable (generic) (52.9) |
|---|---|---|
| .exe | | | Generic Win/DOS Executable (23.5) |
| .exe | | | DOS Executable Generic (23.5) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2019:01:19 13:36:00+00:00 |
| ImageFileCharacteristics: | No relocs, Executable, No line numbers, No symbols, 32-bit, No debug, Removable run from swap, Net run from swap, Uniprocessor only, Bytes reversed hi |
| PEType: | PE32 |
| LinkerVersion: | 6 |
| CodeSize: | 176128 |
| InitializedDataSize: | 299008 |
| UninitializedDataSize: | - |
| EntryPoint: | 0x13d4 |
| OSVersion: | 4 |
| ImageVersion: | 1 |
| SubsystemVersion: | 4 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 1.0.0.0 |
| ProductVersionNumber: | 1.0.0.0 |
| FileFlagsMask: | 0x003f |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Executable application |
| FileSubtype: | - |
| LanguageCode: | Chinese (Simplified) |
| CharacterSet: | Unicode |
| CompanyName: | UEFI |
| ProductName: | Kawaii-Unicorn |
| FileVersion: | 1 |
| ProductVersion: | 1 |
| InternalName: | Kawaii-Unicorn |
| OriginalFileName: | Kawaii-Unicorn.exe |
Total processes
651
Monitored processes
516
Malicious processes
83
Suspicious processes
68
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 744 | C:\Users\admin\AppData\Local\Temp\Unicorn-12922.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-12922.exe | — | Unicorn-25512.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 776 | C:\Users\admin\AppData\Local\Temp\Unicorn-19701.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-19701.exe | Unicorn-61427.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 812 | C:\Users\admin\AppData\Local\Temp\Unicorn-64426.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-64426.exe | Unicorn-32824.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 856 | C:\Users\admin\AppData\Local\Temp\Unicorn-45859.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45859.exe | Unicorn-2963.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 864 | C:\Users\admin\AppData\Local\Temp\Unicorn-26206.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26206.exe | 1 (1363).exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 872 | C:\Users\admin\AppData\Local\Temp\Unicorn-29729.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-29729.exe | — | Unicorn-23081.exe | |||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 976 | C:\Users\admin\AppData\Local\Temp\Unicorn-10187.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-10187.exe | Unicorn-63818.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1052 | C:\Users\admin\AppData\Local\Temp\Unicorn-11863.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-11863.exe | Unicorn-33296.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1116 | C:\Users\admin\AppData\Local\Temp\Unicorn-61619.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-61619.exe | Unicorn-10187.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
| 1164 | C:\Users\admin\AppData\Local\Temp\Unicorn-16901.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-16901.exe | Unicorn-43991.exe | ||||||||||||
User: admin Company: UEFI Integrity Level: MEDIUM Version: 1.00 Modules
| |||||||||||||||
Total events
10 726
Read events
10 726
Write events
0
Delete events
0
Modification events
Executable files
772
Suspicious files
0
Text files
0
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 2692 | Unicorn-2963.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-37904.exe | executable | |
MD5:073CF824407A45590EB9FCB463D7E8B7 | SHA256:8A12B5EA10F95546C53579E39CC65FEE89490DA6A7F0D552873B21B701DB8B55 | |||
| 6112 | 1 (1363).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-2963.exe | executable | |
MD5:698893BE939210F1E3D8D15CE429E115 | SHA256:1BC253570C0BBE64DCEE84DB183A9727EA15E4F6AD952B4863F1B224734C50DE | |||
| 6112 | 1 (1363).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-26206.exe | executable | |
MD5:E58B9D117B6AAA70C43D25BB06A2EDD6 | SHA256:3C285ADA3712B61D55746ABE6F297954123311007D086661C89A6EA2B0751EDE | |||
| 864 | Unicorn-26206.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-27270.exe | executable | |
MD5:D4906F587D8C7B44F2941215784C5C0B | SHA256:6EEB7DA337782D683B622F1FB3F7F1F2DF2A5319F38AAECA4E36817DDCD63F91 | |||
| 6112 | 1 (1363).exe | C:\Users\admin\AppData\Local\Temp\Unicorn-46871.exe | executable | |
MD5:B35F42C759BA8E942AD16A5D9D71A129 | SHA256:764985C7FCBEE9F537A04D577E0D929299AAFAD9DDFD440CC7C399F96615C042 | |||
| 2340 | Unicorn-44977.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-58355.exe | executable | |
MD5:C31A5042BBDBE86755B9E120B2E962DB | SHA256:8040CEFEAF77E9A8F14F9C9A6F720987F3A23AE60512D83D949B3033F24A4D90 | |||
| 4996 | Unicorn-12304.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-22440.exe | executable | |
MD5:EC94A32862AB128F433ACFECD15E3E71 | SHA256:C1569B2596A50B8B440041BDF3B68F24AA92E021723C8DBFA5BC8364E87299CB | |||
| 6744 | Unicorn-26223.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-45740.exe | executable | |
MD5:F16A21F9398EDBABC09806E8E30AE485 | SHA256:DD625F12D675F2A4BE9327324F0C2F98D364EF2FC2AB533959E00697E7D96476 | |||
| 2692 | Unicorn-2963.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-24234.exe | executable | |
MD5:DECEAEA9DA2AFD034083B2CCAE66CEA2 | SHA256:FF41976BEEDCD90A3E2746238570921B932A36674D7BE121CD18817ED2EB7B6F | |||
| 5988 | Unicorn-37904.exe | C:\Users\admin\AppData\Local\Temp\Unicorn-44977.exe | executable | |
MD5:E3C35F330DAE15FB1BF2104A37B0E782 | SHA256:2DFA66400896DF6F5C9D163C26B66FBC11EF742FD294EEC552B9A61BA589730E | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
5
TCP/UDP connections
22
DNS requests
16
Threats
0
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
6544 | svchost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D | unknown | — | — | whitelisted |
5496 | MoUsoCoreWorker.exe | GET | 200 | 104.124.11.58:80 | http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl | unknown | — | — | whitelisted |
1532 | backgroundTaskHost.exe | GET | 200 | 184.30.131.245:80 | http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D | unknown | — | — | whitelisted |
8012 | SIHClient.exe | GET | 200 | 23.38.73.129:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl | unknown | — | — | whitelisted |
8012 | SIHClient.exe | GET | 200 | 23.38.73.129:80 | http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl | unknown | — | — | whitelisted |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
— | — | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5496 | MoUsoCoreWorker.exe | 104.124.11.58:80 | crl.microsoft.com | Akamai International B.V. | DE | whitelisted |
2104 | svchost.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
5496 | MoUsoCoreWorker.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
4996 | RUXIMICS.exe | 51.104.136.2:443 | settings-win.data.microsoft.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
3216 | svchost.exe | 40.113.103.199:443 | client.wns.windows.com | MICROSOFT-CORP-MSN-AS-BLOCK | NL | whitelisted |
6544 | svchost.exe | 40.126.31.67:443 | login.live.com | MICROSOFT-CORP-MSN-AS-BLOCK | IE | whitelisted |
6544 | svchost.exe | 184.30.131.245:80 | ocsp.digicert.com | AKAMAI-AS | US | whitelisted |
DNS requests
Domain | IP | Reputation |
|---|---|---|
google.com |
| whitelisted |
settings-win.data.microsoft.com |
| whitelisted |
crl.microsoft.com |
| whitelisted |
client.wns.windows.com |
| whitelisted |
login.live.com |
| whitelisted |
ocsp.digicert.com |
| whitelisted |
arc.msn.com |
| whitelisted |
slscr.update.microsoft.com |
| whitelisted |
www.microsoft.com |
| whitelisted |
fe3cr.delivery.mp.microsoft.com |
| whitelisted |