8c9bdf992322a9c609abd79bc40be7fd6968b02e504368acc03333baa0222c2b

Analysis

max time kernel
145s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 20:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3af6c1add4716a9dc499f2e13c4249c8.exe
Size

184KB
MD5

3af6c1add4716a9dc499f2e13c4249c8
SHA1

ac9975f57c74063dfc0d60f0a281c24c86e714cf
SHA256

8c9bdf992322a9c609abd79bc40be7fd6968b02e504368acc03333baa0222c2b
SHA512

3167acb7a4d1eaefe92613008db75ec771307eec8a420ad88114d84b162e903056c99503f6488a7953683d839e9a35b5cc8e81826e0deb567d1e691ad98cdea4
SSDEEP

3072:pyJ7oC69fUAQrgAZfTX4F8NjWlX6vHfVsseIIP/d6lPvpFH:pyNojlQrffL4F899Vo6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1760	Unicorn-39833.exe
2832	Unicorn-60863.exe
2820	Unicorn-24137.exe
2632	Unicorn-4047.exe
2600	Unicorn-49719.exe
2708	Unicorn-9143.exe
2900	Unicorn-23875.exe
1072	Unicorn-50761.exe
1080	Unicorn-35115.exe
1532	Unicorn-49221.exe
1564	Unicorn-39236.exe
1476	Unicorn-47338.exe
1636	Unicorn-16892.exe
1108	Unicorn-27472.exe
1312	Unicorn-1945.exe
2456	Unicorn-45995.exe
2420	Unicorn-54687.exe
344	Unicorn-19109.exe
944	Unicorn-4534.exe
1352	Unicorn-50829.exe
2968	Unicorn-34998.exe
2128	Unicorn-27420.exe
884	Unicorn-43690.exe
2180	Unicorn-55740.exe
1616	Unicorn-3892.exe
2212	Unicorn-55807.exe
1648	Unicorn-23758.exe
1720	Unicorn-35874.exe
2768	Unicorn-37546.exe
2804	Unicorn-36922.exe
1904	Unicorn-65442.exe
2740	Unicorn-54750.exe
1988	Unicorn-6416.exe
1584	Unicorn-34839.exe
2416	Unicorn-34839.exe
1928	Unicorn-57867.exe
1596	Unicorn-57867.exe
1388	Unicorn-29445.exe
1872	Unicorn-55319.exe
1484	Unicorn-11813.exe
1528	Unicorn-61923.exe
1384	Unicorn-62779.exe
2256	Unicorn-64212.exe
2960	Unicorn-22390.exe
2068	Unicorn-25300.exe
732	Unicorn-27224.exe
2260	Unicorn-40256.exe
2632	Unicorn-47277.exe
1212	Unicorn-60474.exe
2008	Unicorn-60474.exe
2484	Unicorn-34988.exe
1812	Unicorn-45705.exe
2452	Unicorn-26920.exe
756	Unicorn-51849.exe
288	Unicorn-33.exe
2192	Unicorn-17327.exe
2360	Unicorn-52667.exe
2964	Unicorn-5915.exe
784	Unicorn-14016.exe
2704	Unicorn-48363.exe
2288	Unicorn-9188.exe
1532	Unicorn-11637.exe
3012	Unicorn-4616.exe
1664	Unicorn-24311.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	3af6c1add4716a9dc499f2e13c4249c8.exe
2220	3af6c1add4716a9dc499f2e13c4249c8.exe
1760	Unicorn-39833.exe
1760	Unicorn-39833.exe
2220	3af6c1add4716a9dc499f2e13c4249c8.exe
2220	3af6c1add4716a9dc499f2e13c4249c8.exe
2832	Unicorn-60863.exe
2832	Unicorn-60863.exe
1760	Unicorn-39833.exe
1760	Unicorn-39833.exe
2820	Unicorn-24137.exe
2820	Unicorn-24137.exe
2632	Unicorn-4047.exe
2632	Unicorn-4047.exe
2708	Unicorn-9143.exe
2600	Unicorn-49719.exe
2600	Unicorn-49719.exe
2708	Unicorn-9143.exe
2600	Unicorn-49719.exe
2600	Unicorn-49719.exe
2900	Unicorn-23875.exe
1072	Unicorn-50761.exe
2900	Unicorn-23875.exe
1072	Unicorn-50761.exe
1080	Unicorn-35115.exe
1080	Unicorn-35115.exe
2708	Unicorn-9143.exe
2632	Unicorn-4047.exe
2708	Unicorn-9143.exe
2632	Unicorn-4047.exe
1636	Unicorn-16892.exe
1636	Unicorn-16892.exe
1476	Unicorn-47338.exe
1564	Unicorn-39236.exe
1476	Unicorn-47338.exe
1564	Unicorn-39236.exe
1312	Unicorn-1945.exe
1312	Unicorn-1945.exe
1108	Unicorn-27472.exe
1108	Unicorn-27472.exe
344	Unicorn-19109.exe
1532	Unicorn-49221.exe
344	Unicorn-19109.exe
1532	Unicorn-49221.exe
944	Unicorn-4534.exe
944	Unicorn-4534.exe
1636	Unicorn-16892.exe
1352	Unicorn-50829.exe
1476	Unicorn-47338.exe
2420	Unicorn-54687.exe
1636	Unicorn-16892.exe
1352	Unicorn-50829.exe
1476	Unicorn-47338.exe
2420	Unicorn-54687.exe
1108	Unicorn-27472.exe
1108	Unicorn-27472.exe
2456	Unicorn-45995.exe
2456	Unicorn-45995.exe
1312	Unicorn-1945.exe
1312	Unicorn-1945.exe
2968	Unicorn-34998.exe
2968	Unicorn-34998.exe
884	Unicorn-43690.exe
884	Unicorn-43690.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
900	1904	WerFault.exe	60
840	288	WerFault.exe	84
292	2684	WerFault.exe	138
2380	2772	WerFault.exe	135

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2220	3af6c1add4716a9dc499f2e13c4249c8.exe
1760	Unicorn-39833.exe
2832	Unicorn-60863.exe
2820	Unicorn-24137.exe
2632	Unicorn-4047.exe
2600	Unicorn-49719.exe
2708	Unicorn-9143.exe
2900	Unicorn-23875.exe
1080	Unicorn-35115.exe
1072	Unicorn-50761.exe
1564	Unicorn-39236.exe
1476	Unicorn-47338.exe
1636	Unicorn-16892.exe
1312	Unicorn-1945.exe
1532	Unicorn-49221.exe
1108	Unicorn-27472.exe
2456	Unicorn-45995.exe
944	Unicorn-4534.exe
344	Unicorn-19109.exe
1352	Unicorn-50829.exe
2420	Unicorn-54687.exe
2968	Unicorn-34998.exe
884	Unicorn-43690.exe
2128	Unicorn-27420.exe
2180	Unicorn-55740.exe
2768	Unicorn-37546.exe
2212	Unicorn-55807.exe
1648	Unicorn-23758.exe
1720	Unicorn-35874.exe
2804	Unicorn-36922.exe
1904	Unicorn-65442.exe
2740	Unicorn-54750.exe
1988	Unicorn-6416.exe
1584	Unicorn-34839.exe
2416	Unicorn-34839.exe
1596	Unicorn-57867.exe
1928	Unicorn-57867.exe
1872	Unicorn-55319.exe
1388	Unicorn-29445.exe
1484	Unicorn-11813.exe
1528	Unicorn-61923.exe
1384	Unicorn-62779.exe
2256	Unicorn-64212.exe
2960	Unicorn-22390.exe
732	Unicorn-27224.exe
2068	Unicorn-25300.exe
2260	Unicorn-40256.exe
2632	Unicorn-47277.exe
1212	Unicorn-60474.exe
2008	Unicorn-60474.exe
756	Unicorn-51849.exe
2452	Unicorn-26920.exe
288	Unicorn-33.exe
2484	Unicorn-34988.exe
1812	Unicorn-45705.exe
2192	Unicorn-17327.exe
2360	Unicorn-52667.exe
784	Unicorn-14016.exe
2964	Unicorn-5915.exe
2704	Unicorn-48363.exe
1532	Unicorn-11637.exe
3012	Unicorn-4616.exe
2288	Unicorn-9188.exe
1652	Unicorn-18167.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1760	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	28
PID 2220 wrote to memory of 1760	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	28
PID 2220 wrote to memory of 1760	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	28
PID 2220 wrote to memory of 1760	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	28
PID 1760 wrote to memory of 2832	1760	Unicorn-39833.exe	30
PID 1760 wrote to memory of 2832	1760	Unicorn-39833.exe	30
PID 1760 wrote to memory of 2832	1760	Unicorn-39833.exe	30
PID 1760 wrote to memory of 2832	1760	Unicorn-39833.exe	30
PID 2220 wrote to memory of 2820	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	29
PID 2220 wrote to memory of 2820	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	29
PID 2220 wrote to memory of 2820	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	29
PID 2220 wrote to memory of 2820	2220	3af6c1add4716a9dc499f2e13c4249c8.exe	29
PID 2832 wrote to memory of 2632	2832	Unicorn-60863.exe	31
PID 2832 wrote to memory of 2632	2832	Unicorn-60863.exe	31
PID 2832 wrote to memory of 2632	2832	Unicorn-60863.exe	31
PID 2832 wrote to memory of 2632	2832	Unicorn-60863.exe	31
PID 1760 wrote to memory of 2600	1760	Unicorn-39833.exe	33
PID 1760 wrote to memory of 2600	1760	Unicorn-39833.exe	33
PID 1760 wrote to memory of 2600	1760	Unicorn-39833.exe	33
PID 1760 wrote to memory of 2600	1760	Unicorn-39833.exe	33
PID 2820 wrote to memory of 2708	2820	Unicorn-24137.exe	32
PID 2820 wrote to memory of 2708	2820	Unicorn-24137.exe	32
PID 2820 wrote to memory of 2708	2820	Unicorn-24137.exe	32
PID 2820 wrote to memory of 2708	2820	Unicorn-24137.exe	32
PID 2632 wrote to memory of 2900	2632	Unicorn-4047.exe	34
PID 2632 wrote to memory of 2900	2632	Unicorn-4047.exe	34
PID 2632 wrote to memory of 2900	2632	Unicorn-4047.exe	34
PID 2632 wrote to memory of 2900	2632	Unicorn-4047.exe	34
PID 2600 wrote to memory of 1080	2600	Unicorn-49719.exe	36
PID 2600 wrote to memory of 1080	2600	Unicorn-49719.exe	36
PID 2600 wrote to memory of 1080	2600	Unicorn-49719.exe	36
PID 2600 wrote to memory of 1080	2600	Unicorn-49719.exe	36
PID 2708 wrote to memory of 1072	2708	Unicorn-9143.exe	35
PID 2708 wrote to memory of 1072	2708	Unicorn-9143.exe	35
PID 2708 wrote to memory of 1072	2708	Unicorn-9143.exe	35
PID 2708 wrote to memory of 1072	2708	Unicorn-9143.exe	35
PID 2600 wrote to memory of 1564	2600	Unicorn-49719.exe	42
PID 2600 wrote to memory of 1564	2600	Unicorn-49719.exe	42
PID 2600 wrote to memory of 1564	2600	Unicorn-49719.exe	42
PID 2600 wrote to memory of 1564	2600	Unicorn-49719.exe	42
PID 2900 wrote to memory of 1532	2900	Unicorn-23875.exe	37
PID 2900 wrote to memory of 1532	2900	Unicorn-23875.exe	37
PID 2900 wrote to memory of 1532	2900	Unicorn-23875.exe	37
PID 2900 wrote to memory of 1532	2900	Unicorn-23875.exe	37
PID 1072 wrote to memory of 1476	1072	Unicorn-50761.exe	38
PID 1072 wrote to memory of 1476	1072	Unicorn-50761.exe	38
PID 1072 wrote to memory of 1476	1072	Unicorn-50761.exe	38
PID 1072 wrote to memory of 1476	1072	Unicorn-50761.exe	38
PID 1080 wrote to memory of 1636	1080	Unicorn-35115.exe	39
PID 1080 wrote to memory of 1636	1080	Unicorn-35115.exe	39
PID 1080 wrote to memory of 1636	1080	Unicorn-35115.exe	39
PID 1080 wrote to memory of 1636	1080	Unicorn-35115.exe	39
PID 2708 wrote to memory of 1108	2708	Unicorn-9143.exe	41
PID 2708 wrote to memory of 1108	2708	Unicorn-9143.exe	41
PID 2708 wrote to memory of 1108	2708	Unicorn-9143.exe	41
PID 2708 wrote to memory of 1108	2708	Unicorn-9143.exe	41
PID 2632 wrote to memory of 1312	2632	Unicorn-4047.exe	40
PID 2632 wrote to memory of 1312	2632	Unicorn-4047.exe	40
PID 2632 wrote to memory of 1312	2632	Unicorn-4047.exe	40
PID 2632 wrote to memory of 1312	2632	Unicorn-4047.exe	40
PID 1636 wrote to memory of 2456	1636	Unicorn-16892.exe	43
PID 1636 wrote to memory of 2456	1636	Unicorn-16892.exe	43
PID 1636 wrote to memory of 2456	1636	Unicorn-16892.exe	43
PID 1636 wrote to memory of 2456	1636	Unicorn-16892.exe	43

C:\Users\Admin\AppData\Local\Temp\3af6c1add4716a9dc499f2e13c4249c8.exe
"C:\Users\Admin\AppData\Local\Temp\3af6c1add4716a9dc499f2e13c4249c8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27420.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
        10⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52908.exe
        9⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34988.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        10⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61923.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10243.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
        12⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
        13⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50072.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
        13⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5915.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
        12⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14016.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20278.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        11⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35346.exe
        12⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
        12⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36922.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
        9⤵
        Program crash
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5300.exe
        8⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61312.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
        10⤵
        
        PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40256.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        10⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23445.exe
        11⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63838.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        11⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20325.exe
        12⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        10⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28024.exe
        10⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
        13⤵
        
        PID:436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 372
        12⤵
        Program crash
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
        8⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64780.exe
        9⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-389.exe
        11⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62616.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42358.exe
        10⤵
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34998.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 244
        8⤵
        Program crash
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11813.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17327.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10187.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        12⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55859.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        10⤵
        
        PID:2672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18167.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53122.exe
        9⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13814.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22149.exe
        11⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        10⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52620.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13512.exe
        11⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3892.exe
        6⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        7⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
        7⤵
        
        PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9188.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9867.exe
        11⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18827.exe
        12⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11637.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14180.exe
        12⤵
        
        PID:1196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 376
        11⤵
        Program crash
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41701.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe
        10⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
        11⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        10⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60474.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54293.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22704.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22663.exe
        7⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56215.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
        10⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24062.exe
        10⤵
        
        PID:2108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe

Filesize
36KB

MD5
f7aa34660527e8c9cdb03e4450d51b51

SHA1
d800d03716df9cd645992936314c094ac3ccbe38

SHA256
e327d1a7d58502272eaed1dddb56df90b3c130d3682281ce8fa56d5906021cb1

SHA512
68815270c1b7501c2de1b38f3d6e7c71035bd196ee808bb1604f5931c7575b0646f27321cd1a93b52b37cf67dbf36178249dafa387f0b276dd8e4059b0818e89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe

Filesize
172KB

MD5
ef52997a8aa98c260d591dd3875ef159

SHA1
2950dee855082a7906c033b364f9e568594cd6a2

SHA256
47fc3cab8d00f5c783740c1c0167e1832936b57d65ffd965989158cd037e7446

SHA512
0b787b846ec5c85ce0175e3936fe5073f1eb1becefd89462a88413284ef22a1228d7d939bd8755f223e25fa4b4a2a873bf6ecd92bb63014a6b775e7f193224b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe

Filesize
14KB

MD5
5c06364d777f14da73dee3079466d6e1

SHA1
1aebe15ae8d23b19de50156628d5b83cbcec4517

SHA256
d6c37f50cf1d3c7c872d26f089ecf86a14d157ad1d3c36dba7e2a0ca610f2997

SHA512
01b795993e0c59709a322b11e2df23994dc27ae67e3b05285b8b4ffcbc5b9fad8668f880ff64f3e4190d4ff9d9bf5f908b56f3cbd51f417e0733675acbd61951

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe

Filesize
108KB

MD5
de8b2a807b935ab9133b32f0d56354d9

SHA1
2e36ad85fac61a05a71d66aeee0d3a86d1c2b6bc

SHA256
d630893c19d164bdf2f4ba277a1558ef1012648b9a33d6193bf36ff2437ad1c8

SHA512
92e4a75e14c6d86d059d115d7fbc6a1790280a6c80d6f29990b62eb7d78e4e09e158a93c94898f31308a418df6f92e2554931c0e90bd7b42e077f1a42ed8f92c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe

Filesize
35KB

MD5
7c0cb09181c3b2b2e553832c4ed5cf5a

SHA1
d8d0af832797f3cf775d6315b4219590d8e809ee

SHA256
4c4f1454a97064d3788ef7353be962ebd5eda2ece97e861142bc0cd92e5d6f58

SHA512
e5abf91e88cbfec2e6d4d4953214b1ceeefda0e74e2b3225059db03615cae8c6f38e470ded2a88350ca97c16341b8eaa1fabf3e484d0840dd0d0de5e9d44bdec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe

Filesize
27KB

MD5
bd30ae0fb5d7a371c81b801871c7a9ac

SHA1
4ae42af00ed3d4f8cbff81ab05e05ae496543547

SHA256
7c914c995da8c0a2e47c5112f53d0759f44926d75241e5a024e7cd7e04d14e25

SHA512
db84802dd22854e8e50d1d482aa367ebfb80a8e18ec7cb5a54490e61ed53ba35696f4764b4e016e23551309d8d5f445b0107cba20e95d119b27b7625a6d6cfe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe

Filesize
184KB

MD5
2ab55e41c0e7a6858a97a8728fd3f9d0

SHA1
94f862973c675f399027ee37d7c561bf0f0ece7d

SHA256
636c598fa67f05b138ad1c5149825fb8c92496e5aa685982ea038d0b29bb92dd

SHA512
e93b3b7ad4ac21a25314027129d9404619ce504b6d4b4677d5132f3fc74fb7c4a14adfe3ab7e4a12fdbe8f8d949cf3b802310dd6a853510c0faa2408521942b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe

Filesize
56KB

MD5
2a575bc4148fc90204abc732158ec8fa

SHA1
7c31ea5382a83eb9edd1492ae3f304b33deda83a

SHA256
634f013c469dc1204314554c457c489cbb2b8fb97597640a834c443abb4ef808

SHA512
98ac4cfb322f7cbfb9be1d2d3e99aa4ab26d177977eafafc1e743f3b255d1e426e076c7baaac6999e84f0bf0d9081d3d39683f9d89fd55e009260eb0d28f30a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe

Filesize
12KB

MD5
34e9b73974cfcab5d9b7dd0a063f7c43

SHA1
84faf13b099af21ba7e88d9fa9b22fffd519220e

SHA256
1453dfe960247ea32f27d85ed3c5fb72b08989ecef6080892cc9fcd6ad9b9880

SHA512
dcbff8e8acfcb523e978f909c152effddcf37022fa01e19e38ac395b24e93b5983ba507975a6b22cdd27baf8f3a02c8e371145327b79b8b6e0b5e7fbbaca4e33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe

Filesize
34KB

MD5
180783620a0a5a68537c85e714919731

SHA1
e6a3f94d2f1a833f13eab6693325e033ef27f402

SHA256
05ad82ec31cfa0b46b8bf41ffdb107eeeef505ed7af8f008731a2680529d7a2a

SHA512
106f91ed8e94f6a512ab1e0dd0ff3a762848b15593513b3b7bc8c8356369a76bea5fb4f4232a8b9c0bfd9386fe282a16d241d506df1b4e4deebffc987554eae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe

Filesize
172KB

MD5
edea858d0ee608618b08c9e9c9abfb4a

SHA1
2e389c6ec101918b101c34f149e63f7c474f15a0

SHA256
32810618d0714b6898b0dc165dbc8561c04219a761424565261bc137fc7794eb

SHA512
af16ea307f044548ac51325b69cd2b5ea25eaaefc78b2de4203b5e73fb874d46ff42170d6c217bbde35e7ef2ee68e6594b0926fce436e208db751326fff105b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe

Filesize
184KB

MD5
1065d0ebc7c3bbbc6d9070837a66747b

SHA1
dab800b5dc525dda5f18a9f0e0eae494e4861be9

SHA256
d9d244dad289de326fbc4c648acbc6cd54b0d21fbe8c7b557b22d9eada810d47

SHA512
f2c0610edcc4244f7fe71936b75613e9bc412908dc1c12a448e96e18654f7bf420cb038d93971a3054285f693318fd9c2d8435c3666f6590397297f636a530bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe

Filesize
184KB

MD5
8e1e78fee9babbe3c593eab7bf19bbc0

SHA1
764b130b3c6ba45b527b54f19edc7e67ac467929

SHA256
572643207c5b4611936b218e1c0439ef84fb4ce7905e0ec4504a9ceddd5814fb

SHA512
0fc43a5ddb1be1dc42fd93a36ff82a71071f1f8712dabaddda389fd68a21906f0e613b7511d54727ef45af3e52ddbc4b6ff99f7a9efc1d83b47cae250e0265d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe

Filesize
184KB

MD5
da77c359aab4b601e7732fdef8af8ce7

SHA1
9f9855cc452d9a62a52e11ff8b5386b6c36d92b7

SHA256
dbe8952404a1608f64a599a453465d162f4a1de5da67fbddca6aa42061a079d6

SHA512
028d2dea0568eede7596e4b61f82522f8559a95c4a701071e1495ddcc5608b3e2a500409f6fdae21e9efddf611aa768be5c9008afe0aaf4616cbe106291b707a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe

Filesize
182KB

MD5
80d36852c56a1403413bd42216016d05

SHA1
189b458a928f2a619a162981c2a6269cfac7126c

SHA256
f45257c9973dd587217d2ecfc6f1e217a5371980ddaa8adb9a21f36156a9c033

SHA512
5e19d457ef7ca2ad1d015ac2c8a134d0ed4546dbf4abf0b62847964b204788c4ce57413e4ffbdfd0c709e7388fd6d864bd0e0ec78d5cb8652499bb0c8f521f32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5510.exe

Filesize
86KB

MD5
217b62efb41de687818a7bd439786458

SHA1
b8e7f3d7ebe58b85e614ff7cbf15255d0946930e

SHA256
48b0e7ab390682685a78c5328b09b60be10f213dd1a2dce17fbd76697bb5bd6b

SHA512
6b6636cda85a643686847f96aba602ae1685a1a4845eab99163fdea629efbe9ad3d38af290d229507cbb0378548fca2a76a938a9b32d2c9080dee502a9a25c77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe

Filesize
184KB

MD5
db14bd5aeb51912b787b36e5a0c7c081

SHA1
6018574a0dc0dbcde8df9eb44fa6c94443f23e76

SHA256
9098258bf270095e4c4363d304bfce63d3dc885c2640a0002d594211200adbc8

SHA512
a4057f9e2c902dd6947c7080e861dee093c01cb78493d1cb891a556933da7a562d1b57dfb4c10d8c32b02786fb76f56d9a490fdcb1a16089f2af253d0e3598f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe

Filesize
40KB

MD5
0eaaac23122362543aa6dce40c990d52

SHA1
5bc269ad15f2bb65a1a808f30e7d0645e32a2b47

SHA256
ead22ac24310936dc15d1fcbd49a65211e8e6dfcc1dd4a98258caed684587121

SHA512
941c74371c0d5c91b986555eea17527343004acb1f510a1aeb795138bc4c620a07b83a280348ec2397d73b34359a2dcd9a1f087a69dea322cf6f80ed69c3d156

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe

Filesize
55KB

MD5
56f92149bac738245838f446a866efe6

SHA1
fe5a48e91a4015ea4595de87c95565fbb04147b0

SHA256
fc5246edcaf347fd39068cd42da1ac8b9656695b309c1ee2f04beaef65e4870d

SHA512
4faf46d59295ffbca91ceda7773e74dca2c7d49ee92ab2aba7362df612d23438fbe68f3311e8bddd9c8fda3625f894b8fd4d781655e9275e23739718ee8f27b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe

Filesize
184KB

MD5
f0d4148b5d38c3ecc2c171f536c4d8e4

SHA1
a664593795b9b8d5668d7c990d3dfc883ccf5d45

SHA256
3ef701d4404df306921ec6a98549bce76f5be9758d3492254812ea1b374a6365

SHA512
8a7e9934831aaf4d914bff20a5af983ba8a31ad96ebfffa2870f51bcc5cb7fba22b31b6e8dbb2141c7cfd651d187d4b233116e71b1bbdbe7f188e7aa6e87fe45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe

Filesize
184KB

MD5
2c4b73ed4f5d33475d7477e1a7a79af8

SHA1
932895f20c82a54bd94a8ebcb4613b438385f1b0

SHA256
884249b189e9198b6184b78c733b0857b9296947e116c3f75216b4172307f32b

SHA512
35ca7bc259d30416a528bf5df79896232f6213c3719c7d1a737509555c3e408afcb8848a251006c174c8ebd3af6243f074a43d806dd9ceaa79efec73248ddf84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe

Filesize
45KB

MD5
337460a6866a594da88dd303faea6c0c

SHA1
4472387cd400005679b216e6789f3c0a109f1e30

SHA256
3defb50fc5dbb490d6b4652f606c0129686d23fd313c58d66149d80ce2ebffba

SHA512
dd3cf1ad0a9ae2f759f0a2f83d9ecb6f44feef3e4f3576e258d297f4969055f02870b76e66a54aae32a0a052a800275c79fa1a4ceda7b0a62cf9cd8881f3a095

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe

Filesize
184KB

MD5
00505a6ea5b9b11b0957aa84172c7201

SHA1
adecd860ca57741dca1c4083cef6c01e81ac6b1d

SHA256
22be5d98dfad63e0efca43833b549c2b7688295cd14f8e2209093b4332a02d57

SHA512
12e7fc9a1a4e4138592d965c8673b159bdcb3de046f6919094f9b78fc427ebd17729590b5dbb44c10720771bf59deab46a9750c060efb2957575a23e0a4d8d7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19109.exe

Filesize
184KB

MD5
94d714096bd3028188de8c56b0d858b6

SHA1
2f08524f9e6fcb5afd4f52c9c8caf344d0827bd3

SHA256
d4981f0e1ab641f71a9080aacd7b2b175e2bbe1d4da0e603ce9da88bfda15818

SHA512
4f5993d0381538f4c43c97f4b1b85e0c8a06814d737eda37ab68c048c932f2febae2f609b57bdf551d5f213b6eb034f319ffe4a2d853ed31195a08f8aba9fc01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe

Filesize
32KB

MD5
a5511e3ba6c8ff9c334a68f497673f77

SHA1
7ed9de9b5a2d6d1f22476a43c2a1ab9437550215

SHA256
dd1432cce9ecc566eec9bd4da86da5a5a7bdc9522cd4ab9ac1f6f8345885c4d1

SHA512
105aa68f9578e3c9f526d0f281db6c592ed59910d089bbd279600e89be7adfcf5bde15c261d8c9d603bd9217322670e6767c2b0ef5dc7c478f959761a8b1bb28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1945.exe

Filesize
73KB

MD5
ee6cdbf8074186e9bf3c41b3c67cfd41

SHA1
9bee49b44536c7742b1bf6d74ebe3e642c7b5b66

SHA256
05fe524cb0874979ca4bc5a37bc2b1367c30ba6e57539c14bdc4f4547934effa

SHA512
0b1ac8d9d07c3294dc5f0d8a3fa521de099014822754408f3e9d5604a9808a67218c084e15a28b29b2bbe08d27486342d77bdc356704b1a6f744ec0a43f0c9a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe

Filesize
184KB

MD5
27917bb8f96061a771df85e6d69c6a3a

SHA1
1ba14f514da73b2747135a6c5b407df3cb9efe91

SHA256
f9005e9bc4d36687425924a61a8040e8b3c1fc8a08d5eb7743041f5856770557

SHA512
23f64651534cb4179881fb83f5ac1871209c295db86cc5118380a7a0c7251c564fb34a52aa76c16f37a5e9f22211613d81e09eb3119feaa1587ae115f19a43e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe

Filesize
58KB

MD5
652400c8a9b3531482cf1e069488b23a

SHA1
0652223983083710253295acbb465f07ec6f3e54

SHA256
df2a5a194515fb3bb76e27b82d1fc1b5932ca5d7f9172cb6953aa3bec9422744

SHA512
d87a415fcd0c6443adf35a89d55711716e6c74fc67dc8a4b5a363ba196fb863c782584ee6192800349bfa48b6ea588e8801c1f40195fc5d1a2a4e4372c833852

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24137.exe

Filesize
40KB

MD5
150f41ca003a03dc9353e70719e853cb

SHA1
ae7cc89af8b349ee74d7fcd6c6beba94b6fd9398

SHA256
217ec0399f7940019d4fa58a41528710892c551f3805ac82f01989554a92a82b

SHA512
26b664105955cab77b4bca7c9b769306e484cd53bcc5e74fd4181425aa131bec26f9f4a3ea7e30e8e5b8e199b816bb3fba535b5b1ab5e9bc03340bbfa37a0c03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe

Filesize
41KB

MD5
5a4b7cb3a1cdae3d545113560e1f896e

SHA1
31d6d8537a281c58a7267f8e78b25a9d8adc6060

SHA256
080608d9cd90b2bf7ca23ead2b19f48e7aef940fbece990c75548ca17f774b61

SHA512
8d617be278880b1caed906adc504616b86301ac332f81350a3d034787aec7a44e61689e85c1418ec8c7e5a78ef853487a0efba10a4e1a36eeace99822434b7a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe

Filesize
62KB

MD5
7d519612a7f3f33e720bce8e2c07aae7

SHA1
bd66f90cf10f5740bb4e59bfae2b3b4e37efc364

SHA256
fdbc59ca3a6b3ffdbff49e7fe28dbbec5427ed6c2e15a1f921cdc8ec7561c173

SHA512
82df1ee2aea1069fa35e65c79cba1fa039e809322060ce87448e5fd9dc2eba2f41b3ad9fe230f2c91667c1684771eb018a3467d8760651e4036ac3f9d0a05c34

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe

Filesize
184KB

MD5
51a60209ae32c3ad99856b93aa76fcf3

SHA1
f3a8e2b8557b352c1e44061fb0802df7110355f5

SHA256
734f58063b75751486f8f858270c3039d36d0cc67e0578835d6f65789ff1b52c

SHA512
ae24fe87c88f8237da21507c1fcbc04cc47444401f51bcd899841287db6db2b2302baeaf26c04a27caae07ffae0132b2dbb7b35ae237f664520c6b8672b5d8f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe

Filesize
19KB

MD5
39cfd32c88f83f8fbecbf10d5e885208

SHA1
67247ef48f690298c4130609a571c0aba2076382

SHA256
a64a8ee8c874d0f30e8f752dc671b2161db640b9f38803669b6d03afbf8dcc6e

SHA512
2341335491ef4f9fb9f19c4682c1a9acf28754c43260ec47a9aa455bbfb5389fc51afd100c71ea2890097c6b1bbdfc5d048109948f286f5a2cf98a5d0fe1f0fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe

Filesize
45KB

MD5
18d5ccef7efb919f441917d409610d56

SHA1
e2c9c0c6559788646d156c044ebfa860948b070a

SHA256
aa33f7502e1389881fb6c424f5e27b0306ab26d1ec91154e51a9c876255d66e6

SHA512
5f22c600032188dc6bc133d43e2fa9154628b7bf44ddbb9fa552ebf0b44a7ab72c2339783163cbb26c9e7fafc45d62b3a3745e4ffb7266be617fdd9fb0a28bce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe

Filesize
184KB

MD5
49747ad307f68978ec5bb62e4569bfc4

SHA1
24e5f58b505b37c0c0e005c7b5762b9f146e0716

SHA256
25ec9c9d05bfb35a96e8ab51ad461ee4a864c52221e88ac252e0daff27944614

SHA512
45233e02a37313fb2a79d8fe0cb2e5a05e6b9dab7b21fc352a4800ce94ca77dee6887656f938bcd8d4e80ba9100f94e9076a108bab4792d974f98a4e1c5df788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45995.exe

Filesize
184KB

MD5
bdde60adbee5b0b7332cf7662e414c3c

SHA1
2b18833aa6a8fe3783491d5e549645122434b591

SHA256
9f83ba1398a1f46a2faf4b520dc4a54627a6f46e030f941666b312627abf1a77

SHA512
3a5d5900656528bd61a401f52931b2653d4c827a08b7ab31f767c3344c80a9da81f467ad5522211223075abd42b4fd5f7c06c5fe144845a4b6eb37724e49b99e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49221.exe

Filesize
83KB

MD5
6a449d8eecaf6c46aebcd20ce67b3fd7

SHA1
4b419a873219a9d1d94ee86c7b563419affdfe53

SHA256
7af41772075d0223a2eaaa8bc000b63519ea02ffc924a1bc3f5cc621693388fe

SHA512
1549b5248f35d9fff52a377aeca76b93df010c1c00f8125c3e6df683706fdbd13d05b7b50b3a4cfd5b49d30e89e491c3b3e5eb74b3441668fcf8d14864681807

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe

Filesize
22KB

MD5
f555cfe792495b3300811d47efee58b9

SHA1
fe6951492493dca02e73df62dd2f23745210c24e

SHA256
b3e73451615ee90451d1034d6fc2167869f884be3eac57e9a296c8e872a5492c

SHA512
c80e15592f0ac35a615172b3facd8b0bb52cded13928ef7efa30210c3c084505ea5151eac9f55187185f0e86b46d3b36e7ab04b17cac78aa0c88f20038bb3a67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe

Filesize
65KB

MD5
da98f6d13f8adb4148744ae7fcbf11b5

SHA1
af62a4c15e4aeea6914f36995788ca75dc5b877d

SHA256
bcddbafe069290fa656ee1e0318ddc4e367bd9e35d9d1d0ddd48f65a6a0848d4

SHA512
9ad863bc4f2cf50e1a04e4efcc88ae3e1f2b7831ba1d89058ca1324a02ca880e078271dc857693f8d9c5b6a5cd39ab06585dad1ccd07a1f7bf4e93456b94cf11

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe

Filesize
184KB

MD5
0711d12ccc6a04f8b3405f02804aaa4e

SHA1
2b2c52372340543a21ffd30f238308d6e22f341a

SHA256
624cb80ec36520ba44206e4b7408f64840279b01abd9cf08f688d7f9cebedd03

SHA512
6475dd57736124800192ab8a60bed9095fa73d9254abb9e6d2773e4c8cc065ef57b76a0d9608ad577b8ee3ee791ab7f06cfa17abff5dcd5a6a0d4ee3007b19bd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54687.exe

Filesize
184KB

MD5
debfc0ef7c38c3d8087fa81ebb62c47d

SHA1
9f0938e0937f4f2683c5bd8ec4f8fd1ed496c715

SHA256
99d2674dcc183ad9995bd955356e1427617cb998122c7daef6fa202c3d5d6df5

SHA512
4a0164d237732f788e160ca163cd3d32e6020c968b5375c624f0fd4204ab83e0462b8cb8c8f320cef36d1c4dbf7d6640ee6656a2582378a380990b5993ef873f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe

Filesize
21KB

MD5
94a0f3e283b8e08fe8240821fc7922bf

SHA1
3bd32fcd5ea58a566378b4380b49b07991435515

SHA256
a13e0ed4281da25230f4c06935944c886bae432846396fe6c2fefe70359710f6

SHA512
22088085fba656d79574edd5357141b86405d919cf2e4f9869f439d1e5cea714b9b46a53d1fc3b7f4be5a902e3e213186f04bb1b469606e6be9f53e87e03883b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60863.exe

Filesize
31KB

MD5
574165126286b808299ca4f0ee2ff586

SHA1
fcf846ba486c9fd1b29a0fdd5acb440a56e1f26b

SHA256
39f578104a610a177179195dbab76416400f4a9adeb1a7cf3bc1b9d384cc8773

SHA512
580facfd55d49a4b42d154c716da11559c8ead002ffd481287317a416f651dc8f8f2e824076561fced6a122737938bc61b9796722544532fdceba126c60dca7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe

Filesize
184KB

MD5
880ca82c1864c63d4cc9c508cb0f8d55

SHA1
7d406de4ace0dded25b8f912c2314134348965cd

SHA256
335138f4e4e356e61df5c5d44efd3c4ae96434c0f2e397bc8e55af9e2af72cc4

SHA512
06ae5f8485e4558a8475a1a73149ed4e57df93910554fad394ac20a157443dacb0c02c331fcb2b11933181188b3bbcde5b3e8c208ef5b3d126c482c884a9e7d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9143.exe

Filesize
71KB

MD5
a3b13fc2b2f9cc5000722540c4c628bc

SHA1
0deeafa918e621d415de73127497c2a6ba1f5a09

SHA256
4fa7e00de017220bd5ab281cb486ddfe22b9e6fcbcda1c58116013ffe015c90f

SHA512
6cab98c27d128d5e8470b56c1a6336b4a46174457f121dab1392c15979f0ac1d3ba0437e71462af42943f0a78e13417dc735ce5c2b0ed90e5da6663cdd2fc3ba

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads