77fc26045436f630ab01cf3959cee69f6bae84b18dfb09a414e19c8c68c639b3

Analysis

max time kernel
100s
max time network
137s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 05:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0553f4a7f92b9c13c6f6d8df0061e5b5.exe
Size

184KB
MD5

0553f4a7f92b9c13c6f6d8df0061e5b5
SHA1

015bf4e89555d338d7589905de15adc2902904e1
SHA256

77fc26045436f630ab01cf3959cee69f6bae84b18dfb09a414e19c8c68c639b3
SHA512

6cf68114670406cd905994d7bf1e3cebab411e54f3956caae45a55575e62ebd77375a549470dc8849efc8ca65fe2d3a74f4d7adecfa07f1ebf90fd9b67738e05
SSDEEP

3072:ts1sQkon1dtRdAntWjzCMbjVlvnqnviu8:tsaopfAngCmjVlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3056	Unicorn-47376.exe
3060	Unicorn-39047.exe
2528	Unicorn-2653.exe
3032	Unicorn-56722.exe
2668	Unicorn-23858.exe
2456	Unicorn-28688.exe
2612	Unicorn-9559.exe
2972	Unicorn-10256.exe
1272	Unicorn-55928.exe
2912	Unicorn-28630.exe
1796	Unicorn-59192.exe
2708	Unicorn-34761.exe
2188	Unicorn-2088.exe
592	Unicorn-5648.exe
2312	Unicorn-25514.exe
1416	Unicorn-1948.exe
980	Unicorn-18114.exe
976	Unicorn-17595.exe
1380	Unicorn-46358.exe
2604	Unicorn-26951.exe
1976	Unicorn-21085.exe
956	Unicorn-5604.exe
1792	Unicorn-16534.exe
604	Unicorn-7603.exe
2276	Unicorn-16534.exe
2260	Unicorn-38141.exe
2748	Unicorn-41671.exe
1760	Unicorn-35147.exe
1296	Unicorn-48883.exe
1588	Unicorn-59621.exe
912	Unicorn-59621.exe
544	Unicorn-13949.exe
1644	Unicorn-30861.exe
1652	Unicorn-50727.exe
2892	Unicorn-28563.exe
1912	Unicorn-19897.exe
2140	Unicorn-22315.exe
2760	Unicorn-53699.exe
1720	Unicorn-51105.exe
1220	Unicorn-56705.exe
2844	Unicorn-11033.exe
2512	Unicorn-10841.exe
2856	Unicorn-13237.exe
2568	Unicorn-65039.exe
2548	Unicorn-19368.exe
2628	Unicorn-24477.exe
2476	Unicorn-52787.exe
2928	Unicorn-61800.exe
2812	Unicorn-48065.exe
2816	Unicorn-27264.exe
2704	Unicorn-13529.exe
2404	Unicorn-46494.exe
1780	Unicorn-64360.exe
2692	Unicorn-29958.exe
2148	Unicorn-29502.exe
2776	Unicorn-55871.exe
756	Unicorn-64536.exe
772	Unicorn-23645.exe
824	Unicorn-25915.exe
1256	Unicorn-12180.exe
1724	Unicorn-12738.exe
1140	Unicorn-32339.exe
1924	Unicorn-32339.exe
1484	Unicorn-12738.exe

Loads dropped DLL 64 IoCs

pid	Process
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
3056	Unicorn-47376.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
3056	Unicorn-47376.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
3060	Unicorn-39047.exe
3060	Unicorn-39047.exe
2528	Unicorn-2653.exe
2528	Unicorn-2653.exe
3056	Unicorn-47376.exe
3056	Unicorn-47376.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2528	Unicorn-2653.exe
2668	Unicorn-23858.exe
2528	Unicorn-2653.exe
2668	Unicorn-23858.exe
3056	Unicorn-47376.exe
3056	Unicorn-47376.exe
2456	Unicorn-28688.exe
2456	Unicorn-28688.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2612	Unicorn-9559.exe
2612	Unicorn-9559.exe
2612	Unicorn-9559.exe
2612	Unicorn-9559.exe
2708	Unicorn-34761.exe
2708	Unicorn-34761.exe
2188	Unicorn-2088.exe
2188	Unicorn-2088.exe
2912	Unicorn-28630.exe
1272	Unicorn-55928.exe
2912	Unicorn-28630.exe
1272	Unicorn-55928.exe
2456	Unicorn-28688.exe
2456	Unicorn-28688.exe
3056	Unicorn-47376.exe
3056	Unicorn-47376.exe
2528	Unicorn-2653.exe
2528	Unicorn-2653.exe
3060	Unicorn-39047.exe
3060	Unicorn-39047.exe
1796	Unicorn-59192.exe
2312	Unicorn-25514.exe
2312	Unicorn-25514.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
1796	Unicorn-59192.exe
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
2708	Unicorn-34761.exe
592	Unicorn-5648.exe
2708	Unicorn-34761.exe
592	Unicorn-5648.exe
2668	Unicorn-23858.exe
2668	Unicorn-23858.exe
2612	Unicorn-9559.exe
2612	Unicorn-9559.exe
1792	Unicorn-16534.exe
1796	Unicorn-59192.exe
2188	Unicorn-2088.exe
1796	Unicorn-59192.exe
1792	Unicorn-16534.exe
2188	Unicorn-2088.exe

Suspicious use of SetWindowsHookEx 55 IoCs

pid	Process
2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe
3056	Unicorn-47376.exe
3060	Unicorn-39047.exe
2528	Unicorn-2653.exe
3032	Unicorn-56722.exe
2668	Unicorn-23858.exe
2612	Unicorn-9559.exe
2456	Unicorn-28688.exe
1272	Unicorn-55928.exe
2708	Unicorn-34761.exe
2912	Unicorn-28630.exe
2188	Unicorn-2088.exe
1796	Unicorn-59192.exe
2312	Unicorn-25514.exe
592	Unicorn-5648.exe
1416	Unicorn-1948.exe
1792	Unicorn-16534.exe
980	Unicorn-18114.exe
1380	Unicorn-46358.exe
1976	Unicorn-21085.exe
604	Unicorn-7603.exe
2748	Unicorn-41671.exe
2892	Unicorn-28563.exe
2476	Unicorn-52787.exe
2604	Unicorn-26951.exe
2140	Unicorn-22315.exe
1724	Unicorn-12738.exe
912	Unicorn-59621.exe
2276	Unicorn-16534.exe
2260	Unicorn-38141.exe
1296	Unicorn-48883.exe
1760	Unicorn-35147.exe
1644	Unicorn-30861.exe
956	Unicorn-5604.exe
2812	Unicorn-48065.exe
1912	Unicorn-19897.exe
1720	Unicorn-51105.exe
1220	Unicorn-56705.exe
2856	Unicorn-13237.exe
2844	Unicorn-11033.exe
2760	Unicorn-53699.exe
1652	Unicorn-50727.exe
1588	Unicorn-59621.exe
544	Unicorn-13949.exe
1924	Unicorn-32339.exe
2628	Unicorn-24477.exe
2404	Unicorn-46494.exe
2512	Unicorn-10841.exe
1640	Unicorn-53957.exe
756	Unicorn-64536.exe
3036	Unicorn-52992.exe
872	Unicorn-29191.exe
1140	Unicorn-32339.exe
2548	Unicorn-19368.exe
2704	Unicorn-13529.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 3056	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	28
PID 2984 wrote to memory of 3056	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	28
PID 2984 wrote to memory of 3056	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	28
PID 2984 wrote to memory of 3056	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	28
PID 3056 wrote to memory of 3060	3056	Unicorn-47376.exe	29
PID 3056 wrote to memory of 3060	3056	Unicorn-47376.exe	29
PID 3056 wrote to memory of 3060	3056	Unicorn-47376.exe	29
PID 3056 wrote to memory of 3060	3056	Unicorn-47376.exe	29
PID 2984 wrote to memory of 2528	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	30
PID 2984 wrote to memory of 2528	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	30
PID 2984 wrote to memory of 2528	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	30
PID 2984 wrote to memory of 2528	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	30
PID 3060 wrote to memory of 3032	3060	Unicorn-39047.exe	31
PID 3060 wrote to memory of 3032	3060	Unicorn-39047.exe	31
PID 3060 wrote to memory of 3032	3060	Unicorn-39047.exe	31
PID 3060 wrote to memory of 3032	3060	Unicorn-39047.exe	31
PID 2528 wrote to memory of 2668	2528	Unicorn-2653.exe	32
PID 2528 wrote to memory of 2668	2528	Unicorn-2653.exe	32
PID 2528 wrote to memory of 2668	2528	Unicorn-2653.exe	32
PID 2528 wrote to memory of 2668	2528	Unicorn-2653.exe	32
PID 3056 wrote to memory of 2456	3056	Unicorn-47376.exe	33
PID 3056 wrote to memory of 2456	3056	Unicorn-47376.exe	33
PID 3056 wrote to memory of 2456	3056	Unicorn-47376.exe	33
PID 3056 wrote to memory of 2456	3056	Unicorn-47376.exe	33
PID 2984 wrote to memory of 2612	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	34
PID 2984 wrote to memory of 2612	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	34
PID 2984 wrote to memory of 2612	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	34
PID 2984 wrote to memory of 2612	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	34
PID 2528 wrote to memory of 1272	2528	Unicorn-2653.exe	35
PID 2528 wrote to memory of 1272	2528	Unicorn-2653.exe	35
PID 2528 wrote to memory of 1272	2528	Unicorn-2653.exe	35
PID 2528 wrote to memory of 1272	2528	Unicorn-2653.exe	35
PID 2668 wrote to memory of 2972	2668	Unicorn-23858.exe	36
PID 2668 wrote to memory of 2972	2668	Unicorn-23858.exe	36
PID 2668 wrote to memory of 2972	2668	Unicorn-23858.exe	36
PID 2668 wrote to memory of 2972	2668	Unicorn-23858.exe	36
PID 3056 wrote to memory of 2912	3056	Unicorn-47376.exe	37
PID 3056 wrote to memory of 2912	3056	Unicorn-47376.exe	37
PID 3056 wrote to memory of 2912	3056	Unicorn-47376.exe	37
PID 3056 wrote to memory of 2912	3056	Unicorn-47376.exe	37
PID 2456 wrote to memory of 2708	2456	Unicorn-28688.exe	38
PID 2456 wrote to memory of 2708	2456	Unicorn-28688.exe	38
PID 2456 wrote to memory of 2708	2456	Unicorn-28688.exe	38
PID 2456 wrote to memory of 2708	2456	Unicorn-28688.exe	38
PID 2984 wrote to memory of 1796	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	39
PID 2984 wrote to memory of 1796	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	39
PID 2984 wrote to memory of 1796	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	39
PID 2984 wrote to memory of 1796	2984	0553f4a7f92b9c13c6f6d8df0061e5b5.exe	39
PID 2612 wrote to memory of 2188	2612	Unicorn-9559.exe	40
PID 2612 wrote to memory of 2188	2612	Unicorn-9559.exe	40
PID 2612 wrote to memory of 2188	2612	Unicorn-9559.exe	40
PID 2612 wrote to memory of 2188	2612	Unicorn-9559.exe	40
PID 2612 wrote to memory of 592	2612	Unicorn-9559.exe	41
PID 2612 wrote to memory of 592	2612	Unicorn-9559.exe	41
PID 2612 wrote to memory of 592	2612	Unicorn-9559.exe	41
PID 2612 wrote to memory of 592	2612	Unicorn-9559.exe	41
PID 2708 wrote to memory of 2312	2708	Unicorn-34761.exe	42
PID 2708 wrote to memory of 2312	2708	Unicorn-34761.exe	42
PID 2708 wrote to memory of 2312	2708	Unicorn-34761.exe	42
PID 2708 wrote to memory of 2312	2708	Unicorn-34761.exe	42
PID 2188 wrote to memory of 1416	2188	Unicorn-2088.exe	43
PID 2188 wrote to memory of 1416	2188	Unicorn-2088.exe	43
PID 2188 wrote to memory of 1416	2188	Unicorn-2088.exe	43
PID 2188 wrote to memory of 1416	2188	Unicorn-2088.exe	43

C:\Users\Admin\AppData\Local\Temp\0553f4a7f92b9c13c6f6d8df0061e5b5.exe
"C:\Users\Admin\AppData\Local\Temp\0553f4a7f92b9c13c6f6d8df0061e5b5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6746.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2329.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
      4⤵
      PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
      4⤵
      PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
      4⤵
      PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25915.exe
        6⤵
        Executes dropped EXE
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58857.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44500.exe
        6⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48514.exe
        6⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
        5⤵
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        5⤵
        
        PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
        5⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
        5⤵
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46358.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        5⤵
        Executes dropped EXE
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16610.exe
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20806.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31700.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
        5⤵
        
        PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28563.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10774.exe
        5⤵
        
        PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        5⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46494.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1757.exe
      4⤵
      PID:748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
      4⤵
      PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39802.exe
      4⤵
      PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7453.exe
      4⤵
      PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        5⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
        5⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
        5⤵
        
        PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
      4⤵
      Executes dropped EXE
      PID:2148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40289.exe
      4⤵
      PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
      4⤵
      PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
      4⤵
      PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29958.exe
    3⤵
    - Executes dropped EXE
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
    3⤵
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
    3⤵
    PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23071.exe
    3⤵
    PID:2648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44002.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
    3⤵
    PID:1624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54790.exe
    3⤵
    PID:2584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe
      4⤵
      Executes dropped EXE
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35147.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46871.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
      4⤵
      PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
      4⤵
      PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
      4⤵
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      4⤵
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      4⤵
      PID:2916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
      4⤵
      Executes dropped EXE
      PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
      4⤵
      Executes dropped EXE
      PID:2816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
      4⤵
      PID:1136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34708.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16569.exe
      4⤵
      PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
      4⤵
      PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21085.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7791.exe
        5⤵
        
        PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30375.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45867.exe
        5⤵
        
        PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
      4⤵
      PID:804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
    3⤵
    - Executes dropped EXE
    PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
    3⤵
    PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
    3⤵
    PID:2788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
    3⤵
    PID:2556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
    3⤵
    PID:1544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49433.exe
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64438.exe
    3⤵
    PID:440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
      4⤵
      PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37836.exe
      4⤵
      PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41671.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64360.exe
        5⤵
        Executes dropped EXE
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        5⤵
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
        5⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16039.exe
        5⤵
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5174.exe
        5⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
        5⤵
        
        PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
      4⤵
      Executes dropped EXE
      PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
        5⤵
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11015.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
      4⤵
      PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
      4⤵
      PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38493.exe
      4⤵
      PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48883.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
      4⤵
      PID:1352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21238.exe
      4⤵
      PID:924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44453.exe
      4⤵
      PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34953.exe
      4⤵
      PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52615.exe
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21563.exe
    3⤵
    PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54902.exe
    3⤵
    PID:3024
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13949.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48065.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11004.exe
      4⤵
      PID:392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15502.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
      4⤵
      PID:1560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15317.exe
      4⤵
      PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
      4⤵
      PID:1520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59621.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61800.exe
    3⤵
    - Executes dropped EXE
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63752.exe
    3⤵
    PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
    3⤵
    PID:1856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
    3⤵
    PID:1160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7603.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
    3⤵
    - Executes dropped EXE
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52992.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
    3⤵
    PID:580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
    3⤵
    PID:2608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1720
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
  2⤵
  - Executes dropped EXE
  PID:772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18164.exe
  2⤵
  PID:1480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45200.exe
  2⤵
  PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
  2⤵
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe
  2⤵
  PID:2284
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
  2⤵
  PID:1788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23858.exe

Filesize
184KB

MD5
97d7bf10a565ac72006bccffcddbae85

SHA1
305ba483d934fe074b2e5b577bf466d7ef667145

SHA256
e32403bd64bb2f28253cb6d89ff6b36f6f401db6abb47b6d028cc8d552fe5a2e

SHA512
60525b0b5774b58340e1e8367d76744926cb28b1411bb071af81196532a3d469c871f00e49daf7e3cc37cf6d4c1e2ed4e56b2de688e4023faaa2dd1c4fdbc907

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe

Filesize
184KB

MD5
0812316f2e02b739b8024aa7c32bf8e5

SHA1
658debdf2e269c5f5962dce6dbce8b6e7147208c

SHA256
cd1690d5303697fae904f8b6130c6ac811303033e0267b18e156cd1bbd1c11bf

SHA512
df75ef55cf9fd456cf741cb139429256fae62062a5cfddbb904b431666566ef89b052567cbe9a3aa188eafa9346bdb6990ed35d47c6acef22db0a5fb9af16b38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28688.exe

Filesize
184KB

MD5
c681e6298bcdc264f82cc898212169bf

SHA1
1381d76929cb27f1fcc455c69becd5008e2541be

SHA256
1fe519b10d4df2e12cdd53adf7bd036e18a9f266de9e07034e948c79eea4f456

SHA512
ee2112f33f40bac54226c68dc85af4835cb095a71de66ab09ae04a15df094e028a725a2aa85b188e4b52ff351be7cd4d2606ccb7b25e103ec95f6cdf0fa480c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe

Filesize
184KB

MD5
ec75c1acbdf440cc5fa3b5d4bf1bada9

SHA1
d51239d1ba2aa99f769517391774da3ef11ac4bc

SHA256
49e230f93e84d8914c273993ed9c48b13732643b8298f591e9ec3737cf570b65

SHA512
7bb485300c97e41d19ace434121b3b0ac0be55978fec89d1b0d1600be19f11cb9e7725674c898ef00fc328591dfb69f68738df7f87bfad850acf8087a078a3d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe

Filesize
184KB

MD5
d43e208ce0da86325145322269d6b41b

SHA1
78e9ab255af7d683884ff4fabbc672b3d28afaa3

SHA256
c70f3edd0fe71c83ece55874afd618c9d466766057d105f11097509efcbaf484

SHA512
69076c43585e66d9a30f65c388e484c59a540bd0c6e82df208c41a7633f78b7f1e95a58dd325b0f6dae653b851d8ea786bd8246822e7543d88a345d6de9f870b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5648.exe

Filesize
184KB

MD5
c3f5278d3f8632e87d83942d7a0add76

SHA1
1fd82de788f43a9f0cd2afe5a9d34f8c16713ab7

SHA256
38ba14fff18efb3d5da6ca20d958bffb9555045a23d632f61679afac857ece63

SHA512
18506903575e1b60f8ff9e147146e7bc9134accc21e496f88218c0ef7cee821659d2e7b1221ed88304fd379f561ddde6cc214526237a51603a6abf6d68d4d92d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7898.exe

Filesize
184KB

MD5
a5610d71c1587fa1c91008287a81df91

SHA1
fe9b34c4cfe4131b2e2ffaca0343ecbc8c7bde6b

SHA256
27701537ba9ce670541e8563e5c4856a210196c073ea45ef9b80f6984f7d00e6

SHA512
9bf084ce93934d9fd58bcd4cdcbd793785ce837abebff3b06177a0604898d51327ac41fd487142628de766b2cdb23650d99071c65c5713a6ec505bda9516dc05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9559.exe

Filesize
184KB

MD5
076d362e08926b941d68f03fa98d271f

SHA1
ec213834af1387c49eada4eaf7de1baffe59a732

SHA256
0fa0466b3cd43366512e220f43f7257141e645c53d5b2790cb0855bc88c683a7

SHA512
0678ffaff7d707ec5bb533cf560c5bc4fd58b0c2ae9196a8961a053c9be35bdff912192611eb14ea5699ae0b9e1c5651fb192ffa5329992efe213373dd771834

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10256.exe

Filesize
184KB

MD5
09bcfd857f335f1d16cfc38cf8e21476

SHA1
697ab243c64a31718014c7e783b40d699849acd4

SHA256
14ab09b0acd65bdb860e18c0e7cdb71b7f3a52f0f7ae076fbd8ac033e552823b

SHA512
e1ca51674fa59230fd2c7b0053cdb0f05cdf23d109669b66e567946ffb530f5f3b56330233f2b6f40d553d2c42e0632312ad16aaca3d01bb6196af1aaa0ad4b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe

Filesize
184KB

MD5
16e52afd4f19cfeccf1bc70126ec8211

SHA1
c2da387b4e958c4eb6a8c290564b6ebf49303ee3

SHA256
267493670ae37884acafb037e77434986c1cf44ab555c956b027e5fadeab4b5d

SHA512
e75ccf307548264144fd54e50c7c117b06676da4b59c8ca5ba78c048ac00765c7a810b1c11ad39e5f38f5816c0c1a4de02e9ab786f4d4995bb7cad52c792cf4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe

Filesize
184KB

MD5
9aa1845b70417e051047d2a4618f41ad

SHA1
254ef29bd46fa3cd75bde3a8448af624953debb1

SHA256
1ba4fb907acf71dc3b0898ff296e3a4e121dbe1cca764513ed7a6f50f20150ff

SHA512
9d456ebe553a73da86655ca83673b70ad6b072ac8b175c607099b72724ba2d3eb03d2dc342d0ceb3fb52cb0b0232159237d2d2032eb05de2849aaca6158c8cd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1948.exe

Filesize
184KB

MD5
9f8d755749da9f8ed0040606523c9d2a

SHA1
b22f682c0a727609df46492c1e2597b737f0294a

SHA256
4fff5fe5362dcaf409a0799c632a83b486617410d4df0727e8783a95d81bc023

SHA512
e8d6fd0001e11d22635ea2836a68a3776484c0100554687b10596e77c33742d087b0fb756bc7ac64026788fa8fc8949781da7ef96f9af5c0f2ac563914b3c008

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe

Filesize
184KB

MD5
7dd9c3bf6c5e78f8b32e1e7aa02d4888

SHA1
ac1ac15a50a0e4b1bd07e76a8c60ef437a5d012d

SHA256
c3860cbcbd7f912982aa431cb70614608bcfee3ded49ed69b9f742ebdc3f8d21

SHA512
c16b3a6b95928aa7de1bfcf2b07c21146efe87bb8df51ce4ef08003926c5e31e14e41cf1cade288a3d428dfbec351dfb7c4c77c86a40579f4db55e106380c3ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe

Filesize
184KB

MD5
6382919438503f0cae2ef6930ab3a16e

SHA1
e7ae1cbd1e1ad156f3306abd66dbb438c77f6b4e

SHA256
1e9bc2a27d4c281a827c9a9e01aa51fbc0c12c89e3a4d91615fc70a56bf58d73

SHA512
c1bdbac5c93e2359e2f232d44326840c56c44791c37ada33fd79690f8a73a53e88d6af14bd95a39fed47acc0a21543a831158c21869b459fc275b7470e0c82ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe

Filesize
184KB

MD5
e636aa87c3f1400284f85f7466eb062e

SHA1
7f09f7b1a1abef117ab40ded18cbb91888a52a0f

SHA256
d0cf4add1f11ec33ccfe6f26e8cb2caa0ddcb8a72ee5e0e644c5aded17ff31dc

SHA512
bc309c7146e86a46845d55d5eb28bcc6febcba1bb571bde1c2e8a6ea2b244156634df420bdd1c6c1eaacf2df84054fa720210ecde88cbc876ea4022c90273726

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe

Filesize
184KB

MD5
2cbe103dab9e1f5f4c6e180762c63fb4

SHA1
427706e6a7d38f3bdb352fdc81c653f013c630d8

SHA256
b6af32e148ec1ab519ce1f9d1d6b9c0ac545058568ba8f9f9b8d86c29d9ae061

SHA512
0a00773da9811b3e676e838c2fbcc2c43903d2e04eb10d765bb7c0b76b065cdcb3be7e2cdf4a9e16ddfa0934c7fdfbd26f719240128734cfc9e747e15cfce2e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe

Filesize
184KB

MD5
19bd1ce080b75298c081f9769fe1cae9

SHA1
5faeb63cf531b0f1e2838ae38738c0c2797063ae

SHA256
9a9f2f5936ebf5d11125100a13752a8b65482679df88d7e7972a65558b8e5db9

SHA512
f18f3790c4b60c5027f4c7156f1b5a1cc4120ad5cd6c41a362a01a78f8f74e4170467037f827151ded62f2c2d7848f06ee17ecb0e811459d79373750cf76c561

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47376.exe

Filesize
184KB

MD5
9071b9e1cf0b90a228cfdd9329957f16

SHA1
bfbb9b14571951fde2c5bb0624e2298ff01b6d61

SHA256
423ffb1a34abeedd1ca42b515dc361d26040599ea621f7d9efd7eea643014274

SHA512
5a842b56851a8a6ec10ba8ae0d86d784d580ae3281af6c9b30cd501265ca79061181560b9e8551f7adf6e80d984f29140dd49bcbac68d3f234a8841b5be2932c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe

Filesize
184KB

MD5
be821a5ba29b76202d50ab1830dd0965

SHA1
f4fd14d5bffe351a86d54aaa81154698e61927b5

SHA256
63e05de3d1e10d3dbdfbf12325f70ed0853a119880b1d9737a5721e63e63dac9

SHA512
a741ac191d42e83bcc772546d7a7eee5c24f7e88a99202a06c28581c9f5c62276432fdc4dbd1e5bcc66b916ae899420626c1d2013b7a3719f622ec24e364db95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe

Filesize
184KB

MD5
a63f9cb78134d5bb827dea9bb1b2680e

SHA1
c93748590422f7c869a925c5023aab4dac76bb83

SHA256
a319f32ffc55910de8d61436488f5cbd33e3bbe7a0508f87d62f7b033c69cfaa

SHA512
953b18c0745261901643212f612cde8e501b93b718259ed981b7527a6fa6abba3cef4f57a5e553b318794ee222a5820d92a0904eacd2803ec81dca3f83c9c4f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59192.exe

Filesize
184KB

MD5
21b4081170aa6b44b568517ed3b6b7f1

SHA1
e1545fa849e81ca576b8ffdbb7fe62ec1175ac38

SHA256
6b08dd8ed68f61b12a59b1c5e8180560011e277520c9be904ab3a185c0e29d1e

SHA512
37e3f6a532c81a9d5fd9c274e39bb2904855476bc2e848efc67f74dc3b87db55fab94ac6013c7e795f806ee96f6cf19c61c7ff5c088b3e9f02eef2887697080d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads