a85afcc9faeaa7cfa24f54f2643afece299f0f39808e04a7c3186b56b37016de

Analysis

max time kernel
151s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 12:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cd25849bb70546a244c6649a8ddaac8.exe
Size

184KB
MD5

3cd25849bb70546a244c6649a8ddaac8
SHA1

6198c2e70bfd87e00c550da12527e4bde299dc4f
SHA256

a85afcc9faeaa7cfa24f54f2643afece299f0f39808e04a7c3186b56b37016de
SHA512

6d0da122cfc442d8122d3833bebe22c8859e5f5cb78a85d8e17946f616455bac63bfca5db11234aa373acb7fe7c603d160164c166c739f388d8a454d09b357d5
SSDEEP

3072:geOboJ2AWA0bOj4dTRcozObQIE6GiVIEDxx42PaH7lPdpFC:geCof70b3dNcozIS/D7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2416	Unicorn-52434.exe
2936	Unicorn-9855.exe
2728	Unicorn-60488.exe
3036	Unicorn-41231.exe
2660	Unicorn-5906.exe
1680	Unicorn-58444.exe
2944	Unicorn-33691.exe
3032	Unicorn-29969.exe
2308	Unicorn-442.exe
2896	Unicorn-49451.exe
2876	Unicorn-65273.exe
464	Unicorn-17633.exe
2940	Unicorn-12287.exe
1528	Unicorn-28432.exe
2564	Unicorn-44576.exe
1968	Unicorn-8566.exe
1816	Unicorn-24710.exe
2040	Unicorn-33201.exe
1388	Unicorn-16023.exe
636	Unicorn-165.exe
1144	Unicorn-7077.exe
1004	Unicorn-61981.exe
1952	Unicorn-60767.exe
2232	Unicorn-8613.exe
2400	Unicorn-42319.exe
2172	Unicorn-30726.exe
2320	Unicorn-62365.exe
2032	Unicorn-25791.exe
2764	Unicorn-52879.exe
2772	Unicorn-63014.exe
2752	Unicorn-61912.exe
2648	Unicorn-2234.exe
1796	Unicorn-20792.exe
2492	Unicorn-61227.exe
2588	Unicorn-2426.exe
616	Unicorn-17611.exe
2880	Unicorn-1959.exe
1776	Unicorn-29194.exe
1468	Unicorn-42188.exe
1084	Unicorn-15400.exe
2344	Unicorn-1368.exe
2476	Unicorn-39007.exe
576	Unicorn-34233.exe
1680	Unicorn-42349.exe
1364	Unicorn-49033.exe
2088	Unicorn-42380.exe
2836	Unicorn-14371.exe
1028	Unicorn-30516.exe
2860	Unicorn-19582.exe
3044	Unicorn-44579.exe
1616	Unicorn-51507.exe
1604	Unicorn-34787.exe
2216	Unicorn-50739.exe
2636	Unicorn-50355.exe
2680	Unicorn-37392.exe
3004	Unicorn-8969.exe
2280	Unicorn-15513.exe
3012	Unicorn-11792.exe
1644	Unicorn-57231.exe
2592	Unicorn-60609.exe
2040	Unicorn-58191.exe
1580	Unicorn-22674.exe
864	Unicorn-41506.exe
976	Unicorn-61372.exe

Loads dropped DLL 64 IoCs

pid	Process
1792	3cd25849bb70546a244c6649a8ddaac8.exe
1792	3cd25849bb70546a244c6649a8ddaac8.exe
2416	Unicorn-52434.exe
2416	Unicorn-52434.exe
1792	3cd25849bb70546a244c6649a8ddaac8.exe
1792	3cd25849bb70546a244c6649a8ddaac8.exe
2936	Unicorn-9855.exe
2936	Unicorn-9855.exe
2416	Unicorn-52434.exe
2416	Unicorn-52434.exe
2728	Unicorn-60488.exe
2728	Unicorn-60488.exe
3036	Unicorn-41231.exe
3036	Unicorn-41231.exe
2936	Unicorn-9855.exe
2936	Unicorn-9855.exe
2660	Unicorn-5906.exe
2660	Unicorn-5906.exe
1680	Unicorn-58444.exe
1680	Unicorn-58444.exe
2728	Unicorn-60488.exe
2728	Unicorn-60488.exe
3032	Unicorn-29969.exe
3032	Unicorn-29969.exe
2308	Unicorn-442.exe
2308	Unicorn-442.exe
2660	Unicorn-5906.exe
2660	Unicorn-5906.exe
2944	Unicorn-33691.exe
2944	Unicorn-33691.exe
3036	Unicorn-41231.exe
3036	Unicorn-41231.exe
2876	Unicorn-65273.exe
2876	Unicorn-65273.exe
2896	Unicorn-49451.exe
2896	Unicorn-49451.exe
1680	Unicorn-58444.exe
1680	Unicorn-58444.exe
3032	Unicorn-29969.exe
3032	Unicorn-29969.exe
2896	Unicorn-49451.exe
1528	Unicorn-28432.exe
1528	Unicorn-28432.exe
2896	Unicorn-49451.exe
2944	Unicorn-33691.exe
1968	Unicorn-8566.exe
1816	Unicorn-24710.exe
2944	Unicorn-33691.exe
1816	Unicorn-24710.exe
1388	Unicorn-16023.exe
1968	Unicorn-8566.exe
1388	Unicorn-16023.exe
2876	Unicorn-65273.exe
2876	Unicorn-65273.exe
464	Unicorn-17633.exe
464	Unicorn-17633.exe
2040	Unicorn-33201.exe
2040	Unicorn-33201.exe
2564	Unicorn-44576.exe
2564	Unicorn-44576.exe
2320	Unicorn-62365.exe
2320	Unicorn-62365.exe
2172	Unicorn-30726.exe
2232	Unicorn-8613.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
1068	2308	WerFault.exe	36
2260	636	WerFault.exe	51
2108	2940	WerFault.exe	40
2552	3004	WerFault.exe	87
2084	2460	WerFault.exe	107
2468	1176	WerFault.exe	127
388	908	WerFault.exe	106
2996	1580	WerFault.exe	157
2548	2608	WerFault.exe	149
2004	2428	WerFault.exe	132

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1792	3cd25849bb70546a244c6649a8ddaac8.exe
2416	Unicorn-52434.exe
2936	Unicorn-9855.exe
2728	Unicorn-60488.exe
3036	Unicorn-41231.exe
1680	Unicorn-58444.exe
2660	Unicorn-5906.exe
2944	Unicorn-33691.exe
3032	Unicorn-29969.exe
2308	Unicorn-442.exe
2896	Unicorn-49451.exe
2876	Unicorn-65273.exe
464	Unicorn-17633.exe
1968	Unicorn-8566.exe
2040	Unicorn-33201.exe
1388	Unicorn-16023.exe
1816	Unicorn-24710.exe
2564	Unicorn-44576.exe
1528	Unicorn-28432.exe
2232	Unicorn-8613.exe
636	Unicorn-165.exe
2400	Unicorn-42319.exe
2320	Unicorn-62365.exe
1004	Unicorn-61981.exe
1952	Unicorn-60767.exe
1144	Unicorn-7077.exe
2172	Unicorn-30726.exe
2032	Unicorn-25791.exe
2764	Unicorn-52879.exe
2772	Unicorn-63014.exe
2492	Unicorn-61227.exe
2588	Unicorn-2426.exe
1796	Unicorn-20792.exe
616	Unicorn-17611.exe
2880	Unicorn-1959.exe
2752	Unicorn-61912.exe
2648	Unicorn-2234.exe
2344	Unicorn-1368.exe
576	Unicorn-34233.exe
2476	Unicorn-39007.exe
1468	Unicorn-42188.exe
1680	Unicorn-42349.exe
1776	Unicorn-29194.exe
1364	Unicorn-49033.exe
2088	Unicorn-42380.exe
1084	Unicorn-15400.exe
2940	Unicorn-12287.exe
2836	Unicorn-14371.exe
1028	Unicorn-30516.exe
2860	Unicorn-19582.exe
3044	Unicorn-44579.exe
1616	Unicorn-51507.exe
1604	Unicorn-34787.exe
2216	Unicorn-50739.exe
2636	Unicorn-50355.exe
2680	Unicorn-37392.exe
3004	Unicorn-8969.exe
2280	Unicorn-15513.exe
3012	Unicorn-11792.exe
2592	Unicorn-60609.exe
1644	Unicorn-57231.exe
2040	Unicorn-58191.exe
864	Unicorn-41506.exe
1580	Unicorn-22674.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 2416	1792	3cd25849bb70546a244c6649a8ddaac8.exe	28
PID 1792 wrote to memory of 2416	1792	3cd25849bb70546a244c6649a8ddaac8.exe	28
PID 1792 wrote to memory of 2416	1792	3cd25849bb70546a244c6649a8ddaac8.exe	28
PID 1792 wrote to memory of 2416	1792	3cd25849bb70546a244c6649a8ddaac8.exe	28
PID 2416 wrote to memory of 2936	2416	Unicorn-52434.exe	30
PID 2416 wrote to memory of 2936	2416	Unicorn-52434.exe	30
PID 2416 wrote to memory of 2936	2416	Unicorn-52434.exe	30
PID 2416 wrote to memory of 2936	2416	Unicorn-52434.exe	30
PID 1792 wrote to memory of 2728	1792	3cd25849bb70546a244c6649a8ddaac8.exe	29
PID 1792 wrote to memory of 2728	1792	3cd25849bb70546a244c6649a8ddaac8.exe	29
PID 1792 wrote to memory of 2728	1792	3cd25849bb70546a244c6649a8ddaac8.exe	29
PID 1792 wrote to memory of 2728	1792	3cd25849bb70546a244c6649a8ddaac8.exe	29
PID 2936 wrote to memory of 3036	2936	Unicorn-9855.exe	33
PID 2936 wrote to memory of 3036	2936	Unicorn-9855.exe	33
PID 2936 wrote to memory of 3036	2936	Unicorn-9855.exe	33
PID 2936 wrote to memory of 3036	2936	Unicorn-9855.exe	33
PID 2416 wrote to memory of 2660	2416	Unicorn-52434.exe	32
PID 2416 wrote to memory of 2660	2416	Unicorn-52434.exe	32
PID 2416 wrote to memory of 2660	2416	Unicorn-52434.exe	32
PID 2416 wrote to memory of 2660	2416	Unicorn-52434.exe	32
PID 2728 wrote to memory of 1680	2728	Unicorn-60488.exe	31
PID 2728 wrote to memory of 1680	2728	Unicorn-60488.exe	31
PID 2728 wrote to memory of 1680	2728	Unicorn-60488.exe	31
PID 2728 wrote to memory of 1680	2728	Unicorn-60488.exe	31
PID 3036 wrote to memory of 2944	3036	Unicorn-41231.exe	34
PID 3036 wrote to memory of 2944	3036	Unicorn-41231.exe	34
PID 3036 wrote to memory of 2944	3036	Unicorn-41231.exe	34
PID 3036 wrote to memory of 2944	3036	Unicorn-41231.exe	34
PID 2936 wrote to memory of 3032	2936	Unicorn-9855.exe	35
PID 2936 wrote to memory of 3032	2936	Unicorn-9855.exe	35
PID 2936 wrote to memory of 3032	2936	Unicorn-9855.exe	35
PID 2936 wrote to memory of 3032	2936	Unicorn-9855.exe	35
PID 2660 wrote to memory of 2308	2660	Unicorn-5906.exe	36
PID 2660 wrote to memory of 2308	2660	Unicorn-5906.exe	36
PID 2660 wrote to memory of 2308	2660	Unicorn-5906.exe	36
PID 2660 wrote to memory of 2308	2660	Unicorn-5906.exe	36
PID 1680 wrote to memory of 2896	1680	Unicorn-58444.exe	38
PID 1680 wrote to memory of 2896	1680	Unicorn-58444.exe	38
PID 1680 wrote to memory of 2896	1680	Unicorn-58444.exe	38
PID 1680 wrote to memory of 2896	1680	Unicorn-58444.exe	38
PID 2728 wrote to memory of 2876	2728	Unicorn-60488.exe	37
PID 2728 wrote to memory of 2876	2728	Unicorn-60488.exe	37
PID 2728 wrote to memory of 2876	2728	Unicorn-60488.exe	37
PID 2728 wrote to memory of 2876	2728	Unicorn-60488.exe	37
PID 3032 wrote to memory of 464	3032	Unicorn-29969.exe	39
PID 3032 wrote to memory of 464	3032	Unicorn-29969.exe	39
PID 3032 wrote to memory of 464	3032	Unicorn-29969.exe	39
PID 3032 wrote to memory of 464	3032	Unicorn-29969.exe	39
PID 2308 wrote to memory of 2940	2308	Unicorn-442.exe	40
PID 2308 wrote to memory of 2940	2308	Unicorn-442.exe	40
PID 2308 wrote to memory of 2940	2308	Unicorn-442.exe	40
PID 2308 wrote to memory of 2940	2308	Unicorn-442.exe	40
PID 2660 wrote to memory of 1968	2660	Unicorn-5906.exe	41
PID 2660 wrote to memory of 1968	2660	Unicorn-5906.exe	41
PID 2660 wrote to memory of 1968	2660	Unicorn-5906.exe	41
PID 2660 wrote to memory of 1968	2660	Unicorn-5906.exe	41
PID 2944 wrote to memory of 1528	2944	Unicorn-33691.exe	42
PID 2944 wrote to memory of 1528	2944	Unicorn-33691.exe	42
PID 2944 wrote to memory of 1528	2944	Unicorn-33691.exe	42
PID 2944 wrote to memory of 1528	2944	Unicorn-33691.exe	42
PID 3036 wrote to memory of 1816	3036	Unicorn-41231.exe	47
PID 3036 wrote to memory of 1816	3036	Unicorn-41231.exe	47
PID 3036 wrote to memory of 1816	3036	Unicorn-41231.exe	47
PID 3036 wrote to memory of 1816	3036	Unicorn-41231.exe	47

C:\Users\Admin\AppData\Local\Temp\3cd25849bb70546a244c6649a8ddaac8.exe
"C:\Users\Admin\AppData\Local\Temp\3cd25849bb70546a244c6649a8ddaac8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52434.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 220
        8⤵
        Program crash
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2426.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11956.exe
        11⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41784.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22674.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61266.exe
        10⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        12⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30726.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42380.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37392.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30729.exe
        10⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56680.exe
        12⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3996.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        11⤵
        
        PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61372.exe
        9⤵
        Executes dropped EXE
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41588.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        11⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
        12⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12719.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28266.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24960.exe
        11⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        9⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
        11⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1959.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30516.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16587.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        11⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20309.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24200.exe
        12⤵
        
        PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        9⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
        9⤵
        Program crash
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
        8⤵
        Program crash
        
        PID:388
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
        7⤵
        Program crash
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
        6⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40759.exe
        9⤵
        
        PID:1580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 188
        10⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 216
        8⤵
        Program crash
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        8⤵
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
        8⤵
        Program crash
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
        7⤵
        Program crash
        
        PID:2084
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
        6⤵
        Program crash
        
        PID:2108
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
        5⤵
        Program crash
        
        PID:1068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17611.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51507.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11979.exe
        9⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8988.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1194.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
        10⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34787.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50073.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        12⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54485.exe
        10⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8943.exe
        8⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54345.exe
        10⤵
        
        PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16023.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50355.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14776.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
        10⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44667.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24951.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
        10⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54402.exe
        11⤵
        
        PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63014.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39007.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37324.exe
        9⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60448.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
        8⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        9⤵
        
        PID:344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62365.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17019.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63183.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27375.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41220.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9543.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        10⤵
        
        PID:2932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24710.exe

Filesize
184KB

MD5
cae92828831e1bbf482c1559f57879d0

SHA1
3dd85638f148727804665e0d1f049f2faa79f5d1

SHA256
d952d2b65bd5f8ccef2ed62be7d444948f38ecb29f31b92eaa46e660f8fd831e

SHA512
ea906b7280c1fd2a6a1b9bb74673c5286de45ed0411a8165f61355255c5cd35eb56ad112ca7fa2083527e485671ba9d77fd7f68a2d29656108f08d3326b77d23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe

Filesize
184KB

MD5
77679d8e29e549137f7f00f8d1077969

SHA1
43410dc60d692daa255e5d6e6f0bbd1c69d7e6ab

SHA256
e71e645dbcb754df06fa325a35bf5c1d15c6a7c8dd377a1e55bc749ca33a4791

SHA512
dd0a469765ff94826de96de2277d8453a64577fe4dc501d83a1d5b3aeb9ceb4037e7078aad0e886081263a936113e4c983a451fbf88cbfbdd4d250860274a1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe

Filesize
184KB

MD5
9330bd7d9b94ffec8fa91ded40edd599

SHA1
4fae341035b99487ee9b458fda158550727766f2

SHA256
f04c93781c33ecfe08cead4cefa658d1e6bd5a85bf0d5d96a7eefe71116a6b08

SHA512
77aea142bab43e1d9be7a1e3f47a6510406c4b0be8062e4c94c10655fd475bfecb2fadce9eab8672a2c35675bed029b42f5feda04d8e9833805364f7b51075bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe

Filesize
184KB

MD5
829462bf50ed245b883edfc01d9c4076

SHA1
cf5814a8702af79f767e4ee8e3c735cd0be012bd

SHA256
43c34feb650bff666800ea6dcbee1ce2f5d07d7b18c8fb38c3e51956d798fabe

SHA512
d91430553d4394239779dd3a03d3eeacbce63be4eea2b1e0aedbf17705db502437580aaec46b3d78596b70af9a8ac5e18c6bec7bd544209f367f6df2d56bb8c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41231.exe

Filesize
184KB

MD5
7dafb155d3949e54538ad5e5f33ab9dc

SHA1
004dc67bfa92c893aa6e63cccfed3bc32b095cbd

SHA256
49bd6d6c485eb4bcf98773ba15388c900342f72d927a80924df6db8f9f7d5820

SHA512
32d228de4c4cd48674b70845bd3562d6289ffd92d12b8609d23b8c2db103332616ebefbc88cd04685c7bf536dc90179a167bab0beac0c5647f8909bb8ab0ae4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49451.exe

Filesize
184KB

MD5
1a031757c804b0672138d16511f64528

SHA1
881154b1fd7f84d72a62db6cc1f60712ac369b11

SHA256
45556df09534ee659526421d6dbbd0936966164f7d90aa1d6370dbb79ba5b4cf

SHA512
bdd04d4706221d3431b15adcd38dacc5cd4006f5f27eda67bc69c0fe4c4ca2d22241fefe9b63945b8a315dca098dbcabcae0a190c74cc402b3ac6cbfa1f29c1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58444.exe

Filesize
184KB

MD5
ebe3db76442dc61ea73445e5735a435f

SHA1
4504f5e3f97d877844f78376589e97dd1cf06b03

SHA256
8c1864754b8a38689eea43be47775f50790318b7d3b189b8ffe78b599698a335

SHA512
28487adcf4b5301c038a2b34e4d13a9b615e7b2ecf2098ba4f252cc726194d7ad9116d37f46fbe960afe285a44487dee8a068dbffe80378b45a2be6e65ddcbd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5906.exe

Filesize
184KB

MD5
97793bbb8f4cb9f59b88c298b57d99b9

SHA1
843154651ea5703a4ca65e3deabf2533e50c63c7

SHA256
5afa8b8ace72e2c920d574b5913c625177e040506c02ecefe59dfcf9109e1c90

SHA512
42e656e41d383db906d48e941cc92726b89047449212f2db168b7f0d98b339b901580ad563f1a8b8dca882b8292dbb80aefd71f4dc9bba4457b10d7a016afaf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe

Filesize
184KB

MD5
ea850d83a82ffc364ece2d6b60765911

SHA1
67fc5c63cab224d3a052589f21c5177702208852

SHA256
8169443a514eb063afbd1aa1e31d644760a071c3d1e80e46d07da32a5dfb27e9

SHA512
33b8e736d9d2ec261cbf65f6798a0b441db5e56ebe486843b6898f2b42b5f882fae8f581d15a85f67b27f85605ba48be31f3a22a466f10069cbab126bb789f87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe

Filesize
184KB

MD5
228ea3e7266a67354ce4b86999591ee8

SHA1
347d85edc5a2722a8ff7884edaba017905fabb98

SHA256
aaa0f4f39478910f9b7b2b43c459c6f86d11798b1de403d6084768fb99fd35f5

SHA512
c35777f2e864b06186540bb6a05ae441598f8efbaf9562487d2c9101b6be56e0aafef44abd2c455a1e6adf3b169deed019d2ceea3c907da804f8d45abfffafce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8566.exe

Filesize
184KB

MD5
e3c3081f39e2197a6dec413928551ff3

SHA1
b2399640a0db7d5e40a7580d036a2494fdb95fb8

SHA256
c8eea4b822651549ec9fec66c23df756b7a0d0c2fe3de2f8182004d317a073f8

SHA512
256b277d94bc2361f2ebf9aaf10f8ab001a1c2a1c778882687b403c3837b0689a176db8328079b5890c1951d7688a9f1dec2d11a2f906c01105f07165b47a526

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9855.exe

Filesize
184KB

MD5
ed49a6690ce1a8e1ea5e56051cdef4e4

SHA1
efe8385aea4e68d4effbda8a6073219296afc22f

SHA256
a473ba6d2e21f2ee9015629d3b09b0c5660b7415facc363b2712593287781499

SHA512
6f3ce5c92eff4b250e495aaa3a31cbb2f29631c2b07c83bbc0ca61dd4962b7f82777de4b3e38045292850e4b4a9267132d1280de57e43a387319f48e65ec5bb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe

Filesize
184KB

MD5
987b7fa79099736737f91fd3eb298aa2

SHA1
bb91dd8652ee40d7d020dfb92c052a433a3e33d9

SHA256
5b883efe04ece7fe75901639c73eb1b5830fc3d24d072c80ec1585a9daeceb28

SHA512
fea5064b122b1340061024e68fa8535d5d2f783b78b3a0dcf3dfdb1a9fe608c04c3175b7c3c6899d6c29553bf7d75b99bdfbd495baeae1c4ead2b4bc1499ff96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17633.exe

Filesize
184KB

MD5
8b1c95e240f201bba358507cc75c8262

SHA1
faf1f954a8a295d7aa9f09b45977f8e1f492b96a

SHA256
c005204f5ad817782d6a3d54c4b10fd71524ec39f0fa2891ec8b3009c9fd28ba

SHA512
3c85af3c74e2567835fcdcb6cf772e8653c053252d157f455a52a1f572d7e6241c08347a85d205b7aa7a6b077a09fd81b26169016c81c53b69309fbcae58544e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe

Filesize
184KB

MD5
26e227a12267cdc8e8437587553837c0

SHA1
fc4bbad70ed2817685db965d3b7c91e61828de1d

SHA256
887f8848f103b06111cfbe1cc6f1c598f3234b68b840d8efb69b66b4d13e2327

SHA512
e96f797bbb75c48839ae3e9d84a47a20b6fccceebe5b299d20052865dce437e8c0ede6511384e024dfcb3dc9d06bf3c69460c4f026b68e1041c51938089a4eb1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe

Filesize
184KB

MD5
3ac7723fb9c84b06bf1f8a4f61e54fb6

SHA1
a45dbdd99d2e21f613f0659864312e26f0ff4a1c

SHA256
ca9bc5961e183bd6cb824952b481c95d4bc7daa95e447c77f168abda49c7727f

SHA512
a7140db42c38b0c6c2c8ba57631423122820c0ab45dbbdd782ef2224dd1a030ea519789568fa8ca792f4b6856a020aa2be62a2b58a52ff203dbade90e82faca1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe

Filesize
184KB

MD5
324f5fcb4c6af3159ebfe08d790ec897

SHA1
2ff0f035d28e2ed0bdb063a4a355e19585fdf062

SHA256
8a8ddefb37fc3720c0e498341c94b41b572680a19834de2bbea86ba320e43a2a

SHA512
3a86a6dc6cc7e9b47dbb08fedbab6f4114f8d1f7d0e121c9b2e0ad0316738cf16a19b950892793e06d5d969d61c6f99d666b07b4d81ee0c0d2bf3bcfbcd6b245

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-442.exe

Filesize
184KB

MD5
e5ba67d661a96c0fab58069d12533404

SHA1
f2d42f2a7944ff81441eeaf6a41f04faa556b67d

SHA256
88a648e107999251c77f53d77831e3b65b58169a8c2e6c47913d0a23f682ef01

SHA512
d0c92f2d6aefcaad799578588fe4a46bc933c4230ea3b834390a22a85b68bc7ec5364ce8d4dce8439cc9281f0fb53f410869e62a2f632188c7782f05b9936a6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe

Filesize
184KB

MD5
794d30271d0396d848f5a67d3ae6e2dd

SHA1
86dcce22edbf5e58e0792787cc0e82d7544c4d80

SHA256
e97dd6845c4fd0d919a6f316fc2b21b5249a473b9723f939641a58c0286457e1

SHA512
7ef148a85702675b9d0d2e89cef3df4ab5dc6d111abf45839a873ba363bc8f47dc595801bb7bf7f2479193690438177a0b198b3ce464697c66a4b5e5f96bff45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65273.exe

Filesize
184KB

MD5
2717184abd3b7f68847a07f0445f23bd

SHA1
c95b29b811c0280ed06da16983841546607f012a

SHA256
cfff1b12c3ce5749425c690b220a8fee2ab417d740642fb2ff05f911f97e78fc

SHA512
90a388f0b33b9f701bf0c1331237ab93a013ce0130793c0ff4f1906132aef0de95884e6d8d2d24c43c235fe52cca5835b16c23a0f85a18dcdfb5011e2d12eb9f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads