b4d454e07886c4587808cdd2a812bd30893eba8564707aef977ef9fd33d5aad8

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c6b11c7beeac4adb1e1ba6addd41092.exe
Size

184KB
MD5

2c6b11c7beeac4adb1e1ba6addd41092
SHA1

47d6610d0a05e91b3c92349efea874590ac31df4
SHA256

b4d454e07886c4587808cdd2a812bd30893eba8564707aef977ef9fd33d5aad8
SHA512

ee82ec3526db9df6c89af37b11076b4ec30a1f2fd475e90ad6ea911e3d908f1f394b310808e4fe8b9e3c0d137bdd2fe1abe45fcbab2ef00b4d09ef1bd56fff47
SSDEEP

3072:m8H7oY7B9DA0uyjddOi0q8FFTsn6ONf15nEx89PgmslPvpFd:m8boy80u+dl0q88dBhslPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3068	Unicorn-45373.exe
2176	Unicorn-3629.exe
2664	Unicorn-61745.exe
2092	Unicorn-40900.exe
2844	Unicorn-33286.exe
2632	Unicorn-49068.exe
2968	Unicorn-3240.exe
600	Unicorn-57080.exe
704	Unicorn-19385.exe
1740	Unicorn-32355.exe
2044	Unicorn-15855.exe
1104	Unicorn-30890.exe
2368	Unicorn-19192.exe
1756	Unicorn-47226.exe
1500	Unicorn-63754.exe
1820	Unicorn-47973.exe
1688	Unicorn-30698.exe
1604	Unicorn-19000.exe
1284	Unicorn-38866.exe
2164	Unicorn-62851.exe
1852	Unicorn-47070.exe
1844	Unicorn-1398.exe
940	Unicorn-14307.exe
1356	Unicorn-31802.exe
2860	Unicorn-14307.exe
2908	Unicorn-20483.exe
2904	Unicorn-90.exe
796	Unicorn-32400.exe
2288	Unicorn-44652.exe
1760	Unicorn-45015.exe
2644	Unicorn-9924.exe
2028	Unicorn-59488.exe
2616	Unicorn-58933.exe
2668	Unicorn-63017.exe
2612	Unicorn-60832.exe
2764	Unicorn-56193.exe
2500	Unicorn-60640.exe
2472	Unicorn-43557.exe
2960	Unicorn-11247.exe
476	Unicorn-47641.exe
1488	Unicorn-22753.exe
2420	Unicorn-17852.exe
2052	Unicorn-39835.exe
2604	Unicorn-7724.exe
2232	Unicorn-40589.exe
2264	Unicorn-43088.exe
1696	Unicorn-28891.exe
1668	Unicorn-45742.exe
1904	Unicorn-58741.exe
1616	Unicorn-51917.exe
1080	Unicorn-50594.exe
2556	Unicorn-17922.exe
1768	Unicorn-63593.exe
1660	Unicorn-56899.exe
2744	Unicorn-24035.exe
904	Unicorn-32565.exe
3036	Unicorn-64683.exe
1940	Unicorn-15675.exe
2548	Unicorn-25741.exe
2060	Unicorn-57859.exe
2596	Unicorn-50438.exe
2584	Unicorn-37247.exe
2152	Unicorn-37247.exe
2508	Unicorn-29441.exe

Loads dropped DLL 64 IoCs

pid	Process
2988	2c6b11c7beeac4adb1e1ba6addd41092.exe
2988	2c6b11c7beeac4adb1e1ba6addd41092.exe
3068	Unicorn-45373.exe
3068	Unicorn-45373.exe
2988	2c6b11c7beeac4adb1e1ba6addd41092.exe
2988	2c6b11c7beeac4adb1e1ba6addd41092.exe
2176	Unicorn-56492.exe
2176	Unicorn-56492.exe
3068	Unicorn-45373.exe
3068	Unicorn-45373.exe
2664	Unicorn-61745.exe
2664	Unicorn-61745.exe
2092	Unicorn-40900.exe
2092	Unicorn-40900.exe
2176	Unicorn-56492.exe
2176	Unicorn-56492.exe
2844	Unicorn-33286.exe
2844	Unicorn-33286.exe
2632	Unicorn-49068.exe
2632	Unicorn-49068.exe
2664	Unicorn-61745.exe
2664	Unicorn-61745.exe
2968	Unicorn-3240.exe
2968	Unicorn-3240.exe
2092	Unicorn-40900.exe
2092	Unicorn-40900.exe
600	Unicorn-57080.exe
600	Unicorn-57080.exe
704	Unicorn-19385.exe
704	Unicorn-19385.exe
2844	Unicorn-33286.exe
2844	Unicorn-33286.exe
1740	Unicorn-32355.exe
1740	Unicorn-32355.exe
2632	Unicorn-49068.exe
2632	Unicorn-49068.exe
2044	Unicorn-15855.exe
2044	Unicorn-15855.exe
1104	Unicorn-30890.exe
1104	Unicorn-30890.exe
2968	Unicorn-3240.exe
2968	Unicorn-3240.exe
2368	Unicorn-19192.exe
2368	Unicorn-19192.exe
1756	Unicorn-47226.exe
1756	Unicorn-47226.exe
600	Unicorn-57080.exe
600	Unicorn-57080.exe
1820	Unicorn-47973.exe
1820	Unicorn-47973.exe
1688	Unicorn-30698.exe
1688	Unicorn-30698.exe
1740	Unicorn-32355.exe
1740	Unicorn-32355.exe
1604	Unicorn-19000.exe
1604	Unicorn-19000.exe
1284	Unicorn-38866.exe
1284	Unicorn-38866.exe
2044	Unicorn-15855.exe
2044	Unicorn-15855.exe
2164	Unicorn-62851.exe
2164	Unicorn-62851.exe
1104	Unicorn-30890.exe
1104	Unicorn-30890.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1324	2680	WerFault.exe	94
3488	2624	WerFault.exe	95

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2988	2c6b11c7beeac4adb1e1ba6addd41092.exe
3068	Unicorn-45373.exe
2176	Unicorn-56492.exe
2664	Unicorn-61745.exe
2092	Unicorn-40900.exe
2844	Unicorn-33286.exe
2632	Unicorn-49068.exe
2968	Unicorn-3240.exe
600	Unicorn-57080.exe
704	Unicorn-19385.exe
2044	Unicorn-15855.exe
1740	Unicorn-32355.exe
1104	Unicorn-30890.exe
2368	Unicorn-19192.exe
1756	Unicorn-47226.exe
1500	Unicorn-63754.exe
1820	Unicorn-47973.exe
1604	Unicorn-19000.exe
1688	Unicorn-30698.exe
1284	Unicorn-38866.exe
2164	Unicorn-62851.exe
1852	Unicorn-47070.exe
1844	Unicorn-1398.exe
1356	Unicorn-31802.exe
2860	Unicorn-14307.exe
940	Unicorn-14307.exe
2288	Unicorn-44652.exe
1760	Unicorn-45015.exe
2908	Unicorn-20483.exe
796	Unicorn-32400.exe
2904	Unicorn-90.exe
2644	Unicorn-9924.exe
2616	Unicorn-58933.exe
2028	Unicorn-59488.exe
2612	Unicorn-60832.exe
2764	Unicorn-56193.exe
2668	Unicorn-63017.exe
2500	Unicorn-60640.exe
2472	Unicorn-43557.exe
476	Unicorn-47641.exe
2960	Unicorn-11247.exe
2420	Unicorn-17852.exe
1488	Unicorn-22753.exe
2604	Unicorn-7724.exe
2264	Unicorn-43088.exe
2232	Unicorn-40589.exe
1696	Unicorn-28891.exe
1668	Unicorn-45742.exe
1904	Unicorn-58741.exe
1616	Unicorn-51917.exe
1768	Unicorn-63593.exe
2556	Unicorn-17922.exe
1080	Unicorn-50594.exe
1660	Unicorn-56899.exe
2744	Unicorn-24035.exe
904	Unicorn-32565.exe
3036	Unicorn-64683.exe
2548	Unicorn-25741.exe
2060	Unicorn-57859.exe
2584	Unicorn-37247.exe
1704	Unicorn-26509.exe
2680	Unicorn-53391.exe
2508	Unicorn-29441.exe
2152	Unicorn-37247.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 3068	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	28
PID 2988 wrote to memory of 3068	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	28
PID 2988 wrote to memory of 3068	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	28
PID 2988 wrote to memory of 3068	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	28
PID 3068 wrote to memory of 2176	3068	Unicorn-45373.exe	30
PID 3068 wrote to memory of 2176	3068	Unicorn-45373.exe	30
PID 3068 wrote to memory of 2176	3068	Unicorn-45373.exe	30
PID 3068 wrote to memory of 2176	3068	Unicorn-45373.exe	30
PID 2988 wrote to memory of 2664	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	29
PID 2988 wrote to memory of 2664	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	29
PID 2988 wrote to memory of 2664	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	29
PID 2988 wrote to memory of 2664	2988	2c6b11c7beeac4adb1e1ba6addd41092.exe	29
PID 2176 wrote to memory of 2092	2176	Unicorn-56492.exe	33
PID 2176 wrote to memory of 2092	2176	Unicorn-56492.exe	33
PID 2176 wrote to memory of 2092	2176	Unicorn-56492.exe	33
PID 2176 wrote to memory of 2092	2176	Unicorn-56492.exe	33
PID 3068 wrote to memory of 2844	3068	Unicorn-45373.exe	32
PID 3068 wrote to memory of 2844	3068	Unicorn-45373.exe	32
PID 3068 wrote to memory of 2844	3068	Unicorn-45373.exe	32
PID 3068 wrote to memory of 2844	3068	Unicorn-45373.exe	32
PID 2664 wrote to memory of 2632	2664	Unicorn-61745.exe	31
PID 2664 wrote to memory of 2632	2664	Unicorn-61745.exe	31
PID 2664 wrote to memory of 2632	2664	Unicorn-61745.exe	31
PID 2664 wrote to memory of 2632	2664	Unicorn-61745.exe	31
PID 2092 wrote to memory of 2968	2092	Unicorn-40900.exe	38
PID 2092 wrote to memory of 2968	2092	Unicorn-40900.exe	38
PID 2092 wrote to memory of 2968	2092	Unicorn-40900.exe	38
PID 2092 wrote to memory of 2968	2092	Unicorn-40900.exe	38
PID 2176 wrote to memory of 600	2176	Unicorn-56492.exe	37
PID 2176 wrote to memory of 600	2176	Unicorn-56492.exe	37
PID 2176 wrote to memory of 600	2176	Unicorn-56492.exe	37
PID 2176 wrote to memory of 600	2176	Unicorn-56492.exe	37
PID 2844 wrote to memory of 704	2844	Unicorn-33286.exe	36
PID 2844 wrote to memory of 704	2844	Unicorn-33286.exe	36
PID 2844 wrote to memory of 704	2844	Unicorn-33286.exe	36
PID 2844 wrote to memory of 704	2844	Unicorn-33286.exe	36
PID 2632 wrote to memory of 1740	2632	Unicorn-49068.exe	122
PID 2632 wrote to memory of 1740	2632	Unicorn-49068.exe	122
PID 2632 wrote to memory of 1740	2632	Unicorn-49068.exe	122
PID 2632 wrote to memory of 1740	2632	Unicorn-49068.exe	122
PID 2664 wrote to memory of 2044	2664	Unicorn-61745.exe	34
PID 2664 wrote to memory of 2044	2664	Unicorn-61745.exe	34
PID 2664 wrote to memory of 2044	2664	Unicorn-61745.exe	34
PID 2664 wrote to memory of 2044	2664	Unicorn-61745.exe	34
PID 2968 wrote to memory of 1104	2968	Unicorn-3240.exe	46
PID 2968 wrote to memory of 1104	2968	Unicorn-3240.exe	46
PID 2968 wrote to memory of 1104	2968	Unicorn-3240.exe	46
PID 2968 wrote to memory of 1104	2968	Unicorn-3240.exe	46
PID 2092 wrote to memory of 2368	2092	Unicorn-40900.exe	45
PID 2092 wrote to memory of 2368	2092	Unicorn-40900.exe	45
PID 2092 wrote to memory of 2368	2092	Unicorn-40900.exe	45
PID 2092 wrote to memory of 2368	2092	Unicorn-40900.exe	45
PID 600 wrote to memory of 1756	600	Unicorn-57080.exe	44
PID 600 wrote to memory of 1756	600	Unicorn-57080.exe	44
PID 600 wrote to memory of 1756	600	Unicorn-57080.exe	44
PID 600 wrote to memory of 1756	600	Unicorn-57080.exe	44
PID 704 wrote to memory of 1500	704	Unicorn-19385.exe	43
PID 704 wrote to memory of 1500	704	Unicorn-19385.exe	43
PID 704 wrote to memory of 1500	704	Unicorn-19385.exe	43
PID 704 wrote to memory of 1500	704	Unicorn-19385.exe	43
PID 2844 wrote to memory of 1820	2844	Unicorn-33286.exe	42
PID 2844 wrote to memory of 1820	2844	Unicorn-33286.exe	42
PID 2844 wrote to memory of 1820	2844	Unicorn-33286.exe	42
PID 2844 wrote to memory of 1820	2844	Unicorn-33286.exe	42

C:\Users\Admin\AppData\Local\Temp\2c6b11c7beeac4adb1e1ba6addd41092.exe
"C:\Users\Admin\AppData\Local\Temp\2c6b11c7beeac4adb1e1ba6addd41092.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe
    3⤵
    - Executes dropped EXE
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30890.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62851.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9924.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45742.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        10⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51261.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51333.exe
        12⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12210.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        11⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30586.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        13⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
        11⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        12⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50622.exe
        11⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22465.exe
        13⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17922.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44896.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
        11⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
        12⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
        13⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        12⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        13⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-142.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
        10⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37986.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19808.exe
        12⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        14⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        13⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64919.exe
        12⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56492.exe
        9⤵
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        10⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30960.exe
        11⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30300.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        11⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        12⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
        10⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        11⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19192.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63017.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46310.exe
        9⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        10⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32355.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
        10⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        7⤵
        Executes dropped EXE
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17852.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43088.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
        10⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        11⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8354.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
        7⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1255.exe
        9⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
        10⤵
        
        PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47226.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        6⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        9⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19284.exe
        10⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4410.exe
        9⤵
        
        PID:3728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56751.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17805.exe
        11⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63284.exe
        10⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31802.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56193.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        7⤵
        Executes dropped EXE
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50685.exe
        8⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60326.exe
        9⤵
        
        PID:3676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25210.exe
        10⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36174.exe
        10⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13907.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11162.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7726.exe
        9⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38552.exe
        10⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33286.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        7⤵
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47973.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14527.exe
        5⤵
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
        7⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
        9⤵
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
        10⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50082.exe
        9⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        10⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28152.exe
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48012.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
        10⤵
        
        PID:1852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61745.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3619.exe
        6⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43285.exe
        9⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57431.exe
        10⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43928.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29673.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45350.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        10⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64924.exe
        11⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56935.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40462.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25657.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14768.exe
        10⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11125.exe
        11⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63310.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        10⤵
        
        PID:3648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        11⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        12⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
        11⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
        7⤵
        
        PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-90.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59701.exe
        6⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20653.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17971.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        10⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        7⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24063.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23565.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56616.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        7⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50238.exe
        8⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
        9⤵
        
        PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19000.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24035.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1037.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64732.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        11⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        10⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17613.exe
        11⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65100.exe
        8⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32231.exe
        9⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
        10⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
        5⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26501.exe
        8⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        9⤵
        
        PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        7⤵
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
        8⤵
        Program crash
        
        PID:3488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14307.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62490.exe
        9⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
        10⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59979.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
        8⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28988.exe
        9⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
        5⤵
        Executes dropped EXE
        
        PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53391.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
        7⤵
        Program crash
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43647.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5791.exe
        7⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
        8⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3629.exe

Filesize
98KB

MD5
f0b6d8c8119a9c07fabe28ff7db0b433

SHA1
09d2ff443658e4b700013c6c6186d0cb23e7be77

SHA256
9033ea6356f57f30bb36d2a359e8b8a2dae057f9e6170a4bd7b5261bb7f64046

SHA512
98afd69318fd358d9ed48a0950d7def35d3ae80d00544085989e6bb42263941d5cd41c54ff7886a130e789b74aed308d0a0c602af770c04862b85a5b2812aa48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe

Filesize
184KB

MD5
1a104ca6a3539fb1f777f8b6614a0628

SHA1
21cd45b733d95a8fefb0f50716575c063d41637b

SHA256
7a1806651a5170d3b1102969a593e03c15e12f0a0fc0ff7fbe1ed11684072e05

SHA512
9088c1f0b893659805b23722e3a1f104e7f94709b59d32de43d481afa41816a0389aa8c81b4ba258a9b6b546125afffe8367d59baae3541deead7ea8668f716d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe

Filesize
184KB

MD5
262d25582f95f81d8e4585fd030b92d1

SHA1
04f0be47f41c255d9a90452e81c2ab8d0434ab34

SHA256
c8d35e02c455cc599c1c85830f2f8f1020811540c110c350fdba8e658cda57ab

SHA512
58262bd2e42f3d5cee4272dc0eee5bbc0429c1bfcf3cc0576508fa9a984275564dfad6da6fad7efdd6d7aa14df740e9006ecd0231fc012810a7cf605f5b2f569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54696.exe

Filesize
184KB

MD5
1d5da27524362761fc077e33d358d104

SHA1
12a02eb7918b924fcbcfb2d0d1a9c9e1e1fa1305

SHA256
effd82c675e7be2e8a921c96921acc12730588f77aec7a577856ab93e1f4e142

SHA512
5b8b0e31a8980e6024597000a51cfcd6e78d38b56a0419494c6f89b6616daa3e07e24f081794c36abbc80f2fae15473f70df916a6bc9661cf89281b2c52a132e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe

Filesize
184KB

MD5
60b6513e6308acd1a908da5e2dd49f5a

SHA1
d67f730a316bf853d076671ed13a7ee72e3d90f4

SHA256
ed701df13c8e21dd79fecc7d660c782e7d73115090016ae59a6ca60d0ed0ad77

SHA512
89349b81f13a1ffbaf008accacfb1fd3eabf894d63f7d0ba39381c3065087660616713a35eb8cadf7b9f1da1d25efc9ad0f1953eec1d7a84b31a8372ce806776

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads