dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
Size

184KB
MD5

482e55ac8952ec7f3791354d9ce00493
SHA1

86e848011972ba6f76c9f4bdbb8a801b50962430
SHA256

dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd
SHA512

241c684a7ea1834be7e88a175ce71327c1ceb8e0c40e7a458870fc7dc5a83657ece7963b0b00cdfd5d51c106c7c26393e2abab5066de8dada864bd5c17897194
SSDEEP

3072:mSN6nkonmYqBdSFsWXH85rmllvnqnqiu0nM:mSfokPSFH8tmllPqnqiu0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 16 IoCs

pid	Process
884	Unicorn-19686.exe
2088	Unicorn-62379.exe
2664	Unicorn-26177.exe
2712	Unicorn-59076.exe
2464	Unicorn-39210.exe
1184	Unicorn-26212.exe
2472	Unicorn-3553.exe
2924	Unicorn-3176.exe
2784	Unicorn-32511.exe
2892	Unicorn-2600.exe
1600	Unicorn-12806.exe
1844	Unicorn-39222.exe
780	Unicorn-55101.exe
2704	Unicorn-46320.exe
1668	Unicorn-19586.exe
2284	Unicorn-16056.exe

Loads dropped DLL 32 IoCs

pid	Process
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
884	Unicorn-19686.exe
884	Unicorn-19686.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
884	Unicorn-19686.exe
2088	Unicorn-62379.exe
2088	Unicorn-62379.exe
884	Unicorn-19686.exe
2664	Unicorn-26177.exe
2664	Unicorn-26177.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
1184	Unicorn-26212.exe
1184	Unicorn-26212.exe
2664	Unicorn-26177.exe
2664	Unicorn-26177.exe
2464	Unicorn-39210.exe
2464	Unicorn-39210.exe
884	Unicorn-19686.exe
884	Unicorn-19686.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
2472	Unicorn-3553.exe
2472	Unicorn-3553.exe
2664	Unicorn-26177.exe
2664	Unicorn-26177.exe
2924	Unicorn-3176.exe
2924	Unicorn-3176.exe
1184	Unicorn-26212.exe
1184	Unicorn-26212.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1268	2480	WerFault.exe	75

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
884	Unicorn-19686.exe
2088	Unicorn-62379.exe
2664	Unicorn-26177.exe
1184	Unicorn-26212.exe
2712	Unicorn-59076.exe
2464	Unicorn-39210.exe
2472	Unicorn-3553.exe
2784	Unicorn-32511.exe
2924	Unicorn-3176.exe
1600	Unicorn-12806.exe
2892	Unicorn-2600.exe
1844	Unicorn-39222.exe
780	Unicorn-55101.exe
2704	Unicorn-46320.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3012 wrote to memory of 884	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	28
PID 3012 wrote to memory of 884	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	28
PID 3012 wrote to memory of 884	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	28
PID 3012 wrote to memory of 884	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	28
PID 884 wrote to memory of 2088	884	Unicorn-19686.exe	29
PID 884 wrote to memory of 2088	884	Unicorn-19686.exe	29
PID 884 wrote to memory of 2088	884	Unicorn-19686.exe	29
PID 884 wrote to memory of 2088	884	Unicorn-19686.exe	29
PID 3012 wrote to memory of 2664	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	30
PID 3012 wrote to memory of 2664	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	30
PID 3012 wrote to memory of 2664	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	30
PID 3012 wrote to memory of 2664	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	30
PID 2088 wrote to memory of 2712	2088	Unicorn-62379.exe	31
PID 2088 wrote to memory of 2712	2088	Unicorn-62379.exe	31
PID 2088 wrote to memory of 2712	2088	Unicorn-62379.exe	31
PID 2088 wrote to memory of 2712	2088	Unicorn-62379.exe	31
PID 884 wrote to memory of 2464	884	Unicorn-19686.exe	32
PID 884 wrote to memory of 2464	884	Unicorn-19686.exe	32
PID 884 wrote to memory of 2464	884	Unicorn-19686.exe	32
PID 884 wrote to memory of 2464	884	Unicorn-19686.exe	32
PID 2664 wrote to memory of 1184	2664	Unicorn-26177.exe	33
PID 2664 wrote to memory of 1184	2664	Unicorn-26177.exe	33
PID 2664 wrote to memory of 1184	2664	Unicorn-26177.exe	33
PID 2664 wrote to memory of 1184	2664	Unicorn-26177.exe	33
PID 3012 wrote to memory of 2472	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	34
PID 3012 wrote to memory of 2472	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	34
PID 3012 wrote to memory of 2472	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	34
PID 3012 wrote to memory of 2472	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	34
PID 1184 wrote to memory of 2924	1184	Unicorn-26212.exe	35
PID 1184 wrote to memory of 2924	1184	Unicorn-26212.exe	35
PID 1184 wrote to memory of 2924	1184	Unicorn-26212.exe	35
PID 1184 wrote to memory of 2924	1184	Unicorn-26212.exe	35
PID 2664 wrote to memory of 2784	2664	Unicorn-26177.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-26177.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-26177.exe	36
PID 2664 wrote to memory of 2784	2664	Unicorn-26177.exe	36
PID 2464 wrote to memory of 2892	2464	Unicorn-39210.exe	37
PID 2464 wrote to memory of 2892	2464	Unicorn-39210.exe	37
PID 2464 wrote to memory of 2892	2464	Unicorn-39210.exe	37
PID 2464 wrote to memory of 2892	2464	Unicorn-39210.exe	37
PID 884 wrote to memory of 1600	884	Unicorn-19686.exe	38
PID 884 wrote to memory of 1600	884	Unicorn-19686.exe	38
PID 884 wrote to memory of 1600	884	Unicorn-19686.exe	38
PID 884 wrote to memory of 1600	884	Unicorn-19686.exe	38
PID 3012 wrote to memory of 780	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	39
PID 3012 wrote to memory of 780	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	39
PID 3012 wrote to memory of 780	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	39
PID 3012 wrote to memory of 780	3012	dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe	39
PID 2472 wrote to memory of 1844	2472	Unicorn-3553.exe	40
PID 2472 wrote to memory of 1844	2472	Unicorn-3553.exe	40
PID 2472 wrote to memory of 1844	2472	Unicorn-3553.exe	40
PID 2472 wrote to memory of 1844	2472	Unicorn-3553.exe	40
PID 2664 wrote to memory of 2704	2664	Unicorn-26177.exe	41
PID 2664 wrote to memory of 2704	2664	Unicorn-26177.exe	41
PID 2664 wrote to memory of 2704	2664	Unicorn-26177.exe	41
PID 2664 wrote to memory of 2704	2664	Unicorn-26177.exe	41
PID 2924 wrote to memory of 1668	2924	Unicorn-3176.exe	42
PID 2924 wrote to memory of 1668	2924	Unicorn-3176.exe	42
PID 2924 wrote to memory of 1668	2924	Unicorn-3176.exe	42
PID 2924 wrote to memory of 1668	2924	Unicorn-3176.exe	42
PID 1184 wrote to memory of 2284	1184	Unicorn-26212.exe	43
PID 1184 wrote to memory of 2284	1184	Unicorn-26212.exe	43
PID 1184 wrote to memory of 2284	1184	Unicorn-26212.exe	43
PID 1184 wrote to memory of 2284	1184	Unicorn-26212.exe	43

C:\Users\Admin\AppData\Local\Temp\dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe
"C:\Users\Admin\AppData\Local\Temp\dd726f017df26a6e1f9927aa5c77ab36c74cbc072fdd476c83fea58dc1cd80cd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
      4⤵
      PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41218.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
        5⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30943.exe
      4⤵
      PID:1536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
      4⤵
      PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
      4⤵
      PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe
        5⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22066.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18000.exe
        6⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        6⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
        5⤵
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        5⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        5⤵
        
        PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        5⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
        5⤵
        
        PID:3648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
      4⤵
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
        5⤵
        
        PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27482.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        5⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
        6⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35617.exe
        5⤵
        
        PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12897.exe
        5⤵
        
        PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8483.exe
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        5⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        5⤵
        
        PID:380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        5⤵
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
      4⤵
      PID:2764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22361.exe
      4⤵
      PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7935.exe
      4⤵
      PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      4⤵
      PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      4⤵
      PID:1816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        5⤵
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        5⤵
        
        PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        5⤵
        
        PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48664.exe
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
      4⤵
      PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
    3⤵
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56862.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
      4⤵
      PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43049.exe
      4⤵
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
        5⤵
        
        PID:960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
    3⤵
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36301.exe
      4⤵
      PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
      4⤵
      PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6627.exe
      4⤵
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18321.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-620.exe
      4⤵
      PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
    3⤵
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28154.exe
    3⤵
    PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
    3⤵
    PID:1188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe
        5⤵
        Executes dropped EXE
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        5⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49155.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
        5⤵
        
        PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
      4⤵
      Executes dropped EXE
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
        5⤵
        
        PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45609.exe
        5⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        6⤵
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
        6⤵
        
        PID:384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        6⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14559.exe
        5⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        5⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31659.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        6⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60306.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        5⤵
        
        PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
      4⤵
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65138.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60511.exe
        5⤵
        
        PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43560.exe
      4⤵
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14796.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31156.exe
      4⤵
      PID:3624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
      4⤵
      PID:3500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
      4⤵
      PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65474.exe
        5⤵
        
        PID:2480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 244
        6⤵
        Program crash
        
        PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
        5⤵
        
        PID:540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
        6⤵
        
        PID:276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48650.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        6⤵
        
        PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
        6⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59825.exe
        6⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26228.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
        5⤵
        
        PID:488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        5⤵
        
        PID:3608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
        5⤵
        
        PID:2408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59344.exe
      4⤵
      PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
      4⤵
      PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12588.exe
        5⤵
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30391.exe
        5⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        5⤵
        
        PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1027.exe
      4⤵
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22050.exe
        5⤵
        
        PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55925.exe
      4⤵
      PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54177.exe
      4⤵
      PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58459.exe
    3⤵
    PID:1344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
    3⤵
    PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22876.exe
      4⤵
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
        5⤵
        
        PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
      4⤵
      PID:3476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
    3⤵
    PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
      4⤵
      PID:3464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39654.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35356.exe
    3⤵
    PID:3552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe
      4⤵
      PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
      4⤵
      PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
        5⤵
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37866.exe
        6⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16016.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
        5⤵
        
        PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60297.exe
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
        5⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3010.exe
        5⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62385.exe
        5⤵
        
        PID:1012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40188.exe
        5⤵
        
        PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31749.exe
      4⤵
      PID:860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    3⤵
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56543.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
        5⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9558.exe
        5⤵
        
        PID:552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29417.exe
        5⤵
        
        PID:3844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2509.exe
      4⤵
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
        5⤵
        
        PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1962.exe
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
      4⤵
      PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
        5⤵
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
      4⤵
      PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
        5⤵
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5379.exe
      4⤵
      PID:3412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
    3⤵
    PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15425.exe
    3⤵
    PID:2344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63640.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
    3⤵
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    3⤵
    PID:4056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
    3⤵
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
      4⤵
      PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11384.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37835.exe
      4⤵
      PID:708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
    3⤵
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
    3⤵
    PID:1072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
    3⤵
    PID:3960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
  2⤵
  PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55530.exe
  2⤵
  PID:1732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7290.exe
  2⤵
  PID:1988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42639.exe
  2⤵
  PID:1304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22819.exe
  2⤵
  PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
  2⤵
  PID:2844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29286.exe
  2⤵
  PID:3008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
  2⤵
  PID:1524

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12806.exe

Filesize
184KB

MD5
967120f2bfb4f3206b4d38bf7743ea67

SHA1
82f2cca8d55a229dc5b6a1334ecec7f7eb5e0748

SHA256
c0e2b7883565171bcb5a07f75b7507307bc28fbbfb95d19155180b3ae9aac0ee

SHA512
52a0edd277413b061089435ec8a909ade9389d19f47fe6f9d267197679de2086232a544da254fb5ca2a274d6f5b0307ab2f97f7c8fce0a6901e6ae3d4d729073

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19586.exe

Filesize
184KB

MD5
8caa0de86f5e4cf183bca3da2e2af94b

SHA1
d8098a7d855091c92b18bda017fea68eb1f1988e

SHA256
a865cd22259b55fcef4cb1820c76c7755c7a8889cd7b110e39c8c1bb0b3a2a04

SHA512
3d6b287861b0359681285978f6216c2e516b41bcc56a67defd0bcaf15154e56192d08dbcdb5221377a059751b77ad48c37dc3f2d817108d31eaaa7f8fa6f85b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2600.exe

Filesize
184KB

MD5
7075f9fba560598950b4d73f137387b9

SHA1
5e6e8e2ca253601307ffdab024d8a85f29d8a2af

SHA256
a68671ebf6aa812dd40b3316f05e9106c5baa351a5b7ae20a6082dd2baf9e50a

SHA512
feaf19a4b5223dd8c1f509d802e65aa6da0b5eb2d4ddfbfdb7e33d68238d12bb4df7bada1f9c6abc6f811d2ad47a3d4db9cf735d75ffdffbdc92093a8c00adf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26177.exe

Filesize
184KB

MD5
70037bfec344b6249a2efe6269860ec3

SHA1
690300d4ab33ea6e3684516752652f410fac3757

SHA256
3e073f1363a95e0a1e26f8bb8dda0b8d752ce6ba501382b16d1c2ffb26c2d995

SHA512
e776f5ab0e31e3818279036ad97e1f038c413610a358c3e29e421fa3d1cbb0737c5c0057d6c95e2ce529e37c98990961d9376e071a032280fc7c8816690b1569

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26212.exe

Filesize
184KB

MD5
9f6cc7fc1d9431f65901cd3cf050e4af

SHA1
378ac249474d041f0512ad369bdd72be0ac3f179

SHA256
7083edfa13ddd00a9d4c33684514db70a73dc748b9e992df94e94de7e887c658

SHA512
59fafe7fe619eded11fa06eed1076ea982fd1707f3757ee4378698b9f06f76d59cd8b0e78cfa04340bc748d20eaf9db1e3d1a5bdf6d71f47ff70f31651eb341f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe

Filesize
184KB

MD5
f8ea5e64fdbf3a63db178295bd503fc3

SHA1
9b495229cd3d97931b5eec3c5dfdb6c46c1943ee

SHA256
56a93d7623e9d3954ec466a98ca4ed03c83746aa99bc1299a9aa163f024ee4a5

SHA512
831eb979cff979c27c9176c86af11d0ee363d7b0ef2f9ff19f4c6b2117156dbb1cbf99679478d425697de7a32a3899acc1aa8d23db477e8bccbf7199b26faa91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe

Filesize
184KB

MD5
a96d6397c3bec9690b21871a221832f1

SHA1
9a2b86f4fdd54543480392e2fd5e487c21f488c6

SHA256
9843dd4b983c00040c6e53b5d583f9e3f40988025f60abe1414ef2c5da1c7dcd

SHA512
13950c442e405a54ff36017f2dd767875eb9c742a2dff5c91460c82008b3a26e6d768bce2608b28e278865060999f9c00d88f8777287da94cf009dc31a166eea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe

Filesize
184KB

MD5
7e8f1ac7794f3f120212f4ac349a04da

SHA1
e8176b75b108dfb47071703e42e06f9b49f757a6

SHA256
3c8ca8dc193263af917869f9bd9036f85a11c88562e31ab0919d476a3d4ea463

SHA512
4ec14352b5a6644fcf8006e16a05a69cb3bcb0629f58035344531ea7deb7264a63b902dbd86ce5c9fabf18c350602abdee0696c47f376f58e054e3ae5a845c91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48475.exe

Filesize
184KB

MD5
e5d27a6b35ee23a8240651a485998f5a

SHA1
4558f3e1c219c188a09d8616cb685e5c754403e6

SHA256
a473def3047c2618334057bb1cd674e72b80b63852f9655284c4b3ae3792010f

SHA512
18c854bb3630e050116a5a6414e5ab9bc11cd65dc894bc4abe4cb3dac4c8a286b7661d88a204402c3060ab08b963670d1cb6483ab50ce2f8f8ae2e1e5080087c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe

Filesize
184KB

MD5
400a346348334c8ac91491f38d3f9917

SHA1
83a576f9748fbda069adad51dfc58966b8fe27dd

SHA256
6caceb23303c8ff0bd3a54c1e705a725b0bd66340cc59052f15d9d800160aecc

SHA512
8c21906131587be84d703b7e670c53bfb8a2177acd87195c87d8bc653c44853524ba11fa3e26722d6084c2d00a6dacc1c679c42edb53a706218e1fdd098c2219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe

Filesize
184KB

MD5
5c92457b5750872c7e6d8c934a34eb52

SHA1
8d3f087c1abe481b7287f8fc2a2614d32cbdd9ba

SHA256
3745b632003e853fe31035eae159175800ec83345447b12731c51928a9928552

SHA512
6ab40dd3648692848d30f80903c46d101165e33fb5f14c0cd6b7ae63c39d798484582656f8f3fa259ec27bc92e4d8847309123f8e707ba392bedcd13e1c8224a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe

Filesize
184KB

MD5
e07e056420569597db8a661a7ebe9647

SHA1
b239e835900efac6587f296437a3189d39c0bdfa

SHA256
b7d6864d822bfc2352d8e2195181be3108a97c5558461e8d69e7b834aaf78084

SHA512
1fa153e815eee7e941ae88c3d0d3fe5b2b22c65e9ee2ae8c9c5b4d09fa2ffa167edd825d1dc6f8971c5c9cf74e68f05155493d61cb141ae97d7c3cd2a549c49b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19686.exe

Filesize
184KB

MD5
bb866ba770c19b760197c7f373b3cdbb

SHA1
a5a61859d69985b0ffa44c90cc9ac3febfcbfbe8

SHA256
5755150c5371ce6ea21f6461bb23bf4d8d4b11b411edaf413f1848c8b1cde8ae

SHA512
97aa22e7f026988051f0d2207dae40fb35ecf3c955ecce6873c55014128b453f545b88917004dafcafec4a79f1d0b9a7221f255607602a957dc0ff52927a9f0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31755.exe

Filesize
184KB

MD5
88133ba042b6449e5e178482f9ed8a4a

SHA1
f18ae63e94d543de8e4800db06d13ea8aca2aa3f

SHA256
22b7abcec6b0fa08ee0f5fde4f7a12930282cdbfc39c270985673f34862f25fb

SHA512
dc2437b365a13bf0a7bf428b4d716f52545e9ff19b0d64d72e8f138e87302d3b0cd55faeacc3335fa34279ac6adb401452ba452d1fad51d47faa77a0bae9da71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe

Filesize
184KB

MD5
a6564e0946a92e72e3ce4e71db0a179e

SHA1
8db6cb3ba4c3e847f83a85567ce597d318f1c73e

SHA256
b130c6ab6a6e0afa630f0dce3d9b9e05de0440bdf605819a1096b3bf7d2417be

SHA512
1bdd64806eb25dab7667fe8d0b73dc435563bba18979aafde00683b57c513c0f5e92df5186d6770c7315f2e1b2ac99525afce88726504bb648d9ce6fb3c947c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe

Filesize
184KB

MD5
0b05fdc3475ae99330a20a41e774e981

SHA1
55e6c0f16f4f9c7d5d15076c92dcdc5b21a014dd

SHA256
c3b2daa495732f7b6d41363551436fe691a9455478a6253a57889658a3a0045e

SHA512
09633785a9c0a23a65494e8f250a2fcb7803daa9ac3e3b584fb5ab1e8620fc8e1fb91e7244ac43b14138a1ea043ba8b388e2d540cf4523d87538b7a95326ed75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39222.exe

Filesize
184KB

MD5
aa989c3462a27a00eb535b78c8e97343

SHA1
7efdc869ba9b021253f42505b4dd00710aeae66a

SHA256
1c66c546d8591f3521dba8776e99ee52de7e646b6fde03cd066019e42e6fdcf2

SHA512
938c2f6e1003897ed2a06a55ffd74eab0c6592534b620eca35d6c67526d28f796081f9a203911d61e1eed0a8fcc754a5cc65e4510905dbece7cb9b1c10e72d3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55101.exe

Filesize
184KB

MD5
4037d4849a1ce7d7bdaad45b9dc8c161

SHA1
96936fb2b57d1c6323eb7ffa7115a95d19735b0a

SHA256
527e7abf227fd74920b455cbe2ead25edd7889d57026cb19c7e32e9f83a41885

SHA512
e939ed19c8ec703a64b92967c39e1cd3146d65de56881428d4be4d0a42991f2e12f4ce9f45f0c76008428cfcb3daa96a5d61b2a628a9700fa4882515cb9a8d5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe

Filesize
184KB

MD5
ff5599b57fb3ab271a724d0719756dae

SHA1
7fa34bf18f88ad0b5af2ddb9fb30fae98e1c3088

SHA256
02df8df79a712cb95b91d548dda8bc9445f79b414497b0876e46bba3008b2e45

SHA512
b9a44bac861ea89143da715d06e9181739eaa5165fc65b36bd700a94f872a47d63699c2b3775c3fb4c6d86314e9ea5437ef3d62a49b5600051eb04add727c52c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62379.exe

Filesize
184KB

MD5
5a173321e026c316cbce7b5dfa2a4e99

SHA1
3e117fefdb214dbded003f309854468fda2bb40c

SHA256
dd6185d5aebe7f3fb3dc18deb445cab63c11fcec711a4fbf29f8cb94189bae89

SHA512
cb01ff176d10b92df18e0fe249be110fb1911b3d0e5f80ee705a39da8a9548ee34ae822b16caaa667c90aaf11a2cb7f2428c06508ce6b8cb4242aebfa2e4e602

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads