ebd7d7aa2f849ec162ea2e30550e061d429ca45fc02628b23ef7601d3fdcf10d

Analysis

max time kernel
79s
max time network
139s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb7b5d31cce57c39afb61082b092a157.exe
Size

184KB
MD5

bb7b5d31cce57c39afb61082b092a157
SHA1

9dff6f90164247f8d9a959e418c9a5ad412b7620
SHA256

ebd7d7aa2f849ec162ea2e30550e061d429ca45fc02628b23ef7601d3fdcf10d
SHA512

9ca49feaa2dc15c0f734e85a8efad79fc0a0f6af63c6d6d1ffa9b870d70881d3e493c210bb5298bbcb71dc401d4d101976d16250a54afeca979e466801e95f8d
SSDEEP

3072:eL6yonAe+AFlmLsQIMzVVS8WYpmqWtJiCl+8xVMPnCylY32FW:eLbosUlmADM5VS8shZTylY32F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1384	Unicorn-37749.exe
2356	Unicorn-9687.exe
2760	Unicorn-30854.exe
2820	Unicorn-55162.exe
2952	Unicorn-52147.exe
1044	Unicorn-11861.exe
2132	Unicorn-3268.exe
2940	Unicorn-8867.exe
2896	Unicorn-12396.exe
2908	Unicorn-62152.exe
1916	Unicorn-28925.exe
796	Unicorn-21800.exe
2140	Unicorn-39074.exe
1640	Unicorn-30352.exe
2056	Unicorn-42028.exe
3016	Unicorn-25692.exe
3020	Unicorn-21608.exe
1120	Unicorn-1742.exe
1548	Unicorn-13117.exe
696	Unicorn-39563.exe
2400	Unicorn-40309.exe
1832	Unicorn-15250.exe
1296	Unicorn-26927.exe
1140	Unicorn-26604.exe
1848	Unicorn-38302.exe
1188	Unicorn-47217.exe
2128	Unicorn-26974.exe
2280	Unicorn-31250.exe
3036	Unicorn-42926.exe
2136	Unicorn-47010.exe
300	Unicorn-23060.exe
2116	Unicorn-31420.exe
2464	Unicorn-52329.exe
2172	Unicorn-35993.exe
2336	Unicorn-24295.exe
2252	Unicorn-39501.exe
2836	Unicorn-52500.exe
2588	Unicorn-35609.exe
2900	Unicorn-35609.exe
2768	Unicorn-33039.exe
1440	Unicorn-24317.exe
320	Unicorn-65349.exe
2864	Unicorn-28571.exe
2156	Unicorn-39968.exe
3048	Unicorn-39968.exe
2584	Unicorn-24186.exe
1696	Unicorn-39968.exe
1940	Unicorn-20102.exe
2220	Unicorn-39968.exe
3060	Unicorn-39968.exe
1464	Unicorn-20102.exe
1920	Unicorn-27716.exe
3004	Unicorn-21660.exe
2968	Unicorn-29806.exe
2368	Unicorn-49672.exe
2472	Unicorn-9215.exe
1092	Unicorn-21529.exe
1496	Unicorn-46294.exe
1868	Unicorn-13621.exe
988	Unicorn-25298.exe
1404	Unicorn-9153.exe
2396	Unicorn-9153.exe
2012	Unicorn-9153.exe
2100	Unicorn-9153.exe

Loads dropped DLL 64 IoCs

pid	Process
1796	bb7b5d31cce57c39afb61082b092a157.exe
1796	bb7b5d31cce57c39afb61082b092a157.exe
1384	Unicorn-37749.exe
1384	Unicorn-37749.exe
1796	bb7b5d31cce57c39afb61082b092a157.exe
1796	bb7b5d31cce57c39afb61082b092a157.exe
2760	Unicorn-30854.exe
2760	Unicorn-30854.exe
2356	Unicorn-9687.exe
2356	Unicorn-9687.exe
1384	Unicorn-37749.exe
1384	Unicorn-37749.exe
2820	Unicorn-55162.exe
2820	Unicorn-55162.exe
2760	Unicorn-30854.exe
2760	Unicorn-30854.exe
2952	Unicorn-52147.exe
2356	Unicorn-9687.exe
2356	Unicorn-9687.exe
2952	Unicorn-52147.exe
1044	Unicorn-11861.exe
1044	Unicorn-11861.exe
2132	Unicorn-3268.exe
2132	Unicorn-3268.exe
2820	Unicorn-55162.exe
2820	Unicorn-55162.exe
2940	Unicorn-8867.exe
2940	Unicorn-8867.exe
2908	Unicorn-62152.exe
2908	Unicorn-62152.exe
2896	Unicorn-12396.exe
2896	Unicorn-12396.exe
1916	Unicorn-28925.exe
1916	Unicorn-28925.exe
2952	Unicorn-52147.exe
2952	Unicorn-52147.exe
1044	Unicorn-11861.exe
1044	Unicorn-11861.exe
796	Unicorn-21800.exe
796	Unicorn-21800.exe
2132	Unicorn-3268.exe
2132	Unicorn-3268.exe
2140	Unicorn-39074.exe
2140	Unicorn-39074.exe
1640	Unicorn-30352.exe
1640	Unicorn-30352.exe
2940	Unicorn-8867.exe
2940	Unicorn-8867.exe
2056	Unicorn-42028.exe
2056	Unicorn-42028.exe
2908	Unicorn-62152.exe
2908	Unicorn-62152.exe
1120	Unicorn-1742.exe
1120	Unicorn-1742.exe
3016	Unicorn-25692.exe
3016	Unicorn-25692.exe
1548	Unicorn-13117.exe
3020	Unicorn-21608.exe
1548	Unicorn-13117.exe
2896	Unicorn-12396.exe
3020	Unicorn-21608.exe
2896	Unicorn-12396.exe
1916	Unicorn-28925.exe
1916	Unicorn-28925.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2140	1120	WerFault.exe	134

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1796	bb7b5d31cce57c39afb61082b092a157.exe
1384	Unicorn-37749.exe
2760	Unicorn-30854.exe
2356	Unicorn-9687.exe
2820	Unicorn-55162.exe
2952	Unicorn-52147.exe
1044	Unicorn-11861.exe
2132	Unicorn-3268.exe
2940	Unicorn-8867.exe
2908	Unicorn-62152.exe
2896	Unicorn-12396.exe
1916	Unicorn-28925.exe
796	Unicorn-21800.exe
2140	Unicorn-39074.exe
1640	Unicorn-30352.exe
2056	Unicorn-42028.exe
3020	Unicorn-21608.exe
1120	Unicorn-1742.exe
3016	Unicorn-25692.exe
1548	Unicorn-13117.exe
696	Unicorn-39563.exe
2400	Unicorn-40309.exe
1832	Unicorn-15250.exe
1296	Unicorn-26927.exe
1140	Unicorn-26604.exe
1848	Unicorn-38302.exe
1188	Unicorn-47217.exe
2128	Unicorn-26974.exe
2280	Unicorn-31250.exe
2136	Unicorn-47010.exe
300	Unicorn-23060.exe
3036	Unicorn-42926.exe
2116	Unicorn-31420.exe
2464	Unicorn-52329.exe
2336	Unicorn-24295.exe
2172	Unicorn-35993.exe
2836	Unicorn-52500.exe
2252	Unicorn-39501.exe
2900	Unicorn-35609.exe
2588	Unicorn-35609.exe
2768	Unicorn-33039.exe
1440	Unicorn-24317.exe
320	Unicorn-65349.exe
1696	Unicorn-39968.exe
2864	Unicorn-28571.exe
2156	Unicorn-39968.exe
2584	Unicorn-24186.exe
1940	Unicorn-20102.exe
3048	Unicorn-39968.exe
2220	Unicorn-39968.exe
1464	Unicorn-20102.exe
3060	Unicorn-39968.exe
1920	Unicorn-27716.exe
3004	Unicorn-21660.exe
2368	Unicorn-49672.exe
2472	Unicorn-9215.exe
2968	Unicorn-29806.exe
1092	Unicorn-21529.exe
1496	Unicorn-46294.exe
1868	Unicorn-13621.exe
988	Unicorn-25298.exe
328	Unicorn-9153.exe
2012	Unicorn-9153.exe
2284	Unicorn-9153.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1384	1796	bb7b5d31cce57c39afb61082b092a157.exe	28
PID 1796 wrote to memory of 1384	1796	bb7b5d31cce57c39afb61082b092a157.exe	28
PID 1796 wrote to memory of 1384	1796	bb7b5d31cce57c39afb61082b092a157.exe	28
PID 1796 wrote to memory of 1384	1796	bb7b5d31cce57c39afb61082b092a157.exe	28
PID 1384 wrote to memory of 2356	1384	Unicorn-37749.exe	29
PID 1384 wrote to memory of 2356	1384	Unicorn-37749.exe	29
PID 1384 wrote to memory of 2356	1384	Unicorn-37749.exe	29
PID 1384 wrote to memory of 2356	1384	Unicorn-37749.exe	29
PID 1796 wrote to memory of 2760	1796	bb7b5d31cce57c39afb61082b092a157.exe	30
PID 1796 wrote to memory of 2760	1796	bb7b5d31cce57c39afb61082b092a157.exe	30
PID 1796 wrote to memory of 2760	1796	bb7b5d31cce57c39afb61082b092a157.exe	30
PID 1796 wrote to memory of 2760	1796	bb7b5d31cce57c39afb61082b092a157.exe	30
PID 2760 wrote to memory of 2820	2760	Unicorn-30854.exe	31
PID 2760 wrote to memory of 2820	2760	Unicorn-30854.exe	31
PID 2760 wrote to memory of 2820	2760	Unicorn-30854.exe	31
PID 2760 wrote to memory of 2820	2760	Unicorn-30854.exe	31
PID 2356 wrote to memory of 2952	2356	Unicorn-9687.exe	32
PID 2356 wrote to memory of 2952	2356	Unicorn-9687.exe	32
PID 2356 wrote to memory of 2952	2356	Unicorn-9687.exe	32
PID 2356 wrote to memory of 2952	2356	Unicorn-9687.exe	32
PID 1384 wrote to memory of 1044	1384	Unicorn-37749.exe	33
PID 1384 wrote to memory of 1044	1384	Unicorn-37749.exe	33
PID 1384 wrote to memory of 1044	1384	Unicorn-37749.exe	33
PID 1384 wrote to memory of 1044	1384	Unicorn-37749.exe	33
PID 2820 wrote to memory of 2132	2820	Unicorn-55162.exe	34
PID 2820 wrote to memory of 2132	2820	Unicorn-55162.exe	34
PID 2820 wrote to memory of 2132	2820	Unicorn-55162.exe	34
PID 2820 wrote to memory of 2132	2820	Unicorn-55162.exe	34
PID 2760 wrote to memory of 2940	2760	Unicorn-30854.exe	35
PID 2760 wrote to memory of 2940	2760	Unicorn-30854.exe	35
PID 2760 wrote to memory of 2940	2760	Unicorn-30854.exe	35
PID 2760 wrote to memory of 2940	2760	Unicorn-30854.exe	35
PID 2952 wrote to memory of 2896	2952	Unicorn-52147.exe	36
PID 2952 wrote to memory of 2896	2952	Unicorn-52147.exe	36
PID 2952 wrote to memory of 2896	2952	Unicorn-52147.exe	36
PID 2952 wrote to memory of 2896	2952	Unicorn-52147.exe	36
PID 2356 wrote to memory of 2908	2356	Unicorn-9687.exe	37
PID 2356 wrote to memory of 2908	2356	Unicorn-9687.exe	37
PID 2356 wrote to memory of 2908	2356	Unicorn-9687.exe	37
PID 2356 wrote to memory of 2908	2356	Unicorn-9687.exe	37
PID 1044 wrote to memory of 1916	1044	Unicorn-11861.exe	38
PID 1044 wrote to memory of 1916	1044	Unicorn-11861.exe	38
PID 1044 wrote to memory of 1916	1044	Unicorn-11861.exe	38
PID 1044 wrote to memory of 1916	1044	Unicorn-11861.exe	38
PID 2132 wrote to memory of 796	2132	Unicorn-3268.exe	39
PID 2132 wrote to memory of 796	2132	Unicorn-3268.exe	39
PID 2132 wrote to memory of 796	2132	Unicorn-3268.exe	39
PID 2132 wrote to memory of 796	2132	Unicorn-3268.exe	39
PID 2820 wrote to memory of 2140	2820	Unicorn-55162.exe	40
PID 2820 wrote to memory of 2140	2820	Unicorn-55162.exe	40
PID 2820 wrote to memory of 2140	2820	Unicorn-55162.exe	40
PID 2820 wrote to memory of 2140	2820	Unicorn-55162.exe	40
PID 2940 wrote to memory of 1640	2940	Unicorn-8867.exe	41
PID 2940 wrote to memory of 1640	2940	Unicorn-8867.exe	41
PID 2940 wrote to memory of 1640	2940	Unicorn-8867.exe	41
PID 2940 wrote to memory of 1640	2940	Unicorn-8867.exe	41
PID 2908 wrote to memory of 2056	2908	Unicorn-62152.exe	42
PID 2908 wrote to memory of 2056	2908	Unicorn-62152.exe	42
PID 2908 wrote to memory of 2056	2908	Unicorn-62152.exe	42
PID 2908 wrote to memory of 2056	2908	Unicorn-62152.exe	42
PID 2896 wrote to memory of 3016	2896	Unicorn-12396.exe	43
PID 2896 wrote to memory of 3016	2896	Unicorn-12396.exe	43
PID 2896 wrote to memory of 3016	2896	Unicorn-12396.exe	43
PID 2896 wrote to memory of 3016	2896	Unicorn-12396.exe	43

C:\Users\Admin\AppData\Local\Temp\bb7b5d31cce57c39afb61082b092a157.exe
"C:\Users\Admin\AppData\Local\Temp\bb7b5d31cce57c39afb61082b092a157.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31250.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55739.exe
        11⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1603.exe
        10⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        8⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        9⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25475.exe
        11⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64786.exe
        12⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26974.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        8⤵
        Executes dropped EXE
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        9⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        11⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
        12⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26108.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50105.exe
        10⤵
        
        PID:624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
        8⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54779.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37258.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36227.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64756.exe
        10⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 380
        10⤵
        Program crash
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47217.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24317.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49672.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        7⤵
        
        PID:2356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2755.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
        12⤵
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63890.exe
        13⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31420.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27716.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17789.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15126.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32112.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13173.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
        10⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13117.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19050.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49935.exe
        10⤵
        
        PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        6⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57124.exe
        7⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45246.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2423.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3111.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        11⤵
        
        PID:1272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
        6⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44286.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        8⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41932.exe
        9⤵
        
        PID:2540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46294.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32283.exe
        8⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19024.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36118.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        10⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10319.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        8⤵
        
        PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        11⤵
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25184.exe
        7⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18708.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        10⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        7⤵
        
        PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
        7⤵
        Executes dropped EXE
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        11⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64695.exe
        6⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3253.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26492.exe
        8⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55001.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
        8⤵
        
        PID:1688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11861.exe

Filesize
184KB

MD5
d19123a05c513ddb8ad14df4655916dc

SHA1
8ddab830721b5711d0cb015d8ef5a648027c7958

SHA256
a15231a42de27bf9f93ea65e675f24926cfe9d11d8641413b96196c6c1cca23b

SHA512
9ccb4501c79e1913c16f9ebc0c06eaef1ffa1cdae6d4afb3a8a7b92602e5de4ee7c819c786f1151bbe28870635ffd4ae3967ac6400a76b9198a54dfb39210280

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe

Filesize
184KB

MD5
87c05f59c579f493be569e80f1b2b763

SHA1
69dbff3bfc7e0cefebe9281767e644bd34704223

SHA256
32802e6ec90d9d30354f3987732baad4869da16d532e740e17ad9cc9ce932436

SHA512
e4ac0436a78999f20ff7ac6cc2f5168e30dd66a2ec2a1c34eb564a324750c638413721194a0e51bd2d74d667a84324923d04f2edec9c7be0eaf75f8e711a5064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe

Filesize
184KB

MD5
f4f566d08ad199bf4f0c3ae0e854f7c3

SHA1
8db57cd083b6b18ffeb5a8b076f47a3882c0b92e

SHA256
8af6980d0e23d6100513d77bebcd096dcfabf4f2390bdc761ee799e5e3340a20

SHA512
8cc7c946465006db347d1699d1d0a2699d974f93d2d50d3b09333f6511cafa27c21c83c6be26affef7dab61546828d5d5baa0394100ab5bc9c7442b331b689e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe

Filesize
184KB

MD5
05e34de71a66d2a67e9e1857c33ef3c4

SHA1
b5d01e45b683005c3fea869a748fdf7988e1eb70

SHA256
44bb1f8dcc6d81f63af6604b50a0f0b6375bc29b9acd431e965f8c8acc375de0

SHA512
025f11e8efae5c30db17ef1612ba03d20c02d47fbebca1b6ab5c4040f18d223a08906f0cddfc2a83c0522dda70509542d20d1ae98f6930e01c3be15d6712f8c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe

Filesize
184KB

MD5
cc3bd7ce5d8effe7b8029b3f29bab09e

SHA1
7fd15a1c6ac154fde29e1562684d9bac64e7373c

SHA256
effe667f438d8286724c5e13576df3a8dbc7d3f258c4a7d2e862ad4783f98e8b

SHA512
1829dff50504e7af4862ab050c0a79945a8677a85237d3f5c577622896c8d9aa065be70ca4f1e152b239dc10110b94f91a7e92a68d55661350a381a98dce1c20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe

Filesize
184KB

MD5
ebd7a59bf300e88409d271e8ea76bf5f

SHA1
f4f30c10e6026e3ddd21d8d11ca02616cc25a86e

SHA256
8dc41cbd8a89ea09aef16d22c8acdd27d651bc65da2f8c387afb1cbb21322672

SHA512
60c0b12deb204be52dbd6e30451ecbc6d320ceb9b73150837587fec76ed6d28bd9c8a081b5a2945e82d3d7f71f6813484a9190daf4bc02dcd953db9bf26d8d5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe

Filesize
184KB

MD5
14f5edbd0afb60fbd99a3afee186de79

SHA1
ec8b5653040bedc700e5ab058c84abd419931077

SHA256
92581ae7c96c7bb28a1600b765c64b2dfc16e1481c124d81c667a622ab5f6a9c

SHA512
38a9f2d07527e95ca83540d0b10a88558f2a252bf2befb09cfe06ef19e69e58f63dd7550a29d9e6a0884e160b34debf5c4ac0f6438f7f77076031ad2cb40c3f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21800.exe

Filesize
184KB

MD5
da38a4ff9b9caac6722f5bd68c7ca6bb

SHA1
b2aa8baedc8e7affd80666cc242c190d62c13b9a

SHA256
3d279b1aa2a69af5be2d7c9c78c0cc36f062a08aefb54e8696a8563a4e44ec55

SHA512
42a2c84668288f600d36846d43a1ffbb3264eb3c4a104cccfdf4bceb034d76775dad5a53ccdec5523bc8d18209c06579cd1f9051a3fc2f99927421e3fa14fb77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28925.exe

Filesize
184KB

MD5
4e7e52c551c7d903be4d2127d79690da

SHA1
f54d8a39af7ee5dd4ce03755c6eff60ed9abb8cf

SHA256
80a8c7d662d1552d5ee92086b68bd65c85417c06a90d848be4a23ded7f3a76c0

SHA512
03088a4c1831683d659a9b2eae15c8cca64ff5926eda3015013fc85db44c76302277325f934880d6271af8c6dcc0f125df5ed99a685b897d05228460515d8e98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30352.exe

Filesize
184KB

MD5
c99a8bf4cff446f3db4df913c17d2c29

SHA1
ef470435903b85a4d27140ede56bf8ba17f4337c

SHA256
8870b1d16287943bc95e831bded8c67abb0f47483592fda2476f29190c84f8ad

SHA512
2955a4084b71ee8198eb606f368ca82b35e9e742452be4eeb3bbdef64203eee483d5eb2c75544f3d838b6450ad8613fba5f62015bc4426fd77f811128deb8b77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30854.exe

Filesize
184KB

MD5
ed0f0be8136d4169a1c45ad84618d969

SHA1
cec70cb72a534e28cc16b3559395dde540ee1f20

SHA256
a9dc428422dd6a6b2806e00aa2b66e30035585ce04294f4600ad6856d276f511

SHA512
1d6f3a3fbfa005047b7e0f5acb3cd3ec90e31f030fc21df5dacc3e29773ec7e1ba01160799a517312c5cc268ffa2038d4fbc625bb7cda48c4b2f95646fa91b0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3268.exe

Filesize
184KB

MD5
a0d521cd480fbfa99e50915eb821d989

SHA1
ac2ae1dd599eadca1ade6c66279ed11d7651f420

SHA256
310f81c37ccce84b408e6c27c5021b9cd8687a6df52715ac9e21c0acb60ac627

SHA512
4993b6673e45b1c604248562e7dd55f4e669c8e4806d6f173578463718650e1eb53694cf5def533080fabe58d5ceec950ba7ceb440410f29a5679ae440464800

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe

Filesize
184KB

MD5
ade4a186b4b5c0c9cc23f3ff26e2a322

SHA1
b6fe1535d16d2548ef25eb2a3612d7f377cd89be

SHA256
a8da125d949fc83e6780186b6589ea7183bcce02449376becd7e4ae61c409393

SHA512
761568cadcd622415e81f3b6d5432d9b54df3a45eeec9d98a244637f13d558d4e0dc1f0d6aeba91e6ac24269c8c00b907cf3410f1309fc4feb12584820d0e396

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39074.exe

Filesize
184KB

MD5
8fa08fbb96874033d4e6177b828e4e5a

SHA1
69e28d8c0073da57dba8211597652e8c164ab8de

SHA256
522b7b5fbfcec859484a455de155f9ab5e3dd989e8b94179a74a55f7ccf96ed7

SHA512
b100a56dd071736ad6a8ebab513627a414000131875fa1adfb4e5402208aa3e9cac366cefa2aea13504a7e74567fb16eb1cd6ae59a47c08ae6943e729f5b5e81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42028.exe

Filesize
184KB

MD5
34ce882000ed7ca81a9b74e2936b281e

SHA1
c76a1889ef9971f2cfd32d4905fc124821498906

SHA256
81055e496c0e06d08a28d7f1a96b0c68220f93f170c719d8c578e99a3f3131e5

SHA512
665d00067964961373e65b04f346d57806dedbb33606ad10855afbca84f8efc9256bf60ddd2070407ba2504830e5c53e4ec0281e73b2d08ba8a088fd936b9602

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe

Filesize
184KB

MD5
98c49e19e52faad8caf8bd3460263704

SHA1
f0f0faf87ddeee97a40117648688b926ea2b4981

SHA256
0dd2981e2009a140f47c10407416de23776636ac670dab6062dc4e30aed20b18

SHA512
bcfd6d80f972b66b485b93011dc787ee3dfddf423c3b9dabed8ee43b1d674b2bfdc8dea1aec6751cb0ef050a5a23807641971867811127323520a00315423dc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62152.exe

Filesize
184KB

MD5
284e2df12d035108fcf903aa6c6fcf79

SHA1
cbd093794e127c4f710b9d97a8667d8e30280975

SHA256
1bfcefcbee460b429d9b7dc84cbde1832a4e0fd96198b077c93ed4d6170235aa

SHA512
2b30ca58ae271ee809434c15311857da5ddfc1dbffc0d558447754b064913a57ea7592d1a2bebdcebdc83ab7baec35f41cf3f340990fde6d4298271fad232d0a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe

Filesize
184KB

MD5
3b55dd01a4865063187306c67ec57660

SHA1
0486c0e453b94719e664db606b32114ba2fc1cbc

SHA256
dc8ececd05c1ed996d56f9a42eab33bdc8da4515e7b4278f1200f2efa1dafc4e

SHA512
7ccfd037f3df48e62e2aa3fdc498d7ee96b0916ba053d80124c9eb0eacb01f4c9bea8c8ff7997ecf3bf0b2cd54012544ce798de3affff4d6465b05bb83ebc36e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe

Filesize
184KB

MD5
09e338f88913a164bc7958c6e63851b9

SHA1
ee6b35bcbf8cbaa7e31e218eb1690b7773c8e87b

SHA256
f96dacbe43bc2a90c485b021133ee6bc1e957a3b6a5e6e34dc640163ab1dafc2

SHA512
a16e6032abd6e4e717079f34e0809912a590f3b8688040dd196b254310e7b59c19ad12d689778e355cf90cff4d30d9da0b662e47ffe7ef56e866afa39aa2089e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads