6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08/03/2024, 19:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
Size

184KB
MD5

045cc9bcab24b5ef666e9be48c2dc8e5
SHA1

0736a283587913ed69cef472b0b6c0e33b01160b
SHA256

6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0
SHA512

87d92cc26da40296be648b67ab6a816d217ed67c4c55cee6f95ff17d25ef36fa1a892616e0c827a1d02c4aa65b52fe0c4bcdefea3809a8753a2d2f95b650627d
SSDEEP

3072:uEUeAkowKpqJd4OtWbC8EkSblvMq0viun:uEhosH4Op8JSblEq0viu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1696	Unicorn-23677.exe
2924	Unicorn-60516.exe
3068	Unicorn-14008.exe
2400	Unicorn-19357.exe
2692	Unicorn-56214.exe
2416	Unicorn-56769.exe
2448	Unicorn-7013.exe
2808	Unicorn-15072.exe
1164	Unicorn-52576.exe
2372	Unicorn-31409.exe
836	Unicorn-62135.exe
1788	Unicorn-35228.exe
1308	Unicorn-42269.exe
2172	Unicorn-64740.exe
1204	Unicorn-44320.exe
2004	Unicorn-36706.exe
2180	Unicorn-47642.exe
1656	Unicorn-3671.exe
2080	Unicorn-59438.exe
2136	Unicorn-7004.exe
2020	Unicorn-11472.exe
1780	Unicorn-17603.exe
2972	Unicorn-24654.exe
816	Unicorn-38390.exe
1864	Unicorn-24654.exe
1208	Unicorn-2921.exe
1236	Unicorn-20592.exe
596	Unicorn-61686.exe
1344	Unicorn-10731.exe
2952	Unicorn-19714.exe
684	Unicorn-57187.exe
1940	Unicorn-55049.exe
1568	Unicorn-12698.exe
1740	Unicorn-22624.exe
1052	Unicorn-28490.exe
2984	Unicorn-20870.exe
2488	Unicorn-39944.exe
2780	Unicorn-29008.exe
2600	Unicorn-48874.exe
2696	Unicorn-48874.exe
2608	Unicorn-42744.exe
2580	Unicorn-9569.exe
2704	Unicorn-9569.exe
2688	Unicorn-42573.exe
2424	Unicorn-64853.exe
2404	Unicorn-64853.exe
2540	Unicorn-38480.exe
2516	Unicorn-32349.exe
576	Unicorn-35740.exe
2820	Unicorn-35475.exe
1640	Unicorn-24479.exe
1060	Unicorn-33145.exe
1968	Unicorn-39231.exe
1812	Unicorn-19895.exe
852	Unicorn-11681.exe
1996	Unicorn-31547.exe
1412	Unicorn-11681.exe
2316	Unicorn-31282.exe
2184	Unicorn-21625.exe
1988	Unicorn-60472.exe
1028	Unicorn-35521.exe
1808	Unicorn-5609.exe
2492	Unicorn-2413.exe
2948	Unicorn-18749.exe

Loads dropped DLL 64 IoCs

pid	Process
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1696	Unicorn-23677.exe
1696	Unicorn-23677.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
3068	Unicorn-14008.exe
3068	Unicorn-14008.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1696	Unicorn-23677.exe
1696	Unicorn-23677.exe
2924	Unicorn-60516.exe
2924	Unicorn-60516.exe
2692	Unicorn-56214.exe
2692	Unicorn-56214.exe
3068	Unicorn-14008.exe
3068	Unicorn-14008.exe
2448	Unicorn-7013.exe
2448	Unicorn-7013.exe
2924	Unicorn-60516.exe
2400	Unicorn-19357.exe
2924	Unicorn-60516.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
2400	Unicorn-19357.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
836	Unicorn-62135.exe
836	Unicorn-62135.exe
1788	Unicorn-35228.exe
1788	Unicorn-35228.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
2400	Unicorn-19357.exe
2400	Unicorn-19357.exe
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1308	Unicorn-42269.exe
1308	Unicorn-42269.exe
2924	Unicorn-60516.exe
2924	Unicorn-60516.exe
1696	Unicorn-23677.exe
1696	Unicorn-23677.exe
2400	Unicorn-19357.exe
2400	Unicorn-19357.exe
2004	Unicorn-36706.exe
2004	Unicorn-36706.exe
3068	Unicorn-14008.exe
2448	Unicorn-7013.exe
2692	Unicorn-56214.exe
2448	Unicorn-7013.exe
3068	Unicorn-14008.exe
2692	Unicorn-56214.exe
2080	Unicorn-59438.exe
2924	Unicorn-60516.exe
2924	Unicorn-60516.exe
2080	Unicorn-59438.exe
1788	Unicorn-35228.exe
1788	Unicorn-35228.exe
2960	WerFault.exe
2960	WerFault.exe
2960	WerFault.exe
1308	Unicorn-42269.exe
1308	Unicorn-42269.exe
2960	WerFault.exe
836	Unicorn-62135.exe
836	Unicorn-62135.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2960	2172	WerFault.exe	42

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
1696	Unicorn-23677.exe
3068	Unicorn-14008.exe
2924	Unicorn-60516.exe
2400	Unicorn-19357.exe
2692	Unicorn-56214.exe
2448	Unicorn-7013.exe
1164	Unicorn-52576.exe
836	Unicorn-62135.exe
2372	Unicorn-31409.exe
1788	Unicorn-35228.exe
1308	Unicorn-42269.exe
2172	Unicorn-64740.exe
2004	Unicorn-36706.exe
2080	Unicorn-59438.exe
1204	Unicorn-44320.exe
2180	Unicorn-47642.exe
1656	Unicorn-3671.exe
1780	Unicorn-17603.exe
2136	Unicorn-7004.exe
2972	Unicorn-24654.exe
1236	Unicorn-20592.exe
596	Unicorn-61686.exe
816	Unicorn-38390.exe
2952	Unicorn-19714.exe
2984	Unicorn-20870.exe
1052	Unicorn-28490.exe
1208	Unicorn-2921.exe
1940	Unicorn-55049.exe
2600	Unicorn-48874.exe
2424	Unicorn-64853.exe
2704	Unicorn-9569.exe
1812	Unicorn-19895.exe
1060	Unicorn-33145.exe
852	Unicorn-11681.exe
2488	Unicorn-39944.exe
2688	Unicorn-42573.exe
2020	Unicorn-11472.exe
2260	Unicorn-31734.exe
2516	Unicorn-32349.exe
684	Unicorn-57187.exe
1804	Unicorn-33211.exe
1080	Unicorn-52071.exe
2044	Unicorn-25603.exe
2696	Unicorn-48874.exe
1344	Unicorn-10731.exe
1988	Unicorn-60472.exe
2780	Unicorn-29008.exe
2616	Unicorn-8848.exe
2608	Unicorn-42744.exe
1996	Unicorn-31547.exe
1244	Unicorn-15512.exe
1568	Unicorn-12698.exe
2184	Unicorn-21625.exe
2204	Unicorn-37135.exe
1028	Unicorn-35521.exe
2008	Unicorn-22803.exe
1740	Unicorn-22624.exe
2088	Unicorn-23333.exe
1640	Unicorn-24479.exe
2312	Unicorn-8744.exe
2336	Unicorn-57001.exe
2948	Unicorn-18749.exe
2304	Unicorn-34178.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 1696	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	28
PID 1908 wrote to memory of 1696	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	28
PID 1908 wrote to memory of 1696	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	28
PID 1908 wrote to memory of 1696	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	28
PID 1696 wrote to memory of 2924	1696	Unicorn-23677.exe	30
PID 1696 wrote to memory of 2924	1696	Unicorn-23677.exe	30
PID 1696 wrote to memory of 2924	1696	Unicorn-23677.exe	30
PID 1696 wrote to memory of 2924	1696	Unicorn-23677.exe	30
PID 1908 wrote to memory of 3068	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	29
PID 1908 wrote to memory of 3068	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	29
PID 1908 wrote to memory of 3068	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	29
PID 1908 wrote to memory of 3068	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	29
PID 3068 wrote to memory of 2692	3068	Unicorn-14008.exe	32
PID 3068 wrote to memory of 2692	3068	Unicorn-14008.exe	32
PID 3068 wrote to memory of 2692	3068	Unicorn-14008.exe	32
PID 3068 wrote to memory of 2692	3068	Unicorn-14008.exe	32
PID 1908 wrote to memory of 2400	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	31
PID 1908 wrote to memory of 2400	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	31
PID 1908 wrote to memory of 2400	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	31
PID 1908 wrote to memory of 2400	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	31
PID 1696 wrote to memory of 2416	1696	Unicorn-23677.exe	33
PID 1696 wrote to memory of 2416	1696	Unicorn-23677.exe	33
PID 1696 wrote to memory of 2416	1696	Unicorn-23677.exe	33
PID 1696 wrote to memory of 2416	1696	Unicorn-23677.exe	33
PID 2924 wrote to memory of 2448	2924	Unicorn-60516.exe	34
PID 2924 wrote to memory of 2448	2924	Unicorn-60516.exe	34
PID 2924 wrote to memory of 2448	2924	Unicorn-60516.exe	34
PID 2924 wrote to memory of 2448	2924	Unicorn-60516.exe	34
PID 2692 wrote to memory of 2808	2692	Unicorn-56214.exe	35
PID 2692 wrote to memory of 2808	2692	Unicorn-56214.exe	35
PID 2692 wrote to memory of 2808	2692	Unicorn-56214.exe	35
PID 2692 wrote to memory of 2808	2692	Unicorn-56214.exe	35
PID 3068 wrote to memory of 1164	3068	Unicorn-14008.exe	36
PID 3068 wrote to memory of 1164	3068	Unicorn-14008.exe	36
PID 3068 wrote to memory of 1164	3068	Unicorn-14008.exe	36
PID 3068 wrote to memory of 1164	3068	Unicorn-14008.exe	36
PID 2448 wrote to memory of 2372	2448	Unicorn-7013.exe	37
PID 2448 wrote to memory of 2372	2448	Unicorn-7013.exe	37
PID 2448 wrote to memory of 2372	2448	Unicorn-7013.exe	37
PID 2448 wrote to memory of 2372	2448	Unicorn-7013.exe	37
PID 2924 wrote to memory of 1308	2924	Unicorn-60516.exe	38
PID 2924 wrote to memory of 1308	2924	Unicorn-60516.exe	38
PID 2924 wrote to memory of 1308	2924	Unicorn-60516.exe	38
PID 2924 wrote to memory of 1308	2924	Unicorn-60516.exe	38
PID 2400 wrote to memory of 836	2400	Unicorn-19357.exe	39
PID 2400 wrote to memory of 836	2400	Unicorn-19357.exe	39
PID 2400 wrote to memory of 836	2400	Unicorn-19357.exe	39
PID 2400 wrote to memory of 836	2400	Unicorn-19357.exe	39
PID 1908 wrote to memory of 1788	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	40
PID 1908 wrote to memory of 1788	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	40
PID 1908 wrote to memory of 1788	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	40
PID 1908 wrote to memory of 1788	1908	6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe	40
PID 836 wrote to memory of 1204	836	Unicorn-62135.exe	41
PID 836 wrote to memory of 1204	836	Unicorn-62135.exe	41
PID 836 wrote to memory of 1204	836	Unicorn-62135.exe	41
PID 836 wrote to memory of 1204	836	Unicorn-62135.exe	41
PID 1788 wrote to memory of 2172	1788	Unicorn-35228.exe	42
PID 1788 wrote to memory of 2172	1788	Unicorn-35228.exe	42
PID 1788 wrote to memory of 2172	1788	Unicorn-35228.exe	42
PID 1788 wrote to memory of 2172	1788	Unicorn-35228.exe	42
PID 2400 wrote to memory of 2004	2400	Unicorn-19357.exe	44
PID 2400 wrote to memory of 2004	2400	Unicorn-19357.exe	44
PID 2400 wrote to memory of 2004	2400	Unicorn-19357.exe	44
PID 2400 wrote to memory of 2004	2400	Unicorn-19357.exe	44

C:\Users\Admin\AppData\Local\Temp\6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe
"C:\Users\Admin\AppData\Local\Temp\6458f0ba94b0ea732adae8415dedd69b65ae4a652136ce0ac77093aba2caffe0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        6⤵
        Executes dropped EXE
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1900.exe
        7⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42612.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
        6⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        6⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
        6⤵
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
        5⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        5⤵
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47760.exe
        5⤵
        
        PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57956.exe
        7⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26025.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
        7⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64074.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7323.exe
        8⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61692.exe
        7⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
        7⤵
        
        PID:3224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57373.exe
        6⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
        6⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10731.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        7⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37135.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1857.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
        6⤵
        
        PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39231.exe
        5⤵
        Executes dropped EXE
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
        5⤵
        
        PID:616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37491.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2921.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
        5⤵
        
        PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6840.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27752.exe
        5⤵
        
        PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23333.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
      4⤵
      PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5287.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
      4⤵
      PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
    3⤵
    - Executes dropped EXE
    PID:2416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7004.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11868.exe
      4⤵
      PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50871.exe
      4⤵
      PID:1388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
      4⤵
      PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
    3⤵
    - Executes dropped EXE
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
    3⤵
    - Executes dropped EXE
    PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
    3⤵
    PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12784.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
    3⤵
    PID:2524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
    3⤵
    PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-579.exe
    3⤵
    PID:3444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe
      4⤵
      Executes dropped EXE
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
      4⤵
      Executes dropped EXE
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20870.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        5⤵
        Executes dropped EXE
        
        PID:576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32205.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        5⤵
        
        PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe
        5⤵
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35475.exe
      4⤵
      Executes dropped EXE
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
        5⤵
        
        PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46034.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
      4⤵
      PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38390.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28490.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
      4⤵
      PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13800.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25931.exe
      4⤵
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33211.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49705.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51023.exe
      4⤵
      PID:2996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
      4⤵
      PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59116.exe
      4⤵
      PID:3436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63100.exe
    3⤵
    PID:956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19714.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
        5⤵
        Executes dropped EXE
        
        PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
        6⤵
        
        PID:944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22268.exe
        6⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
        5⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13136.exe
        5⤵
        
        PID:936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14069.exe
        5⤵
        
        PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
      4⤵
      PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17603.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57001.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12922.exe
        6⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
        5⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34178.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7801.exe
        5⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4814.exe
        6⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
        5⤵
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61054.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2096.exe
        5⤵
        
        PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2413.exe
      4⤵
      Executes dropped EXE
      PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53250.exe
      4⤵
      PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19195.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
      4⤵
      PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
      4⤵
      PID:3468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55049.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
      4⤵
      PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28064.exe
      4⤵
      PID:1708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
      4⤵
      PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
        5⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53898.exe
        5⤵
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
      4⤵
      PID:1296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2172
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 200
      4⤵
      Loads dropped DLL
      Program crash
      PID:2960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21625.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43471.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
      4⤵
      PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
      4⤵
      PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
      4⤵
      PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe
    3⤵
    - Executes dropped EXE
    PID:2316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22803.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
    3⤵
    PID:1648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12040.exe
      4⤵
      PID:1756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31531.exe
      4⤵
      PID:856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43142.exe
    3⤵
    PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15960.exe
    3⤵
    PID:2964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
    3⤵
    PID:424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9569.exe
    3⤵
    - Executes dropped EXE
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21557.exe
    3⤵
    PID:2456
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
  2⤵
  PID:2848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15072.exe

Filesize
184KB

MD5
3076c3c3d5f335756ca237b42aeffc3b

SHA1
e30dae59d805a3d8e240c0c6bf1517192504f8d6

SHA256
7a3faf76530fa6b9b54ff961725e8bf1323b65223f50021d2fdbccc12919b543

SHA512
0ad43fb9b503e5d8d9d00a09f66c4711f1b9f139cf017d50ba15693594925ffec187b1ad6ae15887a09bf2db7114e42eb99e79f90affc26c8502742a720f69b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31282.exe

Filesize
184KB

MD5
4ce2e724148c5b58030cfb9c3b5edc34

SHA1
5186a0a1ac0c95215841bf8f154ab0547e3442b9

SHA256
ba1d359f75f3fe7c2f6f2ec5302815b13ea8a7523a33837d8eb7808d857324a0

SHA512
2bf25e585c4c26c12cf2e28344aef25964f2782ab859f4071ecbd1d5ce6f228a2fe68eb1c69a6e1c4e4a77a2fa567c4c672513494f9de0b10492eb9fb1a80e59

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe

Filesize
184KB

MD5
41b2362bbca0ee919e293f17259a7ffa

SHA1
b9cf50fa61d4f6348e2d7caf3df190270c0b2b9d

SHA256
1e0e86de01bddea143f2754aad6c4f3f9e5db118978a61608faa8a51912c05c4

SHA512
1f1775b169964042c1526bdc605a9a3ae7ad8ff4b263448d86bfcf712d9fcd986b02fb104e05c0cf52809dee831d333f1e2c322041ffa85328c6c9ea11df5c0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53192.exe

Filesize
128KB

MD5
eb758f260e9121114891c70e640a69fc

SHA1
4561a36dee165a6e8b074150fd492ecfb6d79115

SHA256
989f44370e2e38b836df64c0996ecaddb7182e0c3f3bd977d8003a86d61e907e

SHA512
1215217214687131b628422124615ec3344eccc118890afdb02d6a9d8ab492e9e35de0cd50c977c759f8887eb49ffd325b02e74d805d3a926481e444e8e2b8ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe

Filesize
184KB

MD5
d436ffc3bc627a231601f92408395bee

SHA1
6b09459a11f09d21e8e5435af6a749dff5fd29a0

SHA256
30ac86bf1277555c3fe846f73c3533b703d540d8a0ed0c6c99300de6cb36ec36

SHA512
fd1777e2ff45a88db0be24387a90061e6acb68ade37629bae4d4af6a238eb3c0d0694073b043c62e6ad786fc59cae9c37050a67e6fd13e589c031866c30737f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe

Filesize
184KB

MD5
df96ac0858b0add4bd6f9cc3b1b915e6

SHA1
731eed1d1f784a7b7533da6cc00bcf7ed1e49c46

SHA256
65854d1e3c9beec3bb3dc83e4a44d423b0e5732a2debb316f679e892aaae9d06

SHA512
aa1d2b26f07e43636fd03941adbfe41516c3a9ca456822e05c1eef23753a94a77885ce23dc31d71fa72e6cf496029c2abe487f31fad8c8ea5881663ea67dc5e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23677.exe

Filesize
184KB

MD5
c7ac27e3fc5d05177aceaaeb65047c42

SHA1
2fad674b87fa404cd24f16f7eac2a5721a354dc8

SHA256
3a28e378d135d831229f256e960e4aa58da9a5c424c96b0293c100781968380c

SHA512
886a1ee0df5a6a7bcb976eef70b1ed3803d8787207243ee8161db9464abb620fd84d01680cf29d259f145339285c9a4c904a4a877ce5898e0c704f4b542152f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe

Filesize
184KB

MD5
46908ee76b440799a360f6145837f21d

SHA1
b7b5580fef5bc73767463c17de838d2c9a4ac1c8

SHA256
895abce7669fe01929f55e669543416fc97b97956f42c42644bd30d19db5c658

SHA512
438c466a344097fbc6a5e2166cfcd7a6ce6992c5dec4c04ebc7d30f588c756eff825dc8d8db4ec808bb1a19e6f43b22673478b3d5013e4bdc6d7cf49260c8db2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe

Filesize
184KB

MD5
cf67ac8d6127dfb5d301a3c15782e340

SHA1
301c6d2471311f0b9e60d4a98600cbddda04bdb3

SHA256
974804a6c7edbea5b3de2222a413768c2b77cbe1743b2ec528a9b618c6e770a9

SHA512
e29c3b1e879459c81d7116b40f48a096d70e834566f800adc9e9b36c9c522d276c3b97127b0dc4aef1f5caa1cab4a3548d7b349286dd3b02cebe50cb72ee9b97

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3671.exe

Filesize
184KB

MD5
2f9805e6f93db0330113ab7291cabf8a

SHA1
03634319cd6f23c9d02486a50dab2e150b2274f7

SHA256
a827029b570f437d16289915d798684e4737100ca56e81f544579882b1d0b4d9

SHA512
ffc8c070bc8e290a74b2768041722583c57cf4eec725bb1d10b775f9a9a904423f0b7132b09001d5172d5df015d1fb5063b334b9ae742ddf2d30c6a10ec75d28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe

Filesize
184KB

MD5
95df805fe44637cfc1ca81ebb047473d

SHA1
89278fa905d2ba336affa388cf88893928df589d

SHA256
dc90a71ad9bb64b9ec77483074fd973d050407921d43a224835a2144bdbf91b0

SHA512
0d6a2450609e9ce48ced6b083320a3747f599a57389e895cc7d2d9df5263911255ab2b7f3ce90e83d09b99d145627406f8e34adb5c4d04fe384caa3c7c273216

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe

Filesize
184KB

MD5
600bc5fe2c6d445eae1ec0fb32cc3256

SHA1
9e3bcec93680c37c741c9c05680d3a2eeaf87a29

SHA256
26795c8131ba1d7883df30b13798f7d9e68fae06625bf39330ec433d12c5c07f

SHA512
f2aad77b4c801620e7e1277558d4c1b985f9ff2b9db292f05ee838c26db351f199078906c3d296df98161dfa215ff2940f9c828ebf67d8725ffaf18a25f96985

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47642.exe

Filesize
184KB

MD5
bb82edbfcecb0409949c0c7142a1755d

SHA1
d1b7a64b0d63b0112f4abd0674c21fe9cabc1505

SHA256
266e71d2e2a9974d61a77e9ed93fa2dd83ac42dbad30566fa673aca36e7c3ea1

SHA512
8f75750378cfe22785cdc04b4de0c87b4d104728928a13bc303641cba09235170d584fad2b40fa32252077ecbf61863b05aa92f692b2b62396c65785b8883570

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52576.exe

Filesize
184KB

MD5
88bcf1b04e0752a5dad4f18355c5eaee

SHA1
53c83c64b661795ee5ea32832513aa0a1bd1bf03

SHA256
7a0525193ed6a2f5708100a724acc9c623e030b31cd68d09341190f84df5540c

SHA512
17d93bed9220e2fb7e0a636887a4ce5fa0c76d22f4e962c9527202d9e5faf9792a7964b7073191edbca45e014bc85a2b366dae1f9888d2d1fed471bfbf12b295

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe

Filesize
184KB

MD5
542f3c98e2ff4c9ed9dcb65bab0f2775

SHA1
47a8e06a032263f19aad79c7cb3d44b206bff5a1

SHA256
79f4611f06bc8083fea71c07348f9c81109344c33ea4bfb8d08ebee0dd48aad7

SHA512
1ac84d7e31e28bc1dc29d539f2efee5bc85c108592f881d8fa84dd30782e991a617a741c91261c181767a8a20fc43e32908af4793b64d2f20207956dde71958a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe

Filesize
184KB

MD5
08682cb461ec85582cd693d5932759a5

SHA1
7d159466f425bf748255565818e4a226b2da6fb6

SHA256
67083eb4d2058dcc91af205bd660f8b5ed30645dbc4e721eb126c900137c02a2

SHA512
8c93bec5dc09d8115deaf4238ad43a1f9a977cd2c9e3b9bb6c6f6e72b29acf1867b14e248f57fdb7ddf3ef9e75cd85043b37cd8b2baa1f83a49524b77c640082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59438.exe

Filesize
184KB

MD5
1d3b7d47643b2f14c2cba2fc5b37e838

SHA1
a0cd52f3acf85a6e62f99db4fb43e25bdf11db62

SHA256
c6bb75c8b48c96dd97a43d91e27e9ee432c204b0ea7f98daf4d02c1b307beed6

SHA512
51490206dc1c369073ee0ba3f38d7da564104d6f16264e190c56a2b9a35de919aad7d550a94ef5c6b355dea4d9f601ca52650be7aa498fdf8aa7987f85edceb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60516.exe

Filesize
184KB

MD5
0bbbcfae3cf9adc8936e30cc9a8c8f43

SHA1
58c3adcada1e297713e48efc92c7d5dc8fc50ffd

SHA256
30182cce5e3aeeb5071d8ae8f0a2851d22f1d39def5bbaabc776957b65b449f8

SHA512
a4a59a51553e3a01b882c013bdd45b8ae948377ae730bee91941f775d90ba7122cc37e905939d8d2e43b12cf585967c15c1c3667bd9493998154509ca3dab9f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62135.exe

Filesize
184KB

MD5
47ea07b0cb0f61e35c6cc3a52671a1f2

SHA1
99d3f5c146cc8ea3881177a24eec0b67e017c71d

SHA256
47143c517e8e3b732df95202fad1e6b55224b0f38b9f38ee7c5ece63c6e1094c

SHA512
1b2db7a9757d9c3140d8ed67e13bb8fdfd2d8c01041f32fb3c884634cd6c9f006cd9bce65e5e94fdac70152e9e10fb472688d9f497f61d4cc45168565d7062d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64740.exe

Filesize
184KB

MD5
85bdc8b8b30bec62afc8895fd3c5d8af

SHA1
0ad16ff58c7670a4eb32c0ea91da792df413f250

SHA256
06764cf7d424e22c0bb12c98f10687b9c1b527d7a25efaf296171d8cc1a36437

SHA512
57ca7a2868fa7dd27d7d9b484c201cacccf77ff3af3a06a742d00443bc79f43501ff0de1840213cfdfecc8d4c10bb08528d0bc45e93476705d25507eca4550a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7013.exe

Filesize
184KB

MD5
24b72091d791ed08d36c77f2a6509841

SHA1
fe552868ca9215418e2940d37c9baaa22a309acc

SHA256
482ae8fb5ca21e2928c42e46701c1e7f09b5a5bea7e3f056e71fc0f7a5237495

SHA512
75e94f3f152d632bdeef2bbbc78bb3736a419957d06c4881af7fa166d7df4d88c94a656fe06235c65a20d6f581fdf51e02d9e52d21abd40fff9a99801c49f256

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads