d183d60db2f36625ca5a2aaca3aa16368dcbe10e6a04a04cbf5d7b74d790c2c2

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 05:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

649f25c45b6ec251d9d74f0d79263267.exe
Size

184KB
MD5

649f25c45b6ec251d9d74f0d79263267
SHA1

9a3f03f496fd7a34721095b8863248815b57d2b3
SHA256

d183d60db2f36625ca5a2aaca3aa16368dcbe10e6a04a04cbf5d7b74d790c2c2
SHA512

6563cd12e24503bfcc8e276f3a33312c7f9306fd2187decc7a43eb9a79cb6e6fb40aa177758fb2d0d471620bce265ba541641ce1963bafe3cecf5dedbd0a075b
SSDEEP

3072:cyNDoVVDQ9ATmejYPaZY4n19CI8ZPHrRlFQrxKPLbmClP6pFw:cyloMqTmPPD4n1uDpGClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
956	Unicorn-16457.exe
2348	Unicorn-36524.exe
2012	Unicorn-16658.exe
2616	Unicorn-25746.exe
2816	Unicorn-5880.exe
2516	Unicorn-33914.exe
2572	Unicorn-45777.exe
2448	Unicorn-33887.exe
1636	Unicorn-61921.exe
2940	Unicorn-4552.exe
2684	Unicorn-58392.exe
2912	Unicorn-49246.exe
2904	Unicorn-3574.exe
1132	Unicorn-3382.exe
2380	Unicorn-9282.exe
2008	Unicorn-37316.exe
680	Unicorn-17450.exe
1764	Unicorn-31810.exe
940	Unicorn-19920.exe
1208	Unicorn-39786.exe
1552	Unicorn-52785.exe
1884	Unicorn-29418.exe
1120	Unicorn-37586.exe
288	Unicorn-25888.exe
3008	Unicorn-4913.exe
2992	Unicorn-4913.exe
776	Unicorn-58753.exe
2044	Unicorn-46496.exe
1680	Unicorn-48120.exe
1844	Unicorn-64944.exe
2424	Unicorn-1031.exe
1804	Unicorn-29065.exe
2640	Unicorn-37041.exe
2744	Unicorn-25535.exe
1792	Unicorn-4368.exe
2776	Unicorn-54145.exe
2548	Unicorn-42447.exe
2492	Unicorn-50616.exe
2504	Unicorn-4944.exe
3060	Unicorn-1223.exe
1660	Unicorn-21089.exe
2908	Unicorn-5629.exe
2832	Unicorn-52111.exe
2892	Unicorn-48774.exe
2864	Unicorn-11270.exe
2980	Unicorn-44327.exe
2872	Unicorn-32629.exe
2084	Unicorn-27991.exe
2052	Unicorn-40605.exe
2124	Unicorn-60471.exe
620	Unicorn-28868.exe
1968	Unicorn-65302.exe
412	Unicorn-18671.exe
860	Unicorn-64342.exe
1540	Unicorn-39453.exe
1172	Unicorn-42983.exe
1744	Unicorn-15525.exe
624	Unicorn-44052.exe
2144	Unicorn-60964.exe
2032	Unicorn-3595.exe
896	Unicorn-35391.exe
2096	Unicorn-41098.exe
1840	Unicorn-23112.exe
1712	Unicorn-36848.exe

Loads dropped DLL 64 IoCs

pid	Process
2264	649f25c45b6ec251d9d74f0d79263267.exe
2264	649f25c45b6ec251d9d74f0d79263267.exe
956	Unicorn-16457.exe
956	Unicorn-16457.exe
2264	649f25c45b6ec251d9d74f0d79263267.exe
2264	649f25c45b6ec251d9d74f0d79263267.exe
2348	Unicorn-36524.exe
956	Unicorn-16457.exe
2348	Unicorn-36524.exe
956	Unicorn-16457.exe
2012	Unicorn-16658.exe
2012	Unicorn-16658.exe
2616	Unicorn-25746.exe
2616	Unicorn-25746.exe
2348	Unicorn-36524.exe
2348	Unicorn-36524.exe
2816	Unicorn-5880.exe
2816	Unicorn-5880.exe
2516	Unicorn-33914.exe
2516	Unicorn-33914.exe
2012	Unicorn-16658.exe
2012	Unicorn-16658.exe
2616	Unicorn-25746.exe
2572	Unicorn-45777.exe
2616	Unicorn-25746.exe
2572	Unicorn-45777.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
864	WerFault.exe
2684	Unicorn-58392.exe
2684	Unicorn-58392.exe
2816	Unicorn-5880.exe
2816	Unicorn-5880.exe
2940	Unicorn-4552.exe
2940	Unicorn-4552.exe
2516	Unicorn-33914.exe
2516	Unicorn-33914.exe
864	WerFault.exe
2912	Unicorn-49246.exe
2912	Unicorn-49246.exe
2904	Unicorn-3574.exe
2904	Unicorn-3574.exe
2572	Unicorn-45777.exe
2572	Unicorn-45777.exe
1636	Unicorn-61921.exe
1636	Unicorn-61921.exe
2380	Unicorn-9282.exe
2380	Unicorn-9282.exe
1132	Unicorn-3382.exe
1132	Unicorn-3382.exe
2684	Unicorn-58392.exe
2684	Unicorn-58392.exe
680	Unicorn-17450.exe
2008	Unicorn-37316.exe
680	Unicorn-17450.exe
2008	Unicorn-37316.exe
2940	Unicorn-4552.exe
2940	Unicorn-4552.exe
1764	Unicorn-31810.exe
1764	Unicorn-31810.exe
2912	Unicorn-49246.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
864	2448	WerFault.exe	35
2080	1844	WerFault.exe	57
956	2096	WerFault.exe	89

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2264	649f25c45b6ec251d9d74f0d79263267.exe
956	Unicorn-16457.exe
2348	Unicorn-36524.exe
2012	Unicorn-16658.exe
2616	Unicorn-25746.exe
2816	Unicorn-5880.exe
2516	Unicorn-33914.exe
2572	Unicorn-45777.exe
2448	Unicorn-33887.exe
2684	Unicorn-58392.exe
1636	Unicorn-61921.exe
2940	Unicorn-4552.exe
2912	Unicorn-49246.exe
2904	Unicorn-3574.exe
1132	Unicorn-3382.exe
2380	Unicorn-9282.exe
2008	Unicorn-37316.exe
680	Unicorn-17450.exe
1764	Unicorn-31810.exe
940	Unicorn-19920.exe
1208	Unicorn-39786.exe
1552	Unicorn-52785.exe
1884	Unicorn-29418.exe
288	Unicorn-25888.exe
1120	Unicorn-37586.exe
3008	Unicorn-4913.exe
776	Unicorn-58753.exe
2992	Unicorn-4913.exe
2044	Unicorn-46496.exe
1680	Unicorn-48120.exe
1804	Unicorn-29065.exe
1844	Unicorn-64944.exe
2424	Unicorn-1031.exe
2744	Unicorn-25535.exe
2640	Unicorn-37041.exe
1792	Unicorn-4368.exe
2776	Unicorn-54145.exe
2548	Unicorn-42447.exe
3060	Unicorn-1223.exe
2492	Unicorn-50616.exe
2504	Unicorn-4944.exe
1660	Unicorn-21089.exe
2908	Unicorn-5629.exe
2832	Unicorn-52111.exe
2892	Unicorn-48774.exe
2864	Unicorn-11270.exe
2980	Unicorn-44327.exe
2872	Unicorn-32629.exe
2084	Unicorn-27991.exe
2124	Unicorn-60471.exe
2052	Unicorn-40605.exe
620	Unicorn-28868.exe
412	Unicorn-18671.exe
860	Unicorn-64342.exe
1172	Unicorn-42983.exe
2292	Unicorn-42978.exe
1712	Unicorn-36848.exe
2028	Unicorn-63071.exe
1540	Unicorn-39453.exe
624	Unicorn-44052.exe
2384	Unicorn-42978.exe
2032	Unicorn-3595.exe
896	Unicorn-35391.exe
2228	Unicorn-42978.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 956	2264	649f25c45b6ec251d9d74f0d79263267.exe	28
PID 2264 wrote to memory of 956	2264	649f25c45b6ec251d9d74f0d79263267.exe	28
PID 2264 wrote to memory of 956	2264	649f25c45b6ec251d9d74f0d79263267.exe	28
PID 2264 wrote to memory of 956	2264	649f25c45b6ec251d9d74f0d79263267.exe	28
PID 956 wrote to memory of 2348	956	Unicorn-16457.exe	30
PID 956 wrote to memory of 2348	956	Unicorn-16457.exe	30
PID 956 wrote to memory of 2348	956	Unicorn-16457.exe	30
PID 956 wrote to memory of 2348	956	Unicorn-16457.exe	30
PID 2264 wrote to memory of 2012	2264	649f25c45b6ec251d9d74f0d79263267.exe	29
PID 2264 wrote to memory of 2012	2264	649f25c45b6ec251d9d74f0d79263267.exe	29
PID 2264 wrote to memory of 2012	2264	649f25c45b6ec251d9d74f0d79263267.exe	29
PID 2264 wrote to memory of 2012	2264	649f25c45b6ec251d9d74f0d79263267.exe	29
PID 2348 wrote to memory of 2616	2348	Unicorn-36524.exe	33
PID 2348 wrote to memory of 2616	2348	Unicorn-36524.exe	33
PID 2348 wrote to memory of 2616	2348	Unicorn-36524.exe	33
PID 2348 wrote to memory of 2616	2348	Unicorn-36524.exe	33
PID 956 wrote to memory of 2816	956	Unicorn-16457.exe	32
PID 956 wrote to memory of 2816	956	Unicorn-16457.exe	32
PID 956 wrote to memory of 2816	956	Unicorn-16457.exe	32
PID 956 wrote to memory of 2816	956	Unicorn-16457.exe	32
PID 2012 wrote to memory of 2516	2012	Unicorn-16658.exe	31
PID 2012 wrote to memory of 2516	2012	Unicorn-16658.exe	31
PID 2012 wrote to memory of 2516	2012	Unicorn-16658.exe	31
PID 2012 wrote to memory of 2516	2012	Unicorn-16658.exe	31
PID 2616 wrote to memory of 2572	2616	Unicorn-25746.exe	34
PID 2616 wrote to memory of 2572	2616	Unicorn-25746.exe	34
PID 2616 wrote to memory of 2572	2616	Unicorn-25746.exe	34
PID 2616 wrote to memory of 2572	2616	Unicorn-25746.exe	34
PID 2348 wrote to memory of 2448	2348	Unicorn-36524.exe	35
PID 2348 wrote to memory of 2448	2348	Unicorn-36524.exe	35
PID 2348 wrote to memory of 2448	2348	Unicorn-36524.exe	35
PID 2348 wrote to memory of 2448	2348	Unicorn-36524.exe	35
PID 2816 wrote to memory of 1636	2816	Unicorn-5880.exe	38
PID 2816 wrote to memory of 1636	2816	Unicorn-5880.exe	38
PID 2816 wrote to memory of 1636	2816	Unicorn-5880.exe	38
PID 2816 wrote to memory of 1636	2816	Unicorn-5880.exe	38
PID 2516 wrote to memory of 2940	2516	Unicorn-33914.exe	37
PID 2516 wrote to memory of 2940	2516	Unicorn-33914.exe	37
PID 2516 wrote to memory of 2940	2516	Unicorn-33914.exe	37
PID 2516 wrote to memory of 2940	2516	Unicorn-33914.exe	37
PID 2012 wrote to memory of 2684	2012	Unicorn-16658.exe	36
PID 2012 wrote to memory of 2684	2012	Unicorn-16658.exe	36
PID 2012 wrote to memory of 2684	2012	Unicorn-16658.exe	36
PID 2012 wrote to memory of 2684	2012	Unicorn-16658.exe	36
PID 2616 wrote to memory of 2912	2616	Unicorn-25746.exe	45
PID 2616 wrote to memory of 2912	2616	Unicorn-25746.exe	45
PID 2616 wrote to memory of 2912	2616	Unicorn-25746.exe	45
PID 2616 wrote to memory of 2912	2616	Unicorn-25746.exe	45
PID 2572 wrote to memory of 2904	2572	Unicorn-45777.exe	44
PID 2572 wrote to memory of 2904	2572	Unicorn-45777.exe	44
PID 2572 wrote to memory of 2904	2572	Unicorn-45777.exe	44
PID 2572 wrote to memory of 2904	2572	Unicorn-45777.exe	44
PID 2448 wrote to memory of 864	2448	Unicorn-33887.exe	43
PID 2448 wrote to memory of 864	2448	Unicorn-33887.exe	43
PID 2448 wrote to memory of 864	2448	Unicorn-33887.exe	43
PID 2448 wrote to memory of 864	2448	Unicorn-33887.exe	43
PID 2684 wrote to memory of 1132	2684	Unicorn-58392.exe	42
PID 2684 wrote to memory of 1132	2684	Unicorn-58392.exe	42
PID 2684 wrote to memory of 1132	2684	Unicorn-58392.exe	42
PID 2684 wrote to memory of 1132	2684	Unicorn-58392.exe	42
PID 2816 wrote to memory of 2380	2816	Unicorn-5880.exe	41
PID 2816 wrote to memory of 2380	2816	Unicorn-5880.exe	41
PID 2816 wrote to memory of 2380	2816	Unicorn-5880.exe	41
PID 2816 wrote to memory of 2380	2816	Unicorn-5880.exe	41

C:\Users\Admin\AppData\Local\Temp\649f25c45b6ec251d9d74f0d79263267.exe
"C:\Users\Admin\AppData\Local\Temp\649f25c45b6ec251d9d74f0d79263267.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64944.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 200
        9⤵
        Program crash
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1031.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55892.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30079.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63071.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe
        10⤵
        
        PID:1788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5629.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        10⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        11⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        12⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57760.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11270.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28757.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        9⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29065.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11010.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
        10⤵
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37041.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16064.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        8⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27991.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35965.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        10⤵
        
        PID:2840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
        9⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21089.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33334.exe
        7⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
        8⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        9⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        8⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41098.exe
        6⤵
        Executes dropped EXE
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
        7⤵
        Program crash
        
        PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        8⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23078.exe
        9⤵
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39453.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35188.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        10⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60935.exe
        10⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        9⤵
        
        PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        8⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        9⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15525.exe
        6⤵
        Executes dropped EXE
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
        7⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50616.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60964.exe
        6⤵
        Executes dropped EXE
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        7⤵
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25888.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28341.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20013.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57096.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
        11⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23112.exe
        6⤵
        Executes dropped EXE
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
        7⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
        8⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65302.exe
        5⤵
        Executes dropped EXE
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        6⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60630.exe
        7⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32679.exe
        6⤵
        
        PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe

Filesize
184KB

MD5
28fa9769a46e035825f5452bc8f33789

SHA1
eea77d44207ce1808beba5ae6388053050caca24

SHA256
bcdcb296507c5f85a49891034266a465d997aa13a59e8e6a6837f6225a08f83a

SHA512
17f96d471042f24133e0f89b4753838b40a75da558a8e732b62a11249e7deb4ce7722a15216b59acff897fa1a8bb787b423455c2803252a67f0439ee13689de1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe

Filesize
140KB

MD5
3209916d9023c5db13e54a2767911227

SHA1
02d986d7fbc1cedcd0a80201d716139e3edb959d

SHA256
dfc24f02838cb26fa1d607b23ed7b0047fd7ea5731424c4bf950f606283e0c6a

SHA512
6db185c6c87d762653a6e0e01f094781cb2120b367993d810834ef2dc3e7a1179693b5a26cde28b47af2caee50360ebfd56061643608c312cde97acc0829a3d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe

Filesize
184KB

MD5
f893ccc3adcadec9c91a64d44736ace4

SHA1
33957f85be8c52e0131a65f0525ff503d174d226

SHA256
ab9e50d95d1a11cc7ab96bb3006981fdff507f308dd2c88575314dcd958af3ba

SHA512
ef5c45d266ea40b85bb46aa1f25395611f3fc8de4d36da17b299638851a0c45ee37a12619c534f093c0e2a06b7e4f3084fd2ad4c521d6990d7625ee42e2dc6aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33914.exe

Filesize
184KB

MD5
3891947c5f9f51842d433447beceff38

SHA1
6da3f8d7544787f8c596639d70d7fa004dc12a84

SHA256
9787561ff74856024ccf7a22f42e1b9bb425a0858957b032f78ef4ce05ccb4db

SHA512
05fe76367e9f0c2fd7248148dbcd590a9c74c421503114a4878e73b901abe97b2edc3ea53ddf16458fd724cf712cae8ab1f7af8d942e1a6ff44470fefe4b56bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe

Filesize
11KB

MD5
1f5b52d2b4d07e685c06bed880964801

SHA1
c597703f29356a19d792a7df93d75ff56ac3b926

SHA256
2c8129fdcca5e82e3f07fc42ae39f1d55d49f57487b3ca871ce0abe6a7e231ed

SHA512
466a02de543cdf9f7f95c4065eff2e78e9933102e206d536128ebef42c16ff316783da978e708b39672d9a477891f6c49160d2381b06d79b24be91862d8564c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe

Filesize
184KB

MD5
242469ba496ac53cb1d88e4c47f1f420

SHA1
e634418d36a543191c87eac1ce639957a021419c

SHA256
646d479cee62cfb7d0df1c29fad8193744ed9a06e5401fa088d813581c33efb2

SHA512
3edcc8f92185ff66d0e4c2a9743e93a5e6a33b64aa0adda625fbaa4dec57693eabfa038d4064ae621a613711faefb6917768ab267dfab9ec23e2966f49ef350e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40605.exe

Filesize
184KB

MD5
c518ee9f81e58dcdcddaa9ae2d301834

SHA1
d0f43beebd268a1223e6888ad947af3536804114

SHA256
cdd84310602a868f0f57f0b1f2c0952035d492f1265f02caaf85ec4cf8e02fca

SHA512
e25529b581ec49848c6592f400d726fb43b493c8f88d5fd2ec59534b9fe9c3dd41d84eb8e5b71dde768f000a582df30d6c148262d2458a3845a35860b24af6ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe

Filesize
14KB

MD5
83965261ebe403190be18cd6f92b60bb

SHA1
b54a6b51f010529aa3cb649e245202f2353b4a03

SHA256
1b2e59be3dee5e6fc058b9838403a69f17406e70dd6e094aa0b669cae8a51185

SHA512
e95b9b8a6fbc2022c3ea4a8886d1479797b164197943215a73242b6086edb4e81e10594c606973706834d7b803301f7818f089a73ecee2d83abdde9b9d057348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe

Filesize
184KB

MD5
50259708f1570892ee735169ea83eac6

SHA1
7c183dacc23b54b1474ca0672201b58404996846

SHA256
c8282640ec61e3e88a6e68e47b591664583dc4e2b8285c919aba7d175c1bcf27

SHA512
f2a2d09e7b6b0447db3128ad8c1229a7d67323bc603398eafabc561fed59f670378321cd613d50b81c66fb20354e9242d99aeeb6025221b138f92067e772054a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5880.exe

Filesize
184KB

MD5
df2cf59b897628cb2b53b0fbf95f2489

SHA1
65ec24410b7814f97899ffd7e8d1abc2f94d1151

SHA256
168b9a73f5111c3177cf8becdfc5abc3fd9d2e03697dd4c0837d514e4ece449e

SHA512
3f3cd276c64eaa829c57456810f7ee2ba5f755b9f83738032d153ab43f6b746706679cd7b590822566fd495b3f976efe9788d2b699c554ddac0525f1d2df86f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61921.exe

Filesize
184KB

MD5
955c105d51659e4d68aac51997790c8a

SHA1
fef96e1450ad281adfa19fdd7339ae804c22ec2f

SHA256
2ad1984e100f7fc3153f3c70225ffb413e1691e6b0a252f9d9fb6980a8965bc3

SHA512
5c5cc2e85ca8e64bf56a3fe0f3a854601685cd9bac59323dd20bb02cfb86acf95baa670df9ffe7442320bfc655af0b2eb81821e9622051d9c216803d37642521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6741.exe

Filesize
184KB

MD5
291f586d8d1484b8c68966c151e10042

SHA1
653194afa385048ccb968964751f35b50e806866

SHA256
258736c7e1451de0229c783ba3c942e6ff9d192682feea1f01e6f5f7840d230a

SHA512
82dd6efefaaaec5caf46dcc45105aacb5fa0be7f572a404140fc748d161fea3e5ae3ce4ad56a920389054b645f129c09aefd0c9e0b01fba4d67f41ecfbed653e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe

Filesize
184KB

MD5
a2fd2c74655b035b2bc1dcb352fcadcf

SHA1
27f533f6cf87ba9755e65c835810d76121c19c21

SHA256
14279924c1fea5d3ab98d3e3e5d576c606286ae0aad46c3d9ccc735f38d4fd90

SHA512
c234074a4dca51765ed8fb68bd0370720c4b7dd79bfc68f8bce9c206b2b1ee15e8ddc2c9614a3c00cc221867dab32378ac94aba33579ca50498cd1ff1009032a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16457.exe

Filesize
184KB

MD5
3315e0137cca523b1705c70c2941ec71

SHA1
c1b092796001aafb2199cd4a8fa78b504d355cae

SHA256
e80cc4d983a972699ee74e9d4a0895622835bc48a8b6c4a7ee9264b7a23e446f

SHA512
509e51962650eeec55a04f831bb980d565eac778aa65be92bfe2d7f488c8649b129ff82c40874e0841f0ca934638ae29c5f51817f7f9fa2df6f49565de492e26

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25746.exe

Filesize
184KB

MD5
c01a7837f5df063c8c86cae6ff8e91ea

SHA1
167f0c765b6ce75c19f9958e36639e7ae1aa320e

SHA256
c9ef00d4d9f445cbdd05a2666cd84dbecd6d1e522bb6a032c7c4308a3d161232

SHA512
0c645e5b165ad08b36e60446f8e427e7223c82b7a54a1edddcf3d6dccc160678f7014cd8f45258e2c32a38ff6dfd68b1c36e2a4cba863f670e7d8fcfd26707c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe

Filesize
184KB

MD5
7869cecc6e47ab95cb0568cb349192bc

SHA1
793255040bfa0e692ceef4c6877cecf4ecf4435b

SHA256
734489e843b81e26e4636ec0726cdcf9e90ee7011c5589062c727742952f7cba

SHA512
709c5343dc8bc863aa55ded978dd4a7f3b4c91ded17c3a305e9cfdb748b00716ac197a08d062c9856691e4bc9e6c3b3477d96d399093ca4390143ea41892e5a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe

Filesize
5KB

MD5
42d18bd0a987c7cf20985dc0bfcb3c9d

SHA1
f2cfa1868fd730ddde61a944999656387bcff606

SHA256
e3f47afe8154a9bbc1079cf0d9f8b2a87f29236849f51dc0bd4f826df985aee5

SHA512
03ff6d4065efaf2301b37730983a2e11f612a6e3abc0193828ddc20405dc9fc933416b5f3595852b80d05ae24eea8fe79b0f2138a3c94d66e9e4cb829ec3833d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33887.exe

Filesize
183KB

MD5
4e66c4177cb168f9bf150267302993d4

SHA1
3e917f01970708445f463049112fd756519a9589

SHA256
79fa45ecf62662ea93b4350ead76cc779e711e294074548a5f9a3bfb558fe35c

SHA512
70b930b68f4cf2951062f25d5de4ed6d37a9ed7323ba91872d1863ea07d952225a29b345d0231d0fa4bd5ef0bb8ecc27bcca7fb5fde663b60fa7c91c2bdfc792

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe

Filesize
184KB

MD5
8f37593b5f04f7e2ec6a8996346858cb

SHA1
924e57873f844965afb209f6d399687e102edda0

SHA256
ea70e6444ffbc4ebc383e870361eb44b997c14203db74e3acbe0f919e2aa5386

SHA512
e1ebaad92ffc203c9c306800f0585f9209c899fe1387814ba4caa32ee91e93cca6fe6d701560e65315d5f604685878402a98b9b4c76a7747ba56844e49b5dfef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe

Filesize
40KB

MD5
0f677b06bab3fad8fb5618496414d8d6

SHA1
8e5155e6837507239afbdafb90d9483df5835f67

SHA256
8a7a72fdeaf6d9f8fc5c3406c32d9d45f40f930322d242dc036bade353d02895

SHA512
95c698b60e0f5407e1792882092dc1d89ad80abb894b8d878253c1df7bc9bf844ce6dd59a5a1aa51df84078c5e837cb3f74225ca8fdc2a43fcacbd63415b8a7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe

Filesize
184KB

MD5
38f37518de839467723ca03620ebe8b3

SHA1
8af1507894e0a5399386b9d5fc11d2d9aa67a122

SHA256
5da5a3f6d2dff19cd89111e168c301436459eb51d3e63362363dbe10dab3ac65

SHA512
b4b4cbca0e634ff33ea0dcf5107d1b0f96e249de64ca74c7489eadd2e3da2774f816da847d6dd35d056acf2823c76ec7b66b4f657e2c3ca402dc7828caa2e3c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe

Filesize
159KB

MD5
0b10fffafda489d4f97ccded1de3ae7c

SHA1
9c69dbdab18bd570945694e823923a3bf3d2d1a3

SHA256
2f0c7ec774247aba233ab789c9854c010904075aa50cbf70149dc83c52f03a04

SHA512
9fdd4fcde65ce83992759d512f60d3a9e9f54cb6c32838bd3798847fdf5cf08d5191dde19bb62fc413852ccba98a1c6cd3bd53860f497ae55e2305f8e9655b7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4552.exe

Filesize
184KB

MD5
2b94ebebb3971583f561d3b6006010d1

SHA1
3a9cb4662e3112b5ed43644d4b1762a88d3ac365

SHA256
fbac7ad5b6894aa009db449658d4bcc6758f7a3ecce58fb44721252f6dbbb8b7

SHA512
2228be7a775b2b1ed98350c5af1afcede10fec2bd8a513ce19883c85041291fa36a86001653282f8a4611b651888e4608d97eda22b253b2f4c1b7004c3d078ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45777.exe

Filesize
184KB

MD5
9ca6791dc95f970e2ab67eae3b99ba52

SHA1
a820e9584d2f4bd734eec9599c99e1eab2d6309f

SHA256
e7ffabf5ce2188f8c8972c4a2e323e7f1644999c2519e2f0c700c750c7de7606

SHA512
4d816127bb403f2c02c1a7a52dfa6fbbd50a5916d5200dab6cbb299f30aff3844d87b13225d3d3491c57896d171f9169fa518a00ae70507cc95fbe8c7ff4376f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe

Filesize
184KB

MD5
dc81955650a2b58a219e316fdf331d3d

SHA1
c957153c229fb30667fd860452c9d243f3a6ea8d

SHA256
2350958a4b786bec7bda72e8ec60ccda91637cc8238fe4e408582d1b087d1e53

SHA512
3071d8f856f017761f8de26596b659803a8a1f240e8612fa7884be8a006685c6d8f92e92f80f30d9924eb9b82b550d907aca7af105ffd13e81e0ec38663516bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe

Filesize
155KB

MD5
65b9fa464540a37db7bc3a9cb446659e

SHA1
372aac033561ef2ae3a5b618768e799570525d5c

SHA256
a1a4c95899b727d6d7694b4b9bf9de877378c1c81f7c30b9d37dbfa35a601545

SHA512
3975613dc322ebf06d14d3e0f25ba22bcc85093e261e65ddcfa2307df95593a46c3ba2d86e787ea37a90e489a9e6a60993b167a9d5302546a4d3439a789e0d45

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads