77d7346f2d820e9708629eb846eb7ac28baab42bc8dcd9dcb9703ea1aa4fa3ed

Analysis

max time kernel
148s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3481d50c1343de7065cbe290d712b26.exe
Size

184KB
MD5

d3481d50c1343de7065cbe290d712b26
SHA1

0d3d5fb85b557e2b49d2921312533fdc8653fb70
SHA256

77d7346f2d820e9708629eb846eb7ac28baab42bc8dcd9dcb9703ea1aa4fa3ed
SHA512

d786ba1a5247767365a4caeb2985704e176c072f5743aeb40447a32cdf216c408f038d6dda647eca15048b5def0f10bfc32664269894383f312edff433145038
SSDEEP

3072:/lnWoM+fEA63ljBdZKxqzzsBYC6hVuIyjrlpQPu17lPdppuy:/lWo/V63bdMxqzZfen7lPdp8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2124	Unicorn-5950.exe
2868	Unicorn-64632.exe
2936	Unicorn-11902.exe
804	Unicorn-60813.exe
2576	Unicorn-41632.exe
2412	Unicorn-28634.exe
372	Unicorn-38175.exe
1512	Unicorn-53478.exe
2964	Unicorn-1589.exe
2944	Unicorn-40863.exe
2972	Unicorn-40671.exe
320	Unicorn-1527.exe
2216	Unicorn-30094.exe
2804	Unicorn-4288.exe
2468	Unicorn-375.exe
1868	Unicorn-53105.exe
2100	Unicorn-183.exe
2096	Unicorn-3712.exe
1720	Unicorn-14537.exe
848	Unicorn-32410.exe
2196	Unicorn-40307.exe
2208	Unicorn-35280.exe
1636	Unicorn-65191.exe
1856	Unicorn-11164.exe
1600	Unicorn-48279.exe
568	Unicorn-18560.exe
1648	Unicorn-51808.exe
1012	Unicorn-64231.exe
1260	Unicorn-35171.exe
2720	Unicorn-34232.exe
2416	Unicorn-33848.exe
2844	Unicorn-17185.exe
2748	Unicorn-42356.exe
2544	Unicorn-9491.exe
2560	Unicorn-25444.exe
2616	Unicorn-41561.exe
1416	Unicorn-62387.exe
2956	Unicorn-63373.exe
2988	Unicorn-47146.exe
1672	Unicorn-59050.exe
1876	Unicorn-34732.exe
364	Unicorn-52678.exe
1796	Unicorn-21542.exe
1244	Unicorn-5397.exe
1840	Unicorn-38096.exe
840	Unicorn-30675.exe
2108	Unicorn-18038.exe
1124	Unicorn-14722.exe
2088	Unicorn-45667.exe
1580	Unicorn-37769.exe
2700	Unicorn-13378.exe
2184	Unicorn-34623.exe
1932	Unicorn-53565.exe
2488	Unicorn-47224.exe
2516	Unicorn-1936.exe
2508	Unicorn-64328.exe
2144	Unicorn-51630.exe
892	Unicorn-35185.exe
3068	Unicorn-9165.exe
2392	Unicorn-9165.exe
2712	Unicorn-37540.exe
3032	Unicorn-56695.exe
2852	Unicorn-7603.exe
2640	Unicorn-9331.exe

Loads dropped DLL 64 IoCs

pid	Process
2332	d3481d50c1343de7065cbe290d712b26.exe
2332	d3481d50c1343de7065cbe290d712b26.exe
2124	Unicorn-5950.exe
2332	d3481d50c1343de7065cbe290d712b26.exe
2124	Unicorn-5950.exe
2332	d3481d50c1343de7065cbe290d712b26.exe
2868	Unicorn-64632.exe
2868	Unicorn-64632.exe
2124	Unicorn-5950.exe
2124	Unicorn-5950.exe
2936	Unicorn-11902.exe
2936	Unicorn-11902.exe
804	Unicorn-60813.exe
804	Unicorn-60813.exe
2936	Unicorn-11902.exe
2936	Unicorn-11902.exe
2868	Unicorn-64632.exe
2412	Unicorn-28634.exe
2868	Unicorn-64632.exe
2576	Unicorn-41632.exe
2576	Unicorn-41632.exe
2412	Unicorn-28634.exe
372	Unicorn-38175.exe
372	Unicorn-38175.exe
804	Unicorn-60813.exe
804	Unicorn-60813.exe
2944	Unicorn-40863.exe
2944	Unicorn-40863.exe
2972	Unicorn-40671.exe
2972	Unicorn-40671.exe
2576	Unicorn-41632.exe
2576	Unicorn-41632.exe
2412	Unicorn-28634.exe
2412	Unicorn-28634.exe
2964	Unicorn-1589.exe
2964	Unicorn-1589.exe
2216	Unicorn-30094.exe
2216	Unicorn-30094.exe
2804	Unicorn-4288.exe
2804	Unicorn-4288.exe
372	Unicorn-38175.exe
372	Unicorn-38175.exe
320	Unicorn-1527.exe
2100	Unicorn-183.exe
2972	Unicorn-40671.exe
2096	Unicorn-3712.exe
1868	Unicorn-53105.exe
2964	Unicorn-1589.exe
2944	Unicorn-40863.exe
320	Unicorn-1527.exe
2100	Unicorn-183.exe
2964	Unicorn-1589.exe
2096	Unicorn-3712.exe
1868	Unicorn-53105.exe
2944	Unicorn-40863.exe
2972	Unicorn-40671.exe
2468	Unicorn-375.exe
2468	Unicorn-375.exe
1720	Unicorn-14537.exe
1720	Unicorn-14537.exe
2196	Unicorn-40307.exe
2196	Unicorn-40307.exe
848	Unicorn-32410.exe
848	Unicorn-32410.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1400	2184	WerFault.exe	78

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2332	d3481d50c1343de7065cbe290d712b26.exe
2124	Unicorn-5950.exe
2868	Unicorn-64632.exe
2936	Unicorn-11902.exe
804	Unicorn-60813.exe
2576	Unicorn-41632.exe
2412	Unicorn-28634.exe
372	Unicorn-38175.exe
2944	Unicorn-40863.exe
2972	Unicorn-40671.exe
2964	Unicorn-1589.exe
320	Unicorn-1527.exe
2216	Unicorn-30094.exe
2804	Unicorn-4288.exe
2100	Unicorn-183.exe
2468	Unicorn-375.exe
2096	Unicorn-3712.exe
1868	Unicorn-53105.exe
848	Unicorn-32410.exe
2196	Unicorn-40307.exe
1720	Unicorn-14537.exe
1856	Unicorn-11164.exe
568	Unicorn-18560.exe
2208	Unicorn-35280.exe
1636	Unicorn-65191.exe
1600	Unicorn-48279.exe
1012	Unicorn-64231.exe
1648	Unicorn-51808.exe
1260	Unicorn-35171.exe
2720	Unicorn-34232.exe
2416	Unicorn-33848.exe
2844	Unicorn-17185.exe
2748	Unicorn-42356.exe
2544	Unicorn-9491.exe
2560	Unicorn-25444.exe
1512	Unicorn-53478.exe
2616	Unicorn-41561.exe
2956	Unicorn-63373.exe
1796	Unicorn-21542.exe
1416	Unicorn-62387.exe
1244	Unicorn-5397.exe
1672	Unicorn-59050.exe
1876	Unicorn-34732.exe
364	Unicorn-52678.exe
2988	Unicorn-47146.exe
840	Unicorn-30675.exe
1840	Unicorn-38096.exe
2108	Unicorn-18038.exe
1124	Unicorn-14722.exe
2088	Unicorn-45667.exe
2700	Unicorn-13378.exe
1580	Unicorn-37769.exe
2488	Unicorn-47224.exe
2144	Unicorn-51630.exe
892	Unicorn-35185.exe
3068	Unicorn-9165.exe
2516	Unicorn-1936.exe
2184	Unicorn-34623.exe
2508	Unicorn-64328.exe
1932	Unicorn-53565.exe
2392	Unicorn-9165.exe
2712	Unicorn-37540.exe
3032	Unicorn-56695.exe
2852	Unicorn-7603.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2124	2332	d3481d50c1343de7065cbe290d712b26.exe	28
PID 2332 wrote to memory of 2124	2332	d3481d50c1343de7065cbe290d712b26.exe	28
PID 2332 wrote to memory of 2124	2332	d3481d50c1343de7065cbe290d712b26.exe	28
PID 2332 wrote to memory of 2124	2332	d3481d50c1343de7065cbe290d712b26.exe	28
PID 2124 wrote to memory of 2868	2124	Unicorn-5950.exe	29
PID 2124 wrote to memory of 2868	2124	Unicorn-5950.exe	29
PID 2124 wrote to memory of 2868	2124	Unicorn-5950.exe	29
PID 2124 wrote to memory of 2868	2124	Unicorn-5950.exe	29
PID 2332 wrote to memory of 2936	2332	d3481d50c1343de7065cbe290d712b26.exe	30
PID 2332 wrote to memory of 2936	2332	d3481d50c1343de7065cbe290d712b26.exe	30
PID 2332 wrote to memory of 2936	2332	d3481d50c1343de7065cbe290d712b26.exe	30
PID 2332 wrote to memory of 2936	2332	d3481d50c1343de7065cbe290d712b26.exe	30
PID 2868 wrote to memory of 804	2868	Unicorn-64632.exe	31
PID 2868 wrote to memory of 804	2868	Unicorn-64632.exe	31
PID 2868 wrote to memory of 804	2868	Unicorn-64632.exe	31
PID 2868 wrote to memory of 804	2868	Unicorn-64632.exe	31
PID 2124 wrote to memory of 2576	2124	Unicorn-5950.exe	32
PID 2124 wrote to memory of 2576	2124	Unicorn-5950.exe	32
PID 2124 wrote to memory of 2576	2124	Unicorn-5950.exe	32
PID 2124 wrote to memory of 2576	2124	Unicorn-5950.exe	32
PID 2936 wrote to memory of 2412	2936	Unicorn-11902.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-11902.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-11902.exe	33
PID 2936 wrote to memory of 2412	2936	Unicorn-11902.exe	33
PID 804 wrote to memory of 372	804	Unicorn-60813.exe	34
PID 804 wrote to memory of 372	804	Unicorn-60813.exe	34
PID 804 wrote to memory of 372	804	Unicorn-60813.exe	34
PID 804 wrote to memory of 372	804	Unicorn-60813.exe	34
PID 2936 wrote to memory of 1512	2936	Unicorn-11902.exe	35
PID 2936 wrote to memory of 1512	2936	Unicorn-11902.exe	35
PID 2936 wrote to memory of 1512	2936	Unicorn-11902.exe	35
PID 2936 wrote to memory of 1512	2936	Unicorn-11902.exe	35
PID 2868 wrote to memory of 2964	2868	Unicorn-64632.exe	37
PID 2868 wrote to memory of 2964	2868	Unicorn-64632.exe	37
PID 2868 wrote to memory of 2964	2868	Unicorn-64632.exe	37
PID 2868 wrote to memory of 2964	2868	Unicorn-64632.exe	37
PID 2576 wrote to memory of 2944	2576	Unicorn-41632.exe	38
PID 2576 wrote to memory of 2944	2576	Unicorn-41632.exe	38
PID 2576 wrote to memory of 2944	2576	Unicorn-41632.exe	38
PID 2576 wrote to memory of 2944	2576	Unicorn-41632.exe	38
PID 2412 wrote to memory of 2972	2412	Unicorn-28634.exe	36
PID 2412 wrote to memory of 2972	2412	Unicorn-28634.exe	36
PID 2412 wrote to memory of 2972	2412	Unicorn-28634.exe	36
PID 2412 wrote to memory of 2972	2412	Unicorn-28634.exe	36
PID 372 wrote to memory of 320	372	Unicorn-38175.exe	39
PID 372 wrote to memory of 320	372	Unicorn-38175.exe	39
PID 372 wrote to memory of 320	372	Unicorn-38175.exe	39
PID 372 wrote to memory of 320	372	Unicorn-38175.exe	39
PID 804 wrote to memory of 2216	804	Unicorn-60813.exe	40
PID 804 wrote to memory of 2216	804	Unicorn-60813.exe	40
PID 804 wrote to memory of 2216	804	Unicorn-60813.exe	40
PID 804 wrote to memory of 2216	804	Unicorn-60813.exe	40
PID 2944 wrote to memory of 2804	2944	Unicorn-40863.exe	41
PID 2944 wrote to memory of 2804	2944	Unicorn-40863.exe	41
PID 2944 wrote to memory of 2804	2944	Unicorn-40863.exe	41
PID 2944 wrote to memory of 2804	2944	Unicorn-40863.exe	41
PID 2972 wrote to memory of 1868	2972	Unicorn-40671.exe	43
PID 2972 wrote to memory of 1868	2972	Unicorn-40671.exe	43
PID 2972 wrote to memory of 1868	2972	Unicorn-40671.exe	43
PID 2972 wrote to memory of 1868	2972	Unicorn-40671.exe	43
PID 2576 wrote to memory of 2468	2576	Unicorn-41632.exe	42
PID 2576 wrote to memory of 2468	2576	Unicorn-41632.exe	42
PID 2576 wrote to memory of 2468	2576	Unicorn-41632.exe	42
PID 2576 wrote to memory of 2468	2576	Unicorn-41632.exe	42

C:\Users\Admin\AppData\Local\Temp\d3481d50c1343de7065cbe290d712b26.exe
"C:\Users\Admin\AppData\Local\Temp\d3481d50c1343de7065cbe290d712b26.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25444.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35185.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-466.exe
        12⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23916.exe
        13⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28291.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-502.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39853.exe
        13⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24677.exe
        14⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32994.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
        12⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53565.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38377.exe
        9⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7086.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3511.exe
        13⤵
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29039.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39676.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        12⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
        10⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14537.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45667.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33338.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63609.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13215.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19379.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        11⤵
        
        PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3712.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9491.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37769.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        9⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        10⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62312.exe
        11⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4876.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        10⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        11⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32410.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17185.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
        9⤵
        Executes dropped EXE
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15089.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55773.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18038.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32762.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36666.exe
        10⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9165.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30470.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49342.exe
        12⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37540.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        11⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        10⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24860.exe
        10⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
        9⤵
        
        PID:364
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
        7⤵
        Program crash
        
        PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-375.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        9⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11679.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        10⤵
        
        PID:2088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51808.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47146.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41743.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        13⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        13⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26251.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        9⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48279.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62387.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56695.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59101.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17643.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        9⤵
        
        PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30939.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        9⤵
        
        PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21542.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        6⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5913.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        9⤵
        
        PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        5⤵
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        7⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
        8⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56206.exe
        6⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23148.exe
        7⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3947.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
        8⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        8⤵
        
        PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52656.exe
        6⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
        8⤵
        
        PID:2160

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-183.exe

Filesize
184KB

MD5
8e21db2e1b76dc65f823fa6d411898ef

SHA1
e1ace778ad8a1373c3cbfa245de593b363950345

SHA256
dd1cc5ae6e4ebb9276cf546a1836f72a7a8691a29a76f1edef3e1a6be3b7f46a

SHA512
3ba4b8e12c5703687e776b2613fdfe71e42460c20bb0324ef982954d8f35cfe0338e94862ce77354bd1f0cdd1e142a3788a1a62fd92a82feedc532a9f89319d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3712.exe

Filesize
184KB

MD5
93d0c314051de11a2818c58b3fc2274b

SHA1
22c290b3ce531f2a537038923ae1445558e6d8f7

SHA256
c35e6a42c1b5a44d6a1fc0a5e5fe9a2ed06d139839ad9fa97d53dd7ebdce7aee

SHA512
5bc62cac07ab7f41f54459424b5593418bb5f3cd1a2b32d4f16a412346ebb363884d6adec1e2ef535df768d10d4950d23c6170b6256fb280632294182649c89f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40307.exe

Filesize
184KB

MD5
af22665ba5167bda458f1726a7c55865

SHA1
3914c3fecc742beecfcbece0866f5abd4a8c02a5

SHA256
8dadd57d2aefd1a768a62954a7ff02391656af56cee926f253cbf5d382ffe641

SHA512
5c1e726a2f292cdd86e595e44ac0c8c83ce6fc8310b0db66769b09f06c52ac2850d749e73a2b6593666285424b5ed0687f1be5626226b497312291c81d1fb47a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe

Filesize
184KB

MD5
64e647eb33a0a94ef42f9ec0709bf3eb

SHA1
1b3b4af391d68e8561c4911cf600b75aedcd7a26

SHA256
a6d4da5ac95ff11a9f9b398aabe53391f4cd170ee7f4c572199f7ad1e86e3df3

SHA512
a895c2172a1d59c7f1078ff278f5c5c9f3c7dace963424215f95dc273c475719ab07fab992870ac3721b164326565e58211ac1bf401d3e164506c56e388ca7a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe

Filesize
184KB

MD5
75ea05de33ae87493beb1275f341191f

SHA1
f9628a962d7a26d71b441f4397d6f30cf8e07837

SHA256
33e0400aee97f8935b5d91798ba9f2ada40f308c27b535202f2092cddee2f76a

SHA512
999d632da9d55993ce15c358aad17114ac1d18e7fd48baa87feb092bcba860a5efb5517c216741453b26d397284388a6e93cb2b9a527a5dad182398d8ee5c4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe

Filesize
184KB

MD5
76504f9f35faffe0ebaac5e19fddc3fd

SHA1
f0ffdae5889e4d9116ea0a27fd3e0fff4417035a

SHA256
bbac0d90b658991ef198fa204163f0d8f45a3f8176725deec4a533451434c28c

SHA512
24493c136230740d736361c7c9f0b5587a9c85b8bf88ef867a5597991d0089b3c34f166712ec16e4cc8ee322d2016b0caf29211d409b875ed3a29712b760ccf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53105.exe

Filesize
184KB

MD5
8052546198bf297fe19bdbc668785faf

SHA1
2db8a87c0903b049232f38488e2aa65aa5fc2200

SHA256
2da9103cec2eef9da96c68a6a12c3835746ffb6597839295a07b966b7803b4ad

SHA512
feef434512b35503abf5b034df5a7e5b575a7248742735c92ca0327813276a0569041ef7a7005eb6a78664886f66a300200675aa6fc93da621dc1e349d317af0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe

Filesize
184KB

MD5
2e2b9c6aee5444e241cbd90279e28ad4

SHA1
59f068b4b4c6f56da504866866c37b4ee3e97cf8

SHA256
c302256a46df297e93b441fac908a8ace7726dd52d6bc29b055d85303ab123a4

SHA512
d6f35fb1ae614ffed87b052504b0ad1671e7d448263a44b7dfd408b6311552834c4e56ad60d5de598240b4051824b080a2d0633fe56d76d7a5284280f0df2a40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe

Filesize
184KB

MD5
c101b1999eb545c178806a3575ee3b72

SHA1
20668a5e948ab17d1f204de699f5b05c65c646e6

SHA256
393b9b84707e888e161e02177fe6d62c2fca3124c9a2d6c05e68079060764cc5

SHA512
7e7d8200b880f26ba4e6ecb90b3ee17ecf9508253559c1fea8521c86ec2c747d5238b4a3bd1f66b8ee2b6cb1ca10bebc3dd80c317c21e936c59b35a4a61b5531

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1527.exe

Filesize
184KB

MD5
f80d8703df8c5df6234cf949b8184ade

SHA1
0d0136f747b1416c001fdb8fffe099bd879bd7ad

SHA256
c42ec5cd68f09cc9f100272cbad2ed2a7bd5a31fd7704873e855c7dec482ab83

SHA512
e25a50e456d3ea1ec08a79ec07104c39dd0bc780c126858971ea83f463b5a2f38d93bd8d633fa45ca86f29d80770f913ba7a3d185bb8ab49181dfe05266cee8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1589.exe

Filesize
184KB

MD5
a06a050baf080e48bc03170f314ee214

SHA1
4520bc0553e297fe74a09fbf7a4346167ed2ecf3

SHA256
fca043dd8d1ffb999ad853c1e9b2aa43a4ebc7756ab8e5c187dd608c27accbfb

SHA512
c6fae7f133fc3ae16b18d71a96eaed1aba12a2e0988caba2de5dad9fa9e6143ecd56a309a024f85e7b09ef719d0622bbd0db6baa96d2b0e9fe80f39b4693644f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe

Filesize
184KB

MD5
199c9a11dfa9f440e1d788488a5ded0c

SHA1
6c4d08e1ac397f77d202fc47be1ca7902e62af63

SHA256
19c2a0407978943a0f2c174cbcd4b9fb965816ccfd1725af6c7821524d22bdee

SHA512
198e601a74ca02010f9145db6ec8410893c25521aa45c37b85e5680460aca623fcb9792081133b6e065496805769f25df43062c8c9ef3e8645fb65b75a9d1512

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe

Filesize
184KB

MD5
2491656cd2ff28f2f2fa1770a80a5f1c

SHA1
f24b7151330858ad1a7a13f48680f48dec48ed24

SHA256
d11db13832a787394fe5f0c0a5a06f137b8db6db7c66e591b1fcc81bb865c64f

SHA512
1ec7450371d06dd2df41d80ace76a3742a566d20dab5130c04c09e2201151c14a7010e1e552b8d1e5f1d41a0d3817419476e35c571ef3a9075dc09d3489ff650

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-375.exe

Filesize
184KB

MD5
068ad76a143d69effe74172e0d5b88c1

SHA1
6ce374221c52d668abf73bc03cf7784e08513fce

SHA256
0495766b304873a4245fe1f4dec48efc19340cef10632641265e4d23a62b62ab

SHA512
96c448f5cdf4fa0c871f47db72005d589fd357a19130dc00c08a5595d5f7eec4c37ea3abf728aae001a33ba2fafa8fce6949068a777a67147223c1ba712e31f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe

Filesize
184KB

MD5
82bc1d8bd7f980d74f32086bbb0a8a22

SHA1
cc011969112253a0de335c7eaadeb546a06015fd

SHA256
d0d827ae5409e19aca96b396089cbf045212240770f112db1c3e147b861e88d5

SHA512
9040b358df5686a460823bcf622e2b593db35bdd1daa70d0104c22eccc8817ef5f8542346247b11f2fa83b71a56d6c243a6b5ac8243fbb484183e9a8aedaf10a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe

Filesize
184KB

MD5
a36eb58399f0c8db82ec7623eadeb75e

SHA1
ac31ce2191b206c5d8aef93f825c7f39d3984d81

SHA256
a06400ed8759b41f78e3098fbfb476d3c2e9fb06b006087b0d2ac156efaee613

SHA512
623e06b1b733faf7bc11fef251e30c4b8a8af82732e3e3c8115144a95189890e9103eae92e576673f50f0be7250384378e2e7702b1878f98fea1634731d0d14f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe

Filesize
184KB

MD5
deebac6bf51e589eb11cc7bbfa3e8b7f

SHA1
221b6fed4fbbee7ec0c4aa78e9bcb9547b10a2fd

SHA256
d8b9bc2f7db4edac1df0ad657177fd936a7e7a0d8684fd96f2729132589d0b6d

SHA512
95283c26ae8777a4030300287ef0067088f3a9987337b0623125fbf11735406f37cfaa1eb5862789226356c27952707ae504c6c7e199ab5e99d0bc55eb8cbef9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe

Filesize
184KB

MD5
1604ef8b24f4514ceaafbd1e9e80c115

SHA1
5d710910f23ef84f6e901bd92fb45048d521d73b

SHA256
1b5cc36b80cbb60ec21e8406247be4a804d8f6abc43a38734ef4b360910e1f9e

SHA512
88eb23960bd7ae1176d261033ed906ca3481d1e5422f3981320769a102b7390807fa734dc52fad5907ca15442b98e58d9a3c2399decea3f1b7080a93ed17f6f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe

Filesize
184KB

MD5
b428ae2689af9abfb12bc80473321e96

SHA1
9642b93aa7c961e62542107ba607f4787efd1857

SHA256
84279eac8375dc03d6e806f6949f9e7d321d9b47178316428c7ace698b18241b

SHA512
3338e0204d5887c8868a4710045a80403e7fbf92175973c6c15b010186aea21cf02669ecfb05c01299927fe613c68a05ffaa29bf40ecc13d81db94da71e5140e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64632.exe

Filesize
184KB

MD5
faedbd5a34457df327f3d8e962b8c1dd

SHA1
c97fe35ceef297f4c58f3abdf455361f06313f74

SHA256
ef646d10d4608c9377cf6e27a7b8f9cf9741959508fb50b463cb4252ad9c19d7

SHA512
e89913062f2478fca616f467726d6d72a8aa80d7cc51aa7a8bc67df4852bd5fae787a617e5cc93d3920106307e515bb2876c0922e3fbade442f7928be922a456

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads