d14e110332bf4d1c7901d39711612e8ff7b65f33cbbe8e7550d92afa50370f6b

Analysis

max time kernel
61s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 22:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b180fe5f81de92fccada4fa045fc55cd.exe
Size

196KB
MD5

b180fe5f81de92fccada4fa045fc55cd
SHA1

b5ef1721fac6724d44493effd88ec621fcbd23af
SHA256

d14e110332bf4d1c7901d39711612e8ff7b65f33cbbe8e7550d92afa50370f6b
SHA512

624988ed3ba72859d3728739738786196071978a3129e74e6b3a4349df0d3520a9da9db4d85a74f39efa5f0a53993798352c9e293ff25d1052c969d369968f9d
SSDEEP

3072:L8i6o06FcBAWr98ndTy5a8N46KF6MooVzOGxL+qOF6lPvpF5:L8fo+uWr2dW5a8hIHg6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1456	Unicorn-3515.exe
2712	Unicorn-15815.exe
2788	Unicorn-61486.exe
2744	Unicorn-49639.exe
2608	Unicorn-3131.exe
2584	Unicorn-22997.exe
1220	Unicorn-10827.exe
696	Unicorn-21710.exe
476	Unicorn-32016.exe
1940	Unicorn-36654.exe
2000	Unicorn-5928.exe
2532	Unicorn-55664.exe
2428	Unicorn-59748.exe
2460	Unicorn-63832.exe
1268	Unicorn-29873.exe
2088	Unicorn-23049.exe
2344	Unicorn-490.exe
1836	Unicorn-16827.exe
1212	Unicorn-62773.exe
2400	Unicorn-46245.exe
1664	Unicorn-45690.exe
1324	Unicorn-48191.exe
2312	Unicorn-23686.exe
1480	Unicorn-63972.exe
1228	Unicorn-12825.exe
848	Unicorn-49582.exe
2024	Unicorn-60443.exe
2644	Unicorn-1100.exe
2820	Unicorn-1292.exe
2616	Unicorn-29437.exe
2748	Unicorn-62553.exe
3032	Unicorn-46217.exe
2564	Unicorn-9268.exe
1484	Unicorn-25161.exe
1756	Unicorn-57078.exe
2684	Unicorn-20129.exe
548	Unicorn-22267.exe
2888	Unicorn-21713.exe
2916	Unicorn-7877.exe
2148	Unicorn-35091.exe
1220	Unicorn-55319.exe
696	Unicorn-2034.exe
2292	Unicorn-39559.exe
2052	Unicorn-55895.exe
904	Unicorn-59979.exe
832	Unicorn-51811.exe
956	Unicorn-33337.exe
1840	Unicorn-64063.exe
952	Unicorn-23031.exe
3068	Unicorn-2610.exe
1144	Unicorn-14862.exe
1596	Unicorn-39367.exe
1924	Unicorn-21853.exe
2772	Unicorn-1987.exe
1940	Unicorn-46165.exe
1792	Unicorn-57026.exe
760	Unicorn-54333.exe
2844	Unicorn-34467.exe
2604	Unicorn-57047.exe
2168	Unicorn-10539.exe
2760	Unicorn-57602.exe
1916	Unicorn-46741.exe
2880	Unicorn-38573.exe
2720	Unicorn-49434.exe

Loads dropped DLL 64 IoCs

pid	Process
2236	b180fe5f81de92fccada4fa045fc55cd.exe
2236	b180fe5f81de92fccada4fa045fc55cd.exe
1456	Unicorn-3515.exe
2236	b180fe5f81de92fccada4fa045fc55cd.exe
1456	Unicorn-3515.exe
2236	b180fe5f81de92fccada4fa045fc55cd.exe
2712	Unicorn-15815.exe
1456	Unicorn-3515.exe
2712	Unicorn-15815.exe
1456	Unicorn-3515.exe
2788	Unicorn-61486.exe
2788	Unicorn-61486.exe
2608	Unicorn-3131.exe
2584	Unicorn-22997.exe
2608	Unicorn-3131.exe
2744	Unicorn-49639.exe
2584	Unicorn-22997.exe
2744	Unicorn-49639.exe
2788	Unicorn-61486.exe
2712	Unicorn-15815.exe
2788	Unicorn-61486.exe
2712	Unicorn-15815.exe
476	Unicorn-32016.exe
476	Unicorn-32016.exe
1220	Unicorn-10827.exe
1220	Unicorn-10827.exe
696	Unicorn-21710.exe
696	Unicorn-21710.exe
1940	Unicorn-36654.exe
1940	Unicorn-36654.exe
2532	Unicorn-55664.exe
2428	Unicorn-59748.exe
2532	Unicorn-55664.exe
2428	Unicorn-59748.exe
2460	Unicorn-63832.exe
2460	Unicorn-63832.exe
2000	Unicorn-5928.exe
2000	Unicorn-5928.exe
1940	Unicorn-36654.exe
1268	Unicorn-29873.exe
1940	Unicorn-36654.exe
1268	Unicorn-29873.exe
2428	Unicorn-59748.exe
2428	Unicorn-59748.exe
2344	Unicorn-490.exe
2532	Unicorn-55664.exe
2344	Unicorn-490.exe
2532	Unicorn-55664.exe
2088	Unicorn-23049.exe
2088	Unicorn-23049.exe
1836	Unicorn-16827.exe
2460	Unicorn-63832.exe
1836	Unicorn-16827.exe
2460	Unicorn-63832.exe
2312	Unicorn-23686.exe
2312	Unicorn-23686.exe
1324	Unicorn-48191.exe
1212	Unicorn-62773.exe
1324	Unicorn-48191.exe
1212	Unicorn-62773.exe
1480	Unicorn-63972.exe
1480	Unicorn-63972.exe
1836	Unicorn-16827.exe
848	Unicorn-49582.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
1548	2748	WerFault.exe	63
2728	2624	WerFault.exe	98
1096	2744	WerFault.exe	97
324	956	WerFault.exe	77
3852	1128	WerFault.exe	129
3836	1624	WerFault.exe	134
3920	2788	WerFault.exe	131

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2236	b180fe5f81de92fccada4fa045fc55cd.exe
1456	Unicorn-3515.exe
2788	Unicorn-61486.exe
2712	Unicorn-15815.exe
2608	Unicorn-3131.exe
2584	Unicorn-22997.exe
2744	Unicorn-49639.exe
696	Unicorn-21710.exe
1220	Unicorn-10827.exe
476	Unicorn-32016.exe
2000	Unicorn-5928.exe
1940	Unicorn-36654.exe
2532	Unicorn-55664.exe
2428	Unicorn-59748.exe
2460	Unicorn-63832.exe
1268	Unicorn-29873.exe
2088	Unicorn-23049.exe
2344	Unicorn-490.exe
1836	Unicorn-16827.exe
1212	Unicorn-62773.exe
2400	Unicorn-46245.exe
1664	Unicorn-45690.exe
1324	Unicorn-48191.exe
2312	Unicorn-23686.exe
1480	Unicorn-63972.exe
1228	Unicorn-12825.exe
848	Unicorn-49582.exe
2644	Unicorn-1100.exe
2684	Unicorn-20129.exe
1756	Unicorn-57078.exe
548	Unicorn-22267.exe
2820	Unicorn-1292.exe
2696	Unicorn-50301.exe
2916	Unicorn-7877.exe
2888	Unicorn-21713.exe
2748	Unicorn-62553.exe
1484	Unicorn-25161.exe
2616	Unicorn-29437.exe
3032	Unicorn-46217.exe
2564	Unicorn-9268.exe
2148	Unicorn-35091.exe
1220	Unicorn-55319.exe
696	Unicorn-2034.exe
2292	Unicorn-39559.exe
2052	Unicorn-55895.exe
904	Unicorn-59979.exe
832	Unicorn-51811.exe
956	Unicorn-33337.exe
952	Unicorn-23031.exe
3068	Unicorn-2610.exe
1144	Unicorn-14862.exe
1840	Unicorn-64063.exe
1596	Unicorn-39367.exe
1924	Unicorn-21853.exe
2772	Unicorn-1987.exe
1792	Unicorn-57026.exe
1940	Unicorn-46165.exe
2844	Unicorn-34467.exe
760	Unicorn-54333.exe
2604	Unicorn-57047.exe
2168	Unicorn-10539.exe
2760	Unicorn-57602.exe
1404	Unicorn-8401.exe
2880	Unicorn-38573.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 1456	2236	b180fe5f81de92fccada4fa045fc55cd.exe	28
PID 2236 wrote to memory of 1456	2236	b180fe5f81de92fccada4fa045fc55cd.exe	28
PID 2236 wrote to memory of 1456	2236	b180fe5f81de92fccada4fa045fc55cd.exe	28
PID 2236 wrote to memory of 1456	2236	b180fe5f81de92fccada4fa045fc55cd.exe	28
PID 1456 wrote to memory of 2712	1456	Unicorn-3515.exe	29
PID 1456 wrote to memory of 2712	1456	Unicorn-3515.exe	29
PID 1456 wrote to memory of 2712	1456	Unicorn-3515.exe	29
PID 1456 wrote to memory of 2712	1456	Unicorn-3515.exe	29
PID 2236 wrote to memory of 2788	2236	b180fe5f81de92fccada4fa045fc55cd.exe	30
PID 2236 wrote to memory of 2788	2236	b180fe5f81de92fccada4fa045fc55cd.exe	30
PID 2236 wrote to memory of 2788	2236	b180fe5f81de92fccada4fa045fc55cd.exe	30
PID 2236 wrote to memory of 2788	2236	b180fe5f81de92fccada4fa045fc55cd.exe	30
PID 2712 wrote to memory of 2744	2712	Unicorn-15815.exe	31
PID 2712 wrote to memory of 2744	2712	Unicorn-15815.exe	31
PID 2712 wrote to memory of 2744	2712	Unicorn-15815.exe	31
PID 2712 wrote to memory of 2744	2712	Unicorn-15815.exe	31
PID 1456 wrote to memory of 2608	1456	Unicorn-3515.exe	32
PID 1456 wrote to memory of 2608	1456	Unicorn-3515.exe	32
PID 1456 wrote to memory of 2608	1456	Unicorn-3515.exe	32
PID 1456 wrote to memory of 2608	1456	Unicorn-3515.exe	32
PID 2788 wrote to memory of 2584	2788	Unicorn-61486.exe	33
PID 2788 wrote to memory of 2584	2788	Unicorn-61486.exe	33
PID 2788 wrote to memory of 2584	2788	Unicorn-61486.exe	33
PID 2788 wrote to memory of 2584	2788	Unicorn-61486.exe	33
PID 2608 wrote to memory of 1220	2608	Unicorn-3131.exe	34
PID 2608 wrote to memory of 1220	2608	Unicorn-3131.exe	34
PID 2608 wrote to memory of 1220	2608	Unicorn-3131.exe	34
PID 2608 wrote to memory of 1220	2608	Unicorn-3131.exe	34
PID 2584 wrote to memory of 696	2584	Unicorn-22997.exe	36
PID 2584 wrote to memory of 696	2584	Unicorn-22997.exe	36
PID 2584 wrote to memory of 696	2584	Unicorn-22997.exe	36
PID 2584 wrote to memory of 696	2584	Unicorn-22997.exe	36
PID 2744 wrote to memory of 476	2744	Unicorn-49639.exe	35
PID 2744 wrote to memory of 476	2744	Unicorn-49639.exe	35
PID 2744 wrote to memory of 476	2744	Unicorn-49639.exe	35
PID 2744 wrote to memory of 476	2744	Unicorn-49639.exe	35
PID 2788 wrote to memory of 1940	2788	Unicorn-61486.exe	37
PID 2788 wrote to memory of 1940	2788	Unicorn-61486.exe	37
PID 2788 wrote to memory of 1940	2788	Unicorn-61486.exe	37
PID 2788 wrote to memory of 1940	2788	Unicorn-61486.exe	37
PID 2712 wrote to memory of 2000	2712	Unicorn-15815.exe	38
PID 2712 wrote to memory of 2000	2712	Unicorn-15815.exe	38
PID 2712 wrote to memory of 2000	2712	Unicorn-15815.exe	38
PID 2712 wrote to memory of 2000	2712	Unicorn-15815.exe	38
PID 476 wrote to memory of 2532	476	Unicorn-32016.exe	39
PID 476 wrote to memory of 2532	476	Unicorn-32016.exe	39
PID 476 wrote to memory of 2532	476	Unicorn-32016.exe	39
PID 476 wrote to memory of 2532	476	Unicorn-32016.exe	39
PID 1220 wrote to memory of 2428	1220	Unicorn-10827.exe	40
PID 1220 wrote to memory of 2428	1220	Unicorn-10827.exe	40
PID 1220 wrote to memory of 2428	1220	Unicorn-10827.exe	40
PID 1220 wrote to memory of 2428	1220	Unicorn-10827.exe	40
PID 696 wrote to memory of 2460	696	Unicorn-21710.exe	41
PID 696 wrote to memory of 2460	696	Unicorn-21710.exe	41
PID 696 wrote to memory of 2460	696	Unicorn-21710.exe	41
PID 696 wrote to memory of 2460	696	Unicorn-21710.exe	41
PID 1940 wrote to memory of 1268	1940	Unicorn-36654.exe	42
PID 1940 wrote to memory of 1268	1940	Unicorn-36654.exe	42
PID 1940 wrote to memory of 1268	1940	Unicorn-36654.exe	42
PID 1940 wrote to memory of 1268	1940	Unicorn-36654.exe	42
PID 2532 wrote to memory of 2088	2532	Unicorn-55664.exe	44
PID 2532 wrote to memory of 2088	2532	Unicorn-55664.exe	44
PID 2532 wrote to memory of 2088	2532	Unicorn-55664.exe	44
PID 2532 wrote to memory of 2088	2532	Unicorn-55664.exe	44

C:\Users\Admin\AppData\Local\Temp\b180fe5f81de92fccada4fa045fc55cd.exe
"C:\Users\Admin\AppData\Local\Temp\b180fe5f81de92fccada4fa045fc55cd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        12⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        13⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
        11⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49434.exe
        10⤵
        Executes dropped EXE
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37442.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20129.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1946.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47618.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25012.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        12⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57026.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33996.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24095.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1100.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34188.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38319.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        13⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        14⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60363.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        12⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53217.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2439.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7270.exe
        10⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5470.exe
        12⤵
        
        PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62773.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64063.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54717.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34851.exe
        7⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14883.exe
        8⤵
        
        PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-490.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33337.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        11⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        12⤵
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
        12⤵
        Program crash
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        11⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6694.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        11⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        12⤵
        
        PID:3040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
        11⤵
        Program crash
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        10⤵
        Program crash
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24737.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51832.exe
        10⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61764.exe
        11⤵
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        11⤵
        Program crash
        
        PID:3836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
        10⤵
        Program crash
        
        PID:1096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        9⤵
        Program crash
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51811.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
        9⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8401.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30644.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11541.exe
        10⤵
        
        PID:2292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48191.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        11⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        8⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42268.exe
        10⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29674.exe
        11⤵
        
        PID:1212
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16827.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49582.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39559.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35195.exe
        12⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41971.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        13⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41615.exe
        12⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16098.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        10⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        11⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23222.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1043.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46715.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
        8⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32782.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32263.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
        9⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        6⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39367.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3570.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18392.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51998.exe
        11⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        10⤵
        
        PID:1456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
        7⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18968.exe
        8⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        8⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        7⤵
        Executes dropped EXE
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        9⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63690.exe
        10⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59268.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46165.exe
        7⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26560.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4743.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5491.exe
        9⤵
        
        PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2034.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54333.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58988.exe
        10⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39122.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45433.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
        8⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14151.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16721.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27581.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56269.exe
        8⤵
        
        PID:3388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21710.exe

Filesize
196KB

MD5
ed97e0f8f969cd4135eb71c957cf457c

SHA1
cbf5dd9396b5a49262860ded8f1f3dc5982b7443

SHA256
1d4e94121ba2fb3ef049b5e6d827e76c533af7016150f56ee2366e47ae79183e

SHA512
62c6c5e027a361b406ca91d086e211741eba047d9cbc00e4eb98b8804295ea9de9c8cabd86afbf3eba202f613618e8d494bcaeba71984f2be7f2d71caeeabe20

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22997.exe

Filesize
196KB

MD5
41e0b70b74ff6071cad135781ace43a0

SHA1
896c7914075f67822e70b94f8e86ada6ece0c071

SHA256
c94d71cf7c8f40b560e0492b2f6ddafc33321d70a21280eebe00b8f78aed7795

SHA512
7b0254a34850ba198a54dfcad37e8d567f1fbf705deeb2fd7f2df060c8551e8d1940ede6cde3159e0e77f47eb6884e77942733ec1a8153f79d36514b8920f1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23049.exe

Filesize
196KB

MD5
51817a56f4c482f500a790cd6d15172e

SHA1
5b23118ecb152903c34ff359b51649c300c5684b

SHA256
b7bdd865e0d6cff159edd07fea97f258b35b44795348bf1952570b3b4b28f97b

SHA512
55ce7eb87fe643bbed306431afdc2ccb59774f25465e8c6a57b08c541e02ed3c996a2222121772bbc7224f23c0b1ae4453014d7ac4cb7bf69c0d64b1c934b828

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29873.exe

Filesize
196KB

MD5
583eb44bead4486b06d72246e4cd2c7e

SHA1
684c86606ac0afb2f8ecec061d441cac4f9d529e

SHA256
fe6b745facdfd22c7aa2fa3216574b2ae9625db7cc8fc5f948dbf4d0958c8a92

SHA512
25d51fd732daa12c2803bddee96bb5c2a9b42677616066f7ad75646f5a3895816db70de371465acefb828d873d920118dc86e90a4aa1eaec2e3f11a40b2d812e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe

Filesize
196KB

MD5
3a6290b29cd84fb18cde5875c51c7c7a

SHA1
19e58d41198b1fbd63aaee9600f9870561b1def6

SHA256
c38b2d62e54f6493bf41febd833852c9fdf002b3a961ebce69b42a2474bcb4f7

SHA512
1832df9efd529b270648afa166289014ec3bdd7f7aa400eec96c07546a687959d30874339fb9ae2f59836593a45971ec699970e3cc87f92a8f861fee300e07f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40876.exe

Filesize
196KB

MD5
2629388a6b4571e9a916b9fe23077d53

SHA1
48ea50f94af05679e2c67336b9b957a942ad3a58

SHA256
533455c8468ce112e2921b7cd5564afab363c8ce88b4ba8991fe9105ed11e27a

SHA512
904fe77d3e1ba28419952f9086d1a068fe8420ca723dd4b8b594bed491bc50d91dbecae0c145bf809f8dfb8030bc59000ddc71d179541ef25d09e792d9b8f1f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe

Filesize
196KB

MD5
07a5cda61c6f924fe29430c8794f2cd9

SHA1
c36f6360bf81b3bb8745f9bd7440d651ecbb3f4b

SHA256
abf48880ef3ec962730821e7f58052e3be08920804b3822d92a9ba517a7dc4e3

SHA512
95847897bc46c4b9dcf007ea4d28293ccb9da9740cbfb2ed481ff18ab25c18f039ffad406f7c531a7e33c08c9cea70af9a7012b6900ad03071611532335a9f7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe

Filesize
196KB

MD5
22b70ba2f065a6c902ba520505faf99c

SHA1
6ad9db82c7eb328908304503cd4fbb94b3a82b34

SHA256
7c7f4cda025180380c09ec9e3109d90a0860ccaf4a6e3af7422eee6a9c7293bc

SHA512
3fdd41f4cd8064872126395de05ffb3757c8bf7cf1c74042583366f84ea000adb24478791293c8e274a4524dad15849558a6d68ac453a7821b160cc602adc93b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15815.exe

Filesize
196KB

MD5
85f594d367e0986578909f60815cb1f9

SHA1
01578a2741be55b191be359fa9f841f73a932435

SHA256
23a98bbc2ca21410501e8459dc615331221ceb8bb42c8ed126939962a789b91a

SHA512
a1bf01b0d11f99422ee6a75622f9f4c6576fbfdf6ad5d3217d2d4e011ce68a610ee6963e8fc635e8203dc36ec50a6cbd3ba149fd4483f1999fc4fe391b97cda7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe

Filesize
196KB

MD5
fdbd313116bed71adb22840069920ee8

SHA1
78c37bb90923019cd65b6457a801d53bfb7e7756

SHA256
ba4a5db4eabf25166c940da915155f7478d895a09f712574d6c61c3964a59580

SHA512
152de1619bf8e43e6a578263854e797b24501d2d1f2d5d50b05212a9f2e4d36d279a8c1e4d972394a2cfaee011275bdcdde3e8bde934efd594bc18601b67131a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3515.exe

Filesize
196KB

MD5
7a877620d783c0f29fbccb9f49911c94

SHA1
a397d1fa7264a488f7e951c168384d630cb63576

SHA256
175ad36e28e93c9eed27abb6d84e8d3d497178622df57484be172897337272d6

SHA512
07d1c17a7028652e18480b5164288c45e9e95a9484c6a2f17d313bfb81d7c8dd9e176df19e27d7fa4f9d532c303b5e4c6f07039a62a19f82065146a1e39de6ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36654.exe

Filesize
196KB

MD5
c10759090f6117d7a15ae82baf3ceb8a

SHA1
eb3e6a6f8fcea115f7a783cd98109eb1dd8180d6

SHA256
10d1c28b17ba6685dd67684322c5d4326b27086f937e322e0646267e7bbe46b6

SHA512
dbd08d40365c774cbb111d5149eedb9279f8c9b72e62fde8aad97c674cf3ce76e2452835a3553a074f4813fb1316b3eb2933d230b31b47cd1656bdb34603c7ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-490.exe

Filesize
196KB

MD5
1316fe09de95a38757e028ed20558a20

SHA1
a8abecc2fd8760fbe2569c1254d0276e5585ca10

SHA256
37f99a910c7be01a5d7ba02f529ba717ea9c6f05482145ed89b320fd8844a05e

SHA512
1857bfd6a3a68ea39920a4170c3d87851bc6af283180beaeb486a9f20a5d377fce54b2f0b0064a93e4fddc40449afc8a52347d8b2df7820195b5d887d1eff566

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe

Filesize
196KB

MD5
0cf439ffaf5f3bb99e29a8a308f2a739

SHA1
5ec1ac86af140f5d7df6d8509f19dee15acb544b

SHA256
afe38a8a41d5637c22366b64e759702fcd471899d7a8ba9c50a833bca12df502

SHA512
dcb201f76116f6b235d5c477f3ae5fca7757a7897300f1c5b3e384c428c050bf51ef72a094e05503510edb43c9d145e4029ad735637755404dee5ea411488b15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55664.exe

Filesize
196KB

MD5
203cea8804bf2fe736c9f2487ebf3ce5

SHA1
706b348a3605b3cae05620ac310b776c30490b4a

SHA256
cc0114932e5b32a8fb8caa79c5d174a1718d1be6a8f544bd7821270bc64e18fd

SHA512
07e42bf10de3428eb250a966f4676067c84a620df5983e0233c76026b6b65365290a390bdde87298f09484be74605dfa2c4b964c325bf36e200f8786ab4afd67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe

Filesize
196KB

MD5
ada101efd9d7f4bcfbb41850d171230c

SHA1
d524c68dd65683cba2a8cd4263b7004524f60883

SHA256
b8780fedf5039278b825ccd1ed637c88ed79fb1ce2b3cbbc21bcaf60c8cd9549

SHA512
4f989d99b0b98e68a26d97f545e9e5f43d010353cfd6d559030e85a59d43eb620cad323e1b0566c8b6592eed76e16083f2edf9b82fc518d384d1cf026bb39183

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61486.exe

Filesize
196KB

MD5
8e3c65bf86e0a070c2931ca66c0933fc

SHA1
207033167bcda796df9dbc4d82dab9f8d69f0edf

SHA256
0222dcba0472fac66f759675f6f877c50bd0ebbf35e02961e969748f9c1d7ea9

SHA512
831e62bb715b97d471cf2e8fab49922449e34885721b21959dcebbd5060a133b283ec2fa95f464d98c077774fe220de625f8716b3a7de3d349945aac74da9f9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe

Filesize
196KB

MD5
f187f503b3497ade3f3e9d045af44edd

SHA1
76d5565abc092f2e4208f6bb8121376c1f33b27b

SHA256
3941d90a1a02060fdec36489312313be5ee82af0f93281b3497a8d57def95b05

SHA512
2d2d56de9dcef93618154c659d370ab7db4fa6073e7505a0b5189345fd9e0fefe4bd889c4fb89f0a2fd3e70819fde4b71ddf08f7533937f3333b2401ee422e38

Download Submit
memory/2024-341-0x0000000002800000-0x000000000295C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads