bcf1fdbac03f4958be9b9f83b2ab3af4f63b94b5e8edf7d680c42f9f9812518a

Analysis

max time kernel
209s
max time network
167s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

38496bb9b17cc3398e4ba9fbc5d5848a.exe
Size

184KB
MD5

38496bb9b17cc3398e4ba9fbc5d5848a
SHA1

6a8b0bdf2b9645afb59ca0cedaa63f15686ee8dc
SHA256

bcf1fdbac03f4958be9b9f83b2ab3af4f63b94b5e8edf7d680c42f9f9812518a
SHA512

0593aec8f8057b231c4f402eae7b367ce4e17742c5d73485c4c45d10357ad3c797c761cb848916f1ceb91f9effa5e242ff0d4afa819925566eb70c4e36c35026
SSDEEP

3072:+P0EoVJmeSA2iePPHaLOcPcZC1JUMPUmlCQrxKELlBClP6pi2:+PLo332i8HvcPc5SqaClP6pi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2740	Unicorn-7916.exe
756	Unicorn-965.exe
1976	Unicorn-26513.exe
752	Unicorn-10731.exe
2952	Unicorn-59979.exe
1248	Unicorn-22476.exe
2148	Unicorn-45034.exe
2220	Unicorn-30509.exe
2456	Unicorn-12034.exe
2992	Unicorn-16119.exe
1576	Unicorn-16778.exe
928	Unicorn-5080.exe
944	Unicorn-31722.exe
2056	Unicorn-55672.exe
2024	Unicorn-39248.exe
1156	Unicorn-9097.exe
2820	Unicorn-17266.exe
2776	Unicorn-43908.exe
284	Unicorn-39331.exe
2860	Unicorn-54276.exe
2604	Unicorn-50768.exe
2368	Unicorn-45745.exe
2576	Unicorn-25879.exe
2852	Unicorn-28039.exe
2508	Unicorn-26093.exe
2744	Unicorn-42983.exe
1312	Unicorn-23955.exe
2976	Unicorn-59341.exe
2636	Unicorn-31023.exe
1852	Unicorn-8173.exe
1572	Unicorn-30177.exe
672	Unicorn-45122.exe
1784	Unicorn-64510.exe
1720	Unicorn-15309.exe
2476	Unicorn-19394.exe
3000	Unicorn-23478.exe
1520	Unicorn-31646.exe
1288	Unicorn-5003.exe
1604	Unicorn-5003.exe
1304	Unicorn-5003.exe
1220	Unicorn-39814.exe
2424	Unicorn-20354.exe
2220	Unicorn-55911.exe
2236	Unicorn-12185.exe
2432	Unicorn-12377.exe
1860	Unicorn-26576.exe
1948	Unicorn-18962.exe
1436	Unicorn-58049.exe
108	Unicorn-45605.exe
2096	Unicorn-51080.exe
1688	Unicorn-4572.exe
2340	Unicorn-59248.exe
1796	Unicorn-24438.exe
1452	Unicorn-4017.exe
880	Unicorn-27130.exe
2800	Unicorn-39382.exe
1640	Unicorn-488.exe
1788	Unicorn-18595.exe
2296	Unicorn-26763.exe
2344	Unicorn-51459.exe
2824	Unicorn-55351.exe
2352	Unicorn-37645.exe
2724	Unicorn-22679.exe
2124	Unicorn-39015.exe

Loads dropped DLL 64 IoCs

pid	Process
3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe
3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe
2740	Unicorn-7916.exe
2740	Unicorn-7916.exe
756	Unicorn-965.exe
756	Unicorn-965.exe
2740	Unicorn-7916.exe
2740	Unicorn-7916.exe
756	Unicorn-965.exe
756	Unicorn-965.exe
752	Unicorn-10731.exe
752	Unicorn-10731.exe
1976	Unicorn-26513.exe
1976	Unicorn-26513.exe
2952	Unicorn-59979.exe
1248	Unicorn-22476.exe
2952	Unicorn-59979.exe
1248	Unicorn-22476.exe
2148	Unicorn-45034.exe
2148	Unicorn-45034.exe
2456	Unicorn-12034.exe
2220	Unicorn-30509.exe
2952	Unicorn-59979.exe
2220	Unicorn-30509.exe
1248	Unicorn-22476.exe
2456	Unicorn-12034.exe
2952	Unicorn-59979.exe
1248	Unicorn-22476.exe
2992	Unicorn-16119.exe
2992	Unicorn-16119.exe
944	Unicorn-31722.exe
1576	Unicorn-16778.exe
1576	Unicorn-16778.exe
2056	Unicorn-55672.exe
944	Unicorn-31722.exe
2056	Unicorn-55672.exe
2024	Unicorn-39248.exe
2992	Unicorn-16119.exe
2024	Unicorn-39248.exe
2992	Unicorn-16119.exe
928	Unicorn-5080.exe
928	Unicorn-5080.exe
1576	Unicorn-16778.exe
2776	Unicorn-43908.exe
2776	Unicorn-43908.exe
1576	Unicorn-16778.exe
2860	Unicorn-54276.exe
1156	Unicorn-9097.exe
1156	Unicorn-9097.exe
2860	Unicorn-54276.exe
944	Unicorn-31722.exe
2604	Unicorn-50768.exe
2820	Unicorn-17266.exe
2604	Unicorn-50768.exe
2820	Unicorn-17266.exe
944	Unicorn-31722.exe
2056	Unicorn-55672.exe
2576	Unicorn-25879.exe
2576	Unicorn-25879.exe
2056	Unicorn-55672.exe
284	Unicorn-39331.exe
284	Unicorn-39331.exe
2024	Unicorn-39248.exe
2024	Unicorn-39248.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2064	2912	WerFault.exe	118

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe
2740	Unicorn-7916.exe
756	Unicorn-965.exe
1976	Unicorn-26513.exe
752	Unicorn-10731.exe
1248	Unicorn-22476.exe
2952	Unicorn-59979.exe
2148	Unicorn-45034.exe
2220	Unicorn-30509.exe
2456	Unicorn-12034.exe
2992	Unicorn-16119.exe
1576	Unicorn-16778.exe
944	Unicorn-31722.exe
2056	Unicorn-55672.exe
928	Unicorn-5080.exe
2024	Unicorn-39248.exe
2820	Unicorn-17266.exe
2776	Unicorn-43908.exe
1156	Unicorn-9097.exe
2860	Unicorn-54276.exe
284	Unicorn-39331.exe
2604	Unicorn-50768.exe
2576	Unicorn-25879.exe
2852	Unicorn-28039.exe
1312	Unicorn-23955.exe
2976	Unicorn-59341.exe
2744	Unicorn-42983.exe
672	Unicorn-45122.exe
2636	Unicorn-31023.exe
1868	Unicorn-5859.exe
1852	Unicorn-8173.exe
2508	Unicorn-26093.exe
1572	Unicorn-30177.exe
1784	Unicorn-64510.exe
2476	Unicorn-19394.exe
1720	Unicorn-15309.exe
1520	Unicorn-31646.exe
3000	Unicorn-23478.exe
1288	Unicorn-5003.exe
1220	Unicorn-39814.exe
1304	Unicorn-5003.exe
1604	Unicorn-5003.exe
2424	Unicorn-20354.exe
2220	Unicorn-55911.exe
2432	Unicorn-12377.exe
1860	Unicorn-26576.exe
2800	Unicorn-39382.exe
1948	Unicorn-18962.exe
880	Unicorn-27130.exe
2236	Unicorn-12185.exe
2096	Unicorn-51080.exe
108	Unicorn-45605.exe
1796	Unicorn-24438.exe
1688	Unicorn-4572.exe
2340	Unicorn-59248.exe
1436	Unicorn-58049.exe
1452	Unicorn-4017.exe
1640	Unicorn-488.exe
2724	Unicorn-22679.exe
2124	Unicorn-39015.exe
1788	Unicorn-18595.exe
2824	Unicorn-55351.exe
2296	Unicorn-26763.exe
2352	Unicorn-37645.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 2740	3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe	29
PID 3012 wrote to memory of 2740	3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe	29
PID 3012 wrote to memory of 2740	3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe	29
PID 3012 wrote to memory of 2740	3012	38496bb9b17cc3398e4ba9fbc5d5848a.exe	29
PID 2740 wrote to memory of 756	2740	Unicorn-7916.exe	30
PID 2740 wrote to memory of 756	2740	Unicorn-7916.exe	30
PID 2740 wrote to memory of 756	2740	Unicorn-7916.exe	30
PID 2740 wrote to memory of 756	2740	Unicorn-7916.exe	30
PID 756 wrote to memory of 1976	756	Unicorn-965.exe	31
PID 756 wrote to memory of 1976	756	Unicorn-965.exe	31
PID 756 wrote to memory of 1976	756	Unicorn-965.exe	31
PID 756 wrote to memory of 1976	756	Unicorn-965.exe	31
PID 2740 wrote to memory of 752	2740	Unicorn-7916.exe	32
PID 2740 wrote to memory of 752	2740	Unicorn-7916.exe	32
PID 2740 wrote to memory of 752	2740	Unicorn-7916.exe	32
PID 2740 wrote to memory of 752	2740	Unicorn-7916.exe	32
PID 756 wrote to memory of 2952	756	Unicorn-965.exe	33
PID 756 wrote to memory of 2952	756	Unicorn-965.exe	33
PID 756 wrote to memory of 2952	756	Unicorn-965.exe	33
PID 756 wrote to memory of 2952	756	Unicorn-965.exe	33
PID 752 wrote to memory of 1248	752	Unicorn-10731.exe	34
PID 752 wrote to memory of 1248	752	Unicorn-10731.exe	34
PID 752 wrote to memory of 1248	752	Unicorn-10731.exe	34
PID 752 wrote to memory of 1248	752	Unicorn-10731.exe	34
PID 1976 wrote to memory of 2148	1976	Unicorn-26513.exe	35
PID 1976 wrote to memory of 2148	1976	Unicorn-26513.exe	35
PID 1976 wrote to memory of 2148	1976	Unicorn-26513.exe	35
PID 1976 wrote to memory of 2148	1976	Unicorn-26513.exe	35
PID 2952 wrote to memory of 2456	2952	Unicorn-59979.exe	37
PID 2952 wrote to memory of 2456	2952	Unicorn-59979.exe	37
PID 2952 wrote to memory of 2456	2952	Unicorn-59979.exe	37
PID 2952 wrote to memory of 2456	2952	Unicorn-59979.exe	37
PID 1248 wrote to memory of 2220	1248	Unicorn-22476.exe	36
PID 1248 wrote to memory of 2220	1248	Unicorn-22476.exe	36
PID 1248 wrote to memory of 2220	1248	Unicorn-22476.exe	36
PID 1248 wrote to memory of 2220	1248	Unicorn-22476.exe	36
PID 2148 wrote to memory of 2992	2148	Unicorn-45034.exe	38
PID 2148 wrote to memory of 2992	2148	Unicorn-45034.exe	38
PID 2148 wrote to memory of 2992	2148	Unicorn-45034.exe	38
PID 2148 wrote to memory of 2992	2148	Unicorn-45034.exe	38
PID 2220 wrote to memory of 1576	2220	Unicorn-30509.exe	42
PID 2220 wrote to memory of 1576	2220	Unicorn-30509.exe	42
PID 2220 wrote to memory of 1576	2220	Unicorn-30509.exe	42
PID 2220 wrote to memory of 1576	2220	Unicorn-30509.exe	42
PID 2456 wrote to memory of 2056	2456	Unicorn-12034.exe	39
PID 2456 wrote to memory of 2056	2456	Unicorn-12034.exe	39
PID 2456 wrote to memory of 2056	2456	Unicorn-12034.exe	39
PID 2456 wrote to memory of 2056	2456	Unicorn-12034.exe	39
PID 2952 wrote to memory of 928	2952	Unicorn-59979.exe	41
PID 2952 wrote to memory of 928	2952	Unicorn-59979.exe	41
PID 2952 wrote to memory of 928	2952	Unicorn-59979.exe	41
PID 2952 wrote to memory of 928	2952	Unicorn-59979.exe	41
PID 1248 wrote to memory of 944	1248	Unicorn-22476.exe	40
PID 1248 wrote to memory of 944	1248	Unicorn-22476.exe	40
PID 1248 wrote to memory of 944	1248	Unicorn-22476.exe	40
PID 1248 wrote to memory of 944	1248	Unicorn-22476.exe	40
PID 2992 wrote to memory of 2024	2992	Unicorn-16119.exe	43
PID 2992 wrote to memory of 2024	2992	Unicorn-16119.exe	43
PID 2992 wrote to memory of 2024	2992	Unicorn-16119.exe	43
PID 2992 wrote to memory of 2024	2992	Unicorn-16119.exe	43
PID 1576 wrote to memory of 2776	1576	Unicorn-16778.exe	45
PID 1576 wrote to memory of 2776	1576	Unicorn-16778.exe	45
PID 1576 wrote to memory of 2776	1576	Unicorn-16778.exe	45
PID 1576 wrote to memory of 2776	1576	Unicorn-16778.exe	45

C:\Users\Admin\AppData\Local\Temp\38496bb9b17cc3398e4ba9fbc5d5848a.exe
"C:\Users\Admin\AppData\Local\Temp\38496bb9b17cc3398e4ba9fbc5d5848a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55911.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38823.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21190.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47816.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
        14⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        11⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        10⤵
        Executes dropped EXE
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
        12⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
        13⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        14⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55616.exe
        13⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26093.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24438.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4391.exe
        13⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
        14⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4572.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17391.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
        12⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60084.exe
        13⤵
        
        PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23955.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4017.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22714.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
        14⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35580.exe
        13⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37645.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
        12⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44438.exe
        13⤵
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        14⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46062.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3483.exe
        13⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        11⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 200
        12⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51080.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18595.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57484.exe
        12⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59248.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22679.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        11⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31479.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17298.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4837.exe
        11⤵
        
        PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        8⤵
        Executes dropped EXE
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12185.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5138.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        14⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62523.exe
        15⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
        11⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        13⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21880.exe
        14⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
        15⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36824.exe
        13⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48024.exe
        14⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53415.exe
        12⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11573.exe
        13⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58138.exe
        14⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25879.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31023.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5003.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39382.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57655.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        12⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15736.exe
        13⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64510.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12377.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26379.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9243.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4853.exe
        12⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58049.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe
        11⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51345.exe
        12⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        13⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37718.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48117.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32440.exe
        10⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37640.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
        12⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
        11⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54552.exe
        10⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33442.exe
        11⤵
        
        PID:2044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe

Filesize
184KB

MD5
d2eabe441d43613bcc0b2ece4f16e900

SHA1
390690469c450280650dc331f278b21d0b975233

SHA256
05a91d90c0c5a1fb0c7f08c7011dad02f107dbc2478be0adb811af07a8155a4a

SHA512
6b685498a42b82c4eb3b54fc7287b893c5dde02045d75121f93c4e8590c9610cf6d2c4c28f0d01f792981751cc16fc552e92d29d4e96f17c8ffeaab0588e85cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31646.exe

Filesize
184KB

MD5
b721594b12fe78f698c64a4b68d7de6d

SHA1
d76107b4109fc02bc7d29530e954f221f788adce

SHA256
f7df5ba4193f062c58c295c82330c7d7744c2f6ab2f3851944749de1e3e7590c

SHA512
90437745030fcc851c979ec7dbaace7efe3cda9433bb951401288d69032f4ec0857cce6dc5211d4d86ffbb7a5ff6af28568ebb7c594b9d0ff5c4cb18fe21526d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31722.exe

Filesize
184KB

MD5
e2743550c9d619f0f3033594615b7c8a

SHA1
fd2d269ae1c1e22eebdb21a51affa5157ccb29c3

SHA256
50454097899e202b7c951e5395b8b6ed904cccb0908b715e990ed38cb4652b12

SHA512
3699a7ab909e1dff8ffc3e99a013d81de62f5b4282c6f02b11dc85936c8644774ed446508394766bf02293cd92d96d412261307d85aa613a81905c8f13c7c8af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe

Filesize
154KB

MD5
f8f98330afb842d9088a6458774cb5f2

SHA1
1735adbee89bb8c04ee0eaab7adb85b68e1b898f

SHA256
0d48abe3ef37222c36415b0780a9e0f461e8d0f2e5fa23e73f4b2f6e5d027860

SHA512
208e18c56685ac370f682cba7a067330fd7e82c5c3313e7a7fe3d04cedbdaa92d055716abd210c8c236a432f4026a97d1ee5b643bd95e4dcc9ae683b2f3f2b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe

Filesize
184KB

MD5
16e9603c229186485e9ba2ab949fd85b

SHA1
d223d419cf74b8a9f6fdc51880c1234988136a7f

SHA256
b6a978343f130bbac8d5261a5b68cd5ea7c65c142be8d8c3d153bfa58cc6c550

SHA512
36a79a4a35dbde07d650d545896b03f5e2316391e61b4c2a4e5f5a06825a0c29618191e3adbbef8e54ca3583e051ed3eee6f82f418dfff7fb0078685882e9eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55672.exe

Filesize
184KB

MD5
fc0091510424cfd3ec2498edda38ba38

SHA1
b65ff9a956594104a559b586708c74b59e18fddb

SHA256
f68f312c1ec579906780985d7dc0eb909e3c91afa2ed3edc38edf70b5f956597

SHA512
d9ba497f0a374478faade9d08afd1827c2d71ef59ed2743017ef5b15b2d52a2deaf6adf57fb543795eb352c12d6b7c95abc89b86a6ba397974200893be27509a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6337.exe

Filesize
184KB

MD5
42a4cef9e7f9d352952e7d8ac0a39ae4

SHA1
44449786aa207c9935b92f12236c42838ed48a8c

SHA256
539606e68d8da79386fb279b8df76e4f6d095735564e916d153d708599a8be0c

SHA512
2a8bc76ea006f56b644a142181d39e92f4f829f2e858ecf526b23e0f6543b07cde261eb472f62bc072d0394125aee1ffe998ae88ea481dd0587028bb93e20346

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe

Filesize
184KB

MD5
3e0cdfc1adf17a02604f8f045d859620

SHA1
1b4478d3937b6fde9948a4f5a204c98e8a5f22d3

SHA256
0388c77fc9c1cd7cad75ebdd2f2bd388d76c5eb2dae98a41273b1716907d8cdf

SHA512
fdf1f21cd6effaf0349c93ef7a3f95453385848f27462a2a548d7faf80f6d990627771a17372ce4a47bd6b16fbc9cacddb8315ff5e73458a80c4104761cc0b4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12034.exe

Filesize
184KB

MD5
7cfd20ea39acbb9cdb9dd451b37b8e0e

SHA1
2c5926384fe2a54be5a83faa1dd93aacfd3ce0de

SHA256
ee377439cd1886606997113d43b85aba12d3633a160f568d6f299f92223f30cc

SHA512
3ee968774041037f57c2837a3b2536fc00cce718315396ce25cdb7f41752136d9668081ea2eba5d99be0a743f2b83adb62a8a2b002b30990f88848f497ceb34a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe

Filesize
184KB

MD5
318a74a1ee4d53389dd51cd16c65788d

SHA1
76d1103bb1178d1256f887915708a1c058f3e91c

SHA256
11a2e2572db80fe0dc9090aef19c1df58b2dcb526ab56b483118848102474df5

SHA512
3b2a29c3fcf0d89cbc163202e0f62e58885f042c4aabe549a8fc275b4aea6c8177a10625d23cf54f39999cdce89d156387a6dfbcb78d55918118e7209a213129

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16778.exe

Filesize
184KB

MD5
709670bfc7d06a9d2bceea921de80d9a

SHA1
bbea64c71de4bac8c9148526379ae4bdda0296c2

SHA256
9166d4e48df4e4994ef1b574595e2c085ff51094f75be7f63aa2558f1e815e5c

SHA512
0e2f5496a6a46079ea69e34e73eac06878d6e28bf8012930eda2dcfdb16b5341fefab207eb4b24c7bbf55b4bc3601f2a0fbb06672294d70a0e3ad2762801b81e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe

Filesize
184KB

MD5
d54b59011e3eece8904bc2c13099fa37

SHA1
07efe26da4653fda2cc6f654251813b17bdf928a

SHA256
5bf1770596cea4fed72af662e2815b1b676995787e235fd3f9753f805cb0cf3c

SHA512
15ea677a9bb5076423d44360303138f11384427d0b032864cf125127043de994e0db49aff44d44daac63b5b614c5ac662ca0857888e383af911305b659608d90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe

Filesize
184KB

MD5
2dbd3b76412b21b23fa1ef8177b6a436

SHA1
c803b65822d101c0e7420e4d7f97afe9d4aaddd3

SHA256
bfc0754ad30f5ba0d473c50aee595986fba487b0d8c8c0383117921cd114d15b

SHA512
db23f163a590fcfd61374d178cb7a3f2f8223b6185b81dd27719ce97ff65ba52b08efb208e755e6cc7de2b684e2eaa0f0105f409947df34f1a48785736669279

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe

Filesize
184KB

MD5
21210d706571f908fb34f6af108e27e2

SHA1
f1d7c85856381a689c780199832ff3142208c6c0

SHA256
4b7c71381f12cf466e66505baa084d0d2979eb67428474b826b71fd1b2413e53

SHA512
34f3e5bbdccac8fabc331d2da5e49ac87d23b8bdc98fa293853c2b29b2b1fd7e1c5eb509fb506b5917f8935a1ca4432a86ead21a171280778ee7cd4beb861570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe

Filesize
11KB

MD5
04c616d32aa3abada72322b9144aa799

SHA1
77c00405a1d8cae791ba1375cb3a4ad39fdffb30

SHA256
e5fc508fb54f223412b392f9a97ee415cf29bc521d98453c4b71287416395b21

SHA512
4052a5f8925d2d593019ad4eddc20b19cad3309e6cd45b302ec51102233ac787a05d139a49f2ce20ab7b33835a5a96aa6e64e6338821d0baa2b7a7ca1cf37e1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe

Filesize
184KB

MD5
3c1f41cad198cf7657884d4708f9db9a

SHA1
df499930774d7b374774a85b7c38f2428e1ebfd9

SHA256
f9a1336e6667e9bd94fb28f6a5f0f2efaef9e14ed9203d65d37004a32b75c42d

SHA512
5663c6e39f6af6453ff30bc0bc5d2f5d64548a05d9c33538edc1573ac3384d8b97abb169039f94eecd7f3b4e906854a36d7e512f81bad6ca0eda41eaee2f3b74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe

Filesize
184KB

MD5
77fea01f5b7a377df66155e5f59c6356

SHA1
23db513ff4fad872a830bf8cfa66f4fa622946a4

SHA256
a2d31c73234f84cbf476a3c2790c9d8dc78eeaa4ad8832971b760f4c2d735b0d

SHA512
00d170de9a6c7157ca7e9c2753725207e79f45fdd72133814d0331cadc3371eedc06820d5b9bb866e07a694551e73e45f8ef1f6d80ebda4008e788d92640ed3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe

Filesize
184KB

MD5
05bea679f811ba336146299568659b7f

SHA1
e69554f42a5adecbbb7b4991a194b20926a22e63

SHA256
e0545406813f11f751981b61a961243ccb33e05e79f089e403d2631b9d2eeb6d

SHA512
276f5670e69142e29dd2dbad8f25aabaae6a9c1bda435563ecc463f5bb3223212e8d4627d706c2fe5a15814be383ea85e2025053e264ea3a8492d0ddb4e89d5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe

Filesize
184KB

MD5
bf02916eb0a1947daf401fb5e25f5acf

SHA1
6cdc4fecc45790e00cc87a45c4b1f4bb5843574e

SHA256
3f76418d1b7399f4f26c99ad8913cd31d404cfa3d2cba602e24f999341966127

SHA512
299baebb52eba935473608d7a850e3b6ae1565a6c8d9534ba426e619b2636068f03ba5f22f8832f58d31fa80d9d488fd19df1d22a260a0b870a1a0d9a6b26f18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45034.exe

Filesize
152KB

MD5
32c1f1447f552a25f13a57e784afcaed

SHA1
b8e35f2bbbe0614c44d9d3d0f498e99ef0abe228

SHA256
2f76066e68469384f8c116a9974cb8c7b9c472cfc30a22a9985870d510b7be10

SHA512
05eb355b15dc2cf1f1c8aa26ff5411b40db72aea54f2cb60055d5fbdbf61b1bdf248292f96af7148a4c4a4275ef11566a34f0bd14d122aeab60530dc4073cf7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe

Filesize
184KB

MD5
806812677a9a5003b1d9a527dd616ebb

SHA1
864bfcc890fb2cf2a759918ccbc4399e71bde303

SHA256
89bb05db6dab7cf72e54411285aca31e1fcaeb3a9c41c08cfea492af4a9b2ca9

SHA512
4d2273f3b9d8e82eb82f2fb3b0f4554bd7728cbe3ae5a6b9ff177ee94b7ee135c9a1c88df01b0cdefdbca67dfa739b746c2e4979a2d76154f68b11c671811713

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe

Filesize
184KB

MD5
3f718a04ce477f8a8e29dbd88e69aa3f

SHA1
e8a8219b30b9f8a7a4c94d85540fabf4cf885155

SHA256
5c9a2204bd4bcd872cb3eaf7724e87b7535a336da852d4c73958db6c27387130

SHA512
2bef84906539dedb0a4706e75fd70628c59789b3db3241cbf6f6c83ffe30e8028a941860d9858fd7025bd3cda7d8a21a1fcb9ad55e1be4b3215ff4e810b17d6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9097.exe

Filesize
184KB

MD5
705a545d82ab1d7028bd6fd5138b7b53

SHA1
fe6100736d17651aa3b0bb44ca03e20972171778

SHA256
cafb44568694be1690b01c6e2cd4b33bbcf841dc6f32bb4071e075cfe9eec6b0

SHA512
d75d936f77221a615af24f0f5b1e985733bcfe991b3acd8586e6f56d2297e8a7aaf18935767813b190f7166903e79c758127e073fe9fa83cfae6322fc10cd735

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-965.exe

Filesize
184KB

MD5
242a460a18e24d195c84cd39de319c0d

SHA1
8cb70b78d393de50d927dcadbb98221b666fcaca

SHA256
29884a7fd127fd35cd3a916d4f3dc494e2771b0dc244a5a0a2013f3036da603e

SHA512
b15ec469863bea8bf13e2208f47d9b0eacbecce0e3efb07747241f05e46838fe3e75c50e3bb78b764693570c8bdefbfdc9f599dae1efac4fc0cf09e7cc9e6cfb

Download Submit
memory/2368-295-0x0000000002970000-0x0000000002ACC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads