5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
Size

184KB
MD5

f485397ac62148b97964bd00aaefb7a1
SHA1

cfd7631da02f3aaafa68a7d605c3cb22668cd642
SHA256

5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41
SHA512

9a5192aa17c244d5b1958c8d3f62ca1b291b840d5dc4be4f742ac2f72cd3262ccdb33cd3b0b7815903fa9da2399d1d0b6a54c2ae3696491634a26e8fcd2ed2e4
SSDEEP

3072:z3di0koR83jxq4xtWh38hhm+lvMqnvEe/:z3MoS04xO8Pm+lEqnvEe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 60 IoCs

pid	Process
2940	Unicorn-18126.exe
2680	Unicorn-6511.exe
2080	Unicorn-30461.exe
2484	Unicorn-11000.exe
2700	Unicorn-25945.exe
2624	Unicorn-64185.exe
2548	Unicorn-15084.exe
2408	Unicorn-3491.exe
2388	Unicorn-40994.exe
760	Unicorn-5437.exe
1432	Unicorn-35899.exe
1308	Unicorn-36164.exe
536	Unicorn-42940.exe
1840	Unicorn-60760.exe
2000	Unicorn-53294.exe
1632	Unicorn-62853.exe
1112	Unicorn-40295.exe
2164	Unicorn-8177.exe
2592	Unicorn-34164.exe
2428	Unicorn-30.exe
2244	Unicorn-55069.exe
632	Unicorn-54804.exe
2676	Unicorn-48939.exe
2252	Unicorn-65375.exe
1292	Unicorn-46139.exe
1064	Unicorn-35203.exe
2596	Unicorn-12265.exe
720	Unicorn-18396.exe
876	Unicorn-53761.exe
1508	Unicorn-8317.exe
2888	Unicorn-55785.exe
2264	Unicorn-26874.exe
2928	Unicorn-8016.exe
1692	Unicorn-40610.exe
2812	Unicorn-46475.exe
2248	Unicorn-11078.exe
2128	Unicorn-8007.exe
2932	Unicorn-10807.exe
2476	Unicorn-16938.exe
2536	Unicorn-16672.exe
2840	Unicorn-62609.exe
2488	Unicorn-57009.exe
2660	Unicorn-52111.exe
2492	Unicorn-60108.exe
2380	Unicorn-60108.exe
2540	Unicorn-11545.exe
2776	Unicorn-31146.exe
2780	Unicorn-24678.exe
552	Unicorn-2779.exe
2200	Unicorn-56335.exe
1052	Unicorn-4040.exe
2016	Unicorn-4040.exe
1920	Unicorn-9905.exe
624	Unicorn-1240.exe
1312	Unicorn-19198.exe
1152	Unicorn-25445.exe
1368	Unicorn-24914.exe
2280	Unicorn-8379.exe
2364	Unicorn-27714.exe
1960	Unicorn-13979.exe

Loads dropped DLL 64 IoCs

pid	Process
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2940	Unicorn-18126.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2940	Unicorn-18126.exe
2940	Unicorn-18126.exe
2680	Unicorn-6511.exe
2680	Unicorn-6511.exe
2940	Unicorn-18126.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2080	Unicorn-30461.exe
2080	Unicorn-30461.exe
2484	Unicorn-11000.exe
2484	Unicorn-11000.exe
2680	Unicorn-6511.exe
2680	Unicorn-6511.exe
2624	Unicorn-64185.exe
2624	Unicorn-64185.exe
2548	Unicorn-15084.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2548	Unicorn-15084.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2940	Unicorn-18126.exe
2940	Unicorn-18126.exe
2080	Unicorn-30461.exe
2080	Unicorn-30461.exe
2700	Unicorn-25945.exe
2700	Unicorn-25945.exe
2408	Unicorn-3491.exe
2408	Unicorn-3491.exe
2484	Unicorn-11000.exe
2484	Unicorn-11000.exe
2388	Unicorn-40994.exe
2388	Unicorn-40994.exe
2680	Unicorn-6511.exe
2680	Unicorn-6511.exe
760	Unicorn-5437.exe
760	Unicorn-5437.exe
2080	Unicorn-30461.exe
1840	Unicorn-60760.exe
536	Unicorn-42940.exe
536	Unicorn-42940.exe
2080	Unicorn-30461.exe
1840	Unicorn-60760.exe
2940	Unicorn-18126.exe
2940	Unicorn-18126.exe
2624	Unicorn-64185.exe
2624	Unicorn-64185.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2700	Unicorn-25945.exe
2700	Unicorn-25945.exe
2000	Unicorn-53294.exe
2000	Unicorn-53294.exe
1432	Unicorn-35899.exe
1432	Unicorn-35899.exe
2548	Unicorn-15084.exe
2548	Unicorn-15084.exe
1112	Unicorn-40295.exe
1112	Unicorn-40295.exe
2388	Unicorn-40994.exe
2388	Unicorn-40994.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2216	2428	WerFault.exe	47

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
2940	Unicorn-18126.exe
2080	Unicorn-30461.exe
2680	Unicorn-6511.exe
2700	Unicorn-25945.exe
2484	Unicorn-11000.exe
2548	Unicorn-15084.exe
2624	Unicorn-64185.exe
2408	Unicorn-3491.exe
2388	Unicorn-40994.exe
760	Unicorn-5437.exe
536	Unicorn-42940.exe
1432	Unicorn-35899.exe
1308	Unicorn-36164.exe
1840	Unicorn-60760.exe
2000	Unicorn-53294.exe
2164	Unicorn-8177.exe
1112	Unicorn-40295.exe
2592	Unicorn-34164.exe
2428	Unicorn-30.exe
2244	Unicorn-55069.exe
1292	Unicorn-46139.exe
720	Unicorn-18396.exe
632	Unicorn-54804.exe
2596	Unicorn-12265.exe
876	Unicorn-53761.exe
1064	Unicorn-35203.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2940	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	28
PID 2760 wrote to memory of 2940	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	28
PID 2760 wrote to memory of 2940	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	28
PID 2760 wrote to memory of 2940	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	28
PID 2760 wrote to memory of 2680	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	30
PID 2760 wrote to memory of 2680	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	30
PID 2760 wrote to memory of 2680	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	30
PID 2760 wrote to memory of 2680	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	30
PID 2940 wrote to memory of 2080	2940	Unicorn-18126.exe	29
PID 2940 wrote to memory of 2080	2940	Unicorn-18126.exe	29
PID 2940 wrote to memory of 2080	2940	Unicorn-18126.exe	29
PID 2940 wrote to memory of 2080	2940	Unicorn-18126.exe	29
PID 2680 wrote to memory of 2484	2680	Unicorn-6511.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-6511.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-6511.exe	32
PID 2680 wrote to memory of 2484	2680	Unicorn-6511.exe	32
PID 2940 wrote to memory of 2700	2940	Unicorn-18126.exe	31
PID 2940 wrote to memory of 2700	2940	Unicorn-18126.exe	31
PID 2940 wrote to memory of 2700	2940	Unicorn-18126.exe	31
PID 2940 wrote to memory of 2700	2940	Unicorn-18126.exe	31
PID 2760 wrote to memory of 2624	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	33
PID 2760 wrote to memory of 2624	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	33
PID 2760 wrote to memory of 2624	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	33
PID 2760 wrote to memory of 2624	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	33
PID 2080 wrote to memory of 2548	2080	Unicorn-30461.exe	34
PID 2080 wrote to memory of 2548	2080	Unicorn-30461.exe	34
PID 2080 wrote to memory of 2548	2080	Unicorn-30461.exe	34
PID 2080 wrote to memory of 2548	2080	Unicorn-30461.exe	34
PID 2484 wrote to memory of 2408	2484	Unicorn-11000.exe	35
PID 2484 wrote to memory of 2408	2484	Unicorn-11000.exe	35
PID 2484 wrote to memory of 2408	2484	Unicorn-11000.exe	35
PID 2484 wrote to memory of 2408	2484	Unicorn-11000.exe	35
PID 2680 wrote to memory of 2388	2680	Unicorn-6511.exe	36
PID 2680 wrote to memory of 2388	2680	Unicorn-6511.exe	36
PID 2680 wrote to memory of 2388	2680	Unicorn-6511.exe	36
PID 2680 wrote to memory of 2388	2680	Unicorn-6511.exe	36
PID 2624 wrote to memory of 760	2624	Unicorn-64185.exe	37
PID 2624 wrote to memory of 760	2624	Unicorn-64185.exe	37
PID 2624 wrote to memory of 760	2624	Unicorn-64185.exe	37
PID 2624 wrote to memory of 760	2624	Unicorn-64185.exe	37
PID 2548 wrote to memory of 1308	2548	Unicorn-15084.exe	38
PID 2548 wrote to memory of 1308	2548	Unicorn-15084.exe	38
PID 2548 wrote to memory of 1308	2548	Unicorn-15084.exe	38
PID 2548 wrote to memory of 1308	2548	Unicorn-15084.exe	38
PID 2760 wrote to memory of 1432	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	39
PID 2760 wrote to memory of 1432	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	39
PID 2760 wrote to memory of 1432	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	39
PID 2760 wrote to memory of 1432	2760	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	39
PID 2940 wrote to memory of 1840	2940	Unicorn-18126.exe	40
PID 2940 wrote to memory of 1840	2940	Unicorn-18126.exe	40
PID 2940 wrote to memory of 1840	2940	Unicorn-18126.exe	40
PID 2940 wrote to memory of 1840	2940	Unicorn-18126.exe	40
PID 2080 wrote to memory of 536	2080	Unicorn-30461.exe	41
PID 2080 wrote to memory of 536	2080	Unicorn-30461.exe	41
PID 2080 wrote to memory of 536	2080	Unicorn-30461.exe	41
PID 2080 wrote to memory of 536	2080	Unicorn-30461.exe	41
PID 2700 wrote to memory of 2000	2700	Unicorn-25945.exe	42
PID 2700 wrote to memory of 2000	2700	Unicorn-25945.exe	42
PID 2700 wrote to memory of 2000	2700	Unicorn-25945.exe	42
PID 2700 wrote to memory of 2000	2700	Unicorn-25945.exe	42
PID 2408 wrote to memory of 1632	2408	Unicorn-3491.exe	43
PID 2408 wrote to memory of 1632	2408	Unicorn-3491.exe	43
PID 2408 wrote to memory of 1632	2408	Unicorn-3491.exe	43
PID 2408 wrote to memory of 1632	2408	Unicorn-3491.exe	43

C:\Users\Admin\AppData\Local\Temp\5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
"C:\Users\Admin\AppData\Local\Temp\5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8317.exe
        5⤵
        Executes dropped EXE
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe
        6⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37303.exe
        6⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        6⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50070.exe
        6⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2779.exe
        5⤵
        Executes dropped EXE
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64638.exe
        5⤵
        
        PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51348.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65375.exe
        5⤵
        Executes dropped EXE
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62609.exe
        5⤵
        Executes dropped EXE
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
        5⤵
        Executes dropped EXE
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
        5⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
        5⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
        5⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48939.exe
      4⤵
      Executes dropped EXE
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
      4⤵
      Executes dropped EXE
      PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24914.exe
      4⤵
      Executes dropped EXE
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
      4⤵
      PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29975.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7121.exe
      4⤵
      PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32901.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15659.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13981.exe
      4⤵
      PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15069.exe
        6⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59143.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        6⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        5⤵
        Executes dropped EXE
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9899.exe
        5⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12251.exe
        5⤵
        
        PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21241.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48893.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9319.exe
        5⤵
        
        PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31146.exe
      4⤵
      Executes dropped EXE
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7099.exe
      4⤵
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52588.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59912.exe
      4⤵
      PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
      4⤵
      PID:3116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55069.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16938.exe
        5⤵
        Executes dropped EXE
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
        5⤵
        Executes dropped EXE
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1701.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50976.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16921.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44529.exe
        5⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
        5⤵
        
        PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
      4⤵
      Executes dropped EXE
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58903.exe
      4⤵
      PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
      4⤵
      PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33848.exe
      4⤵
      PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45137.exe
      4⤵
      PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
      4⤵
      PID:1540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58320.exe
      4⤵
      PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8007.exe
    3⤵
    - Executes dropped EXE
    PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8379.exe
    3⤵
    - Executes dropped EXE
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37572.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24640.exe
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
    3⤵
    PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
    3⤵
    PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
    3⤵
    PID:3604
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
        5⤵
        Executes dropped EXE
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        5⤵
        Executes dropped EXE
        
        PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
        5⤵
        Executes dropped EXE
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
        5⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64015.exe
        5⤵
        
        PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1916.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27238.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5754.exe
        5⤵
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46020.exe
        5⤵
        
        PID:3356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
        5⤵
        Executes dropped EXE
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46843.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        5⤵
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
        5⤵
        
        PID:436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
        5⤵
        
        PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
      4⤵
      Executes dropped EXE
      PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30031.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13141.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        5⤵
        
        PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9905.exe
      4⤵
      Executes dropped EXE
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20273.exe
      4⤵
      PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54822.exe
      4⤵
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6335.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43394.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
      4⤵
      PID:3632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55785.exe
        5⤵
        Executes dropped EXE
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
        5⤵
        Executes dropped EXE
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
        5⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50388.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
        5⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8016.exe
      4⤵
      Executes dropped EXE
      PID:2928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4040.exe
      4⤵
      Executes dropped EXE
      PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54140.exe
      4⤵
      PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
      4⤵
      PID:1952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41407.exe
      4⤵
      PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60108.exe
      4⤵
      Executes dropped EXE
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
      4⤵
      PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23900.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24307.exe
      4⤵
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16999.exe
      4⤵
      PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12376.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
      4⤵
      PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
    3⤵
    - Executes dropped EXE
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1240.exe
    3⤵
    - Executes dropped EXE
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16194.exe
    3⤵
    PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
    3⤵
    PID:112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47873.exe
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47755.exe
    3⤵
    PID:2236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38870.exe
    3⤵
    PID:3440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2428
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
        5⤵
        Program crash
        
        PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11078.exe
      4⤵
      Executes dropped EXE
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
      4⤵
      Executes dropped EXE
      PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56937.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34440.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33987.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39194.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
      4⤵
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35203.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10807.exe
    3⤵
    - Executes dropped EXE
    PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63939.exe
    3⤵
    PID:2340
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
    3⤵
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42599.exe
    3⤵
    PID:3220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24678.exe
    3⤵
    - Executes dropped EXE
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59122.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18687.exe
    3⤵
    PID:1208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
    3⤵
    PID:2144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46139.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35490.exe
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
    3⤵
    PID:1484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46021.exe
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45519.exe
    3⤵
    PID:3460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
  2⤵
  - Executes dropped EXE
  PID:2488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25445.exe
  2⤵
  - Executes dropped EXE
  PID:1152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27271.exe
  2⤵
  PID:2052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
  2⤵
  PID:764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28840.exe
  2⤵
  PID:948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49122.exe
  2⤵
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
  2⤵
  PID:2764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
  2⤵
  PID:1120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
  2⤵
  PID:3588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12265.exe

Filesize
184KB

MD5
41a1c7994f33bf272160e020076a090e

SHA1
5e058299c265850b7e97f0b8b57f266ade48dda8

SHA256
1a5847d0c7aa1fbfa0129c352a2af62ad117176f811ce65cab0431be40c42226

SHA512
3c34c9e15dcaf05fa864f596711baf6be2bc62a828f96f9afb15369c54d8b362abbd67785a71582ab527d54dc5c25ba959b69966d02682c74b494b41b0057ef4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe

Filesize
184KB

MD5
56b13f8f42491c673d9080d026c90ed8

SHA1
012d5cc241832e749e297522022d8c9b10931c84

SHA256
65f7f388fc2c6fa704269b8316b92ed3bbeb25016377fbf0c41cc30cfcf28b23

SHA512
3fa1b39ea06c9acfd77b6b429fd69201652473bfd4024c194059f4a5aff7af26de10bf8098fe85382d70ae32f5ed3d96e9bc4d5129c6843c4dbd2264f191f20f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36164.exe

Filesize
184KB

MD5
a629556cfadadbe5fd22bf7ac65b25cd

SHA1
bea92ddc7b4fee5a798029cfad2546f3368a4a5a

SHA256
821c472409147fea1c3b205a426ddeef3e3f91cfce3ad5455a2ec32daa3b5854

SHA512
85f644df909a4ce9188434e8fd551f6beb28e680f2102a32b7ab88151df7499594cf44a0ef0f608113cdcaadfabe803d2b30bf165b32e52d917d08ba587d8fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40295.exe

Filesize
184KB

MD5
30a241847246eff6d55866fd2c785c5c

SHA1
039f9aebbe086f5be5110a2e6627f01f2edae248

SHA256
4695c5ffe17ba70affa76c90c1c9453ace2e9b349ddd0572c67ca9d775e114ff

SHA512
8aae9c93bdc7f14951ecfee6e204f56e6adaab8a64948b75a7130f3150d1ee8196bd2d7208456a76ebc77ad8c00feb0de438ed4b30810873335fe5479dc673be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe

Filesize
184KB

MD5
d34b8b2216c8c67f0a1a60a4f6244c9f

SHA1
ff1f4f41483270b0f5dda8c875ca367c958f55ec

SHA256
099c706fde9cd61bec1057c7a3296dd18d05ae304bf3d67e5a6de3c51244c188

SHA512
8a2f3f20c568fdab9e43857a0ad4a4533cf9a4969dc1128390bb435e509fe97b726a1209bba8d50b97a0d961e393a75902ebdeccb3562dcff9605e1e71d0d575

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe

Filesize
184KB

MD5
76b745b84cd22c6b23da226be2321a25

SHA1
2d88524222c3a2edda87265c8bac9b4515b4fb2d

SHA256
0620f055c7bd9ab97e78d410befe3f61b193051c799dcac48e263d66983486a6

SHA512
9e4263224acdeb8c80dd8b54940815ce8a78a7e8338d97ec1cc6f7453910f7c31099325a655d745354a838983f108898a0b0b2eb58ec556fd054841ced745bf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe

Filesize
128KB

MD5
a24a6584a686f0dc0a31dc70ad4c4b52

SHA1
79066beccc6b8e66346b32bb0579c05641858026

SHA256
13c0e701f354abae9da9927d8bd7c97486691e97fce9c3ddcf2a42cba8094cca

SHA512
3df7797b86611e38484acf04636a21972b0b5f07570298e98c84112aaa83e8b865ed1c14c45d8643b94ccf429b6b38e95972a95028f5bb466fa8b2ea173a70c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5437.exe

Filesize
184KB

MD5
fe0414339d817dc5514cc42da425a3cd

SHA1
8fa30a013a5811492830f1285e737c034d5a125b

SHA256
bc04d9b7ed36eac659b98393688dc15b598b33145346ff7590501396c3c8b962

SHA512
a3edfc86ea5c60cc39fde42401691141ce6b55437b6616647083113af32c0ca9c1cd816dccbfafb10102d048ca78f342fd18e50942b96a4f6e2f6c21bbc543c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60760.exe

Filesize
184KB

MD5
2267f023889883a6e5f923bb7b1223ed

SHA1
17f7ee391fe8eb5d8fbc8e83dc49930c4d7b9381

SHA256
16a6e2bbe29c9164037026940c50d94535e34c828156906417ab444646d816af

SHA512
46631791d43ebc13064bce90cb8da0a192a86457e0b89dc89b236a59144095ae445d9881571f1030910a3bbb49f68f065927f3a88126ed826d0e385e9e734978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6232.exe

Filesize
184KB

MD5
181c4a4e1b2ecc6d2009f9dc21f2541a

SHA1
b5ea747e1f4d959df49df0f1434ce466985400df

SHA256
a257b76a5b4986554716ca7662bb9ff27b8fc6b433609d5bc5bdbfec4e981827

SHA512
ef4ea55e1ea2e5831a3f0789658bd114e1c74619e2c14eb866c197558ddaf49738d252be432cba185b9b136fc5d74626d65d53f54df62f826bb5f6466623a3a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11000.exe

Filesize
184KB

MD5
db7946cd8e032fec32a4f01d6723a18b

SHA1
537c2b0c0b27ae34b4e4bb1787d3d938113b8eff

SHA256
db6f0166f9d67945e01ab1c144b81e551ac3a0b1aeca9dcd696b3c145037f680

SHA512
86b092ce84555cd4ddf85e94ace912af99b62364f97a1470a5416e83863ee77d1160fe2b04a193834c6c2b09c7427693d9e5bfc579283fe37d1f8e4463bbf039

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe

Filesize
184KB

MD5
bf7615f1cf0f16d45cb4ab8e77d63c48

SHA1
40076a4be49d4aac124fa1a6f6aafd60f8127651

SHA256
c63cbc929572f6c7a50dfa7d0928417f2aec936862d326ad28c95625e769e059

SHA512
6993e7474765270e2a6d7c65bd34c8021dbeeb7860440cee716547bc4813374a4e926bd6999f23d47ab179cbb1a61464d82f7dc3ae222a2e95267f05ee240a2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18126.exe

Filesize
184KB

MD5
351bc5b7672d368faabb25c1565c0472

SHA1
78d56a372a304a333a2ee1b3ee7bf13cc73b60df

SHA256
d8821ac82d85f6d75741c037af97b60014c9430af4e0cb228fd3b10f336b4472

SHA512
2e3bcacd3573d0c2e9e387516d75a6a62133e20b57914b4e0edd7aa2770c0e3f4b0cf5f36b0fb8b114380dff2e674cde2145ac207656bd1c72a599b989044741

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe

Filesize
184KB

MD5
be4313f07e5b98573d8bf7fc3fa0f5da

SHA1
4e469d5437df0f2f8f452ad4fbc06480589d5f7e

SHA256
5ad246e80cf2a3ec73fb38943a7128251b3e15c268e6f96b73fd1f2822e3264b

SHA512
8d9ad91682feea027e071bdcf2502d7c252c51d6a76e31598d89b9540eb4802ef45deb5f9c57bd4e98c1c3306507226fa7fb9c4da84cf95b8a9d9e40439d556f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30461.exe

Filesize
184KB

MD5
6bf9331e2a4cc31782e01b5254fb76ac

SHA1
43f33d012c1ca06c78dff00bfea3b60670fa3963

SHA256
236ada43e8ce9626a810a3c71be64a1a888d6dc66b43ab96de1f523afef12b27

SHA512
23caba77638e3d92eb5441fc9f81c4a1c00912ee48fc9302f9dbd6309e1b019fe450a405bf550f59b4f5fe83e722064d0b2196c1b40291ed7eaccddeda414a9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe

Filesize
184KB

MD5
fc50140383415e54b7f1e43cb4ea7635

SHA1
cfd1497408ff5c96ecf00c85a024954f2c34ffd0

SHA256
0359479b53d60eb5a2787e04ec0b1f3e17299b5f45ba03f9d677c33aefa75bb1

SHA512
e098fefdf0a1b4d0f551901c0c68099b641bc199a870a94ca49a97972c46b397a9f816530a98abbc0cfbfa9a7f5de09377d20f6722017aac84d559f1c8d3174c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3491.exe

Filesize
184KB

MD5
81d58b5485479f047d3a68e2755dd7cf

SHA1
e579848dc5c41da07112872ad41921636f564ec3

SHA256
8ea29950dcfa29f7002ec2d70df9cf597f1945c8a5052c82e8e8d5b37b0e34d0

SHA512
c5fff272954ff14124a41984138fcf6696392c7503c39252be81f8fdfcbafc10ac49add39ec51dc6182b01ca2c96f5319a4553373018af8256d5a1814372b94e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40994.exe

Filesize
184KB

MD5
a9b809d7c2431d9a518349ee349fb627

SHA1
4dc727ab1cd439a659aa75d545d156a129fffac7

SHA256
dbb9c85fa9e1eb436d24588810d83f59122e542df368a0e490708073fd84cf7b

SHA512
a6d1fc0c16a3f14fb3866520e59cd4eee1db941ca2d24a73fdc5d12eb374a0316747fc616f534825c7b9ca94723e288de3e825d7b047836cebbab72556470274

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe

Filesize
184KB

MD5
fe113e5a7887e1d62290ae7d299b0a04

SHA1
bbe9382fe3d4f0961c29e1f3c8ea7023932394c4

SHA256
f89863c818fb23ee206ac9db0317a40a9c89e8a9695f4a18b141680fa3dbae96

SHA512
f34d26c1488f2d98c70df15f4107e03bc4098a6d07ddced43508b4ae90c73eb62937ee62863b9df0a403165b63e22066ef4a833d014fdd132be0500bb944ae86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe

Filesize
184KB

MD5
b14806c4891b55ed0d46236b5eb61ea2

SHA1
524311af5bb0b76a0381edf47c46cfd5b7aaa096

SHA256
04fdede80d4916e0f26be8e0a7a89a30ec9a2eb44607c72d27264a1730e9da07

SHA512
503105a61accaf8f76a00a38b3177971925ba7ca362fbb92bf4a149108e81870fa75126e32e3ba2652c2f021ad2b9bf32d2b014b3147af009f8751879daed03b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64185.exe

Filesize
184KB

MD5
b49ba3271a54069adeb8855008000b46

SHA1
26ecb021c8e3cc898e76269577726134cc59b200

SHA256
6ebdc5aa8fbb8c12908ab51c72f1ddb6d7e43a34004a6541e0520a0384fbddce

SHA512
3a5298f0a3c26c32dcec6dccfdde086bcfc6a1371d113105e001a3bb9dbacb9523b5b3c27ae743ed6ea7b517c2d450add28700c72f0eda5f7d4273ddfade200a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6511.exe

Filesize
184KB

MD5
611493fc4d510aaeed77e51837bace44

SHA1
c96ded3262f24ff4fb3c28efbf6a4ccde7aab3a9

SHA256
07ac4f5114f8a033fbaa28dad8c16b8263ff9e191eb7267550f4dbc8ee87977c

SHA512
a7a25b5b713105e95bb4fd4edaef5a584fe3e47042fced5ac3addfa53be314648d4a2544f0b600f73d16541050ca1f3689000b6e43e297e3d1b779cf5fb45fd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8177.exe

Filesize
184KB

MD5
8c1549ba6ea19f110bc7a413a986b590

SHA1
972f83a50b22e3f893ed5ee266229de9d0ff1ad5

SHA256
415a704531fa6fccb58bc45b43f77b39ae328c6b07b34d632cad825f713fd3fa

SHA512
38de25adcf356426d31a3cda192e922548d0d20447fa8ade729f17517ef14a982344fbe9f5786aa9a94aa1e290bfed30f867edec0ee97a86ce1aaddc8f34e42a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads