b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007

Analysis

max time kernel
32s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
15-04-2024 01:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
Size

184KB
MD5

fa17bcdbec988a0cf20e4d233f451575
SHA1

4ca111f8e37350a9815a2a745d4e24bd4ec34db0
SHA256

b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007
SHA512

b21d49e93efcdeb022e69f6ace5b2b3b40a52c1b1fd2b475f62c59ceedd00dc443e3ebdd1e24b5e8e4339cbb1436ce43a7f0b738428ec6e2f1ef25d0147c84f5
SSDEEP

3072:2GJXvbonWOKjd478WpLY5sXGZlvnqnDiur:2G5o2Z47W5eGZlPqnDiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 40 IoCs

pid	Process
852	Unicorn-12066.exe
2608	Unicorn-53429.exe
2528	Unicorn-27341.exe
2428	Unicorn-56413.exe
2576	Unicorn-10741.exe
2480	Unicorn-10933.exe
2868	Unicorn-4803.exe
2728	Unicorn-27011.exe
2848	Unicorn-37513.exe
2920	Unicorn-11504.exe
1344	Unicorn-24899.exe
1644	Unicorn-5609.exe
1864	Unicorn-58339.exe
1532	Unicorn-148.exe
2076	Unicorn-30744.exe
2264	Unicorn-12383.exe
2084	Unicorn-18514.exe
336	Unicorn-17575.exe
616	Unicorn-41394.exe
1792	Unicorn-15498.exe
1412	Unicorn-29233.exe
240	Unicorn-64014.exe
1120	Unicorn-27009.exe
1096	Unicorn-3075.exe
1732	Unicorn-35940.exe
1292	Unicorn-6495.exe
956	Unicorn-22443.exe
1596	Unicorn-34869.exe
472	Unicorn-41000.exe
912	Unicorn-41000.exe
1308	Unicorn-21134.exe
1576	Unicorn-46381.exe
2836	Unicorn-57748.exe
1960	Unicorn-39212.exe
1300	Unicorn-40132.exe
1800	Unicorn-8697.exe
2496	Unicorn-22973.exe
1992	Unicorn-20425.exe
2600	Unicorn-54634.exe
2592	Unicorn-2832.exe

Loads dropped DLL 64 IoCs

pid	Process
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
852	Unicorn-12066.exe
852	Unicorn-12066.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
852	Unicorn-12066.exe
852	Unicorn-12066.exe
2608	Unicorn-53429.exe
2608	Unicorn-53429.exe
2528	Unicorn-27341.exe
2528	Unicorn-27341.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2576	Unicorn-10741.exe
2576	Unicorn-10741.exe
2608	Unicorn-53429.exe
2608	Unicorn-53429.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2868	Unicorn-4803.exe
2480	Unicorn-10933.exe
2868	Unicorn-4803.exe
2480	Unicorn-10933.exe
2528	Unicorn-27341.exe
2528	Unicorn-27341.exe
2728	Unicorn-27011.exe
2728	Unicorn-27011.exe
2576	Unicorn-10741.exe
2576	Unicorn-10741.exe
2608	Unicorn-53429.exe
2608	Unicorn-53429.exe
2848	Unicorn-37513.exe
2848	Unicorn-37513.exe
1344	Unicorn-24899.exe
1344	Unicorn-24899.exe
1644	Unicorn-5609.exe
1644	Unicorn-5609.exe
2528	Unicorn-27341.exe
2528	Unicorn-27341.exe
2868	Unicorn-4803.exe
2868	Unicorn-4803.exe
1864	Unicorn-58339.exe
1864	Unicorn-58339.exe
2480	Unicorn-10933.exe
2480	Unicorn-10933.exe
2920	Unicorn-11504.exe
2920	Unicorn-11504.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
2728	Unicorn-27011.exe
2728	Unicorn-27011.exe
2264	Unicorn-12383.exe
2848	Unicorn-37513.exe
2264	Unicorn-12383.exe
2848	Unicorn-37513.exe
2576	Unicorn-10741.exe
2608	Unicorn-53429.exe
2084	Unicorn-18514.exe
2576	Unicorn-10741.exe
2084	Unicorn-18514.exe
2076	Unicorn-30744.exe
2608	Unicorn-53429.exe
2076	Unicorn-30744.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2784	1532	WerFault.exe	41

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
852	Unicorn-12066.exe
2608	Unicorn-53429.exe
2528	Unicorn-27341.exe
2428	Unicorn-56413.exe
2576	Unicorn-10741.exe
2868	Unicorn-4803.exe
2480	Unicorn-10933.exe
2728	Unicorn-27011.exe
2848	Unicorn-37513.exe
1644	Unicorn-5609.exe
2920	Unicorn-11504.exe
1344	Unicorn-24899.exe
1864	Unicorn-58339.exe
1532	Unicorn-148.exe
2076	Unicorn-30744.exe
2264	Unicorn-12383.exe
2084	Unicorn-18514.exe
1412	Unicorn-29233.exe
616	Unicorn-41394.exe
1792	Unicorn-15498.exe
240	Unicorn-64014.exe
1096	Unicorn-3075.exe
472	Unicorn-41000.exe
1596	Unicorn-34869.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 852	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	28
PID 2972 wrote to memory of 852	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	28
PID 2972 wrote to memory of 852	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	28
PID 2972 wrote to memory of 852	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	28
PID 852 wrote to memory of 2608	852	Unicorn-12066.exe	29
PID 852 wrote to memory of 2608	852	Unicorn-12066.exe	29
PID 852 wrote to memory of 2608	852	Unicorn-12066.exe	29
PID 852 wrote to memory of 2608	852	Unicorn-12066.exe	29
PID 2972 wrote to memory of 2528	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	30
PID 2972 wrote to memory of 2528	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	30
PID 2972 wrote to memory of 2528	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	30
PID 2972 wrote to memory of 2528	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	30
PID 852 wrote to memory of 2428	852	Unicorn-12066.exe	31
PID 852 wrote to memory of 2428	852	Unicorn-12066.exe	31
PID 852 wrote to memory of 2428	852	Unicorn-12066.exe	31
PID 852 wrote to memory of 2428	852	Unicorn-12066.exe	31
PID 2608 wrote to memory of 2576	2608	Unicorn-53429.exe	32
PID 2608 wrote to memory of 2576	2608	Unicorn-53429.exe	32
PID 2608 wrote to memory of 2576	2608	Unicorn-53429.exe	32
PID 2608 wrote to memory of 2576	2608	Unicorn-53429.exe	32
PID 2528 wrote to memory of 2480	2528	Unicorn-27341.exe	33
PID 2528 wrote to memory of 2480	2528	Unicorn-27341.exe	33
PID 2528 wrote to memory of 2480	2528	Unicorn-27341.exe	33
PID 2528 wrote to memory of 2480	2528	Unicorn-27341.exe	33
PID 2972 wrote to memory of 2868	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	34
PID 2972 wrote to memory of 2868	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	34
PID 2972 wrote to memory of 2868	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	34
PID 2972 wrote to memory of 2868	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	34
PID 2576 wrote to memory of 2728	2576	Unicorn-10741.exe	35
PID 2576 wrote to memory of 2728	2576	Unicorn-10741.exe	35
PID 2576 wrote to memory of 2728	2576	Unicorn-10741.exe	35
PID 2576 wrote to memory of 2728	2576	Unicorn-10741.exe	35
PID 2608 wrote to memory of 2848	2608	Unicorn-53429.exe	36
PID 2608 wrote to memory of 2848	2608	Unicorn-53429.exe	36
PID 2608 wrote to memory of 2848	2608	Unicorn-53429.exe	36
PID 2608 wrote to memory of 2848	2608	Unicorn-53429.exe	36
PID 2972 wrote to memory of 2920	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	37
PID 2972 wrote to memory of 2920	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	37
PID 2972 wrote to memory of 2920	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	37
PID 2972 wrote to memory of 2920	2972	b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe	37
PID 2868 wrote to memory of 1344	2868	Unicorn-4803.exe	38
PID 2868 wrote to memory of 1344	2868	Unicorn-4803.exe	38
PID 2868 wrote to memory of 1344	2868	Unicorn-4803.exe	38
PID 2868 wrote to memory of 1344	2868	Unicorn-4803.exe	38
PID 2480 wrote to memory of 1864	2480	Unicorn-10933.exe	39
PID 2480 wrote to memory of 1864	2480	Unicorn-10933.exe	39
PID 2480 wrote to memory of 1864	2480	Unicorn-10933.exe	39
PID 2480 wrote to memory of 1864	2480	Unicorn-10933.exe	39
PID 2528 wrote to memory of 1644	2528	Unicorn-27341.exe	40
PID 2528 wrote to memory of 1644	2528	Unicorn-27341.exe	40
PID 2528 wrote to memory of 1644	2528	Unicorn-27341.exe	40
PID 2528 wrote to memory of 1644	2528	Unicorn-27341.exe	40
PID 2728 wrote to memory of 1532	2728	Unicorn-27011.exe	41
PID 2728 wrote to memory of 1532	2728	Unicorn-27011.exe	41
PID 2728 wrote to memory of 1532	2728	Unicorn-27011.exe	41
PID 2728 wrote to memory of 1532	2728	Unicorn-27011.exe	41
PID 2576 wrote to memory of 2076	2576	Unicorn-10741.exe	42
PID 2576 wrote to memory of 2076	2576	Unicorn-10741.exe	42
PID 2576 wrote to memory of 2076	2576	Unicorn-10741.exe	42
PID 2576 wrote to memory of 2076	2576	Unicorn-10741.exe	42
PID 2608 wrote to memory of 2264	2608	Unicorn-53429.exe	43
PID 2608 wrote to memory of 2264	2608	Unicorn-53429.exe	43
PID 2608 wrote to memory of 2264	2608	Unicorn-53429.exe	43
PID 2608 wrote to memory of 2264	2608	Unicorn-53429.exe	43

C:\Users\Admin\AppData\Local\Temp\b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe
"C:\Users\Admin\AppData\Local\Temp\b0518ab50d967079b942a63444f13a0e970753b8107125ce49565b22fbba8007.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        Program crash
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6495.exe
        6⤵
        Executes dropped EXE
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        6⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        6⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
        6⤵
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
        6⤵
        
        PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        Executes dropped EXE
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53952.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
        7⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        6⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16518.exe
        6⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
        6⤵
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        6⤵
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        6⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20676.exe
        6⤵
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        6⤵
        
        PID:1000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
        6⤵
        
        PID:2844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        6⤵
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54045.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26725.exe
        6⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        5⤵
        
        PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56855.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12786.exe
        5⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24384.exe
        5⤵
        
        PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
        7⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
        6⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49176.exe
        6⤵
        
        PID:2224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64930.exe
        6⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        6⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12687.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21134.exe
        5⤵
        Executes dropped EXE
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61949.exe
        5⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40917.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30892.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        5⤵
        
        PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22443.exe
        5⤵
        Executes dropped EXE
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-810.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        5⤵
        
        PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28257.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
        5⤵
        
        PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
      4⤵
      Executes dropped EXE
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36748.exe
      4⤵
      PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56792.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41024.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48444.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
      4⤵
      PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57748.exe
    3⤵
    - Executes dropped EXE
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
    3⤵
    PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
    3⤵
    PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
    3⤵
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15304.exe
    3⤵
    PID:2512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
    3⤵
    PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        5⤵
        Executes dropped EXE
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55505.exe
        6⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49269.exe
        6⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        6⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29181.exe
        5⤵
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7853.exe
        5⤵
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10360.exe
        5⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
      4⤵
      Executes dropped EXE
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10753.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
        5⤵
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31399.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
      4⤵
      PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1870.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      4⤵
      PID:448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49579.exe
      4⤵
      PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
      4⤵
      PID:1168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41394.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
        5⤵
        
        PID:2612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
        5⤵
        
        PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1823.exe
        5⤵
        
        PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34591.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        5⤵
        
        PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54634.exe
      4⤵
      Executes dropped EXE
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22041.exe
      4⤵
      PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
      4⤵
      PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe
      4⤵
      PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
      4⤵
      PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
    3⤵
    - Executes dropped EXE
    PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
    3⤵
    PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3751.exe
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
    3⤵
    PID:1304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
      4⤵
      Executes dropped EXE
      PID:336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
      4⤵
      Executes dropped EXE
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59576.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
      4⤵
      PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
      4⤵
      Executes dropped EXE
      PID:1300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
      4⤵
      PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43111.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6005.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
      4⤵
      PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42588.exe
      4⤵
      PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
    3⤵
    - Executes dropped EXE
    PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
    3⤵
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
    3⤵
    PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe
    3⤵
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
    3⤵
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56693.exe
    3⤵
    PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
    3⤵
    PID:1700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41453.exe
    3⤵
    PID:2280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
    3⤵
    - Executes dropped EXE
    PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
    3⤵
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7770.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
      4⤵
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2172.exe
      4⤵
      PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40511.exe
    3⤵
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
      4⤵
      PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18935.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
    3⤵
    PID:2492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
  2⤵
  - Executes dropped EXE
  PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21523.exe
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31403.exe
    3⤵
    PID:1448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8997.exe
    3⤵
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
    3⤵
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26922.exe
    3⤵
    PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
  2⤵
  PID:2532
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7804.exe
  2⤵
  PID:1240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
  2⤵
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30512.exe
    3⤵
    PID:688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
  2⤵
  PID:2352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45224.exe
  2⤵
  PID:1900
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
  2⤵
  PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
  2⤵
  PID:3016

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe

Filesize
184KB

MD5
aada556b9a1958f4402e0d839b767bfe

SHA1
30ad64421176e94143169e3947bd58a9cf0caa23

SHA256
01dd0cd361fb28022a48b522da44939942bbfbd0907b7220419f15c793114be6

SHA512
42c9b3935cfdf5627d5a92980364e4d8b064fb138693d9759fa64a6518c39df8f0431c06714ec6267f2934a97baf5bd834e296db738ee882603cba1654ccc944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe

Filesize
184KB

MD5
c969ed42c9a9cb6bb2132bdba4f35521

SHA1
0603f0a663493eaa53e7b77cf072721496a85453

SHA256
77d6db962e63b2b617ec42ca79d5926d602271f8663533649b6ad1bfdd413a97

SHA512
fb3d6efc6d66e6627eddcf2d15ee607800bda94513e7b07dfbbcb8ab06a2bcc19a60b6643f57ca7f667e25daf38907f7835ed99725e3b83e7024b4b9a68ea98b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe

Filesize
184KB

MD5
ef0aef56a637cfa68a06b4d4f095e70f

SHA1
6f08e236ebd15f69f9677da4f1bf55b4b3be8382

SHA256
e0ee69421b3cd916c86e7d808085ec8344400cd15bde43a0623476b3786ccdec

SHA512
9af545112ad31c4448fba87f66469d63877771baa6ca2b381800eedcb0be5001d3f81e1a31d41ffde0b4608d458339d0d9dcde9ace802dc87394b512b2f79b80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe

Filesize
184KB

MD5
1ebb7560055dd66ffe29ee513d7c8364

SHA1
37ea04edd7c561833c7f7054d390dae0df591e9c

SHA256
273707d5bd72434fc66eccbbffdddfb331d8b17487b507b9f353d1cc0a0e0ba7

SHA512
49ed1c61ae478591d88a2a3e5550350b82a224e957c4f5d26a5a5382fdb8b7a761700ebf58314a753b09c6ca746bcb6fb0f31c53ca176a77d1cc6d4c97d8f710

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17910.exe

Filesize
184KB

MD5
2758136f23e9ca693f96766e8fecb2a6

SHA1
56f218563fb7714060b2b97f7c13bf7f3686f3a3

SHA256
5199769319d19f3935ec3defcf4e6207bcd804367122704f624ad44f2650adcb

SHA512
49f11baff9a255ca2600d145c0d49e8f3b30ecdb916c555f921e7ec427ad4c0edba896593070ff7a0d5caa0296771b462b4b05eed2551b875238c6d53b152892

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe

Filesize
184KB

MD5
9c6445171a0c158c488418ca9b401af5

SHA1
bbab350571d834353cb90dd6ccee0bdb60d58687

SHA256
61a0d0cf2c6d2f386494d06198e7ea6b012a08220213878753cf20c66df2ef52

SHA512
7dc706084b527c8a0ad6b781a6f9e899f22c4c24e560a6f4bda8f838eae1a0691e751b652e7b5d2ad42aa46bd23746c558cc3428df655c816fc6d6800ff3d826

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe

Filesize
184KB

MD5
21969b45779ecdee3811438b7a731798

SHA1
acf20a863e491e17c2836ca04245b3d1734214bb

SHA256
8ce3d9c450a930a8b7f1f84b0174146df35f0bc2a78b8cb7fb16f01f48e919cc

SHA512
9aacd980aedd1d6d693c0528f56f0a3b255974b8c2af58b236ce63f4e9a6f364a5b8eda515ed372cb4291bd1f7bfe1501407fda3dcaa4734cf41aeaefbe996c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3056.exe

Filesize
184KB

MD5
824f2ac627135a498a2444b9f7617347

SHA1
0e4233f362db7d45034166ac5d74c305da44b2bc

SHA256
975fcc6185a6c94154eb0ac2b645b0e5dc9eaac145eebca39526aaf23beb8fbb

SHA512
5f653c80cf60e36b6270eafd842e87b1aedd63f0cf76b61ff4a7ebe5ae381dff4561676d1bc9069d7c9c7ea0a85629fdcc453d7d72a2c45def8b24208ce8d3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38206.exe

Filesize
184KB

MD5
0775b232a4b2d009870acc20ad81de0f

SHA1
34e8c948eabd2e0f5a82c25413beba41df8ab199

SHA256
5df0f7577b68c974ff89d17662c866b2aa216fefa75090727d75012a6e141409

SHA512
a96b3544512be8700cefcf41f1809b2b35ca05f8d9472af39b5105209ff0fe6f01ccf56bd7ac888ff8cf373a21506753c11a1d0e92ca41ef1789c86566663f7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44244.exe

Filesize
184KB

MD5
b16c3500ed4066a921b62e8e64a0f477

SHA1
771820d3678bb6708d5cba474d794c83decb1913

SHA256
9742798be8a988b8f61d4db9aea8792e594f906fb2590a46f0396617e6105f2b

SHA512
fda7450093f2e20f08d9a5155334d86291f272e11e91710fbc7bd46d52280975721125e6e11cf0ae3d27ab4d20673b3f2bb9f55318f4319af5def1a5322068ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe

Filesize
184KB

MD5
02da3148b5a28e7fa7480354985f58f6

SHA1
09bc9e1bc197478fa44225c249f1f6b240e283b3

SHA256
328e5d4c756dff9a45453cb22cb842b03fe98fb8e07cf9fb1a13161bc71382b3

SHA512
3961456bf03507747bffe58ccdd5f2d9889a2f3eb9b461d85040b276f8d137c193822d64a13e986a99720b4a5c2a01c535d320db1567696c4f619aefd38f6ca6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48651.exe

Filesize
184KB

MD5
3c1a4811d60a1a561a3d3a2b1ae432be

SHA1
cbffe095739cabb90fc4fa1e4df47d7c972e85f8

SHA256
bfc7d9def78c9427188cd03d9b3b4a515ee16cd9675c9e5e4f483415298b290b

SHA512
11d5ccb0bb98b464bb0d4a0819d740f8d1b40b0f52f5370425d62ea0ee5bfdda7495d71a6b143798eff16c8b9ddb6d9885823f5ae9cd2707239a7a10ae61455b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe

Filesize
184KB

MD5
22a8252c9993ed31b716992023deec20

SHA1
bcee1e855632d7eb685c67a73e4e2743924339f2

SHA256
63a2dfa459717dffbce4b55bef5883459bcfdf6ab2a08a7869592d73aa944251

SHA512
a00ce2ca710ab9000d0e8d68dc5034efb985358f7361e6301cd94a5def622669553967f507785430a632489513e0740c8a58dc3362da1a0bd8d55e6c89fd245a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10741.exe

Filesize
184KB

MD5
b52a6bf6c6c614ccc3dad59d84ef6d36

SHA1
ec440eeb2729307e719832b80ea5b60a487e12d4

SHA256
fee51480ff5a42f76f07163631c8e3d46928726d707df567165290dde5bc6bc7

SHA512
c1bd507a176b6676b8f44ac95cdf88f6e8eeba628928b0d4082fe3e7f74c9f10a6116d1d6ab0821271bfa2ea264b6f9165e0a0e4f3bf79767854b0a24ed1b6a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10933.exe

Filesize
184KB

MD5
7b72db7c37646d6f6e864957010c394c

SHA1
0b7b5efe0160e37fc0f9d45ebaf5c9c95c061b9b

SHA256
8f72ae85d77749c4049e9483ec58f31fd44b76f4a8dfaaf953dfe54e502d31d3

SHA512
e29668a8dce65cc394319e0211f7aad30e39cb02836a24d523caa9b38fb878f65f22ec755e790969cd69f65cd603fa3516688055176701f2d8aea8c9e7c6aa09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe

Filesize
184KB

MD5
54bf6a9a8699b53b8b84ac9d0849dd4f

SHA1
9190242334588f2445d3bdf61f8dad6862a1fdde

SHA256
752278d822361b0fdc00fde7095b0c9d2cb1ed2e8b65476154b9e196f4065c7e

SHA512
3f9e76ac97a6e1970c6f5fc9e21673ca1bc163edc4a6a17f628c7e58435c90baa2ff3ad3665186078e4949f57538a8260c62f9b49df437f4042e5a8d36010aab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18514.exe

Filesize
184KB

MD5
36b718288b4b10dd4358e6d32c062f6e

SHA1
46847c244c8df6c87db39b9ea16acf94c5162d46

SHA256
6be1ccf3371c64458c53e86a3e4130a90ee792607c6c47ba3c88ff21c13028a6

SHA512
2b762ea44a45fb97071db4d2850f5c466b64fd90aa3f661e2773f80f0f66744c244f0b7b5791459043b961510c6cc3485cbd4e9b6d09b299944e649ceb188947

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27341.exe

Filesize
184KB

MD5
1f959b0070d76ec7f72794f92c936a17

SHA1
69964f737c451a1ac226c7d3af5ee55c1182cffc

SHA256
627d27be51686aebeadffd7b61399c62cdaa976612a4a6b7d57b4efc7e673362

SHA512
b51a94038324a574970e3782b14d88b1d1ae9f809cd27ef16420af135a3f7279e470c1996dfebbfc02db1df9b71ecc4049657e8b3c622c86cc30f86997057e31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30744.exe

Filesize
184KB

MD5
f795e0c391603e72a8106a82a0b9076b

SHA1
161b90d6d204d32633b35d6ff1ee445da6d52000

SHA256
60b241dbf865b59dfdbe442671c995fe98b7ee031e50a5d650a22e80b883da4a

SHA512
ad0606c843ebeb795c8b3c62e392f9f90f473ee967246dc5e090eb80a553de283edc0ac62db5a7e567a9887c95930a239acb9db9ba9a40af21bf2cbc00a9b443

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe

Filesize
184KB

MD5
c91e622484c718cb491409e00553d0aa

SHA1
b110a53d9fa4e95af4df0b78962ac7c72d953cdb

SHA256
362ae1880976d286d1a3be207fcd3f4e52ee97b73e140264fb790f50af172d79

SHA512
45375b49d6d4547224aad40c5b82a259dc33e551cd72cf7f7f5635da619356faa96477f16a9df98f75692aef4a3680427962cd1cd0077c473cf09024397079b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53429.exe

Filesize
184KB

MD5
ffd4cb1de11ff23ba826cfdd2a3447d7

SHA1
cf6403d6f900565d0fd8af2d10eeb7e25cbb00fb

SHA256
5a41839c96b9cc27877a64d730c7dcde88a62fd07a63135397a5efe63d239d0a

SHA512
426b68e8f56b7833f780b00240010f689759deacf90a5b2108b715a546cf446e3d81166ffd49b7f380a637972851fe8349cd8a12fc0bebe29c244947045c46ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe

Filesize
184KB

MD5
82d58e5db72157c4b031fa5fd2e3b4ca

SHA1
8da800cc25c69beca8c732d2aaa8f80c343e04d6

SHA256
e5013899e55a6d01c76c5167715ad98c1b4078cc32c82f0ac4f886da8d4f18dd

SHA512
8102926ca5d532da35e3b5ed9032e707c2f16af9b75a8d023bbdbd5497e058db128b5d4cc6f1e39b823145ebc657fbd2f92c29229213252adf0201c965a391f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56413.exe

Filesize
184KB

MD5
3336723c438b82f34c7d98442526e3bb

SHA1
af9500c26ac550a18006a5f01cf3ef8011bfac20

SHA256
7cd933b9da16854b04583b0f42cd3e2ed1ee53ad78157e5569bf7158ceb39690

SHA512
584b82bfbe11d5a42d80f5d5c4a16fcdbebdf84652a30f7b236aae45b6e5a30cc71f58f5d2bcc6b334b0dc893528f5eeb7cdeededb628a5d009233772b0b0537

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads