bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
Size

184KB
MD5

c5e65cf3260cbe4ad799fe0b75e04b3f
SHA1

3ac94614a0daab98ac017a9b00b6712810d5793e
SHA256

bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8
SHA512

60507ad061b295721dc33ec312d09c34160b125d3a2eb0f69c73cf099fa48d3c8429ff1b9c5d8a9ac2db00cfdf668509cb2e19197c7d0e9481aec2b5d42025c1
SSDEEP

3072:SG77vionWOKsd4+ZWAcn5sXXxlvnqnHiuv:SGio2Y4+Y5eXxlPqnHiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 24 IoCs

pid	Process
2192	Unicorn-35794.exe
2568	Unicorn-40623.exe
2772	Unicorn-21826.exe
2448	Unicorn-55703.exe
2724	Unicorn-10031.exe
2432	Unicorn-14608.exe
1752	Unicorn-8478.exe
1652	Unicorn-35621.exe
1488	Unicorn-49881.exe
2316	Unicorn-51765.exe
2312	Unicorn-46512.exe
1020	Unicorn-3560.exe
1628	Unicorn-3825.exe
1820	Unicorn-32968.exe
1608	Unicorn-3825.exe
1204	Unicorn-21174.exe
2452	Unicorn-20789.exe
1992	Unicorn-7790.exe
2788	Unicorn-51738.exe
524	Unicorn-40956.exe
572	Unicorn-7406.exe
1148	Unicorn-56342.exe
2512	Unicorn-50477.exe
3028	Unicorn-56607.exe

Loads dropped DLL 54 IoCs

pid	Process
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
2192	Unicorn-35794.exe
2192	Unicorn-35794.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
2192	Unicorn-35794.exe
2568	Unicorn-40623.exe
2192	Unicorn-35794.exe
2568	Unicorn-40623.exe
2772	Unicorn-21826.exe
2772	Unicorn-21826.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
2724	Unicorn-10031.exe
2724	Unicorn-10031.exe
2568	Unicorn-40623.exe
2568	Unicorn-40623.exe
2448	Unicorn-55703.exe
2448	Unicorn-55703.exe
2192	Unicorn-35794.exe
2192	Unicorn-35794.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
2432	Unicorn-14608.exe
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
1752	Unicorn-8478.exe
2432	Unicorn-14608.exe
1752	Unicorn-8478.exe
2772	Unicorn-21826.exe
2772	Unicorn-21826.exe
1652	Unicorn-35621.exe
1652	Unicorn-35621.exe
2724	Unicorn-10031.exe
2724	Unicorn-10031.exe
1488	Unicorn-49881.exe
1488	Unicorn-49881.exe
2568	Unicorn-40623.exe
2568	Unicorn-40623.exe
2312	Unicorn-46512.exe
2312	Unicorn-46512.exe
1820	Unicorn-32968.exe
1820	Unicorn-32968.exe
2772	Unicorn-21826.exe
2772	Unicorn-21826.exe
2192	Unicorn-35794.exe
2192	Unicorn-35794.exe
1608	Unicorn-3825.exe
1608	Unicorn-3825.exe
1020	Unicorn-3560.exe
1020	Unicorn-3560.exe
2432	Unicorn-14608.exe
2432	Unicorn-14608.exe
2448	Unicorn-55703.exe
2448	Unicorn-55703.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2556	2952	WerFault.exe	169

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
2192	Unicorn-35794.exe
2568	Unicorn-40623.exe
2772	Unicorn-21826.exe
2724	Unicorn-10031.exe
2448	Unicorn-55703.exe
2432	Unicorn-14608.exe
1752	Unicorn-8478.exe
1652	Unicorn-35621.exe
1488	Unicorn-49881.exe
1020	Unicorn-3560.exe
2316	Unicorn-51765.exe
2312	Unicorn-46512.exe
1628	Unicorn-3825.exe
1608	Unicorn-3825.exe
1820	Unicorn-32968.exe
1204	Unicorn-21174.exe
2452	Unicorn-20789.exe
1992	Unicorn-7790.exe
2788	Unicorn-51738.exe
524	Unicorn-40956.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 2192	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	28
PID 1600 wrote to memory of 2192	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	28
PID 1600 wrote to memory of 2192	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	28
PID 1600 wrote to memory of 2192	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	28
PID 2192 wrote to memory of 2568	2192	Unicorn-35794.exe	29
PID 2192 wrote to memory of 2568	2192	Unicorn-35794.exe	29
PID 2192 wrote to memory of 2568	2192	Unicorn-35794.exe	29
PID 2192 wrote to memory of 2568	2192	Unicorn-35794.exe	29
PID 1600 wrote to memory of 2772	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	30
PID 1600 wrote to memory of 2772	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	30
PID 1600 wrote to memory of 2772	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	30
PID 1600 wrote to memory of 2772	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	30
PID 2192 wrote to memory of 2448	2192	Unicorn-35794.exe	31
PID 2192 wrote to memory of 2448	2192	Unicorn-35794.exe	31
PID 2192 wrote to memory of 2448	2192	Unicorn-35794.exe	31
PID 2192 wrote to memory of 2448	2192	Unicorn-35794.exe	31
PID 2568 wrote to memory of 2724	2568	Unicorn-40623.exe	32
PID 2568 wrote to memory of 2724	2568	Unicorn-40623.exe	32
PID 2568 wrote to memory of 2724	2568	Unicorn-40623.exe	32
PID 2568 wrote to memory of 2724	2568	Unicorn-40623.exe	32
PID 2772 wrote to memory of 2432	2772	Unicorn-21826.exe	33
PID 2772 wrote to memory of 2432	2772	Unicorn-21826.exe	33
PID 2772 wrote to memory of 2432	2772	Unicorn-21826.exe	33
PID 2772 wrote to memory of 2432	2772	Unicorn-21826.exe	33
PID 1600 wrote to memory of 1752	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	34
PID 1600 wrote to memory of 1752	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	34
PID 1600 wrote to memory of 1752	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	34
PID 1600 wrote to memory of 1752	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	34
PID 2724 wrote to memory of 1652	2724	Unicorn-10031.exe	35
PID 2724 wrote to memory of 1652	2724	Unicorn-10031.exe	35
PID 2724 wrote to memory of 1652	2724	Unicorn-10031.exe	35
PID 2724 wrote to memory of 1652	2724	Unicorn-10031.exe	35
PID 2568 wrote to memory of 1488	2568	Unicorn-40623.exe	36
PID 2568 wrote to memory of 1488	2568	Unicorn-40623.exe	36
PID 2568 wrote to memory of 1488	2568	Unicorn-40623.exe	36
PID 2568 wrote to memory of 1488	2568	Unicorn-40623.exe	36
PID 2448 wrote to memory of 2316	2448	Unicorn-55703.exe	37
PID 2448 wrote to memory of 2316	2448	Unicorn-55703.exe	37
PID 2448 wrote to memory of 2316	2448	Unicorn-55703.exe	37
PID 2448 wrote to memory of 2316	2448	Unicorn-55703.exe	37
PID 2192 wrote to memory of 2312	2192	Unicorn-35794.exe	38
PID 2192 wrote to memory of 2312	2192	Unicorn-35794.exe	38
PID 2192 wrote to memory of 2312	2192	Unicorn-35794.exe	38
PID 2192 wrote to memory of 2312	2192	Unicorn-35794.exe	38
PID 1600 wrote to memory of 1020	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	39
PID 1600 wrote to memory of 1020	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	39
PID 1600 wrote to memory of 1020	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	39
PID 1600 wrote to memory of 1020	1600	bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe	39
PID 2432 wrote to memory of 1628	2432	Unicorn-14608.exe	40
PID 2432 wrote to memory of 1628	2432	Unicorn-14608.exe	40
PID 2432 wrote to memory of 1628	2432	Unicorn-14608.exe	40
PID 2432 wrote to memory of 1628	2432	Unicorn-14608.exe	40
PID 1752 wrote to memory of 1608	1752	Unicorn-8478.exe	41
PID 1752 wrote to memory of 1608	1752	Unicorn-8478.exe	41
PID 1752 wrote to memory of 1608	1752	Unicorn-8478.exe	41
PID 1752 wrote to memory of 1608	1752	Unicorn-8478.exe	41
PID 2772 wrote to memory of 1820	2772	Unicorn-21826.exe	42
PID 2772 wrote to memory of 1820	2772	Unicorn-21826.exe	42
PID 2772 wrote to memory of 1820	2772	Unicorn-21826.exe	42
PID 2772 wrote to memory of 1820	2772	Unicorn-21826.exe	42
PID 1652 wrote to memory of 1204	1652	Unicorn-35621.exe	43
PID 1652 wrote to memory of 1204	1652	Unicorn-35621.exe	43
PID 1652 wrote to memory of 1204	1652	Unicorn-35621.exe	43
PID 1652 wrote to memory of 1204	1652	Unicorn-35621.exe	43

C:\Users\Admin\AppData\Local\Temp\bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe
"C:\Users\Admin\AppData\Local\Temp\bf9a599315a49029c6bf3687e90647eac037f06b133df24790e5df455c464ba8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        7⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47889.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54555.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36681.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        7⤵
        
        PID:3596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39014.exe
        6⤵
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        6⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49766.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
        7⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56923.exe
        7⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41646.exe
        7⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        6⤵
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
        6⤵
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52802.exe
        6⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49220.exe
        6⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40881.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
        6⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        6⤵
        
        PID:696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41787.exe
        6⤵
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
        6⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31228.exe
        6⤵
        
        PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
        5⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59397.exe
        5⤵
        
        PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41090.exe
        5⤵
        
        PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
        5⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15199.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
        5⤵
        
        PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42160.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        6⤵
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        6⤵
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        6⤵
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        6⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22294.exe
        5⤵
        
        PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1922.exe
        5⤵
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        6⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        6⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46682.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24505.exe
        5⤵
        
        PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35841.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63218.exe
        5⤵
        
        PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52250.exe
        5⤵
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        5⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
        5⤵
        
        PID:768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17396.exe
        5⤵
        
        PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41895.exe
      4⤵
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe
        5⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
        5⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5592.exe
        5⤵
        
        PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe
      4⤵
      PID:1500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49317.exe
        5⤵
        
        PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
      4⤵
      PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63464.exe
      4⤵
      PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12901.exe
      4⤵
      PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
      4⤵
      PID:3536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3589.exe
        5⤵
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25312.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49337.exe
        6⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39506.exe
        6⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13373.exe
        5⤵
        
        PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
      4⤵
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20070.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
      4⤵
      PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53914.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27778.exe
        5⤵
        
        PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31838.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
      4⤵
      PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33281.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55391.exe
        5⤵
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
        6⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9035.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        5⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        5⤵
        
        PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13415.exe
      4⤵
      PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
        5⤵
        
        PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        5⤵
        
        PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46705.exe
      4⤵
      PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
    3⤵
    - Executes dropped EXE
    PID:1148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60736.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55789.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
      4⤵
      PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30840.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55591.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
      4⤵
      PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
      4⤵
      PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
    3⤵
    PID:2240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
    3⤵
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34698.exe
    3⤵
    PID:556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47467.exe
    3⤵
    PID:808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53420.exe
    3⤵
    PID:2952
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 180
      4⤵
      Program crash
      PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48371.exe
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34170.exe
    3⤵
    PID:3588
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
        5⤵
        
        PID:1912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7034.exe
        5⤵
        
        PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
      4⤵
      PID:1188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        5⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3508.exe
        5⤵
        
        PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
      4⤵
      PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55028.exe
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21203.exe
      4⤵
      PID:1320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
      4⤵
      Executes dropped EXE
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4070.exe
      4⤵
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36639.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59150.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27403.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
      4⤵
      PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17502.exe
      4⤵
      PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
    3⤵
    - Executes dropped EXE
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54934.exe
      4⤵
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25770.exe
        5⤵
        
        PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
      4⤵
      PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
      4⤵
      PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62394.exe
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50128.exe
      4⤵
      PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
    3⤵
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45573.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63748.exe
    3⤵
    PID:1376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
    3⤵
    PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
    3⤵
    PID:348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15855.exe
    3⤵
    PID:284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56607.exe
      4⤵
      Executes dropped EXE
      PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23050.exe
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
      4⤵
      PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46117.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1997.exe
      4⤵
      PID:1212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37618.exe
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4379.exe
    3⤵
    PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
    3⤵
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19457.exe
    3⤵
    PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
    3⤵
    PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
    3⤵
    PID:3348
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23743.exe
    3⤵
    PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46423.exe
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
    3⤵
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
    3⤵
    PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4138.exe
    3⤵
    PID:448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
  2⤵
  PID:1560
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe
  2⤵
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
  2⤵
  PID:1428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
  2⤵
  PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
  2⤵
  PID:1448
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21803.exe
  2⤵
  PID:2264
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
  2⤵
  PID:1620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35968.exe
  2⤵
  PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17450.exe

Filesize
184KB

MD5
bf42075590aaab3628c6cbbad097c259

SHA1
3812b78affef4f991707fe4f24a5f531d4f3130c

SHA256
2d03cbadd18c75e962ab92b42688ea32114257ac6798b4abd2c748d09862dd48

SHA512
d94c86ed3dfe37d5e78858b1210f848143ced1158149798969604c12f98fdc4bf32ba1a4299d990c7553f6f4fcead52c04c0ad3bd8811643a9e095a1fd19df7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32968.exe

Filesize
184KB

MD5
2c7dbb8ceb312d0303ce7a3150772715

SHA1
8db833a412542c1671916fbe53680b89bd75eb29

SHA256
6f8c7e3d92baee11720e4664318dc2c6add93ffe1d0de4e58965b5cb326bdc14

SHA512
ce821ff9ae761191b289940f1d8df123e702c6fb8660f376fe0c1bd8c8092f4d78155b88cf2704e8b3e751c782939a7d08160c0af1b947655f54af9433703097

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe

Filesize
184KB

MD5
df898803710e3f1d4da1391d4756b7f7

SHA1
e3c84b29ef6c158675e272c12aab5eb940cc6b40

SHA256
fd53f13a507ea5316cc8163252b697a75809921c7c4eb961aabce89f0bb822c4

SHA512
edf03555d6ea6f3e6dabda0b40a1e9f8acc85ade78053c3dd82b801012ee67d3784d5c4671711543fc87c0b07d2bdcdd1ae771f4be8a48014ad2797211ad3753

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe

Filesize
184KB

MD5
355c1574c77bcb61e2c1802259913b13

SHA1
f55fb4886a4894f2ed6888393d594bd7dedb8562

SHA256
005a978d8060d1205dfb603bb2e8ede7e9a78ac41cb1045665d8d692e8f6e642

SHA512
2c1888719cf10020fd2beb866e0b6096f6855fd4ce7567c6b1886aa0da4c79bb853b635ee74a7f8309dcf26b0afbc84c0a909d4a57b07f359269c1d522b23504

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38521.exe

Filesize
184KB

MD5
6664889a3dfa20ad13d44a74108660e2

SHA1
b46e16187c85e79f8274c0bd731199a917ddd7db

SHA256
cbb6589b08bbfd84833a6b39519070b1598eab0b8773ee423deba135c100bbc7

SHA512
457a2f9ef41c7e8e0b46f0a2b5beb4bf78840c9976b8003960852db019cd18497cca170bd0427c49020dac43c2ef3c336c4770ae8dcd20564dfaca32686a562b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe

Filesize
184KB

MD5
013aa78a0af1cc2bbb1af286f6cca347

SHA1
16f24e0c74f6eb3417bdcfed7e1eb0710906a714

SHA256
02f27c1b087fcc365a91e2f7a87b96c081c77d5a92c08b8fb1c024bfe8eed926

SHA512
5dd830d31ab64a295470b50eba85c776acf2475cd89abe680a88322b43da8c29c33687e9f34425f70702f03129175b7c838e99f4ea6dd65ce178f657f4de2628

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6410.exe

Filesize
184KB

MD5
198686dad0b7b411180463e655486ecf

SHA1
35dfe102e812403236c5046b26dddc7173fe2279

SHA256
a0e3657071feba271638f6bbe2a41300a71b532a6d2411bf25544d967caf1b03

SHA512
d7bf850ca7139a2efe2ad7184de0fe27086eeac67b5c82648864c32aeebaae1788c84e09cb944c370f01b0baec7889610612a47f85c3412151f16448ff5abc3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6611.exe

Filesize
184KB

MD5
805a4e6273149a1a0ec3354f61c72611

SHA1
155fa26e56b7c547c8bef618c3181621f4ae6d7b

SHA256
7754e55e84a7c587846dd6d80391f95d0c0423af8ea81a4d2436c36ddb199815

SHA512
d4f60514d9f3a55b0dd2c27482c02482fc3eb6fcc82e1e7683d711edbe0aa3e39377dcdffb6f0fa0fb49c60bef02104a7f199c8c6c3e24c56b0afd58be30026a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-789.exe

Filesize
184KB

MD5
7f800c99f32f347577fdcf72ce21ed7e

SHA1
08e1e763d7e012d110ea2218ae6783a2570c5ed5

SHA256
a8d8a7271ab5614fac39ecb4861a1c6ff8573fefacac0768c33086d7c51e1ed4

SHA512
af7b8bb43d1b439f6dcc92c512573b2f1f18c10371cd54d3bd9d703642a1b9106757ecd8d6db40846b96d143261b19e602b474689394c6ba6867b95296d89d69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe

Filesize
184KB

MD5
4dac3d538e7e3c1571605886068815f5

SHA1
76c3203884868b34cd91ad559127690a335bafb4

SHA256
208b75e78cc323525175e542d9186615b3410d9624de766ede8c486be03027cd

SHA512
5d5e9a4459dbfae97f4c3313ca023957280cf47fb92a784103f9abf8d77e3862292b3825e492f04d2a0e984ee05535cada01849eca36e6e48d6a4fa35368e854

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14608.exe

Filesize
184KB

MD5
04bfa054cf679858a7ed5dc62fe579ac

SHA1
55bcecb297c6145da2a7aa06e3333ba6ea4ad61d

SHA256
c52c47efae0a35ca8a340c98d388874c2fcbeb912b8172a2f68b7e35e709f854

SHA512
ea081e4e8a699bdcc7c29bfa9d18fde8d61de9f4924073d1fbad7ce7efb2048532d5e080c5edcb92079e3a855dcb327435d0fabe55ebba2f073c5a7ec81d70a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe

Filesize
184KB

MD5
f17e3b9438be58ba5dc914b6de1c7d56

SHA1
e0e1e22110a2fefb50acb705c3096dbb169784b2

SHA256
2ea1d619ac7a1f45ebf840570b4ca360041cdc70d6c4d9d385894af128b5cc1e

SHA512
618589aaf22d732a7fa3b018a79b369e99e8c50136f50f45ef4bcbd2c32f01c21c3a94905d0a9481839d8adff89dda8cf1a2ff892b8400342f0301705bb4afe9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21174.exe

Filesize
184KB

MD5
a7fd44998e5f70bbce94ee0cf8e0bad6

SHA1
893394d4a7cb7b839819461268900a4653049d44

SHA256
fa93ea089f46ef775ec5a559d3e501d62fffcbdc00c8fed01bd4000084d4330a

SHA512
0f2e93ef59ee0303f99f0bd87537c41f781364533336cf92a982e9123d63abcbb76bb53b59942ca582a57572f98a84a3f28c9a12a3388834a46861c1f512cac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21826.exe

Filesize
184KB

MD5
24260e8201d909aaa2a82d2974e19a07

SHA1
4692a2ecc61d0e956b03d892c8ad8a8618729883

SHA256
703f0714d2a13d60dfe5c77f818673e16a62ee9e37202bef6a1074c8a0c98193

SHA512
98fdd57fb00ebdc73eb63991c066b6d9c2e5bb0ea240bc26a5e9fef14fb5eabdd8edf142a3c29e24aa1e99e1660cb5d8b672fee174ddddc22407126b870e96e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe

Filesize
184KB

MD5
0bb14a392f84f84e97424802ab670f4e

SHA1
782e83a0c9121d386c9c043349be353cdd605dae

SHA256
90c83692f84061b29d1fb9695c592b7d751aab09cff530b3cb2285c4049a71fa

SHA512
be6d666cf99eb2eaed9ff009775374618e23bdd247fd9f2611d18e85f9e950571b249b9fa38e4370061aa0a392c4e6e202d2a2442ec96fd3310b7541e86183c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35794.exe

Filesize
184KB

MD5
9a304bb0cee19731d5eeb68f5b41c620

SHA1
ee9eb5269a510ddb93cd71be8ca0f6e4bff8eb6a

SHA256
8512fc3b6194ef8c06bbc1126d90e04d4e1eaf33eb4765b50737985e062f94a1

SHA512
29f4d95f1b32a06a924bcabfea1513eeb034ed1fe265a71d9b6c398ab6800face930f68e9d0746ba4f9cc0650f322665683dd24d3c2930b9abf90f2c4ab27cc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe

Filesize
184KB

MD5
e7ae1e63d68081ea3bf1cd3c7a178cf0

SHA1
5d4ff964a7ba0c863137986de560c5b30cfae299

SHA256
e09ba9795ac4610a607f953a741a5b4ebc6bf575bf5d7eebb01d5f97496fa257

SHA512
e10985afc6ada5268da7e13408afb48d73e6dc1140e66f46c7ccf5e1f76ad4937a06311a5a6991d075698ba66a6795eb2be1ed2f3b168b2d020e9a65e0123141

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe

Filesize
184KB

MD5
a91581ffc4ebb5752e1b63be9f7e29e9

SHA1
7addbf46d9bc88dcd494743b9a8088294841573d

SHA256
6c7ae82044fd7dc9a868cce62d1862ebb18e02c483c0fb8ae45e4deae9e7253e

SHA512
7828309294e8af7b51b3f0b0cdada81c4c6489fed945ddcbcaea589369032df768ae67464afd6fd6f6a27703451b15ce1ec0b1296fc4ca1b77b7facc47f181b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe

Filesize
184KB

MD5
7c4fef2ddf52e06c00c1f8bde1d7fd28

SHA1
05584257c32ae3fa3c31d41f9e863bc2b72635ed

SHA256
4cef91c6efcfa096282a84ec3c0eaeba7a94be23596812503ee8fcd45c094141

SHA512
e2c713bf1131cdaf9424bf826644d1496d8256e194537ac276b7a5643b8d879466497c4baa7fe263128e1c72e74b1c85c193ad46d80c74649f95ce3b0a41a59c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55703.exe

Filesize
184KB

MD5
a7cf1500a62cffff9a37521b617ef92c

SHA1
d59824e8fc1b5e8775931345363b61f3694e47ff

SHA256
41ad1335eaf594e8ef9986b6a6ae54dc894ffa04fc7e65689cf2f46b15c0762b

SHA512
b9c1db8e729a6d3d1e5a559aa245422404d3f1be0a3108b3edfa37acad2ed00706a54e79e523bf72a5c5768e05ea8ff4d0289057ed8f129eb2aa134f63dd2ba4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe

Filesize
184KB

MD5
f34ca607edba4e321adbc59a05b614d2

SHA1
9e29671f3765237f1955e4aeff68c5d56b822498

SHA256
e3efc3df408a6c68a3096054efb4968474041125317a7aebebe6f52525108eee

SHA512
ed8fd8852aa43bb20ca406b95b37d6bbfff49ba594ac41bb59010fec80336ef7a7a62d1fa89646dd275b652911d29dec88922d49216c5e97395870cd32f41b91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8478.exe

Filesize
184KB

MD5
c61a6380725000cd650ab15076bb03c5

SHA1
b0e862d583bbdf77af321277da0c3e8e6410378c

SHA256
b99849e9f5f603e02fce4d4802d08ea480ca8fbdc8d28554a91e71b071609150

SHA512
fb13b7aa3f5fe90ccd620f875b3af4d23e81679d06357f3c1ff113fcb0f75b0b67f179512a07faebc415eeb65d0c12387d0116cc219c24275ca8d5726aa482fa

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads