e45ff97589a6dc16ab11766eb16a3f5c8d089b627b88a2f8380db1b107eb9280

Analysis

max time kernel
31s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 17:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fc55bbbfed5c9b5432b23ef27290b6c.exe
Size

184KB
MD5

8fc55bbbfed5c9b5432b23ef27290b6c
SHA1

3beda8e5d4fa8f279b4bdc6860b7bda85c73597a
SHA256

e45ff97589a6dc16ab11766eb16a3f5c8d089b627b88a2f8380db1b107eb9280
SHA512

fc1edca84b6af1de20662c7cb3c49e8585a6376e3f5c32c80b2553e81f188416ea9bffc2dff26cfdfbdbdbcd3d33f7f6698d53e7bc3d9aaa5197c2de0fcc511f
SSDEEP

3072:ZzS7ozB91YAgr9Asden4M8Njyva60kfVtSEe8gPLm6lPvpFS:Zzeop5grhdg4M8g9tn6lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2172	Unicorn-62063.exe
2744	Unicorn-34710.exe
2732	Unicorn-14844.exe
2752	Unicorn-34264.exe
2600	Unicorn-2146.exe
2484	Unicorn-22012.exe
2876	Unicorn-56111.exe
2988	Unicorn-28077.exe
2468	Unicorn-23439.exe
2212	Unicorn-15270.exe
1352	Unicorn-65026.exe
1916	Unicorn-20554.exe
1016	Unicorn-58057.exe
2252	Unicorn-133.exe
2272	Unicorn-41166.exe
320	Unicorn-13132.exe
584	Unicorn-9048.exe
1048	Unicorn-24830.exe
472	Unicorn-16662.exe
452	Unicorn-42401.exe
1872	Unicorn-14367.exe
1496	Unicorn-17897.exe
996	Unicorn-55400.exe
2000	Unicorn-1560.exe
1308	Unicorn-53776.exe
1752	Unicorn-43916.exe
1696	Unicorn-43361.exe
1464	Unicorn-3075.exe
2352	Unicorn-3075.exe
596	Unicorn-31109.exe
892	Unicorn-22941.exe
1892	Unicorn-5810.exe
2860	Unicorn-39229.exe
2620	Unicorn-63179.exe
2688	Unicorn-42759.exe
2816	Unicorn-26977.exe
2404	Unicorn-38675.exe
1960	Unicorn-10854.exe
872	Unicorn-48358.exe
3028	Unicorn-39635.exe
2888	Unicorn-3433.exe
3016	Unicorn-6962.exe
2180	Unicorn-36297.exe
2036	Unicorn-56163.exe
2296	Unicorn-35743.exe
2108	Unicorn-39827.exe
1564	Unicorn-26807.exe
384	Unicorn-6941.exe
1248	Unicorn-30891.exe
1632	Unicorn-19454.exe
1864	Unicorn-11285.exe
1772	Unicorn-53641.exe
1100	Unicorn-44918.exe
648	Unicorn-29136.exe
2440	Unicorn-40834.exe
2980	Unicorn-32666.exe
1516	Unicorn-548.exe
1996	Unicorn-12245.exe
1768	Unicorn-57917.exe
572	Unicorn-4077.exe
2548	Unicorn-37496.exe
2208	Unicorn-65530.exe
2528	Unicorn-49194.exe
1700	Unicorn-8908.exe

Loads dropped DLL 64 IoCs

pid	Process
2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe
2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe
2172	Unicorn-62063.exe
2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe
2172	Unicorn-62063.exe
2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe
2732	Unicorn-14844.exe
2732	Unicorn-14844.exe
2172	Unicorn-62063.exe
2172	Unicorn-62063.exe
2744	Unicorn-34710.exe
2744	Unicorn-34710.exe
2752	Unicorn-34264.exe
2752	Unicorn-34264.exe
2732	Unicorn-14844.exe
2732	Unicorn-14844.exe
2600	Unicorn-2146.exe
2600	Unicorn-2146.exe
2484	Unicorn-22012.exe
2484	Unicorn-22012.exe
2744	Unicorn-34710.exe
2744	Unicorn-34710.exe
2876	Unicorn-56111.exe
2876	Unicorn-56111.exe
2752	Unicorn-34264.exe
2752	Unicorn-34264.exe
2988	Unicorn-28077.exe
2988	Unicorn-28077.exe
2468	Unicorn-23439.exe
2468	Unicorn-23439.exe
2600	Unicorn-2146.exe
2600	Unicorn-2146.exe
2212	Unicorn-15270.exe
2212	Unicorn-15270.exe
2484	Unicorn-22012.exe
2484	Unicorn-22012.exe
1352	Unicorn-65026.exe
1352	Unicorn-65026.exe
1916	Unicorn-20554.exe
1916	Unicorn-20554.exe
2876	Unicorn-56111.exe
2876	Unicorn-56111.exe
1016	Unicorn-58057.exe
1016	Unicorn-58057.exe
2988	Unicorn-28077.exe
2988	Unicorn-28077.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
1316	WerFault.exe
2272	Unicorn-41166.exe
2272	Unicorn-41166.exe
320	Unicorn-13132.exe
320	Unicorn-13132.exe
2468	Unicorn-23439.exe
2468	Unicorn-23439.exe
584	Unicorn-9048.exe
584	Unicorn-9048.exe
2212	Unicorn-15270.exe
1352	Unicorn-65026.exe
2212	Unicorn-15270.exe
1352	Unicorn-65026.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1316	2252	WerFault.exe	42

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe
2172	Unicorn-62063.exe
2744	Unicorn-34710.exe
2732	Unicorn-14844.exe
2752	Unicorn-34264.exe
2600	Unicorn-2146.exe
2484	Unicorn-22012.exe
2876	Unicorn-56111.exe
2988	Unicorn-28077.exe
2468	Unicorn-23439.exe
2212	Unicorn-15270.exe
1352	Unicorn-65026.exe
1916	Unicorn-20554.exe
1016	Unicorn-58057.exe
2252	Unicorn-133.exe
2272	Unicorn-41166.exe
320	Unicorn-13132.exe
584	Unicorn-9048.exe
472	Unicorn-16662.exe
1048	Unicorn-24830.exe
452	Unicorn-42401.exe
1872	Unicorn-14367.exe
1496	Unicorn-17897.exe
996	Unicorn-55400.exe
2000	Unicorn-1560.exe
1752	Unicorn-43916.exe
1308	Unicorn-53776.exe
1696	Unicorn-43361.exe
596	Unicorn-31109.exe
1464	Unicorn-3075.exe
2352	Unicorn-3075.exe
892	Unicorn-22941.exe
1892	Unicorn-5810.exe
2860	Unicorn-39229.exe
2620	Unicorn-63179.exe
2688	Unicorn-42759.exe
2816	Unicorn-26977.exe
2404	Unicorn-38675.exe
872	Unicorn-48358.exe
1960	Unicorn-10854.exe
3028	Unicorn-39635.exe
2888	Unicorn-3433.exe
3016	Unicorn-6962.exe
2180	Unicorn-36297.exe
2036	Unicorn-56163.exe
2296	Unicorn-35743.exe
384	Unicorn-6941.exe
2108	Unicorn-39827.exe
1564	Unicorn-26807.exe
1248	Unicorn-30891.exe
1632	Unicorn-19454.exe
1864	Unicorn-11285.exe
1772	Unicorn-53641.exe
1100	Unicorn-44918.exe
648	Unicorn-29136.exe
2440	Unicorn-40834.exe
2980	Unicorn-32666.exe
1768	Unicorn-57917.exe
1516	Unicorn-548.exe
1996	Unicorn-12245.exe
2208	Unicorn-65530.exe
572	Unicorn-4077.exe
2548	Unicorn-37496.exe
1904	Unicorn-24690.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2172	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	28
PID 2844 wrote to memory of 2172	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	28
PID 2844 wrote to memory of 2172	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	28
PID 2844 wrote to memory of 2172	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	28
PID 2172 wrote to memory of 2744	2172	Unicorn-62063.exe	29
PID 2172 wrote to memory of 2744	2172	Unicorn-62063.exe	29
PID 2172 wrote to memory of 2744	2172	Unicorn-62063.exe	29
PID 2172 wrote to memory of 2744	2172	Unicorn-62063.exe	29
PID 2844 wrote to memory of 2732	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	30
PID 2844 wrote to memory of 2732	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	30
PID 2844 wrote to memory of 2732	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	30
PID 2844 wrote to memory of 2732	2844	8fc55bbbfed5c9b5432b23ef27290b6c.exe	30
PID 2732 wrote to memory of 2752	2732	Unicorn-14844.exe	31
PID 2732 wrote to memory of 2752	2732	Unicorn-14844.exe	31
PID 2732 wrote to memory of 2752	2732	Unicorn-14844.exe	31
PID 2732 wrote to memory of 2752	2732	Unicorn-14844.exe	31
PID 2172 wrote to memory of 2600	2172	Unicorn-62063.exe	33
PID 2172 wrote to memory of 2600	2172	Unicorn-62063.exe	33
PID 2172 wrote to memory of 2600	2172	Unicorn-62063.exe	33
PID 2172 wrote to memory of 2600	2172	Unicorn-62063.exe	33
PID 2744 wrote to memory of 2484	2744	Unicorn-34710.exe	32
PID 2744 wrote to memory of 2484	2744	Unicorn-34710.exe	32
PID 2744 wrote to memory of 2484	2744	Unicorn-34710.exe	32
PID 2744 wrote to memory of 2484	2744	Unicorn-34710.exe	32
PID 2752 wrote to memory of 2876	2752	Unicorn-34264.exe	34
PID 2752 wrote to memory of 2876	2752	Unicorn-34264.exe	34
PID 2752 wrote to memory of 2876	2752	Unicorn-34264.exe	34
PID 2752 wrote to memory of 2876	2752	Unicorn-34264.exe	34
PID 2732 wrote to memory of 2988	2732	Unicorn-14844.exe	35
PID 2732 wrote to memory of 2988	2732	Unicorn-14844.exe	35
PID 2732 wrote to memory of 2988	2732	Unicorn-14844.exe	35
PID 2732 wrote to memory of 2988	2732	Unicorn-14844.exe	35
PID 2600 wrote to memory of 2468	2600	Unicorn-2146.exe	36
PID 2600 wrote to memory of 2468	2600	Unicorn-2146.exe	36
PID 2600 wrote to memory of 2468	2600	Unicorn-2146.exe	36
PID 2600 wrote to memory of 2468	2600	Unicorn-2146.exe	36
PID 2484 wrote to memory of 2212	2484	Unicorn-22012.exe	37
PID 2484 wrote to memory of 2212	2484	Unicorn-22012.exe	37
PID 2484 wrote to memory of 2212	2484	Unicorn-22012.exe	37
PID 2484 wrote to memory of 2212	2484	Unicorn-22012.exe	37
PID 2744 wrote to memory of 1352	2744	Unicorn-34710.exe	38
PID 2744 wrote to memory of 1352	2744	Unicorn-34710.exe	38
PID 2744 wrote to memory of 1352	2744	Unicorn-34710.exe	38
PID 2744 wrote to memory of 1352	2744	Unicorn-34710.exe	38
PID 2876 wrote to memory of 1916	2876	Unicorn-56111.exe	39
PID 2876 wrote to memory of 1916	2876	Unicorn-56111.exe	39
PID 2876 wrote to memory of 1916	2876	Unicorn-56111.exe	39
PID 2876 wrote to memory of 1916	2876	Unicorn-56111.exe	39
PID 2752 wrote to memory of 1016	2752	Unicorn-34264.exe	40
PID 2752 wrote to memory of 1016	2752	Unicorn-34264.exe	40
PID 2752 wrote to memory of 1016	2752	Unicorn-34264.exe	40
PID 2752 wrote to memory of 1016	2752	Unicorn-34264.exe	40
PID 2988 wrote to memory of 2252	2988	Unicorn-28077.exe	42
PID 2988 wrote to memory of 2252	2988	Unicorn-28077.exe	42
PID 2988 wrote to memory of 2252	2988	Unicorn-28077.exe	42
PID 2988 wrote to memory of 2252	2988	Unicorn-28077.exe	42
PID 2468 wrote to memory of 2272	2468	Unicorn-23439.exe	41
PID 2468 wrote to memory of 2272	2468	Unicorn-23439.exe	41
PID 2468 wrote to memory of 2272	2468	Unicorn-23439.exe	41
PID 2468 wrote to memory of 2272	2468	Unicorn-23439.exe	41
PID 2600 wrote to memory of 320	2600	Unicorn-2146.exe	43
PID 2600 wrote to memory of 320	2600	Unicorn-2146.exe	43
PID 2600 wrote to memory of 320	2600	Unicorn-2146.exe	43
PID 2600 wrote to memory of 320	2600	Unicorn-2146.exe	43

C:\Users\Admin\AppData\Local\Temp\8fc55bbbfed5c9b5432b23ef27290b6c.exe
"C:\Users\Admin\AppData\Local\Temp\8fc55bbbfed5c9b5432b23ef27290b6c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
        11⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
        10⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47305.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54115.exe
        10⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15751.exe
        11⤵
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        8⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6962.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24690.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        10⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        10⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        7⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35743.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        10⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        9⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45281.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        9⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21980.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-308.exe
        8⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-356.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27288.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1261.exe
        9⤵
        
        PID:3864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10854.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65530.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39502.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2003.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37496.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        8⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48358.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4077.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        7⤵
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56163.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32282.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17695.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
        8⤵
        
        PID:3672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41196.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11809.exe
        7⤵
        
        PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
        7⤵
        Executes dropped EXE
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8908.exe
        6⤵
        Executes dropped EXE
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        7⤵
        
        PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3433.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        8⤵
        
        PID:3740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        6⤵
        
        PID:2408
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        10⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18119.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53641.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
        9⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
        10⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        11⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39229.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54321.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        10⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        11⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33561.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
        7⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42199.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43368.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38361.exe
        10⤵
        
        PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14367.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63179.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13480.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        7⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29136.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        7⤵
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17897.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38260.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18394.exe
        7⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9182.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2553.exe
        8⤵
        
        PID:1672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50320.exe
        7⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30454.exe
        6⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32377.exe
        7⤵
        
        PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12245.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
        7⤵
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
        6⤵
        
        PID:900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7725.exe
        6⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
        7⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        8⤵
        
        PID:3312

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe

Filesize
184KB

MD5
47a09b35617fd1fd107e0fc434185b06

SHA1
6997c2b29c6ade8b94bbdb9f77d86f7acfa3817a

SHA256
3cc349a6a6110469739979e11056637635367617ad8157c69083b6436dcc7d8c

SHA512
55c15c2fdece7fa40cd28727ffe8f8e2410d29d5f6c57f1449d6d53945bb431c52de436b7f68c5c1a3a91fcead318c4f71e4c3b5de77f45a3b26f1f4a4327e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-133.exe

Filesize
184KB

MD5
ac9b4e860fbc7561ca8a205fcdb3c0b3

SHA1
97dba59ee19611ae9590e79b2ba22533b19c22d9

SHA256
d72fe4fb17c3dab0611f695df8cb494371c60b7847eb97028a7b9f9aec844fa5

SHA512
ecab914618f681f4243e4a514e8a13b8fc310147abc86c845b7822c673dcd205da092ae5b0a6f3cdbb51884dfebf0e4c1ef9e7db5a96918bd89e4aabbea5756e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe

Filesize
184KB

MD5
ad1042cfc5bbe6aa9740c8adde5b1a9a

SHA1
a00144f3dffee9a9f36c5b8d00ccabf03639c1e6

SHA256
025e11d38a8960959ad68a15a3ee55b6b59aee02fa87d5f9b158456e2c12ba5f

SHA512
ca4148daeeab34443d9bc3d3da80baccee260573ea975a865e1cd725369feb2e1cdedc35709f44075c63e1d2a1f568c9c7dcf5fd6dcc3184db22a38a67f1e5d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe

Filesize
184KB

MD5
4969cacfbce68be7eacf496c338d8710

SHA1
a517ca3bef99e700618d34bf2e34d4aec0b26616

SHA256
4504f68e3ab893756cddd246f48d5648d801257efb8bcd2f4bca4f269b9675c5

SHA512
36e6331b1264db238470c808198094dae2a4c0605d09c4c3485c5e15533e8f955fd1d2565dd70142c1f654e9ac62a2bc2c018ec78023033a5780a4850fcfed61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe

Filesize
184KB

MD5
ef0bbce0f98a39c9c87ef78d99fa2cd8

SHA1
04f3e9ca58467dd57b373881900f396c8726a17c

SHA256
e0451daa66338cd228b86ad4a3e20238db6e1acd10d45a529c60d16cdb623b51

SHA512
af0cca21be0031a2822b02b9e17b47bc94848e856cf2015bbbf13ebcdca7baebc99c2407236cdd0aa29ac630c40ca2b8aa26e6da260c82b6e992ac2e55c1462c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14844.exe

Filesize
184KB

MD5
69a77e38b7f8f571f19ae89bb6a872c6

SHA1
81dbd858c4e17bd4cb74e875319f5760e1c02c0e

SHA256
acab1095d5e73fc2df9ecb4d120539992861e6ee5e53ca385efaa36bf6fba9ef

SHA512
8ffa2b8b256773916ec82ed0e3352201b4e17454f3e2d705535708e85f4fdc2798549099003dcbd16a0b1f23972aada9d6c68d15febc7f34363b40c497a929c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15270.exe

Filesize
184KB

MD5
94e65e66c3bf5c8c683a6ace7e5c1b32

SHA1
90ef42ab0571efdd3ee3c02a3a057ebb88d0e691

SHA256
5df6b0a647d7fe8efc69d95f3304cb264f8f954fb379106241c0a204172d112f

SHA512
a17989174c2f91818f82de9e43aa97c7f459a1bb5dc1ed6caa1d48e3bc70d6b6c226fe02b93c8b8d0e1e416acd16bd908902e90717e5b374f8228746aac12f7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20554.exe

Filesize
184KB

MD5
6c835c04db0d79353dbbf41625ff66d6

SHA1
1876ca37361d68a8d86a50f3157d9bbd516b323d

SHA256
cafe0eda7329127adb5ac1849a9a832775db3e6548089b13141bed8b71006683

SHA512
556919dcc6ffbad1b5403808cd28375c0de7b68cf2f760f2d4c6c72d485461b522e587fb27c7d1775b1d8e503c864104f24e7755fed8faef086dc83884d0548a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe

Filesize
184KB

MD5
1127d7c05d6a1f34908c05071ea3fab4

SHA1
15e55cb27c10e49495fe8d780b94b63a396822b6

SHA256
3a854d992f1836be012b775ad2c2920c239af533af924ce21b177877bae2bc29

SHA512
6aa5b40bc65a5efa69bc65540793d4a2175e172457889b0f29fd30224e240636d4b971650f7989d2c4f750ee827dd857b806a10a5bd8409f91651e75efd1aa49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23439.exe

Filesize
184KB

MD5
a3538a70892c351b9dfaf07acd7e74ff

SHA1
36e7edb2fde11ce80537d27555081bcc1005793f

SHA256
a7b168e97d9b821f43fc2d881fffdb9f6d34e5ceac7554ff24278dc2bf880adc

SHA512
953813cd35dd45f03b268d8f29ef471150aea6ffbbd3e68d5e6bc46b95f2ffdce9a5810ab46b7b097ad2cae892dd1e4804f8c94e3661d6469f52a9a618ca2cf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe

Filesize
184KB

MD5
a385829f61ad1c745fdf1a29e84e347a

SHA1
d5f0091e275b3ba1db047923690b84ee84400a05

SHA256
d010fac1875c5ddecf903ee543a04e24c70a01df1a7736cb56d613768329bb47

SHA512
c35269da866d06f2559c86a1a573aba9751e775fe7af50124fbdc1c3164fdbda463b2e7be70bdeca24f6064d5ee7d659c9b5efa1c1941e046b873b2c383abb9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe

Filesize
184KB

MD5
c9a1b3e274bab434da3926a66e7b8737

SHA1
ee8df8d6eaa0a89ac0ede4e31a18d85de09a4ea8

SHA256
6639ee3366f0a9f04e264a94b21142a5dc583b14bce660089b9c327230cf100e

SHA512
1254ab89b3631178feaa962aa39ec962f6d493d68be0c2132a8f8b524c81d489f3235b93439cddbc4485b88a79420a6e4eddc018ca8e795c297316548ae7999b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34710.exe

Filesize
184KB

MD5
7217c79fd4ba3232beb6d962c7872aec

SHA1
e14db4ad57e6e9b4074118dbe3d7fad25e87ed0b

SHA256
823acfd98a08bda2183415c82d9c1c26da285d915600dd959f4aaecec738595a

SHA512
ccb4b439f4efcac61e1302e0d0a52069f404469a5d2c6f444d09c2f9c1355330944c444bd1a86848ca8056584f0cf89819d1697db299838f852c4d6abf34a060

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41166.exe

Filesize
184KB

MD5
9bdcaa9d5e7c9c1b467fbeadbf3294fe

SHA1
d04887db06f838f3e5563603afba5ee453fa9710

SHA256
e1ad105d9806f8094fb03d7082909d482158d22c383d81db5583476435939994

SHA512
c0ad0e2cdb8c7687c5b57b384d685a49720b8d0db3c8d8457b48d2ed044d1d6c635e94acc1ae141b16df85ef04cbb220565f487a27d4dc728fbfdac638017ebc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe

Filesize
184KB

MD5
6ae9379ac44c9a81b328f5585da1ca46

SHA1
389d996915f5a494ed08df099c4777ef227cbe96

SHA256
5824b043fb083d1d9fa0d7cdcfd6fcc5ac1f4f0d2cc0b6f95bcbdfaf0c2a0220

SHA512
3793939b50f1dab25f79ed8af235aba204905a419b309841cd44ac4fcc0ef3661d3d20dbf41c39011f5bbea684e9b88e58177c89aeb985c78429a467ceea5ce1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58057.exe

Filesize
184KB

MD5
60d9b2f545eed055ce24bdd361b03c6d

SHA1
0514cd519b3bd1b68ea0e8eb22d6c0c7c4e7ffae

SHA256
0704447fbb5980b301cbdc5cc8bbd54cf969d9fd6e909cba1bf8c082ab1bf231

SHA512
82aa6bfd533e1eea447521bc0c5d1076299af8a86d19c1698349278cba4ccf81b480a737dd8403af16a729c72d016b05d00e9033d5488654f8add13285b21ca6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe

Filesize
184KB

MD5
2f208248c627548d076fdf3fd93adeb6

SHA1
bafb92be55b2c7fb1f66da405d132c111a98c7e3

SHA256
6219baf2e9141d112774ed8970e64c6faf82a01a89f66c8dd71f1172090c6ec7

SHA512
ccaafd65db37ee0c6a74d7f79854be5846a13e3ee4d43e461fcd5469f6cf3d72668e89db54e2c92ea6ec6a848c7db5f1d7a8e57d5bfe92263f8c6588758f63ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65026.exe

Filesize
184KB

MD5
3c91b110d2b9c906397d8caa66cd3447

SHA1
b9fabeddd66050f1df39863af1adeac5a804cd43

SHA256
c73f49c27861ccd7fee206a6b90b96b32258a578de72f675221d9a272d21c4d3

SHA512
a0efb0cf19ca74bed5c91c86cd5c921ccd4386b325aa880449dc1eaba95f2b6e5a6dc6303472ef5c64b61426e9e12995e92843a4251108ad25f5cb7bca49b89e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe

Filesize
184KB

MD5
2a74888f661beb5aa159c15e63f05089

SHA1
d5ba7c95eef12e4f54081f70aa8b8fa0fa1a3c9b

SHA256
6b4839319f3be92f914f147d956d49ce32337dbfa0a0d762d544669427b73bdc

SHA512
196fc6566815e8a9ebd22630a0777b0423d9313f16280aba9f71582af2a05fe53203bcf31322cd9085f3c00a2064ee28f4a4c418fdb5b79fb6bfa3cb6a8f7f6d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads