f24ebb6126aded296106c1b61eec1e7a3702aec78f9f84fdfa9dbd16422fef73

Analysis

max time kernel
92s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26df985e61eecebcc83aac2cbbeb6181.exe
Size

184KB
MD5

26df985e61eecebcc83aac2cbbeb6181
SHA1

4f1b6fb5ef2e8c991a460304f4b54224c86b1b7e
SHA256

f24ebb6126aded296106c1b61eec1e7a3702aec78f9f84fdfa9dbd16422fef73
SHA512

ec9475bd00adb49bd0981a852bd2f73175ef463fed6fc3c8cabdc5c096260e2dc1da345d692224baf0d91272dcf69b57a066d5a7b6ec00edaa51a76e1a7f3a49
SSDEEP

3072:WPPHoVUmb4AC4eP0HaLOJPcZC6JzMPDkl3QrxKVLw4ClP6pFp:WP/ofZC4jHvJPc6E/3ClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2040	Unicorn-20646.exe
1908	Unicorn-20776.exe
2100	Unicorn-37858.exe
2744	Unicorn-32125.exe
2768	Unicorn-20427.exe
2752	Unicorn-11704.exe
2152	Unicorn-12145.exe
2456	Unicorn-33120.exe
2948	Unicorn-16784.exe
1536	Unicorn-44818.exe
2416	Unicorn-61154.exe
2088	Unicorn-3723.exe
1124	Unicorn-57008.exe
1268	Unicorn-20614.exe
2432	Unicorn-15784.exe
1708	Unicorn-32866.exe
2624	Unicorn-17874.exe
1308	Unicorn-56816.exe
2484	Unicorn-41824.exe
1968	Unicorn-12887.exe
2884	Unicorn-28669.exe
112	Unicorn-16033.exe
772	Unicorn-29354.exe
1960	Unicorn-57942.exe
2116	Unicorn-14169.exe
2904	Unicorn-63925.exe
2960	Unicorn-42758.exe
684	Unicorn-63370.exe
2180	Unicorn-46842.exe
2984	Unicorn-22892.exe
1688	Unicorn-31060.exe
2412	Unicorn-31060.exe
2556	Unicorn-49315.exe
2600	Unicorn-37617.exe
2552	Unicorn-23742.exe
2564	Unicorn-24235.exe
2832	Unicorn-41317.exe
2972	Unicorn-46191.exe
2488	Unicorn-30409.exe
2448	Unicorn-13326.exe
1532	Unicorn-50830.exe
860	Unicorn-13134.exe
2092	Unicorn-26347.exe
2780	Unicorn-14649.exe
1624	Unicorn-50851.exe
368	Unicorn-47644.exe
2408	Unicorn-38407.exe
1468	Unicorn-39284.exe
1432	Unicorn-46383.exe
1236	Unicorn-27586.exe
1616	Unicorn-60451.exe
1112	Unicorn-27992.exe
2248	Unicorn-40798.exe
2212	Unicorn-40052.exe
2240	Unicorn-7934.exe
2752	Unicorn-64556.exe
2760	Unicorn-49372.exe
3048	Unicorn-33590.exe
1052	Unicorn-21146.exe
1132	Unicorn-36928.exe
2172	Unicorn-4063.exe
2320	Unicorn-24846.exe
2176	Unicorn-24846.exe
1680	Unicorn-44712.exe

Loads dropped DLL 64 IoCs

pid	Process
2268	26df985e61eecebcc83aac2cbbeb6181.exe
2268	26df985e61eecebcc83aac2cbbeb6181.exe
2040	Unicorn-20646.exe
2268	26df985e61eecebcc83aac2cbbeb6181.exe
2268	26df985e61eecebcc83aac2cbbeb6181.exe
2040	Unicorn-20646.exe
1908	Unicorn-20776.exe
1908	Unicorn-20776.exe
2040	Unicorn-20646.exe
2100	Unicorn-37858.exe
2040	Unicorn-20646.exe
2100	Unicorn-37858.exe
2752	Unicorn-11704.exe
2100	Unicorn-37858.exe
2752	Unicorn-11704.exe
2100	Unicorn-37858.exe
1908	Unicorn-20776.exe
1908	Unicorn-20776.exe
2768	Unicorn-20427.exe
2768	Unicorn-20427.exe
2744	Unicorn-32125.exe
2744	Unicorn-32125.exe
2456	Unicorn-33120.exe
2456	Unicorn-33120.exe
2152	Unicorn-12145.exe
2152	Unicorn-12145.exe
2752	Unicorn-11704.exe
2752	Unicorn-11704.exe
1536	Unicorn-44818.exe
1536	Unicorn-44818.exe
2768	Unicorn-20427.exe
2768	Unicorn-20427.exe
2416	Unicorn-61154.exe
2416	Unicorn-61154.exe
2744	Unicorn-32125.exe
2948	Unicorn-16784.exe
2948	Unicorn-16784.exe
2744	Unicorn-32125.exe
2088	Unicorn-3723.exe
2456	Unicorn-33120.exe
2456	Unicorn-33120.exe
2088	Unicorn-3723.exe
1708	Unicorn-32866.exe
1708	Unicorn-32866.exe
1268	Unicorn-20614.exe
1268	Unicorn-20614.exe
2624	Unicorn-17874.exe
2624	Unicorn-17874.exe
2484	Unicorn-41824.exe
2484	Unicorn-41824.exe
2948	Unicorn-16784.exe
2948	Unicorn-16784.exe
1308	Unicorn-56816.exe
1308	Unicorn-56816.exe
2432	Unicorn-15784.exe
2416	Unicorn-61154.exe
2416	Unicorn-61154.exe
2432	Unicorn-15784.exe
1124	Unicorn-57008.exe
1536	Unicorn-44818.exe
2152	Unicorn-12145.exe
1536	Unicorn-44818.exe
1124	Unicorn-57008.exe
2152	Unicorn-12145.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2992	2832	WerFault.exe	65
1640	516	WerFault.exe	164

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2268	26df985e61eecebcc83aac2cbbeb6181.exe
2040	Unicorn-20646.exe
1908	Unicorn-20776.exe
2100	Unicorn-37858.exe
2752	Unicorn-11704.exe
2744	Unicorn-32125.exe
2768	Unicorn-20427.exe
2456	Unicorn-33120.exe
2152	Unicorn-12145.exe
2416	Unicorn-61154.exe
1536	Unicorn-44818.exe
2948	Unicorn-16784.exe
2088	Unicorn-3723.exe
1268	Unicorn-20614.exe
1124	Unicorn-57008.exe
1708	Unicorn-32866.exe
2624	Unicorn-17874.exe
1308	Unicorn-56816.exe
2432	Unicorn-15784.exe
2484	Unicorn-41824.exe
2884	Unicorn-28669.exe
1968	Unicorn-12887.exe
112	Unicorn-16033.exe
772	Unicorn-29354.exe
1960	Unicorn-57942.exe
2116	Unicorn-14169.exe
1688	Unicorn-31060.exe
2904	Unicorn-63925.exe
2960	Unicorn-42758.exe
684	Unicorn-63370.exe
2412	Unicorn-31060.exe
2984	Unicorn-22892.exe
2180	Unicorn-46842.exe
2556	Unicorn-49315.exe
2600	Unicorn-37617.exe
2552	Unicorn-23742.exe
2564	Unicorn-24235.exe
2832	Unicorn-41317.exe
2972	Unicorn-46191.exe
2488	Unicorn-30409.exe
2448	Unicorn-13326.exe
860	Unicorn-13134.exe
1532	Unicorn-50830.exe
2092	Unicorn-26347.exe
1624	Unicorn-50851.exe
2780	Unicorn-14649.exe
368	Unicorn-47644.exe
1468	Unicorn-39284.exe
2408	Unicorn-38407.exe
1236	Unicorn-27586.exe
2212	Unicorn-40052.exe
1112	Unicorn-27992.exe
1432	Unicorn-46383.exe
2760	Unicorn-49372.exe
1616	Unicorn-60451.exe
2752	Unicorn-64556.exe
2320	Unicorn-24846.exe
2240	Unicorn-7934.exe
3048	Unicorn-33590.exe
2176	Unicorn-24846.exe
2172	Unicorn-4063.exe
1052	Unicorn-21146.exe
2248	Unicorn-40798.exe
1680	Unicorn-44712.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2040	2268	26df985e61eecebcc83aac2cbbeb6181.exe	28
PID 2268 wrote to memory of 2040	2268	26df985e61eecebcc83aac2cbbeb6181.exe	28
PID 2268 wrote to memory of 2040	2268	26df985e61eecebcc83aac2cbbeb6181.exe	28
PID 2268 wrote to memory of 2040	2268	26df985e61eecebcc83aac2cbbeb6181.exe	28
PID 2268 wrote to memory of 2100	2268	26df985e61eecebcc83aac2cbbeb6181.exe	30
PID 2268 wrote to memory of 2100	2268	26df985e61eecebcc83aac2cbbeb6181.exe	30
PID 2268 wrote to memory of 2100	2268	26df985e61eecebcc83aac2cbbeb6181.exe	30
PID 2268 wrote to memory of 2100	2268	26df985e61eecebcc83aac2cbbeb6181.exe	30
PID 2040 wrote to memory of 1908	2040	Unicorn-20646.exe	29
PID 2040 wrote to memory of 1908	2040	Unicorn-20646.exe	29
PID 2040 wrote to memory of 1908	2040	Unicorn-20646.exe	29
PID 2040 wrote to memory of 1908	2040	Unicorn-20646.exe	29
PID 1908 wrote to memory of 2744	1908	Unicorn-20776.exe	31
PID 1908 wrote to memory of 2744	1908	Unicorn-20776.exe	31
PID 1908 wrote to memory of 2744	1908	Unicorn-20776.exe	31
PID 1908 wrote to memory of 2744	1908	Unicorn-20776.exe	31
PID 2040 wrote to memory of 2768	2040	Unicorn-20646.exe	33
PID 2040 wrote to memory of 2768	2040	Unicorn-20646.exe	33
PID 2040 wrote to memory of 2768	2040	Unicorn-20646.exe	33
PID 2040 wrote to memory of 2768	2040	Unicorn-20646.exe	33
PID 2100 wrote to memory of 2752	2100	Unicorn-37858.exe	32
PID 2100 wrote to memory of 2752	2100	Unicorn-37858.exe	32
PID 2100 wrote to memory of 2752	2100	Unicorn-37858.exe	32
PID 2100 wrote to memory of 2752	2100	Unicorn-37858.exe	32
PID 2752 wrote to memory of 2152	2752	Unicorn-11704.exe	36
PID 2752 wrote to memory of 2152	2752	Unicorn-11704.exe	36
PID 2752 wrote to memory of 2152	2752	Unicorn-11704.exe	36
PID 2752 wrote to memory of 2152	2752	Unicorn-11704.exe	36
PID 2100 wrote to memory of 2456	2100	Unicorn-37858.exe	35
PID 2100 wrote to memory of 2456	2100	Unicorn-37858.exe	35
PID 2100 wrote to memory of 2456	2100	Unicorn-37858.exe	35
PID 2100 wrote to memory of 2456	2100	Unicorn-37858.exe	35
PID 1908 wrote to memory of 2948	1908	Unicorn-20776.exe	34
PID 1908 wrote to memory of 2948	1908	Unicorn-20776.exe	34
PID 1908 wrote to memory of 2948	1908	Unicorn-20776.exe	34
PID 1908 wrote to memory of 2948	1908	Unicorn-20776.exe	34
PID 2768 wrote to memory of 1536	2768	Unicorn-20427.exe	38
PID 2768 wrote to memory of 1536	2768	Unicorn-20427.exe	38
PID 2768 wrote to memory of 1536	2768	Unicorn-20427.exe	38
PID 2768 wrote to memory of 1536	2768	Unicorn-20427.exe	38
PID 2744 wrote to memory of 2416	2744	Unicorn-32125.exe	37
PID 2744 wrote to memory of 2416	2744	Unicorn-32125.exe	37
PID 2744 wrote to memory of 2416	2744	Unicorn-32125.exe	37
PID 2744 wrote to memory of 2416	2744	Unicorn-32125.exe	37
PID 2456 wrote to memory of 2088	2456	Unicorn-33120.exe	39
PID 2456 wrote to memory of 2088	2456	Unicorn-33120.exe	39
PID 2456 wrote to memory of 2088	2456	Unicorn-33120.exe	39
PID 2456 wrote to memory of 2088	2456	Unicorn-33120.exe	39
PID 2152 wrote to memory of 1124	2152	Unicorn-12145.exe	40
PID 2152 wrote to memory of 1124	2152	Unicorn-12145.exe	40
PID 2152 wrote to memory of 1124	2152	Unicorn-12145.exe	40
PID 2152 wrote to memory of 1124	2152	Unicorn-12145.exe	40
PID 2752 wrote to memory of 1268	2752	Unicorn-11704.exe	41
PID 2752 wrote to memory of 1268	2752	Unicorn-11704.exe	41
PID 2752 wrote to memory of 1268	2752	Unicorn-11704.exe	41
PID 2752 wrote to memory of 1268	2752	Unicorn-11704.exe	41
PID 1536 wrote to memory of 2432	1536	Unicorn-44818.exe	46
PID 1536 wrote to memory of 2432	1536	Unicorn-44818.exe	46
PID 1536 wrote to memory of 2432	1536	Unicorn-44818.exe	46
PID 1536 wrote to memory of 2432	1536	Unicorn-44818.exe	46
PID 2768 wrote to memory of 1708	2768	Unicorn-20427.exe	44
PID 2768 wrote to memory of 1708	2768	Unicorn-20427.exe	44
PID 2768 wrote to memory of 1708	2768	Unicorn-20427.exe	44
PID 2768 wrote to memory of 1708	2768	Unicorn-20427.exe	44

C:\Users\Admin\AppData\Local\Temp\26df985e61eecebcc83aac2cbbeb6181.exe
"C:\Users\Admin\AppData\Local\Temp\26df985e61eecebcc83aac2cbbeb6181.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63370.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39284.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40265.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38683.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50383.exe
        12⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
        13⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22866.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24374.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1348.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        10⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37339.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        9⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7297.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10426.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26047.exe
        9⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9710.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62023.exe
        9⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        10⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14169.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21963.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
        8⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63925.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
        8⤵
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
        6⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30660.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50359.exe
        8⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        9⤵
        
        PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42758.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50825.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36096.exe
        12⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43211.exe
        7⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        8⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
        8⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15273.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19524.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52751.exe
        9⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44712.exe
        7⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59103.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39921.exe
        9⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24846.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50551.exe
        7⤵
        
        PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        7⤵
        Executes dropped EXE
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39979.exe
        8⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe
        7⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56114.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        9⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4063.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        9⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20622.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        11⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        12⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
        13⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58371.exe
        8⤵
        
        PID:1636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46842.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
        8⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33201.exe
        10⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45173.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44090.exe
        8⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
        7⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31060.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33447.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48880.exe
        10⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
        11⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41660.exe
        12⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-674.exe
        13⤵
        
        PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29354.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43979.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55017.exe
        10⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4711.exe
        11⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56819.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58899.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        8⤵
        
        PID:516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 516 -s 212
        9⤵
        Program crash
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        6⤵
        Program crash
        
        PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28669.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61235.exe
        8⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42767.exe
        9⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9876.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
        7⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25087.exe
        7⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
        8⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30229.exe
        7⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41236.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
        9⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49072.exe
        10⤵
        
        PID:420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29206.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        10⤵
        
        PID:844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12887.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18782.exe
        7⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47619.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43710.exe
        9⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49243.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        8⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7934.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46659.exe
        6⤵
        
        PID:1064

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11704.exe

Filesize
184KB

MD5
af9ca7a45e96654f440fded05fd48840

SHA1
0b84a27a0263127a91fd11070fa5e5985c4b68b3

SHA256
fde54a0dea722a5180f4893104115480a658fe940951194332a989bae2b965f7

SHA512
5f665c2d86ce29436705828d26723b0c45eac0881105f48abe4ee2d28272f97388e7123eb3ff05fbe3cbdbf004cf1b0ef63e050b09060b35bec585963ee7f2f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12145.exe

Filesize
184KB

MD5
2086f0e0cc6ea9d8892fe49976778735

SHA1
6df6b433c5463ea9a47fc2e334e53f585b327124

SHA256
f552c8590ec216656244118c3c59d2efcfa475d75e0ef578decf54228de6eb05

SHA512
3c38313d926990a8e355d0d9f37f100143165fd018397e14296d5ec79d0b9ca6ca9d0b2ad47e75b64f862a8796d35ed81b9886578a157facc488a16c19768b55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe

Filesize
184KB

MD5
4d7aa06e51d058a3932bc4496e498cd6

SHA1
240040b60eba708cb66c74ca57549026ace2cf27

SHA256
54cbe1bd8de748e7a495a957048a39d86448bda73f7e96e1bcfc7c844eb0c8d3

SHA512
0cb37a372d31b0ba7db75f29cb55c98f376a8256dcfeeb260bbeadc454b429b9732a0402ec52808e0242a402b7567bc02a11c0cdfa86d91c79f46f4a3f9a4667

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20776.exe

Filesize
184KB

MD5
dc0d8de7fc22ff21ad62b92d58431b7e

SHA1
5881a78737f37ab1b5b141edace12dd139562b77

SHA256
6562e1839db83ac5f394f71fa9025c5e1f3a346a011d54689d02cc7fa54b0d97

SHA512
233c3e4140cbae73918b136d6150fe24739295c31bf7f2e306d3c33d543fc05d5c79442f2d9442e97511af0b3f3a4334865ebf5bb27f9cbae5bf2c6042b67843

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32125.exe

Filesize
184KB

MD5
895a16f80bad4b143a9330bc573ffc57

SHA1
6f95b368890498c687ddccf8affaf48f7236e179

SHA256
62aad7098d2adc7d53d26a9664a8738bd537b7104f34a61caa54b17baf1a26bf

SHA512
411837c91b5d61eb5dd667a2adc8888b0ae08caa6a542d5a0bf76eb0091ddc21fb3925f5a751671b6b36df675a5875d4d9582cd32d56bb07145a044405e6b043

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40798.exe

Filesize
184KB

MD5
a8c9025389cea422aa816250ce192646

SHA1
01780cc60ffb8478c5bc739578a83802baa8775b

SHA256
6f7e50143cf487f6fd5c145b2c774662ca84dcdcf397f01a2b96d75d77d91c37

SHA512
c97da855487093bc5ff4b7ed8dd932ee8158cf1051f750dab6ece5dbf558dae5c82849c0b8561af15086ce58637897dec8e9641d47b162911255f03e8eb7ad83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6705.exe

Filesize
184KB

MD5
4b2a6c815b12ce143086ccdef14e9cae

SHA1
752e4d173a8316f2389771c394e9abf2b07f6d63

SHA256
21a0ffd6812da2f2c049fb252e705e5d041a18c75900ea6a1510f9a03b00873d

SHA512
011da6bea47017a2d65da9af93826ba50206881680396f925462e5cbe454b834e580e761bb64378bb5de44d6326f41a1f4ec60435dec87ae1cc6eed0f4d91a20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16784.exe

Filesize
184KB

MD5
b4161207e8f48e2618d8f4463a096942

SHA1
3b3c7a7c8bfe9a6ba94f9fc5d80eb6a5dd115f57

SHA256
2aa3a2ad7dc775930ac9b9f46e97527e3d3bde763d94492041438394ef70f5c4

SHA512
d65d55ae4c8302a4e1ff9eb63a9e33e0dca138e85371534a72434d3d26540cac3dc937ae6456a65539348ec608e890ab8f802621570e7bab8a0a302367c4fcde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe

Filesize
184KB

MD5
36161108dae38cefe81eee441a5194a3

SHA1
189ae1baa8dacb8509ac69d07e0c772f1fc16a40

SHA256
8c9146b6731d5650f6c16b3b0394b47e7213d176747c9297282d2aafecd33873

SHA512
5cf7c67ee35cc6a4dd58fd9a4c6575e36cff560ba78c1f118d7adeacd86f91760ba198529a8406a33668c91a30aead9790a8a6da03ce679682ede58b2f3dc473

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20427.exe

Filesize
184KB

MD5
bd85014209b15353203f2a37b5fbd328

SHA1
817fe06c6cacafc2064149d7ad513dd1997f54ba

SHA256
60e1ef521383f57c3ba773a44dc82cae36066357ecbdcc9f982a8bd6268d2b39

SHA512
3d1fd96fd7f1ddc56bad7434969b406dd352a9a31c28ce8cb45941f56b4990ec77287daf24a50f430b758763e9ccff8a67b767ba880bdb02f52a8bbdc8cedc3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe

Filesize
184KB

MD5
3528953c69bb383262a5ffd7405b75be

SHA1
b0ad24972194bb698f6cec214d6fdb672e225c54

SHA256
259f483940b180367947140f4edecec997477536463803f222810be9bdeeff7c

SHA512
aec966a5a4a620e467552e72ff80a53ad3d33047f0b4b8f3d61e43db3b7d59cf10799155cc0ed3af72d80e613b4440aec9fbbf55b9b237d57652cda475041b06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe

Filesize
184KB

MD5
7fedb4b84d439acf2926e15ae2010248

SHA1
7ad9be825365072297c18a182c007642e8a6f954

SHA256
224f67899c77f991a9b5c13915ba898f12e034ae3ca08ac2287b40a1e255a9b1

SHA512
4d9b5c067a6c7d216283b5913cd531e529257bac339b6322d76ba5380b7c46bd41e5a889f7ed567168fbe17698f412c0d3018c4bfd4c1e0cbed9ecdbd341e943

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32866.exe

Filesize
184KB

MD5
ff5ac0a88890922764cc1b8c00dd84d1

SHA1
ba47e9438db6612140363114ae3bc5145075c746

SHA256
b88f868db1ab0c6af518f6c300a318153fd249ecd8664bd145f07aca2d68762c

SHA512
26a45dc748aa55f8f245ae869ad20be730639d94dc4d5d974646d27d06a81737e6f8b0c59a5e83619c1f448ddc7eba1a86eff80b6b1b21d4872781f3c4ffbb2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe

Filesize
184KB

MD5
272abfbb9500f9f82e1dc5edf32f4000

SHA1
e6fb24ab043a3582d1f9985ec4efaf5b0d72c00d

SHA256
8be3c28ca6d60c5756253c832aeb3aa82373362d06eeba18eb53a64962cd31f6

SHA512
cb1cdcfffee4943ff5b85985c15bae1f0ba5465a4027f60817a3292c812cca5a908db78dcb6b3c8b3309bd587b9b169228aa3c6be35c228c9b113766b6b12f72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe

Filesize
184KB

MD5
81be8241d772ab6e2dacc12d897cd80c

SHA1
f96dababe4b219ce252c8d74b962724504628a73

SHA256
24c83abca9c7a9707d89ddcbd7a4f198607e962f3cddc14981b3f77d929e67ad

SHA512
04757390121e62bedc53a2a8d4df4c07c61de92ef9e81cfbb71901fa7266db446de62918131fef12fa3464e70657370638e233d0a68c0554dd2e36c9231835fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37858.exe

Filesize
184KB

MD5
937333c52ef7a0957408a8ab3303a15e

SHA1
3b00550ae44600a3a34e4d3e2bba8928fc50b4b7

SHA256
366ecea4f081d0e9389c9773450794aa0e8f5e42d9180aa83f52f918504d5f0d

SHA512
fb338c9d1fbb21f0aa6578bdd16b4fa943b3977427c47c06a848be411ffcdce027a74893e888ae660fe73536346af5367e96d784d87e48a297c3126df07bdb8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41824.exe

Filesize
184KB

MD5
96736c5debb5e76b850219ef37238d6d

SHA1
38c5aa22583ac0c45dd631d03603d44355304ba0

SHA256
e52791e12b303090b33955b5d5a682816a28a2919253a5ed3113b0c1c484286f

SHA512
5254438c09e74dc2422920545dde653f531fa0b8a70e76f502aafc0bf40a9a8a950fe088738e66d9fe83ec10cfdc3a1cf29f47c91cd33c0a7c9bab57350399e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe

Filesize
184KB

MD5
e075014e570581f1040a8f2f62b0fb18

SHA1
eadfe190ca467446ba6e28d99bfd88f062ff78df

SHA256
ca5332cc44441d3dce9ab344b412148d18f61f520f731363a202fb523c0f53fc

SHA512
83bd6992f5f021bb25f5d3dd2ab653f19c2385ccce2f1fd2ffa32fb0b6d93c349869ea9c5dd3ed6b944b63caa2ad34822b80917ebca2505b27c20d62422c6fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe

Filesize
184KB

MD5
29f28d55e5b01ed03cb8d4694b1fcc12

SHA1
681d279528ea36f9735e045d53bbf63b822f8500

SHA256
d3cc3291c02aad4e18486e96665327dc75f2fe12e3b05e5b86e8d6e8496fac8e

SHA512
4dfff5fe32d178ca94fe5e5d94c05953dcf9a0a33d192c66447f410a5ef2c32f02bc48775b6b95362ae53f5560fa7f0895f90c594141b0e30766769e29ca84de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe

Filesize
184KB

MD5
7397abd05600bc472d6557cd8c65f2e7

SHA1
56fdbaa3deed30996398c3b5b0251ee5e59de5b8

SHA256
51aa3e9abcbf4b2bccab0de2415b288115205259bfeef2b20a91e8afb9cde40e

SHA512
6a7fc45666113b49103a7927867017c50cf7e1ca57d258d8b23b161b17808a8647e4b86259e1eaea7124375615f5e33cb70b667d3321b1aea2580cc3c87470be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe

Filesize
184KB

MD5
9a539b127eb792a410f2cdfa2041466a

SHA1
a67b40ad401dbac68e0587f68706d8b8bc19b952

SHA256
69362414c28edf6225a7c1b7830e9131628d421d486f2d24cef63f3b1b5a765e

SHA512
39848fae34a5db466ba7bd77dd02fc19eb4235377798ed92a9aca0ae43b9bd19aae9f7b2481412190ec5d53602814c80db4c401bdafdc6db3bd11645e270b914

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads