6aa4e7a6ad7d8d02237f773438f28f61c12305ec244ae4715e982f8b49303abb

Analysis

max time kernel
57s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8af2a529199f6ce65ce94c00fbd6a83a.exe
Size

184KB
MD5

8af2a529199f6ce65ce94c00fbd6a83a
SHA1

39e718c9789949642f761c4559ebb1cb84a6ef1c
SHA256

6aa4e7a6ad7d8d02237f773438f28f61c12305ec244ae4715e982f8b49303abb
SHA512

7ef25c113c9bec3d7b4f2b5aa0f782140162344a92fbb8ccead66cde79547b18ad880910c1ce23fce38be717e641d94f69ca9252b0627edd9fd8410836202492
SSDEEP

3072:H4H9oslfbXi/qjAd/nnKzybOb86G/HI0zYxA1P4b7lPdpF1:H4do07i/bd/nKzSoIU7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2976	Unicorn-41395.exe
2988	Unicorn-28088.exe
2776	Unicorn-29519.exe
2652	Unicorn-23403.exe
2604	Unicorn-16666.exe
2580	Unicorn-2017.exe
2436	Unicorn-43422.exe
2780	Unicorn-4231.exe
2288	Unicorn-50547.exe
2884	Unicorn-40926.exe
1352	Unicorn-4807.exe
2908	Unicorn-25647.exe
796	Unicorn-24530.exe
1724	Unicorn-48044.exe
2016	Unicorn-30255.exe
1936	Unicorn-63721.exe
2060	Unicorn-50052.exe
756	Unicorn-47468.exe
2532	Unicorn-44432.exe
2424	Unicorn-57762.exe
844	Unicorn-36936.exe
1216	Unicorn-56226.exe
1552	Unicorn-10419.exe
1688	Unicorn-9459.exe
888	Unicorn-41425.exe
2336	Unicorn-8883.exe
2632	Unicorn-61239.exe
2352	Unicorn-59739.exe
2440	Unicorn-15499.exe
1776	Unicorn-41949.exe
2008	Unicorn-61815.exe
2096	Unicorn-1437.exe
2752	Unicorn-13606.exe
2460	Unicorn-59278.exe
2696	Unicorn-6624.exe
2056	Unicorn-53256.exe
2516	Unicorn-5088.exe
2548	Unicorn-12633.exe
2724	Unicorn-37107.exe
2816	Unicorn-53552.exe
548	Unicorn-26006.exe
2880	Unicorn-12841.exe
3044	Unicorn-25779.exe
1568	Unicorn-29078.exe
2640	Unicorn-15914.exe
2124	Unicorn-15914.exe
1664	Unicorn-35923.exe
1508	Unicorn-33148.exe
2040	Unicorn-30303.exe
1492	Unicorn-44814.exe
1240	Unicorn-11648.exe
2032	Unicorn-3688.exe
1064	Unicorn-34450.exe
648	Unicorn-8247.exe
268	Unicorn-65476.exe
2572	Unicorn-41714.exe
2368	Unicorn-38590.exe
2296	Unicorn-38227.exe
296	Unicorn-16825.exe
3016	Unicorn-36691.exe
1972	Unicorn-36691.exe
1312	Unicorn-12580.exe
1680	Unicorn-32446.exe
896	Unicorn-29238.exe

Loads dropped DLL 64 IoCs

pid	Process
1248	8af2a529199f6ce65ce94c00fbd6a83a.exe
1248	8af2a529199f6ce65ce94c00fbd6a83a.exe
2976	Unicorn-41395.exe
2976	Unicorn-41395.exe
1248	8af2a529199f6ce65ce94c00fbd6a83a.exe
1248	8af2a529199f6ce65ce94c00fbd6a83a.exe
2988	Unicorn-28088.exe
2988	Unicorn-28088.exe
2976	Unicorn-41395.exe
2976	Unicorn-41395.exe
2776	Unicorn-29519.exe
2776	Unicorn-29519.exe
2652	Unicorn-23403.exe
2652	Unicorn-23403.exe
2988	Unicorn-28088.exe
2988	Unicorn-28088.exe
2604	Unicorn-16666.exe
2604	Unicorn-16666.exe
2580	Unicorn-2017.exe
2580	Unicorn-2017.exe
2776	Unicorn-29519.exe
2776	Unicorn-29519.exe
2436	Unicorn-43422.exe
2436	Unicorn-43422.exe
2652	Unicorn-23403.exe
2652	Unicorn-23403.exe
2780	Unicorn-4231.exe
2780	Unicorn-4231.exe
2288	Unicorn-50547.exe
2288	Unicorn-50547.exe
1352	Unicorn-4807.exe
1352	Unicorn-4807.exe
2604	Unicorn-16666.exe
2604	Unicorn-16666.exe
2884	Unicorn-40926.exe
2884	Unicorn-40926.exe
2580	Unicorn-2017.exe
2580	Unicorn-2017.exe
2908	Unicorn-25647.exe
2908	Unicorn-25647.exe
2436	Unicorn-43422.exe
2436	Unicorn-43422.exe
796	Unicorn-24530.exe
796	Unicorn-24530.exe
2060	Unicorn-50052.exe
2060	Unicorn-50052.exe
2016	Unicorn-30255.exe
2016	Unicorn-30255.exe
2288	Unicorn-50547.exe
2288	Unicorn-50547.exe
1724	Unicorn-48044.exe
1724	Unicorn-48044.exe
756	Unicorn-47468.exe
756	Unicorn-47468.exe
2780	Unicorn-4231.exe
2780	Unicorn-4231.exe
2884	Unicorn-40926.exe
2884	Unicorn-40926.exe
1352	Unicorn-4807.exe
1352	Unicorn-4807.exe
2532	Unicorn-44432.exe
2532	Unicorn-44432.exe
2424	Unicorn-57762.exe
2424	Unicorn-57762.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2948	1064	WerFault.exe	80

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1248	8af2a529199f6ce65ce94c00fbd6a83a.exe
2976	Unicorn-41395.exe
2988	Unicorn-28088.exe
2776	Unicorn-29519.exe
2652	Unicorn-23403.exe
2604	Unicorn-16666.exe
2580	Unicorn-2017.exe
2436	Unicorn-43422.exe
2780	Unicorn-4231.exe
2288	Unicorn-50547.exe
1352	Unicorn-4807.exe
2884	Unicorn-40926.exe
2908	Unicorn-25647.exe
796	Unicorn-24530.exe
1724	Unicorn-48044.exe
2016	Unicorn-30255.exe
2060	Unicorn-50052.exe
1936	Unicorn-63721.exe
756	Unicorn-47468.exe
2532	Unicorn-44432.exe
2424	Unicorn-57762.exe
844	Unicorn-36936.exe
1216	Unicorn-56226.exe
1552	Unicorn-10419.exe
1688	Unicorn-9459.exe
888	Unicorn-41425.exe
2336	Unicorn-8883.exe
2352	Unicorn-59739.exe
2632	Unicorn-61239.exe
2440	Unicorn-15499.exe
2008	Unicorn-61815.exe
2096	Unicorn-1437.exe
2460	Unicorn-59278.exe
2056	Unicorn-53256.exe
2696	Unicorn-6624.exe
2752	Unicorn-13606.exe
2516	Unicorn-5088.exe
2548	Unicorn-12633.exe
2816	Unicorn-53552.exe
2724	Unicorn-37107.exe
2880	Unicorn-12841.exe
548	Unicorn-26006.exe
3044	Unicorn-25779.exe
2040	Unicorn-30303.exe
2640	Unicorn-15914.exe
2124	Unicorn-15914.exe
1568	Unicorn-29078.exe
1508	Unicorn-33148.exe
1664	Unicorn-35923.exe
1492	Unicorn-44814.exe
1240	Unicorn-11648.exe
2032	Unicorn-3688.exe
1064	Unicorn-34450.exe
648	Unicorn-8247.exe
268	Unicorn-65476.exe
2368	Unicorn-38590.exe
2572	Unicorn-41714.exe
296	Unicorn-16825.exe
1680	Unicorn-32446.exe
1972	Unicorn-36691.exe
1312	Unicorn-12580.exe
2296	Unicorn-38227.exe
3016	Unicorn-36691.exe
896	Unicorn-29238.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1248 wrote to memory of 2976	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	28
PID 1248 wrote to memory of 2976	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	28
PID 1248 wrote to memory of 2976	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	28
PID 1248 wrote to memory of 2976	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	28
PID 2976 wrote to memory of 2988	2976	Unicorn-41395.exe	29
PID 2976 wrote to memory of 2988	2976	Unicorn-41395.exe	29
PID 2976 wrote to memory of 2988	2976	Unicorn-41395.exe	29
PID 2976 wrote to memory of 2988	2976	Unicorn-41395.exe	29
PID 1248 wrote to memory of 2776	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	30
PID 1248 wrote to memory of 2776	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	30
PID 1248 wrote to memory of 2776	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	30
PID 1248 wrote to memory of 2776	1248	8af2a529199f6ce65ce94c00fbd6a83a.exe	30
PID 2988 wrote to memory of 2652	2988	Unicorn-28088.exe	31
PID 2988 wrote to memory of 2652	2988	Unicorn-28088.exe	31
PID 2988 wrote to memory of 2652	2988	Unicorn-28088.exe	31
PID 2988 wrote to memory of 2652	2988	Unicorn-28088.exe	31
PID 2976 wrote to memory of 2604	2976	Unicorn-41395.exe	33
PID 2976 wrote to memory of 2604	2976	Unicorn-41395.exe	33
PID 2976 wrote to memory of 2604	2976	Unicorn-41395.exe	33
PID 2976 wrote to memory of 2604	2976	Unicorn-41395.exe	33
PID 2776 wrote to memory of 2580	2776	Unicorn-29519.exe	32
PID 2776 wrote to memory of 2580	2776	Unicorn-29519.exe	32
PID 2776 wrote to memory of 2580	2776	Unicorn-29519.exe	32
PID 2776 wrote to memory of 2580	2776	Unicorn-29519.exe	32
PID 2652 wrote to memory of 2436	2652	Unicorn-23403.exe	34
PID 2652 wrote to memory of 2436	2652	Unicorn-23403.exe	34
PID 2652 wrote to memory of 2436	2652	Unicorn-23403.exe	34
PID 2652 wrote to memory of 2436	2652	Unicorn-23403.exe	34
PID 2988 wrote to memory of 2780	2988	Unicorn-28088.exe	35
PID 2988 wrote to memory of 2780	2988	Unicorn-28088.exe	35
PID 2988 wrote to memory of 2780	2988	Unicorn-28088.exe	35
PID 2988 wrote to memory of 2780	2988	Unicorn-28088.exe	35
PID 2604 wrote to memory of 2288	2604	Unicorn-16666.exe	38
PID 2604 wrote to memory of 2288	2604	Unicorn-16666.exe	38
PID 2604 wrote to memory of 2288	2604	Unicorn-16666.exe	38
PID 2604 wrote to memory of 2288	2604	Unicorn-16666.exe	38
PID 2580 wrote to memory of 2884	2580	Unicorn-2017.exe	37
PID 2580 wrote to memory of 2884	2580	Unicorn-2017.exe	37
PID 2580 wrote to memory of 2884	2580	Unicorn-2017.exe	37
PID 2580 wrote to memory of 2884	2580	Unicorn-2017.exe	37
PID 2776 wrote to memory of 1352	2776	Unicorn-29519.exe	36
PID 2776 wrote to memory of 1352	2776	Unicorn-29519.exe	36
PID 2776 wrote to memory of 1352	2776	Unicorn-29519.exe	36
PID 2776 wrote to memory of 1352	2776	Unicorn-29519.exe	36
PID 2436 wrote to memory of 2908	2436	Unicorn-43422.exe	39
PID 2436 wrote to memory of 2908	2436	Unicorn-43422.exe	39
PID 2436 wrote to memory of 2908	2436	Unicorn-43422.exe	39
PID 2436 wrote to memory of 2908	2436	Unicorn-43422.exe	39
PID 2652 wrote to memory of 796	2652	Unicorn-23403.exe	40
PID 2652 wrote to memory of 796	2652	Unicorn-23403.exe	40
PID 2652 wrote to memory of 796	2652	Unicorn-23403.exe	40
PID 2652 wrote to memory of 796	2652	Unicorn-23403.exe	40
PID 2780 wrote to memory of 1724	2780	Unicorn-4231.exe	41
PID 2780 wrote to memory of 1724	2780	Unicorn-4231.exe	41
PID 2780 wrote to memory of 1724	2780	Unicorn-4231.exe	41
PID 2780 wrote to memory of 1724	2780	Unicorn-4231.exe	41
PID 2288 wrote to memory of 2016	2288	Unicorn-50547.exe	42
PID 2288 wrote to memory of 2016	2288	Unicorn-50547.exe	42
PID 2288 wrote to memory of 2016	2288	Unicorn-50547.exe	42
PID 2288 wrote to memory of 2016	2288	Unicorn-50547.exe	42
PID 1352 wrote to memory of 1936	1352	Unicorn-4807.exe	43
PID 1352 wrote to memory of 1936	1352	Unicorn-4807.exe	43
PID 1352 wrote to memory of 1936	1352	Unicorn-4807.exe	43
PID 1352 wrote to memory of 1936	1352	Unicorn-4807.exe	43

C:\Users\Admin\AppData\Local\Temp\8af2a529199f6ce65ce94c00fbd6a83a.exe
"C:\Users\Admin\AppData\Local\Temp\8af2a529199f6ce65ce94c00fbd6a83a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1248
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57762.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11648.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53577.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38590.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        10⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
        11⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43713.exe
        9⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3688.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41417.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39224.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34450.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 220
        8⤵
        Program crash
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6624.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25153.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
        11⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24675.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43805.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18060.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16825.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22347.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20564.exe
        10⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53254.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45090.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63670.exe
        9⤵
        
        PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8883.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33055.exe
        10⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22856.exe
        8⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26006.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15812.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        7⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5925.exe
        8⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59739.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        8⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8133.exe
        6⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        7⤵
        
        PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9459.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30568.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        9⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29078.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21300.exe
        7⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42146.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6320.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18875.exe
        11⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3052.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        9⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
        11⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33186.exe
        7⤵
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65000.exe
        7⤵
        
        PID:1196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        7⤵
        
        PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        6⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        9⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
        10⤵
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7689.exe
        6⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
        8⤵
        
        PID:1184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21855.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        9⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
        10⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7630.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27555.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43461.exe
        9⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30303.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56370.exe
        9⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
        7⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2040.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16464.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23970.exe
        7⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6937.exe
        7⤵
        
        PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-609.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61352.exe
        8⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
        6⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36191.exe
        7⤵
        
        PID:1792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
      4⤵
      Executes dropped EXE
      PID:1776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16666.exe

Filesize
184KB

MD5
18f48cce1bb6307c5dc100d07d869bcd

SHA1
53f82b9dbe5f91e585ad1d78e7d97887111836c9

SHA256
f22904f2db09006bcb6ce75678b2dac6298dabdac82fdfc442903f25475313eb

SHA512
9c0925a5a4146afb007f299757c046b86dbe42d606178670a3aedfa75819e5577c5abaefe98626ebaaf32416e3f84d341e037b28d49cf02c7a8f3cdbe2001dfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe

Filesize
97KB

MD5
aff1c2213006ed01cbb2bdef919a2dd6

SHA1
a2cc975b2448a32ad1446d918c43bfc495fdbf5a

SHA256
343e13d9342da5fa229cac462463d3eb4dc0ffef30f135815541087ca0f5b3dd

SHA512
baaa71b79ed4e87a4025eb8f86ebcafc7e863ed6303debdcea5e9cd28588a00b9537391f6dfaf5af8f36d0bfd1fea34e72b8233ac974f02e52dc0cdcb894dc2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe

Filesize
184KB

MD5
2c5c9d3ff2383b1f07d4feb141e03260

SHA1
46afc9731ee2d8e8cb0eb43970b10dbc7d72264f

SHA256
3046b98f18d55ed3177c93646d98db94ac39a5d9a3c6099c7c94dcb06b3eec1b

SHA512
92d62ca9d1c28d187a6fc70783932163e8d129f0958eeef44f16d821e371fed1bc69e90beeeda4e0401eaaf3596b10f62b662a4b17988a512e8a7b7755b7638c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe

Filesize
82KB

MD5
36ae7d309c5ef8766f1abe96aef2a620

SHA1
a7ce4cb76759c007a29fbcd01507380b2b5f0a35

SHA256
84e2ea8ca85f8ab7ea00e1145926d47cf10d3cfbe8b292f8682aa95b7415f676

SHA512
42b92bd221e96f8a4189ac2c6ecb2fe3dcee4dc08d4dee191e1b7ba4542ec9fcad65fcc449aa6cbf331c74f74ac4884ea07a98e383633b8941c6775c31038f1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe

Filesize
136KB

MD5
b5d59441c40ec4738bbc05c839f3ae74

SHA1
f33b4c4abd5137cbbfb2a274b81073bcff4b5ff9

SHA256
eced0c0a10f653edb3a97709952b7bfa9a54726e24206dc7e3f7adfffb51e95c

SHA512
6d19d5c4f07cf4cb0c63ec17b0ffa085946b10152ae121a15d795998896a6cedbc820c3662dab95eaf42d7621009293ef9fc9d5de0ee45c1b41de57577304899

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4231.exe

Filesize
184KB

MD5
b86abf1b87c63f0e60c7f01c5197e4e2

SHA1
012ca28ee558ffed83f92841bb6dcb7b88fb7b38

SHA256
3f9f1bb21f12b0fe61caf80a41ce1e43eac54a88cc41344e103be566447eb2e9

SHA512
2c927eb5e575d59e7fc58d63e95db31bf9dbca83d175bd25c7148006610bfbf2e8ed3fd9fb8be31013f77f6d31923553a37c18d2341c6863ed2543e0a9cb8ad3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe

Filesize
184KB

MD5
eb25468239b15cd3473a6c9eee6dd765

SHA1
71168ece684c5cf7ad8d72530f382bdc928e3dc9

SHA256
344f816ebf4afbdfeba25d39ade7055de2c62b8461d484aa3dec84aaaf5493c8

SHA512
515b378d453b4f7d91da55e89fb89907c0549de0a468580cda397618f54998d0ac0145885842fade6b69eebedfd724bf130408287815ba269c89482162ec5c70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe

Filesize
45KB

MD5
2de20b613fbb61ff0c2889d7f99228be

SHA1
60fe84d69134347b40dfe3961fefc0c038931679

SHA256
e8ac80c3fe505bbdf6cfea02cda33271462f6942483fd785a3c7b33794d8d415

SHA512
7374b9797b774e64d7fc63bc0f1ec581f5940ba4339cb215608b05b5f51ee65266e00db109ccc42aea79b2ee3927efd94e9f3c288ddbfbc01f3ce825275c5980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50547.exe

Filesize
184KB

MD5
51e19152bba3c659c8b392224ee9a842

SHA1
9ae5ed5e0543a4a4575938d6eb7072c2b52c3905

SHA256
c25633369fe4cd85cec8971f15be9fc8fd3106597ef98e87d1bffeedc5650d37

SHA512
c3c3fbc4f6b8b647d3fd38584a3146417a01ab5bca1f723b85f372cfaec73cdfdfbec0980f4e7c63c171d6f8013dad4ed326f8f1dc3004cfcd616d6c1c0ed551

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe

Filesize
184KB

MD5
5e95316bae328c12c73367cb3733dc2a

SHA1
79d38cb22689d551dec6416dba2b4a491e4d93e5

SHA256
ff8f1e4ad012724a0f4bd8f13634f69778cda29bcde6d0839b449b27f5c9221e

SHA512
7f81f5d02a9918bad97ae6a3671c43707dec6bb4dca4358ba8acc640474007feceb78683b7175a4057e328c9b9b4e4997fb8bf48944449933124b608f35e8aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63782.exe

Filesize
184KB

MD5
cd2759c7fa766e41b31e23c354dbebdd

SHA1
60e84d9e44755df9957370e925e70807f9dcd751

SHA256
84d792905409d1e98f4302e835d2106cc06d1f5af3686754043066d0d0850acf

SHA512
16b987bdbcd3714428859f1310472391591d73bb203e6df126a019ce31fda775489dac204379fd9fad2a0fcd23eadfc55279fcee62979bde1c49ff967110c7e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe

Filesize
184KB

MD5
cf23e9ef9c5f3834b772a45ea084e977

SHA1
ef1aeb2ffdaf2abb424a608ca0c27c910b79b2c9

SHA256
a0e6809658d305ed0a7f4b2412321db1523ccc395d90a3a74ec93b452f5749c9

SHA512
42f58ef0dd4e66325f6226b4c9ed895a8e085d6c21091bacde686fab124568fbca288c547853b047d98d4d994eb14c7a4c6d43ad95ec731b5eeed2bc5c41233e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe

Filesize
184KB

MD5
90309a71657efca9a8d015cab2136753

SHA1
54fe1b0de792fded66da4843ae9d83d6a0db8b6c

SHA256
4ab0ef4391d7cea7f091353ac787aabf5f468b70290705cf39a205b0e07f9906

SHA512
53b524b6666a711fc820f4bd31db00e26b91c524aaa1f8847a77665211192e4954a9522d3633edfe4378f4c5becc36b37b5fe70bded82016f2cff139495bad8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe

Filesize
184KB

MD5
693f5b568cff049457c019d6ec3b06ff

SHA1
710e6021d99ffcf0f08ce239fd921d103304de85

SHA256
63876e704a44ac4443c61b7506a34006627a47a54646753712bbe467f78c7ba7

SHA512
3a5a6bf96351fb450e8ef6a9796b38a5c063221832011647b257b4825106437923615db5c513b8be6d59d872bc012d9c003eb20cf6a9017f74cbb9a3a7cbaa39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25647.exe

Filesize
184KB

MD5
af1207e697314d82c0964fcda7885c43

SHA1
cc524bc4e3e40d6642b1e51dd2a8054c498ab4b2

SHA256
f2115635d34a1a315c6c5f848e890194d15f2fd387bd6d9d545014a86181ad21

SHA512
13d04d9cac5567d64dd5487a42f3697878b2dc1886a1fb0a68d596251f438b13bed047e009750ac4798e21957677ff4e0a3aba8b07617ff74a1e0108a2c632f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe

Filesize
184KB

MD5
ed5114f70559d2391d0ccda4dad466fb

SHA1
c47a1b857bb53450b123729e45aa620fbebffbc9

SHA256
dc1052d38f5a42bcf2f4df1b6104db52e934c7e7b8e54a67f18abbd48434ef4e

SHA512
3e0a7f33b92553f0e504c1eefee7f03dca043bdcbaace3b137840e398dbf99c8f99683e2b3e6bd824afa5f8edf18d1078d3c2fd9edde67cfe0743261804f5a9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe

Filesize
184KB

MD5
9ede850adf9a963557c25a37df527f4a

SHA1
3def2cd634adc03ee9a786737cc804680f019502

SHA256
ec223481468c4062b1061a396c0bf9004ba3ebef150ee3a70c6c0df5d5bc0af6

SHA512
9e37c2f8313460484c5251a8796b3d676a524fefd8069e541ffdf1da12fd140f83ee18c9b15043b5ed1014539612961ec6cd977477d7a573dd55bdd29c5c3c5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe

Filesize
184KB

MD5
e595e4267e26dad770def39cbeca7d5d

SHA1
793ac9f85b9b0656f8b4cf5007d80084fc749923

SHA256
9c64fbbe7f0f6bbefbb8b0e08d0f641ca722a059b1a09bb3bb2255772ef908a5

SHA512
2b94b4e4665a5adf81eace8eb2a921917d8c61d78fd875cd0ef7285c60f2a671028235c76074a7475ca99d3437429e710273dcdffb820afc7c88f110771b86f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30255.exe

Filesize
17KB

MD5
80f8282edf90be12a7b99d8c45e03ed5

SHA1
694baec2365d5eec4084158606f174103dc6a489

SHA256
f99a7ef56d92be91341fdf8e08670290433892085771f651dbefb67896f58d04

SHA512
f8511cd0feb90f24909f86952e821f71e3356f5f8613dac06a87646cb70207801db2d118f8ad68974d808c266cf5dd0712b8c4afabd138ee0336ea01b04dd499

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe

Filesize
184KB

MD5
65f4b3e52e20440abcf26dc133ddcbe7

SHA1
9aea5ffb29b0c95c9768d269cd9cf69bdca0f0b9

SHA256
ac14c27cf0248fa64dbdabfd2e930eadb94f4572d20b4492b2218a8bf66294d9

SHA512
b62a74876c79d9a804b6d026d044111e7e7475ce7baa00ed333941c6b918660239af57d243e6e90c329a97d6c0a582c865ec90c6c1fa361df5ebfb0b18784983

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41395.exe

Filesize
184KB

MD5
97ececf8f135a884fa406c059b675450

SHA1
5386a55fec6cbd1d6a5f7eadf012197ec5c3e90a

SHA256
a324bd127b9eb150b960ed4b51715361c342633e24ad2eb9f9d5d90dbcb80bfe

SHA512
7b7d9df2e1d58724a41d1f4fc38359479d847b81c1dacecef156cfd0be9baab8e2d4d17b7a9068e1ac1fd2fce3fa42e6e3593ce954f94602bc5535b2fe78c201

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43422.exe

Filesize
184KB

MD5
17f714275e4e212f1cb368fcbbde91d8

SHA1
9ea439b0a2b4e5aa1289563d5c75c9a13d548959

SHA256
a55ff8d5a2c52fc11cfa4109625acba91f9db4a3070b890549da89ddfa3ed0fd

SHA512
783455fbf6ae99a0e81e8a9e40cf392f23b140ef5f026b4fed4a9d587d3d1d6cc1f34ddf3f7200601c8794eb66fe84307688f0ef9d757e9a0ca27fa97a1f1c9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe

Filesize
74KB

MD5
f7d66017c25cdfc99368270752c5ea4d

SHA1
194d276ab1b3ea196caa7743845a4188c35141c8

SHA256
02962cab0a9f74c1f885209117d3e56ece05809b2b89bc218e037dc324687d5f

SHA512
6be119ba74438c7ec3bb8b1aadbb73fa225139d7e38b03fcdbab1ff2ed71669300ae81369f449194a67c78c32d6208b617abd08e2d84a62eae4f59011f5f9616

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47468.exe

Filesize
45KB

MD5
c08660826e7f2f6980a8f95f5296044c

SHA1
4ffe4cbb88ea6082e71cefa7ce7d1a2baee0136b

SHA256
794f43c1357cc257e3945e91a4022ee4d52c12dd073e7a037ac54615e73ceb64

SHA512
9d5df21dc8a3f2c67d2b42320f9b31e57d20ab1d722c417ca084a16b8290c0040900e939f40c242ddd14c01b6ee2b161912baa9f43dd802d63a825be95b5de3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe

Filesize
107KB

MD5
35b996e704b43299b505e0380a5874fe

SHA1
c157c43ffb0f469e42c14623e415b0cb53d791b9

SHA256
87a05b4785a171434aa1fd48609ede74d718f842a626e6a0891c4068a6d59a1f

SHA512
5ecb7af1ad25f8c47a4831b34523be2bd63f9fe4a240605ad09564689eb1e5bd32e99c18c2a902bf8b04fc9a88aa8f0c9dc5c6fc2d58012ddb76d22e6663087a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48044.exe

Filesize
169KB

MD5
a2e30e847a7ca24b3a0f23b896369964

SHA1
0cfc8223d508248815602a36d1cc9aa466160558

SHA256
e5fdd6c2f711cb78b7283062dc2fa479e13355c6e55194c3821380a201491296

SHA512
7adeefc8f8723cd92b8fb1efc3e1a754f66338d774049e86009f0551d71eb5db5deec56ce86e02d9c5ee6016fc323dfd07b516a0448d1ebc72279e278bb83d82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4807.exe

Filesize
184KB

MD5
3e28882e474be75e6a532be4b8efdf1f

SHA1
671b5ef27a3fc2c5215b534a3465fa3020a00ee6

SHA256
d38cb9a9e63ad7f8513cd2cfefcbbef84d0c7adc52885892fd2bd38a8e41e18a

SHA512
8a42b116863059cfe65c7aa9d9eec3d5e1dd09d7f84bc15412b49b20a014018d4daa8715e167f6c2e790681bd8de06e84dd9b9fb1006d46872ef75537a53b968

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50052.exe

Filesize
184KB

MD5
dcb6abef3d2dbf747fe04dd98d5d34ab

SHA1
ff359c733210146f52cbfa891d51280cf9a4195f

SHA256
e0f3166193deb4911efbe67564d214363373c54047aa4360f5201940fea423d9

SHA512
ad60d9318b8d8499811a611b792837bfc5354426526ff266c181c8d1ec803184e0b9b21a1b424ebb7d8977dcecc01f6ccb9ff918846e26d927c69bad008df3fb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads