c3f71834ff1a6757e8fdc604cf1a1b9fa4cd2aa2c1a0abb7b2e9cd448a9cf63a

Analysis

max time kernel
32s
max time network
126s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36e6d9a9b230edb1687b785dd2db7f0d.exe
Size

184KB
MD5

36e6d9a9b230edb1687b785dd2db7f0d
SHA1

632c7a2cdacab04d98b4bf3b444211476f935e5e
SHA256

c3f71834ff1a6757e8fdc604cf1a1b9fa4cd2aa2c1a0abb7b2e9cd448a9cf63a
SHA512

8caa6bb4299d5aff37c1b7660a0253da5090c6715b06af1de4458a728ec8452149a596d7d92cd45209c6a59e26332a144f64ce7805bfc949ce174fdeb5a39a89
SSDEEP

3072:z6PdNkoWeLqTp4X3WPtAh/5dgvMqJviuv7:z6Iok94XYAp5dgEqJviuv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
2332	Unicorn-61098.exe
2744	Unicorn-27160.exe
2996	Unicorn-23630.exe
2740	Unicorn-25785.exe
2572	Unicorn-30423.exe
2244	Unicorn-9448.exe
2980	Unicorn-3126.exe
1536	Unicorn-58234.exe
3040	Unicorn-54897.exe
2404	Unicorn-33730.exe
2800	Unicorn-17202.exe
2652	Unicorn-2903.exe
2632	Unicorn-1249.exe
1316	Unicorn-792.exe
1392	Unicorn-38176.exe
2460	Unicorn-2008.exe
2028	Unicorn-23790.exe
468	Unicorn-47910.exe
1084	Unicorn-40126.exe
2224	Unicorn-3924.exe
2100	Unicorn-1498.exe
2140	Unicorn-48486.exe
828	Unicorn-43233.exe
620	Unicorn-47724.exe
2024	Unicorn-20452.exe
400	Unicorn-3732.exe
2164	Unicorn-23598.exe
788	Unicorn-39861.exe
1648	Unicorn-64526.exe
348	Unicorn-26861.exe
1260	Unicorn-39218.exe
2344	Unicorn-64298.exe
2072	Unicorn-44433.exe
2112	Unicorn-19352.exe
864	Unicorn-63722.exe
1580	Unicorn-64769.exe
1636	Unicorn-59202.exe
1584	Unicorn-13530.exe
2368	Unicorn-37459.exe
1652	Unicorn-37459.exe
2116	Unicorn-26887.exe
2272	Unicorn-2259.exe
2456	Unicorn-59628.exe
2688	Unicorn-34863.exe
2676	Unicorn-59628.exe
2844	Unicorn-35809.exe
2700	Unicorn-17178.exe
2424	Unicorn-11578.exe

Loads dropped DLL 64 IoCs

pid	Process
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2332	Unicorn-61098.exe
2332	Unicorn-61098.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2744	Unicorn-27160.exe
2332	Unicorn-61098.exe
2744	Unicorn-27160.exe
2332	Unicorn-61098.exe
2996	Unicorn-23630.exe
2996	Unicorn-23630.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2740	Unicorn-25785.exe
2744	Unicorn-27160.exe
2740	Unicorn-25785.exe
2244	Unicorn-9448.exe
2744	Unicorn-27160.exe
2244	Unicorn-9448.exe
2572	Unicorn-30423.exe
2572	Unicorn-30423.exe
2332	Unicorn-61098.exe
2332	Unicorn-61098.exe
2980	Unicorn-3126.exe
2980	Unicorn-3126.exe
2996	Unicorn-23630.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2996	Unicorn-23630.exe
2744	Unicorn-27160.exe
2632	Unicorn-1249.exe
2744	Unicorn-27160.exe
2632	Unicorn-1249.exe
1316	Unicorn-792.exe
1316	Unicorn-792.exe
2652	Unicorn-2903.exe
2652	Unicorn-2903.exe
2980	Unicorn-3126.exe
2980	Unicorn-3126.exe
3040	Unicorn-54897.exe
3040	Unicorn-54897.exe
2996	Unicorn-23630.exe
2996	Unicorn-23630.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
1536	Unicorn-58234.exe
1536	Unicorn-58234.exe
2572	Unicorn-30423.exe
2740	Unicorn-25785.exe
2572	Unicorn-30423.exe
2740	Unicorn-25785.exe
1392	Unicorn-38176.exe
1392	Unicorn-38176.exe
2332	Unicorn-61098.exe
2332	Unicorn-61098.exe
2800	Unicorn-17202.exe
2800	Unicorn-17202.exe
2744	Unicorn-27160.exe
2744	Unicorn-27160.exe
2460	Unicorn-2008.exe
2460	Unicorn-2008.exe
468	Unicorn-47910.exe
468	Unicorn-47910.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
536	2344	WerFault.exe	59

Suspicious use of SetWindowsHookEx 27 IoCs

pid	Process
2128	36e6d9a9b230edb1687b785dd2db7f0d.exe
2332	Unicorn-61098.exe
2744	Unicorn-27160.exe
2996	Unicorn-23630.exe
2740	Unicorn-25785.exe
2572	Unicorn-30423.exe
2244	Unicorn-9448.exe
2980	Unicorn-3126.exe
3040	Unicorn-54897.exe
2800	Unicorn-17202.exe
1536	Unicorn-58234.exe
1392	Unicorn-38176.exe
2632	Unicorn-1249.exe
1316	Unicorn-792.exe
2652	Unicorn-2903.exe
2028	Unicorn-23790.exe
2460	Unicorn-2008.exe
468	Unicorn-47910.exe
400	Unicorn-3732.exe
2140	Unicorn-48486.exe
2224	Unicorn-3924.exe
1084	Unicorn-40126.exe
2164	Unicorn-23598.exe
2024	Unicorn-20452.exe
828	Unicorn-43233.exe
2100	Unicorn-1498.exe
620	Unicorn-47724.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 2332	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	28
PID 2128 wrote to memory of 2332	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	28
PID 2128 wrote to memory of 2332	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	28
PID 2128 wrote to memory of 2332	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	28
PID 2332 wrote to memory of 2744	2332	Unicorn-61098.exe	30
PID 2332 wrote to memory of 2744	2332	Unicorn-61098.exe	30
PID 2332 wrote to memory of 2744	2332	Unicorn-61098.exe	30
PID 2332 wrote to memory of 2744	2332	Unicorn-61098.exe	30
PID 2128 wrote to memory of 2996	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	29
PID 2128 wrote to memory of 2996	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	29
PID 2128 wrote to memory of 2996	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	29
PID 2128 wrote to memory of 2996	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	29
PID 2744 wrote to memory of 2740	2744	Unicorn-27160.exe	31
PID 2744 wrote to memory of 2740	2744	Unicorn-27160.exe	31
PID 2744 wrote to memory of 2740	2744	Unicorn-27160.exe	31
PID 2744 wrote to memory of 2740	2744	Unicorn-27160.exe	31
PID 2332 wrote to memory of 2572	2332	Unicorn-61098.exe	32
PID 2332 wrote to memory of 2572	2332	Unicorn-61098.exe	32
PID 2332 wrote to memory of 2572	2332	Unicorn-61098.exe	32
PID 2332 wrote to memory of 2572	2332	Unicorn-61098.exe	32
PID 2996 wrote to memory of 2244	2996	Unicorn-23630.exe	33
PID 2996 wrote to memory of 2244	2996	Unicorn-23630.exe	33
PID 2996 wrote to memory of 2244	2996	Unicorn-23630.exe	33
PID 2996 wrote to memory of 2244	2996	Unicorn-23630.exe	33
PID 2128 wrote to memory of 2980	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	34
PID 2128 wrote to memory of 2980	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	34
PID 2128 wrote to memory of 2980	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	34
PID 2128 wrote to memory of 2980	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	34
PID 2740 wrote to memory of 1536	2740	Unicorn-25785.exe	35
PID 2740 wrote to memory of 1536	2740	Unicorn-25785.exe	35
PID 2740 wrote to memory of 1536	2740	Unicorn-25785.exe	35
PID 2740 wrote to memory of 1536	2740	Unicorn-25785.exe	35
PID 2744 wrote to memory of 3040	2744	Unicorn-27160.exe	36
PID 2744 wrote to memory of 3040	2744	Unicorn-27160.exe	36
PID 2744 wrote to memory of 3040	2744	Unicorn-27160.exe	36
PID 2744 wrote to memory of 3040	2744	Unicorn-27160.exe	36
PID 2244 wrote to memory of 2404	2244	Unicorn-9448.exe	37
PID 2244 wrote to memory of 2404	2244	Unicorn-9448.exe	37
PID 2244 wrote to memory of 2404	2244	Unicorn-9448.exe	37
PID 2244 wrote to memory of 2404	2244	Unicorn-9448.exe	37
PID 2572 wrote to memory of 2800	2572	Unicorn-30423.exe	38
PID 2572 wrote to memory of 2800	2572	Unicorn-30423.exe	38
PID 2572 wrote to memory of 2800	2572	Unicorn-30423.exe	38
PID 2572 wrote to memory of 2800	2572	Unicorn-30423.exe	38
PID 2332 wrote to memory of 2652	2332	Unicorn-61098.exe	39
PID 2332 wrote to memory of 2652	2332	Unicorn-61098.exe	39
PID 2332 wrote to memory of 2652	2332	Unicorn-61098.exe	39
PID 2332 wrote to memory of 2652	2332	Unicorn-61098.exe	39
PID 2980 wrote to memory of 2632	2980	Unicorn-3126.exe	40
PID 2980 wrote to memory of 2632	2980	Unicorn-3126.exe	40
PID 2980 wrote to memory of 2632	2980	Unicorn-3126.exe	40
PID 2980 wrote to memory of 2632	2980	Unicorn-3126.exe	40
PID 2128 wrote to memory of 1316	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	42
PID 2128 wrote to memory of 1316	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	42
PID 2128 wrote to memory of 1316	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	42
PID 2128 wrote to memory of 1316	2128	36e6d9a9b230edb1687b785dd2db7f0d.exe	42
PID 2996 wrote to memory of 1392	2996	Unicorn-23630.exe	41
PID 2996 wrote to memory of 1392	2996	Unicorn-23630.exe	41
PID 2996 wrote to memory of 1392	2996	Unicorn-23630.exe	41
PID 2996 wrote to memory of 1392	2996	Unicorn-23630.exe	41
PID 2744 wrote to memory of 2460	2744	Unicorn-27160.exe	43
PID 2744 wrote to memory of 2460	2744	Unicorn-27160.exe	43
PID 2744 wrote to memory of 2460	2744	Unicorn-27160.exe	43
PID 2744 wrote to memory of 2460	2744	Unicorn-27160.exe	43

C:\Users\Admin\AppData\Local\Temp\36e6d9a9b230edb1687b785dd2db7f0d.exe
"C:\Users\Admin\AppData\Local\Temp\36e6d9a9b230edb1687b785dd2db7f0d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13530.exe
        7⤵
        Executes dropped EXE
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
        7⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12666.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
        7⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
        6⤵
        Executes dropped EXE
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59160.exe
        6⤵
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        6⤵
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        6⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52921.exe
        6⤵
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3732.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
        6⤵
        Executes dropped EXE
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        6⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
        6⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21041.exe
        6⤵
        
        PID:1156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
        6⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64769.exe
        5⤵
        Executes dropped EXE
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6971.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        5⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        5⤵
        
        PID:1312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1498.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62462.exe
        6⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9337.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
        5⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
        5⤵
        Executes dropped EXE
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
        6⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        5⤵
        
        PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        5⤵
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60036.exe
        5⤵
        
        PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
      4⤵
      Executes dropped EXE
      PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31502.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      4⤵
      PID:304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59372.exe
      4⤵
      PID:1356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
      4⤵
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
      4⤵
      PID:2176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26861.exe
        5⤵
        Executes dropped EXE
        
        PID:348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54085.exe
        6⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        5⤵
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe
        5⤵
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20452.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35809.exe
        5⤵
        Executes dropped EXE
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18476.exe
        5⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6959.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22250.exe
      4⤵
      PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
      4⤵
      PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40126.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        5⤵
        Executes dropped EXE
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42578.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6865.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        5⤵
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26887.exe
      4⤵
      Executes dropped EXE
      PID:2116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24619.exe
      4⤵
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
      4⤵
      PID:1516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
      4⤵
      PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
    3⤵
    - Executes dropped EXE
    PID:788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60153.exe
    3⤵
    PID:612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52516.exe
    3⤵
    PID:1576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45794.exe
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25391.exe
    3⤵
    PID:1264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe
      4⤵
      Executes dropped EXE
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34863.exe
      4⤵
      Executes dropped EXE
      PID:2688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      4⤵
      PID:676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29015.exe
      4⤵
      PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
      4⤵
      PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4815.exe
      4⤵
      PID:2480
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
        5⤵
        Executes dropped EXE
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-596.exe
        5⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
        5⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61773.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17838.exe
        5⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56314.exe
      4⤵
      PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5553.exe
      4⤵
      PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
      4⤵
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42970.exe
      4⤵
      PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59628.exe
      4⤵
      Executes dropped EXE
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
      4⤵
      PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22641.exe
      4⤵
      PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
      4⤵
      PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
    3⤵
    PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
    3⤵
    PID:324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    3⤵
    PID:296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
        5⤵
        Executes dropped EXE
        
        PID:2344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 188
        6⤵
        Program crash
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6314.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe
        5⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63015.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        5⤵
        
        PID:988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44433.exe
      4⤵
      Executes dropped EXE
      PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
      4⤵
      PID:1444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
      4⤵
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20248.exe
      4⤵
      PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
      4⤵
      Executes dropped EXE
      PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
      4⤵
      PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
      4⤵
      PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40168.exe
    3⤵
    PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3514.exe
    3⤵
    PID:1508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3814.exe
    3⤵
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
    3⤵
    PID:668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
    3⤵
    PID:1860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8038.exe
    3⤵
    PID:1632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-792.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
      4⤵
      Executes dropped EXE
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5108.exe
      4⤵
      PID:484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
      4⤵
      PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22902.exe
      4⤵
      PID:524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
    3⤵
    - Executes dropped EXE
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34302.exe
    3⤵
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53409.exe
      4⤵
      PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41455.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51676.exe
      4⤵
      PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35584.exe
    3⤵
    PID:2628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49875.exe
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
    3⤵
    PID:2436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47724.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
    3⤵
    - Executes dropped EXE
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47044.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23310.exe
    3⤵
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
    3⤵
    PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
  2⤵
  - Executes dropped EXE
  PID:2424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29942.exe
  2⤵
  PID:1764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64886.exe
  2⤵
  PID:2096
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5029.exe
  2⤵
  PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59949.exe
  2⤵
  PID:3060
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
  2⤵
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11687.exe

Filesize
184KB

MD5
ebb0cdfb50afe25d07ac637c2bd7f9e6

SHA1
a0075a2c1b4fd6785f88dc4f7209117c7a21f444

SHA256
1bfd18ccf8ccdc1bbaecf4b545bbe3fa928bb697855a2e9a34f2d426aaa7a8d0

SHA512
d01ada8507dc201da01867e77ad9c06319f2df5f9ab0ae0dcccb60b6fb7b17306908cff77e19b7653821245fdf15b646a03d2397ad80ee842a6d7354fc82e245

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17202.exe

Filesize
184KB

MD5
46b2400381cd2afca32866b115696cb5

SHA1
cc33d1314747e0123e67b4475bda2dcbdcacc699

SHA256
8f12ab5042448e1fa37d0e8db655e61f3e9593e9525b891d2e05490ae258c278

SHA512
fcaeb980947ba39415e56fbd290099da09600dc2e09b3ebb6de1d897ecec9c03afc4311b63bc4e84f27d452723d2c24fba42896eb15cc4c660262fb5d75b0f57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe

Filesize
184KB

MD5
1f0c8dc692c94557f6d72727ccc345e0

SHA1
195ab2f7a426ec7f2531ee14b08305a501857f5b

SHA256
48851a798ae1acf927e19e2668bf9d95c34edd3c921b1206f1ef8c829770d33c

SHA512
aa6195f4986ee38c6e8872145296192f8d1ceddab68f60143279bb5a9670afe6f9b3e850d1ed375f9382fe2edcf912bfc475e4e86eee5b5f5283987cd8a84ec7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe

Filesize
184KB

MD5
33f4f8f26b9f76ed31a35af2c2024dfe

SHA1
82556f8fe09d8aabc5e7e45da1ec80268e837456

SHA256
5ac32bfc239b6fa22d52950cfeb9e29fac707c6a3c88e0ba17c415f0733ad0e4

SHA512
87deb4440082e674f2c56e57e79a387467a85dc3c40b7d5f87c23ecd16befb6c57dffbf0d060558de3b5c7873c82e86ee20ccdbbb961f4004bd3ef2eb3248e81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe

Filesize
184KB

MD5
87d96c25d797edc4ed1da94cb351bccc

SHA1
e54e59e377953908afee1d250c0b08358306c584

SHA256
d2e1a20a06956428946d0546711517e3fa78461d5ab924cb121fc0f43d504e9c

SHA512
c6e0fe051ae5b0e728109e40e1bf82c39ce96596554c3f9dea0c536e3c9fabaf70af5793f278ac19bbb2bde491d7e906d7e69a81e6305ab8a91e6db8ee80b0d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe

Filesize
184KB

MD5
cfa0d8ebd0e1e13c1b2039f2044033f8

SHA1
661e63f1f8a49f4036d0c3ec6bdba6458e1d0b38

SHA256
5467a31e6694f3f715614fcb72f253730fa8fcac374a687762e51f4afbc131dd

SHA512
0a4abc7c81f89d32bbc6094c550a9484d71b704e97d1a445ddb66ac6ebcc9ca0a98b130d04294c3dc7d7164f11892e38ae0cbae9e7e52cdfed129b1da69916b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe

Filesize
184KB

MD5
847eb96de93ae38706dc7cb776a7df4d

SHA1
b57211bf23d159ddc99f41be1a739f7b9b961538

SHA256
2069f18390b523a8314add8dbea365ba5844afc2345a1fe0c76ccbca6d169b90

SHA512
ee947eb1ef0ffe4c10361861a54b479678180387ff579d80fe30a578ef38c8c812634006c0d2191972b05a2a6f92e9285d51f6e2feb62ddcf738f8eb8f43b676

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33730.exe

Filesize
184KB

MD5
356871f125d9a156b958022064e21d26

SHA1
017b9e3150ceb78b760b2413965e376d0ac45785

SHA256
68e5396a0dee552a1d4cdbace2e3d4f0f2209366a1fd5bf2b8bc5862facb713d

SHA512
1fb04cc2083d18043493e1f6ea4bb8caf71ecb2316ddc5aad9274362a0b62c02c0d36b8b80f6b0454d756ff8bdefbefe1377df275d312cee417fbf1f230ff3c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48821.exe

Filesize
184KB

MD5
3fdf1fa7e20401e2bf45ffc40a9eaf96

SHA1
a4f9e06d4eff244f9b106906813b942b0591f0c4

SHA256
d3cc603eb75d38a1727a334b40b85efe301dc200aa5b25e707659f0c1450557f

SHA512
92bc3d77f1ebd69e8d1674c9b15ba2f3a469f7b00e33ea7aead61a7622c9f55399fdf8ab27a267738c96c7e10d9a0c33140e8e5920184396ba5363e50ff7964e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe

Filesize
184KB

MD5
e319e022f24163fb381d5efc0700761e

SHA1
cf6a3af86507701f779daf15e64671f6cd479838

SHA256
8ac3df130f1eaa30bb7b27931ec7069de24fcf3cac78f7fef74fa63859b36644

SHA512
880effb7d33bfb27d3dc32694db99109954baa4e3acea4357eef6a9807b4f8c3d5cc77b10a275abd4679e7b8fbe153f121107084d86516053196820bf0742ef9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe

Filesize
184KB

MD5
9ce36d493e70d416adc6b6c1e030899f

SHA1
97a06b37c1bf6f13ce464f3d451c9d27949b1746

SHA256
a0b611bc08146a879167c71ecac3e2bd5d55a88b6357ebca5ec7263dd5bf94f5

SHA512
e1cec4a0a98b365de3de9c7e0dd3a11d51af882699601ee78ede9ba39c996b97418640f3550c589c0de2ac921384d342ce30e20a89a0f53e10c3228be8d4b7b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23630.exe

Filesize
184KB

MD5
4dcda5d1237980b72c48f981bdf570d1

SHA1
321de39521fb751ae25bc21a0868e6c691d1db54

SHA256
ecb0eb7024a3f5bb18aa29964cba8a2e906710b006c69c05f04bb3dbac5d1387

SHA512
ccf888c88b38c658ff392bb16c837a5c7b5cb8d2aab0b712f6f1b807700d926bb9eaa95a71d2a03c88f17648a382596f5deebf167ecd6d04c1b5259c771d9a63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe

Filesize
184KB

MD5
a2f43f1302f3f09f5c7a9c5db334a300

SHA1
d8b805420189a65e7890b0fd5c8f4033af17bf8e

SHA256
eb99dfc5d417c66408a20e0bf6d8b9771948eeaffb5e3031c62fa5bf43466c3d

SHA512
43605d503eecdbbc77de479c90078e78df74b34e79a4ba50a406e32950b5da008f406d98e378399aac44ef3fb03beb8a8379e800889f59689a34cbb75b1f7b35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe

Filesize
184KB

MD5
5e7d0474f36831d9ac5995b660ea1f75

SHA1
ac09c6ff30005341a99499c66116523d5a2837da

SHA256
1c61d311908561a178567db7b59d37b52b49f310242dbdeb40a15fb3a5d47f5a

SHA512
f06b14c6bb14ef9adcb234d985208154a87cccc753eeced8bd6c963c57d2ebc955bdc15f1733515fc3b6a9f6550860710e6705f6c1a9151e237391b35a9977ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe

Filesize
184KB

MD5
1eb5878f6662a54c873c75077b2b0b48

SHA1
d0dfbf21ea552536988553e136e144fe78c23a6b

SHA256
41f2b3ba1bfe1e343c27c59626ce292457fd0007dc7384190ad5cb4088dd21af

SHA512
667c37cf978dc5d6bcefcfe8a8616f0f10f160248af0172b88f5f849c1801b0b228bdf04c8a8b1dfbce0e15359dcb2a7140d526306df45dbcd683fa93f773e79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54897.exe

Filesize
184KB

MD5
a331ff2f1285340880a87b041930f4fb

SHA1
cc4a72f2e5db30aa8b9f6782105897b4ea987865

SHA256
037ea81505bdb86b26a66e3423b3c2886d7f494445a5fea83ce1e573887cb68f

SHA512
dbc7aac001452e01ab3353c96a3aeec29412d91bb2e65166b33966f7c73f49411023e67bdb367979accde9e8ecfcc460a8e3794ab1a8a9ca62e51ed6f628b96f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe

Filesize
184KB

MD5
1ddffd6704b66ab4ef1e96730f6bad94

SHA1
183f35f6f75f6ea32f12c5c22e873613b9c0326d

SHA256
2f6570d9c0207d1332e3ca27592ef260dcffa4916755d487569a3ebc7a236609

SHA512
25ffe348c6a5344c50361381e9da90dea28adfeeb32312b278cb4e44dceee76c3a381c695069e418c2a1ce6c9641b0529604e8798445baa73690a6eec75cb6f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61098.exe

Filesize
184KB

MD5
a7a9495798ca676c77184a9dd291f3aa

SHA1
1afe25023128b694735feea882893d7e7b816d74

SHA256
0cc77e98a04d802415bdbc984639270f5fdcd7273be6e7a46963b8415d996d84

SHA512
b6f34c32c5146f34f80d933d7cfbf518b3882c17f9ca37900e278ef34f03179c9cc7c0363910597a0d2a6e8587a23225f61fa6826395d18ec61a6177aba865c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-792.exe

Filesize
184KB

MD5
31f8ced9a14329c7fbed5a648f97509a

SHA1
cdca643c53060ecddd08e88beda9f39155c9d054

SHA256
6e81be077d145c6916c6f14a47d876bd5a63e8c237c396ef85cd87a4ac4c6bd1

SHA512
f3dea12106aa3d0277fa74360b6e48136ca78d1685dc3fcb56be70588b1719bffadc7d85dfadc2159166755c846ac36c3678c4164d47ff46baf4e79708e7e105

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9448.exe

Filesize
184KB

MD5
5388f3e0b570b90ec6d3c95f764b2879

SHA1
90cd3802fd2f200c016882d5681088c51de7cb2c

SHA256
827aa977fa8cb8c742466dfab53eb9432476bf7b98fe5136e962067cf4b820a5

SHA512
6c090357e3889b3346883d366e68b76a4740e594743fdcc13485403109a51f49fa94793e0bea1a6668f8e6b2ccfab37393c138a907208c4d9d60fcdee3f44cd7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads