ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0

Analysis

max time kernel
21s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 03:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
Size

184KB
MD5

28d58dc7400fa47d3421247bca989ead
SHA1

5aad49df9e03ed9f97adcb33e08071b3032488df
SHA256

ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0
SHA512

30485477832ac329782711ce1e0091563e2c375d00692f31cec2b3ec7e189924c670ddd4da47f7f682d2733a1ff196b181feaf2134b48131448bd7723c3397af
SSDEEP

3072:dkUX3aon1jrYd4DmWiBn8s/qclvn1nxiut:dkpoxE4Dk8OqclP1nxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 32 IoCs

pid	Process
1800	Unicorn-4184.exe
2000	Unicorn-41786.exe
2984	Unicorn-61652.exe
2556	Unicorn-52586.exe
2784	Unicorn-6914.exe
2428	Unicorn-3415.exe
2592	Unicorn-9545.exe
1804	Unicorn-1455.exe
2772	Unicorn-5176.exe
2872	Unicorn-5176.exe
2908	Unicorn-31334.exe
1188	Unicorn-37200.exe
2308	Unicorn-1263.exe
1520	Unicorn-21129.exe
1392	Unicorn-57924.exe
2080	Unicorn-58530.exe
1728	Unicorn-63399.exe
1808	Unicorn-31604.exe
2044	Unicorn-9901.exe
328	Unicorn-20836.exe
988	Unicorn-46295.exe
3016	Unicorn-15661.exe
1656	Unicorn-42853.exe
1792	Unicorn-48983.exe
836	Unicorn-32071.exe
452	Unicorn-12205.exe
1552	Unicorn-23763.exe
1264	Unicorn-3897.exe
764	Unicorn-16493.exe
1048	Unicorn-16227.exe
912	Unicorn-36309.exe
1616	Unicorn-61775.exe

Loads dropped DLL 64 IoCs

pid	Process
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
1800	Unicorn-4184.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
1800	Unicorn-4184.exe
2984	Unicorn-61652.exe
1800	Unicorn-4184.exe
1800	Unicorn-4184.exe
2984	Unicorn-61652.exe
2000	Unicorn-41786.exe
2000	Unicorn-41786.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2984	Unicorn-61652.exe
2984	Unicorn-61652.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2428	Unicorn-3415.exe
2556	Unicorn-52586.exe
2428	Unicorn-3415.exe
2556	Unicorn-52586.exe
1800	Unicorn-4184.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
1800	Unicorn-4184.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2000	Unicorn-41786.exe
2592	Unicorn-9545.exe
2000	Unicorn-41786.exe
2592	Unicorn-9545.exe
2152	WerFault.exe
1804	Unicorn-1455.exe
1804	Unicorn-1455.exe
2984	Unicorn-61652.exe
2984	Unicorn-61652.exe
2872	Unicorn-5176.exe
2872	Unicorn-5176.exe
1188	Unicorn-37200.exe
1188	Unicorn-37200.exe
2556	Unicorn-52586.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2556	Unicorn-52586.exe
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
2908	Unicorn-31334.exe
2908	Unicorn-31334.exe
1800	Unicorn-4184.exe
1800	Unicorn-4184.exe
2308	Unicorn-1263.exe
2000	Unicorn-41786.exe
2308	Unicorn-1263.exe
2000	Unicorn-41786.exe
2592	Unicorn-9545.exe
1520	Unicorn-21129.exe
2592	Unicorn-9545.exe
1520	Unicorn-21129.exe
1804	Unicorn-1455.exe
1392	Unicorn-57924.exe
1392	Unicorn-57924.exe
1804	Unicorn-1455.exe
2984	Unicorn-61652.exe
2080	Unicorn-58530.exe
2984	Unicorn-61652.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2152	2784	WerFault.exe	31

Suspicious use of SetWindowsHookEx 18 IoCs

pid	Process
2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
1800	Unicorn-4184.exe
2984	Unicorn-61652.exe
2000	Unicorn-41786.exe
2556	Unicorn-52586.exe
2784	Unicorn-6914.exe
2428	Unicorn-3415.exe
2592	Unicorn-9545.exe
1804	Unicorn-1455.exe
2872	Unicorn-5176.exe
1188	Unicorn-37200.exe
2908	Unicorn-31334.exe
1520	Unicorn-21129.exe
2308	Unicorn-1263.exe
1392	Unicorn-57924.exe
2080	Unicorn-58530.exe
1808	Unicorn-31604.exe
328	Unicorn-20836.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 1800	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	28
PID 2988 wrote to memory of 1800	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	28
PID 2988 wrote to memory of 1800	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	28
PID 2988 wrote to memory of 1800	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	28
PID 2988 wrote to memory of 2000	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	30
PID 2988 wrote to memory of 2000	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	30
PID 2988 wrote to memory of 2000	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	30
PID 2988 wrote to memory of 2000	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	30
PID 1800 wrote to memory of 2984	1800	Unicorn-4184.exe	29
PID 1800 wrote to memory of 2984	1800	Unicorn-4184.exe	29
PID 1800 wrote to memory of 2984	1800	Unicorn-4184.exe	29
PID 1800 wrote to memory of 2984	1800	Unicorn-4184.exe	29
PID 1800 wrote to memory of 2556	1800	Unicorn-4184.exe	32
PID 1800 wrote to memory of 2556	1800	Unicorn-4184.exe	32
PID 1800 wrote to memory of 2556	1800	Unicorn-4184.exe	32
PID 1800 wrote to memory of 2556	1800	Unicorn-4184.exe	32
PID 2984 wrote to memory of 2784	2984	Unicorn-61652.exe	31
PID 2984 wrote to memory of 2784	2984	Unicorn-61652.exe	31
PID 2984 wrote to memory of 2784	2984	Unicorn-61652.exe	31
PID 2984 wrote to memory of 2784	2984	Unicorn-61652.exe	31
PID 2000 wrote to memory of 2592	2000	Unicorn-41786.exe	33
PID 2000 wrote to memory of 2592	2000	Unicorn-41786.exe	33
PID 2000 wrote to memory of 2592	2000	Unicorn-41786.exe	33
PID 2000 wrote to memory of 2592	2000	Unicorn-41786.exe	33
PID 2988 wrote to memory of 2428	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	34
PID 2988 wrote to memory of 2428	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	34
PID 2988 wrote to memory of 2428	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	34
PID 2988 wrote to memory of 2428	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	34
PID 2984 wrote to memory of 1804	2984	Unicorn-61652.exe	35
PID 2984 wrote to memory of 1804	2984	Unicorn-61652.exe	35
PID 2984 wrote to memory of 1804	2984	Unicorn-61652.exe	35
PID 2984 wrote to memory of 1804	2984	Unicorn-61652.exe	35
PID 2784 wrote to memory of 2152	2784	Unicorn-6914.exe	36
PID 2784 wrote to memory of 2152	2784	Unicorn-6914.exe	36
PID 2784 wrote to memory of 2152	2784	Unicorn-6914.exe	36
PID 2784 wrote to memory of 2152	2784	Unicorn-6914.exe	36
PID 2428 wrote to memory of 2772	2428	Unicorn-3415.exe	37
PID 2428 wrote to memory of 2772	2428	Unicorn-3415.exe	37
PID 2428 wrote to memory of 2772	2428	Unicorn-3415.exe	37
PID 2428 wrote to memory of 2772	2428	Unicorn-3415.exe	37
PID 2556 wrote to memory of 2872	2556	Unicorn-52586.exe	38
PID 2556 wrote to memory of 2872	2556	Unicorn-52586.exe	38
PID 2556 wrote to memory of 2872	2556	Unicorn-52586.exe	38
PID 2556 wrote to memory of 2872	2556	Unicorn-52586.exe	38
PID 1800 wrote to memory of 2908	1800	Unicorn-4184.exe	39
PID 1800 wrote to memory of 2908	1800	Unicorn-4184.exe	39
PID 1800 wrote to memory of 2908	1800	Unicorn-4184.exe	39
PID 1800 wrote to memory of 2908	1800	Unicorn-4184.exe	39
PID 2988 wrote to memory of 1188	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	40
PID 2988 wrote to memory of 1188	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	40
PID 2988 wrote to memory of 1188	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	40
PID 2988 wrote to memory of 1188	2988	ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe	40
PID 2000 wrote to memory of 2308	2000	Unicorn-41786.exe	41
PID 2000 wrote to memory of 2308	2000	Unicorn-41786.exe	41
PID 2000 wrote to memory of 2308	2000	Unicorn-41786.exe	41
PID 2000 wrote to memory of 2308	2000	Unicorn-41786.exe	41
PID 2592 wrote to memory of 1520	2592	Unicorn-9545.exe	42
PID 2592 wrote to memory of 1520	2592	Unicorn-9545.exe	42
PID 2592 wrote to memory of 1520	2592	Unicorn-9545.exe	42
PID 2592 wrote to memory of 1520	2592	Unicorn-9545.exe	42
PID 1804 wrote to memory of 1392	1804	Unicorn-1455.exe	43
PID 1804 wrote to memory of 1392	1804	Unicorn-1455.exe	43
PID 1804 wrote to memory of 1392	1804	Unicorn-1455.exe	43
PID 1804 wrote to memory of 1392	1804	Unicorn-1455.exe	43

C:\Users\Admin\AppData\Local\Temp\ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe
"C:\Users\Admin\AppData\Local\Temp\ba7b3de8681ec5ad944b63206de587e88492862ff6b631c332398225e58746e0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23763.exe
        6⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        7⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16288.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25527.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52660.exe
        7⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        6⤵
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53582.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11822.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1373.exe
        6⤵
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
        6⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33354.exe
        6⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
        6⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3897.exe
        5⤵
        Executes dropped EXE
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
        5⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26967.exe
        5⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe
        5⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19285.exe
        5⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        6⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56687.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35988.exe
        5⤵
        
        PID:3348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
        5⤵
        Executes dropped EXE
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55975.exe
        6⤵
        
        PID:1368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27970.exe
        6⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        6⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        6⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57126.exe
        6⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44524.exe
        5⤵
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44952.exe
        5⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1594.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46472.exe
        5⤵
        
        PID:572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        5⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62876.exe
        5⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3664.exe
        5⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22001.exe
        5⤵
        
        PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16227.exe
      4⤵
      Executes dropped EXE
      PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55459.exe
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      4⤵
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        5⤵
        
        PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25471.exe
      4⤵
      PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3168.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40210.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40330.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
      4⤵
      PID:3152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe
        5⤵
        Executes dropped EXE
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50838.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59447.exe
        5⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15340.exe
        6⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        5⤵
        
        PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
        5⤵
        
        PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34736.exe
        5⤵
        
        PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
      4⤵
      Executes dropped EXE
      PID:2044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
      4⤵
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9362.exe
        5⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
        5⤵
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
      4⤵
      PID:492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8792.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
      4⤵
      PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
      4⤵
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46295.exe
      4⤵
      Executes dropped EXE
      PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
        5⤵
        
        PID:2912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        5⤵
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe
        5⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
        5⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
        5⤵
        
        PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
      4⤵
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
        5⤵
        
        PID:984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
        5⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10924.exe
        5⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47034.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14510.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7669.exe
      4⤵
      PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15661.exe
    3⤵
    - Executes dropped EXE
    PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
      4⤵
      PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
      4⤵
      PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
      4⤵
      PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
    3⤵
    PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12487.exe
    3⤵
    PID:1420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16725.exe
    3⤵
    PID:1932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
    3⤵
    PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
    3⤵
    PID:2888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10688.exe
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
    3⤵
    PID:2412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5589.exe
    3⤵
    PID:2196
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32071.exe
        5⤵
        Executes dropped EXE
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24861.exe
        5⤵
        
        PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        5⤵
        
        PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4616.exe
        5⤵
        
        PID:2032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63724.exe
        5⤵
        
        PID:3324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
      4⤵
      Executes dropped EXE
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44711.exe
        5⤵
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-895.exe
        5⤵
        
        PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37084.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27421.exe
        5⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3549.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-951.exe
        5⤵
        
        PID:1900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31482.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
        5⤵
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37688.exe
      4⤵
      PID:1836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
      4⤵
      PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
      4⤵
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
      4⤵
      PID:1948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
      4⤵
      Executes dropped EXE
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25311.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50302.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32033.exe
      4⤵
      PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55226.exe
      4⤵
      PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
    3⤵
    - Executes dropped EXE
    PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45176.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42646.exe
      4⤵
      PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32130.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57050.exe
      4⤵
      PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
    3⤵
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1204.exe
      4⤵
      PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35587.exe
      4⤵
      PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61781.exe
      4⤵
      PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36051.exe
      4⤵
      PID:3496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29022.exe
    3⤵
    PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
    3⤵
    PID:2952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36349.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
    3⤵
    PID:1596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
    3⤵
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23790.exe
    3⤵
    PID:1088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe
    3⤵
    - Executes dropped EXE
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37348.exe
    3⤵
    PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
    3⤵
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15187.exe
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47424.exe
    3⤵
    PID:2036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
    3⤵
    PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
    3⤵
    PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30949.exe
    3⤵
    PID:1784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30714.exe
    3⤵
    PID:2344
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8898.exe
    3⤵
    PID:2848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
    3⤵
    PID:956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29503.exe
    3⤵
    PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8461.exe
    3⤵
    PID:1700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61775.exe
    3⤵
    - Executes dropped EXE
    PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40522.exe
    3⤵
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
    3⤵
    PID:792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36488.exe
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
    3⤵
    PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15704.exe
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
    3⤵
    PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
    3⤵
    PID:3220
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
  2⤵
  - Executes dropped EXE
  PID:912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51988.exe
  2⤵
  PID:2684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
  2⤵
  PID:268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1487.exe
  2⤵
  PID:2432
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25234.exe
  2⤵
  PID:1040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
  2⤵
  PID:1184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
  2⤵
  PID:2896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
  2⤵
  PID:1996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
  2⤵
  PID:3192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11796.exe

Filesize
184KB

MD5
42570bc175e2620e895f6b6f51a5b80d

SHA1
f3a9b524619e655715c332335a95d4edf7f48a75

SHA256
80c77050ef2b70fd98b2f2279ac0dce99e7f450f977a6135b7199c1418b9ab45

SHA512
6905b9431ef2d0db46e5a74a62caf0194c16fbd46dd221e3056c8bceaeb1bc75055554d5921114fc93dc815d29eb591092ecdc47ab71e70bb4cb0529f21defae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1263.exe

Filesize
184KB

MD5
305856ee0937a0247af1364d6874f2e3

SHA1
0d268c23a32521ad7709dbe10115cbd2cfa52880

SHA256
fadd5de66bec16db83e14c780906e031f64f5db7fe6f123c06d96c41c0b5f372

SHA512
e33dc1eb865fe7c050a41a8a1d982a5c464136af04116e468e9f349f3bfcc0ba28110320db29b60abe5970d82bf8c91efb7b715d0e7066b90918c1c70b05cd12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe

Filesize
184KB

MD5
c353a8e8ac2361eaa43c161685b9c0af

SHA1
8faed9e9c05ac57e69748070d59e13a973e808a4

SHA256
1ae01d55ef513204675710c8c6334de8f8bdfca698a24745d265e6330fae242d

SHA512
9039756f654942f9a7d8412ead617564eb10b58026f275a40a82e78664f7f15268d56d535291a9bbbbc06ed370b15be7081fd46a4917b58bffb74405dc530868

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17748.exe

Filesize
184KB

MD5
ff13495072056646b30e0631287c1460

SHA1
b334fe927509aa35b18e9615de3b307d48542219

SHA256
e339958bbfdd1b7988b560ee325ffe20fdfffdb7fe5fe0bd4cb8468d45fa4179

SHA512
76389286433144739130b18ea76dd3492919a682cc752b6536f6b887c5a20b83ef9dd1e163c529fbf541bb9544e98d7e252a9e0a22871fa2bb933f4fda2bd0ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe

Filesize
184KB

MD5
46ef981b616b7bb15309ad3b4c6b343e

SHA1
90754952458b54797067955beb845ab0a62e54da

SHA256
9922c2f55ce663e443836471df60e6ca192b40ee86b6fa340fd552fa136972af

SHA512
7212099a4bc51728d5840318c8cc3a77faeeedc198cdedb25ad6aa7f62d887199e010066a705b49c6b3fe8ebd8a4ce02cc7f2d91de0d6ec88649168209473f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63399.exe

Filesize
184KB

MD5
56162eaa2248ec6b15a4a70b5b6eeaf5

SHA1
e7c81e03411ffd1b3723bb0208a4963b25ca7589

SHA256
833d0c0d436ed3a66d71cada78c038e4352b8e0781870cb26534d23a171b085c

SHA512
4786a515254add4ecd3d67b8199c6dd49d5926aa99fd026f6acbcbbd6c0f00c988bb96ac1b8c959f9cc332161d60ef7585c6537a7f8bb59908e15c1e8fe531f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe

Filesize
184KB

MD5
12e1abe82d9ee783b6ca98cca10282c4

SHA1
4a2d1b1b6e9017afce9427d2edbcb4020a9c81e3

SHA256
a8e7dae3fb4254b097886030405164c8a92c023200149d9e99c33a91f7cf8873

SHA512
032cdfbb00bd8ab35b03e2cab6e76812bdf641e52b1a7a9fe171adf30308200381cf343f256654498c37fa317971172fec92b6e818dd877d8b7306be05577371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21129.exe

Filesize
184KB

MD5
5585c61777602fb516deb01aa1a89775

SHA1
2663956c3b3082b4fe3d216630b889f0380118ac

SHA256
aa863da4acf8ef54a470809abe6b58584ab44b8860d2d26026a287440bef1e44

SHA512
79d9e954e9fda9c822c2a730c31bad1e8bdfc820b4b8b1ee315e87a046802cbb0e08255918c53084f26099dcf1fc1b682add6da1a403f6a59d559731ddbf5568

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe

Filesize
184KB

MD5
1bb3084ece8fa12f0721c380951e8059

SHA1
5433e1b0075beeddab800b79a8f3b9355c25cc21

SHA256
c1c579c919900a70ea6752d26ee4bc653bf5ac4613c14c8d209f37e738c51c29

SHA512
fefef65230dce3960c10a406cb26de1ec84994e01e25b9901e1fd2da368c9b60ea6a5761c5012680ef91ee46b44473eec1434c5e3649967dea513039537b7cf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3415.exe

Filesize
184KB

MD5
4680d2c128322dde55b2e4968fee9c2f

SHA1
ccc94d29c711d784a2cba54e01d7d785435e13e8

SHA256
e8aef1a737593739a646b6e1af6b5fee47e08b41c3ae835f6206951ed0cee1e5

SHA512
2b5c44a4204576bb18d574327267bf53d0ef9635991f29f609b12bca91ce1626ac2c56e475e9481621e60d65007070b904a76242918ccc4dc8d988a6cfb7780b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37200.exe

Filesize
184KB

MD5
97b828df9c818ec83194cacca76f4845

SHA1
2ae838ef102ed019b2a03cf18a096814dce9bd7c

SHA256
b69bba740d021117a33766d258699596233435d27fd49b0df166ab567872bb3e

SHA512
399e9e20ab8f9675effaa1fd4d65155f334922abbab29ba2d7d61e9556059040fa58d2dcc4c07d533c18aa39637d62046de102115c45d2d7bb4e040689f85df9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41786.exe

Filesize
184KB

MD5
cc7176f061fd52cbc31cfc9eace33d7a

SHA1
3713d0623d4f70b5b4626cc23e317fbff7a52ca9

SHA256
c073dbd87d0bf247c37b230fdc3c7745aa4fc241ee4411a82c53ffde09ebf237

SHA512
7885c29bdd08dcb5177906382713fb645b3511c24c46f0b930d70e6c1e217fd1758d64040cd3ca0614b42f39db8d4f4f84fc43f2ab857fb4ce4a82077127b3ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4184.exe

Filesize
184KB

MD5
0c6951bd0fcaa9e29e168812a4727122

SHA1
bba7e5c9d7ca545830619916c11d2c6a2168ff56

SHA256
7a1b35e476f87e9eea85616c54b43bc6fa1434a7044f69405b5ee9d07c6d4d44

SHA512
444374a3e3b24789e5f42640bc8f5786f860b625691bfbc60966130b98c273cbb75f9b9358d739974d97548987cc542b3ecac3ff9a9b478c802683f8e686b0df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5176.exe

Filesize
184KB

MD5
aafb14358bcbadf53fa8b4066452297b

SHA1
77bc6445bcf97f471a255a522f913185bd73e305

SHA256
bd7feb071e1038e896609ed585a4fae431e05f2dccb4228fb0fd32f382b86cd5

SHA512
06b64733826084b87e1360442ae77b259ec5921dd02fe081c67635bedc305d7fe6cdc85faed0ac1c42644102839e14c119a758bae87e35cfcd631a4cdfb26cb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe

Filesize
184KB

MD5
2f824ff3e438a27fb78cd8efb526297f

SHA1
4c297a1a158595f2411890f8ad8b1414801db5c9

SHA256
f9fcd559f55b088d679dec709269321d2744d3adcd85a70637ca575d3f3e1676

SHA512
b77a785a01cae22632c7183d0845f061fdf157de488f7142bc2b526f6d685648bdc7842ce41cd1e3d03ae8bcd409b9cd5a50b8a8e1bbe58de207d7d0027b8579

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe

Filesize
184KB

MD5
f0cd333e3861a3948df8ce2c007a4818

SHA1
63c3a6074aa1b703cc41f0c6eb267ea3aba7ffed

SHA256
6b45fac70586e7f5b33c4cbbdba232d2167fd375402af67117f514c5655c02d6

SHA512
ed0c1df3596a74b1e6be8dbd44e1ae8a6347192b0a350b43741b26535eb3d3b2d19659c7729ec5aba61c0bb2323253f7221bebfd6817c44002d304475beb3a6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe

Filesize
184KB

MD5
543c3b220bbca8488d815229f911fc8f

SHA1
5e1fbbafd3a6bba900f2c69e015e825413698055

SHA256
32efe18b959e9b1c6791df2ed8e433b0d63e119a831ed9ea5ce652abbd178386

SHA512
84fa7f990e037c50aa18274c32c7047491f7812d6a7250b58a014bd1844282a961dff4a9362cf939cc76f209e2b65b6ef2e5ead2d87a317ae759e59f3b163a32

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61652.exe

Filesize
184KB

MD5
7db5ad90967210e8624ff60f3bb24117

SHA1
be790a53dd00b8542bae531b06a4353125694f91

SHA256
ba78fc2d1b4e92f0c7950d7f3c32f9302dcd48d526d6f50eb991813c43ee0946

SHA512
ec87bfa485ccb4bc439fbf1d0f6d884160eb996b94c3c7b37a5613dd47ffb9d14526ca622c6953a423c34fc78c5c50ad113180fd4cc1238a7b4741b7919b9c6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6914.exe

Filesize
184KB

MD5
ae13f530c11e31019cebe6ce4a6c7da2

SHA1
ebdb30360797225ed45d5d0a12f591a4822b03eb

SHA256
53d09e38a56cc2f3c05b41911a32cd4b5102ce44bc623b9cfacbbdfd9e97d682

SHA512
6c7fc4ab07b8feeb743a2cd8993091457b6a39ffaba880de00ea5d04ae18ce1487b2b933e7b8e13195975491f6a7dd2a50005e2af1f9e51eb977e030e5b16e36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe

Filesize
184KB

MD5
434e65d9793a08ee9ceca66336f535e3

SHA1
3b9c95cd40089612836fc66dc768291bafcba44c

SHA256
fb6bc77622874b79631425a8da88bc47cfb5e25f378d1dae63e6191a7f3b3dbe

SHA512
4c8a4609e3d1a33a3d7ea5bb58f91cde68d8c083cbd1a80bbfb4bb3b8474c241eeff4c364c8303ddce013c588209e478682ee6762e9994772190fa884ed26b54

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads