4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a

Analysis

max time kernel
147s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-04-2024 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
Size

468KB
MD5

7906cfcd52d207015066e08f60f6e360
SHA1

21e41e0fa96ccfa5bfb8c4da63797c8139465959
SHA256

4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a
SHA512

6629f2314e296a781a95db431fd484b1d03b5bc3e5219392078d1152e028b0997f69d9f1ac9b0d571133b5edb71f7c1a9d3c3eb38bc79a65cdc90376c39a2e2b
SSDEEP

3072:1bACogIdI05UtbYhkzcjQf8/EChCPIpEnmHexVhiOaLLDTVuTNlR:1b1ow8Ut2k4jQff0mkOaPnVuT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 27 IoCs

pid	Process
1696	Unicorn-26353.exe
3000	Unicorn-26113.exe
2732	Unicorn-45979.exe
2716	Unicorn-48008.exe
2852	Unicorn-58869.exe
2728	Unicorn-37794.exe
2816	Unicorn-43924.exe
2604	Unicorn-34734.exe
1080	Unicorn-14048.exe
2808	Unicorn-14313.exe
2936	Unicorn-55901.exe
2672	Unicorn-53208.exe
2680	Unicorn-53208.exe
1680	Unicorn-23149.exe
1216	Unicorn-9414.exe
1752	Unicorn-59513.exe
1316	Unicorn-51900.exe
2092	Unicorn-8942.exe
2884	Unicorn-53867.exe
1628	Unicorn-26654.exe
1964	Unicorn-44308.exe
324	Unicorn-25279.exe
1500	Unicorn-27316.exe
588	Unicorn-2720.exe
2292	Unicorn-54422.exe
412	Unicorn-16919.exe
2848	Unicorn-16919.exe

Loads dropped DLL 54 IoCs

pid	Process
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
1696	Unicorn-26353.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
1696	Unicorn-26353.exe
3000	Unicorn-26113.exe
3000	Unicorn-26113.exe
1696	Unicorn-26353.exe
1696	Unicorn-26353.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2732	Unicorn-45979.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2732	Unicorn-45979.exe
2728	Unicorn-37794.exe
2728	Unicorn-37794.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2816	Unicorn-43924.exe
2816	Unicorn-43924.exe
2732	Unicorn-45979.exe
2716	Unicorn-48008.exe
2852	Unicorn-58869.exe
2732	Unicorn-45979.exe
2716	Unicorn-48008.exe
1696	Unicorn-26353.exe
3000	Unicorn-26113.exe
1696	Unicorn-26353.exe
2852	Unicorn-58869.exe
3000	Unicorn-26113.exe
2604	Unicorn-34734.exe
2604	Unicorn-34734.exe
2728	Unicorn-37794.exe
2728	Unicorn-37794.exe
1080	Unicorn-14048.exe
1080	Unicorn-14048.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2672	Unicorn-53208.exe
2672	Unicorn-53208.exe
2716	Unicorn-48008.exe
2716	Unicorn-48008.exe
1216	Unicorn-9414.exe
1216	Unicorn-9414.exe
3000	Unicorn-26113.exe
3000	Unicorn-26113.exe
2680	Unicorn-53208.exe
2680	Unicorn-53208.exe
2852	Unicorn-58869.exe
2852	Unicorn-58869.exe
1680	Unicorn-23149.exe
2936	Unicorn-55901.exe
2936	Unicorn-55901.exe
1680	Unicorn-23149.exe

Suspicious use of SetWindowsHookEx 22 IoCs

pid	Process
2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
1696	Unicorn-26353.exe
3000	Unicorn-26113.exe
2732	Unicorn-45979.exe
2852	Unicorn-58869.exe
2716	Unicorn-48008.exe
2728	Unicorn-37794.exe
2816	Unicorn-43924.exe
2604	Unicorn-34734.exe
1080	Unicorn-14048.exe
1680	Unicorn-23149.exe
1216	Unicorn-9414.exe
2808	Unicorn-14313.exe
2680	Unicorn-53208.exe
2672	Unicorn-53208.exe
2936	Unicorn-55901.exe
1316	Unicorn-51900.exe
2092	Unicorn-8942.exe
1628	Unicorn-26654.exe
1964	Unicorn-44308.exe
324	Unicorn-25279.exe
2884	Unicorn-53867.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 1696	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	28
PID 2972 wrote to memory of 1696	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	28
PID 2972 wrote to memory of 1696	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	28
PID 2972 wrote to memory of 1696	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	28
PID 2972 wrote to memory of 3000	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	30
PID 2972 wrote to memory of 3000	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	30
PID 2972 wrote to memory of 3000	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	30
PID 2972 wrote to memory of 3000	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	30
PID 1696 wrote to memory of 2732	1696	Unicorn-26353.exe	29
PID 1696 wrote to memory of 2732	1696	Unicorn-26353.exe	29
PID 1696 wrote to memory of 2732	1696	Unicorn-26353.exe	29
PID 1696 wrote to memory of 2732	1696	Unicorn-26353.exe	29
PID 3000 wrote to memory of 2716	3000	Unicorn-26113.exe	31
PID 3000 wrote to memory of 2716	3000	Unicorn-26113.exe	31
PID 3000 wrote to memory of 2716	3000	Unicorn-26113.exe	31
PID 3000 wrote to memory of 2716	3000	Unicorn-26113.exe	31
PID 1696 wrote to memory of 2852	1696	Unicorn-26353.exe	32
PID 1696 wrote to memory of 2852	1696	Unicorn-26353.exe	32
PID 1696 wrote to memory of 2852	1696	Unicorn-26353.exe	32
PID 1696 wrote to memory of 2852	1696	Unicorn-26353.exe	32
PID 2972 wrote to memory of 2728	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	33
PID 2972 wrote to memory of 2728	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	33
PID 2972 wrote to memory of 2728	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	33
PID 2972 wrote to memory of 2728	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	33
PID 2732 wrote to memory of 2816	2732	Unicorn-45979.exe	34
PID 2732 wrote to memory of 2816	2732	Unicorn-45979.exe	34
PID 2732 wrote to memory of 2816	2732	Unicorn-45979.exe	34
PID 2732 wrote to memory of 2816	2732	Unicorn-45979.exe	34
PID 2728 wrote to memory of 2604	2728	Unicorn-37794.exe	35
PID 2728 wrote to memory of 2604	2728	Unicorn-37794.exe	35
PID 2728 wrote to memory of 2604	2728	Unicorn-37794.exe	35
PID 2728 wrote to memory of 2604	2728	Unicorn-37794.exe	35
PID 2972 wrote to memory of 1080	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	36
PID 2972 wrote to memory of 1080	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	36
PID 2972 wrote to memory of 1080	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	36
PID 2972 wrote to memory of 1080	2972	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	36
PID 2816 wrote to memory of 2808	2816	Unicorn-43924.exe	37
PID 2816 wrote to memory of 2808	2816	Unicorn-43924.exe	37
PID 2816 wrote to memory of 2808	2816	Unicorn-43924.exe	37
PID 2816 wrote to memory of 2808	2816	Unicorn-43924.exe	37
PID 2732 wrote to memory of 2936	2732	Unicorn-45979.exe	38
PID 2732 wrote to memory of 2936	2732	Unicorn-45979.exe	38
PID 2732 wrote to memory of 2936	2732	Unicorn-45979.exe	38
PID 2732 wrote to memory of 2936	2732	Unicorn-45979.exe	38
PID 2716 wrote to memory of 2672	2716	Unicorn-48008.exe	39
PID 2716 wrote to memory of 2672	2716	Unicorn-48008.exe	39
PID 2716 wrote to memory of 2672	2716	Unicorn-48008.exe	39
PID 2716 wrote to memory of 2672	2716	Unicorn-48008.exe	39
PID 1696 wrote to memory of 1680	1696	Unicorn-26353.exe	41
PID 1696 wrote to memory of 1680	1696	Unicorn-26353.exe	41
PID 1696 wrote to memory of 1680	1696	Unicorn-26353.exe	41
PID 1696 wrote to memory of 1680	1696	Unicorn-26353.exe	41
PID 2852 wrote to memory of 2680	2852	Unicorn-58869.exe	40
PID 2852 wrote to memory of 2680	2852	Unicorn-58869.exe	40
PID 2852 wrote to memory of 2680	2852	Unicorn-58869.exe	40
PID 2852 wrote to memory of 2680	2852	Unicorn-58869.exe	40
PID 3000 wrote to memory of 1216	3000	Unicorn-26113.exe	42
PID 3000 wrote to memory of 1216	3000	Unicorn-26113.exe	42
PID 3000 wrote to memory of 1216	3000	Unicorn-26113.exe	42
PID 3000 wrote to memory of 1216	3000	Unicorn-26113.exe	42
PID 2604 wrote to memory of 1752	2604	Unicorn-34734.exe	43
PID 2604 wrote to memory of 1752	2604	Unicorn-34734.exe	43
PID 2604 wrote to memory of 1752	2604	Unicorn-34734.exe	43
PID 2604 wrote to memory of 1752	2604	Unicorn-34734.exe	43

C:\Users\Admin\AppData\Local\Temp\4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
"C:\Users\Admin\AppData\Local\Temp\4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
        6⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
        6⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47413.exe
        6⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
        6⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35339.exe
        6⤵
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56132.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39534.exe
        6⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42694.exe
        6⤵
        
        PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32426.exe
        6⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        5⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47809.exe
        6⤵
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22868.exe
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35613.exe
        6⤵
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56823.exe
        6⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        5⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5330.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
        5⤵
        
        PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
        5⤵
        
        PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
        5⤵
        
        PID:3480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        5⤵
        Executes dropped EXE
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45886.exe
        6⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        6⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61027.exe
        7⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
        6⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2668.exe
        6⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31101.exe
        6⤵
        
        PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6124.exe
        5⤵
        
        PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22742.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        5⤵
        
        PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55905.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11493.exe
        5⤵
        
        PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        5⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
        5⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31380.exe
        5⤵
        
        PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15278.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
      4⤵
      PID:1636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12974.exe
      4⤵
      PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
      4⤵
      PID:3776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2720.exe
        5⤵
        Executes dropped EXE
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28543.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59025.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
        6⤵
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21809.exe
        6⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57462.exe
        6⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21077.exe
        6⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38605.exe
        6⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
        6⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7223.exe
        5⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        6⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        5⤵
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
        5⤵
        
        PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54422.exe
      4⤵
      Executes dropped EXE
      PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34028.exe
      4⤵
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32027.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36604.exe
        5⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        5⤵
        
        PID:1896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        5⤵
        
        PID:3896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46834.exe
      4⤵
      PID:2184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
      4⤵
      PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
      4⤵
      PID:764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
      4⤵
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
      4⤵
      PID:2336
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
      4⤵
      Executes dropped EXE
      PID:412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55499.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13158.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
      4⤵
      PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18003.exe
      4⤵
      PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27707.exe
      4⤵
      PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
    3⤵
    PID:832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31430.exe
      4⤵
      PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
        5⤵
        
        PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
      4⤵
      PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58273.exe
      4⤵
      PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28077.exe
    3⤵
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48567.exe
      4⤵
      PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
      4⤵
      PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53389.exe
    3⤵
    PID:404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14339.exe
    3⤵
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
    3⤵
    PID:1356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13823.exe
    3⤵
    PID:2416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53867.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        7⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
        6⤵
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31462.exe
        6⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        6⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23477.exe
        6⤵
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        6⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        6⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
        5⤵
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4706.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8107.exe
        5⤵
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39756.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3963.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
      4⤵
      PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25279.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28268.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52727.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3242.exe
        5⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48677.exe
        5⤵
        
        PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51765.exe
      4⤵
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45075.exe
      4⤵
      PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6536.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
      4⤵
      PID:1192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36461.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15939.exe
      4⤵
      PID:2448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23201.exe
      4⤵
      PID:3692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
    3⤵
    - Executes dropped EXE
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
    3⤵
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
    3⤵
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
    3⤵
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
    3⤵
    PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
    3⤵
    PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46565.exe
    3⤵
    PID:3800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
      4⤵
      Executes dropped EXE
      PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26020.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
        5⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36433.exe
        5⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
        5⤵
        
        PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
      4⤵
      PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
      4⤵
      PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
      4⤵
      PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19780.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-555.exe
      4⤵
      PID:2008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
    3⤵
    PID:292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
      4⤵
      PID:1404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9447.exe
      4⤵
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30274.exe
      4⤵
      PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22947.exe
      4⤵
      PID:1132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17097.exe
      4⤵
      PID:1344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
      4⤵
      PID:3392
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
    3⤵
    PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9693.exe
    3⤵
    PID:952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64118.exe
    3⤵
    PID:384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
    3⤵
    PID:2460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31417.exe
    3⤵
    PID:1284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15192.exe
    3⤵
    PID:3220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
    3⤵
    PID:3492
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39123.exe
      4⤵
      PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28720.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15312.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
      4⤵
      PID:812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
      4⤵
      PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10380.exe
      4⤵
      PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
    3⤵
    PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
    3⤵
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
      4⤵
      PID:1184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
      4⤵
      PID:3196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13755.exe
      4⤵
      PID:3192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
    3⤵
    PID:1924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
    3⤵
    PID:2116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1628
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20420.exe
  2⤵
  PID:2632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
  2⤵
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31858.exe
  2⤵
  PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
    3⤵
    PID:3888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
  2⤵
  PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50531.exe
  2⤵
  PID:2404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54669.exe
  2⤵
  PID:1620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
  2⤵
  PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
  2⤵
  PID:3920

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14048.exe

Filesize
468KB

MD5
d83a35007f5419285a0607e0980a6c98

SHA1
2eb38397ae652ecd982a639c1a99921ddf9e4d99

SHA256
f63962fb4a912e1ebc86c012e8afde9a02e8e2d7f4ab85d41a39e2ced72697cb

SHA512
4f6d00a778ba99b11083703c5fc0de5dff673072e4b8039fad68c42cf7a24d38c36e153939f951ab896b502b99d91957bd3dd8b0d1545d8802b0c94cdd55f6bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe

Filesize
468KB

MD5
9e013acfad72a3f787e885eeb793d541

SHA1
b9d001b1cbeb30462e5138bee047f826bb857ffb

SHA256
a118acd96761d67aab1266b355719bfb13cb59e7a1a79d84b32caf0dc83d6249

SHA512
08006c8e6ee194cb9eb2e2b43ea8dc2e78c60ffd109bf045e0dc31d7c06a30c1045b60a02fa0976032967aff38c0ac7976b76bd5bec909e79bce83e597aedb10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23149.exe

Filesize
468KB

MD5
e4053e96cb876d251ca22b199bee06e5

SHA1
320f329666dc6fcb8c597ba771adad71eaed5fc0

SHA256
d537520100f356826ebc8efce92b126577951fc878fce2408b83f9431ab75643

SHA512
11fc4849f5fc87cfeee3b3639d20de2d07b250ca43e07e87150f9e7d8830625e63d88c0a3145a03c13a8163200c440a809424aabc4de3bd69fc4ad08c5fd312f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe

Filesize
468KB

MD5
fe3fb06ad6847bf60c00abd707827a6a

SHA1
3de20b151f963c4f89433a94b5d9d758fa126553

SHA256
fc028b9a3f3879cc9fa567ec3419586b2f88be8b503b2452500d95c85d3c61e7

SHA512
c337148571b0ea130122647f2a21be7884a8847c639829d9259703edd5366e2f02816a08263f16be8dedd074342c64e7934afe0d75acfbc545f6d067b63cb086

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe

Filesize
468KB

MD5
2bbb268a124b948956731d8175caed72

SHA1
79da50ce0926a7bb6b53b9301cd04d034d6add39

SHA256
6061653f03d9d31c39f7ed21f15814c9c872e30b5be8a11a7954750dc67cbb2b

SHA512
2d0325a2e86e4d26307cdfa294b968636845dcdab7ce5e962b4bc5d072e1516444c5ca432aec5cd15092d073d9ad6543a85d138cd41fa9094a34783b4e891ea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53208.exe

Filesize
468KB

MD5
cf6065ef7c0269c67f60a09dc0681062

SHA1
6d8a63c83299cc6a8ba0c71a8dc859c80dba7661

SHA256
9b2dc47d7e44958f4d3fb940620891c8f845e7060483d3f4a4a7ea84d8c9f075

SHA512
ae8f2a907eae076537341f08623587752d9db078c44998adb316e04b5a514f9c906ddf82225a1b86a9845b4e8acc9204066b46c5d9526f0bccd107522d5b37e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe

Filesize
468KB

MD5
99f4da1f5dc899c0efd5ec110be372e0

SHA1
af712dcf0d8c595fba22eae7f049fa7ef7fc58aa

SHA256
52d780fac827c87e398556ff4b095c3aa1dbd4555c65e0251c31eea20b2d8464

SHA512
a3d1e019446ad51976c071c155af47ae1f2f82cece8a400309a06325260b94f4c51585439045155b149c7c2d1a6edd78a55100256d0d5cb4ab70687177248aa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8942.exe

Filesize
468KB

MD5
cae1b6c0f2a1f981c81fa6774f10a21b

SHA1
66852260c207bb92c022386c71cff78f5bab2f3c

SHA256
dc8b4f677f1f30566f1df4348346a636df56a40dbc1d2110bc73ab15599b10f5

SHA512
23dd648f4317bbdc47a147ab844067649479066910c4d936fa379d95d37984f00ccf345742a6e0f4eb248f65b2726882e73a0bb45756aed15e4fa44085b8b2ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe

Filesize
468KB

MD5
a4ada3bbc0d74b8c0a892d36605f8a7a

SHA1
a467e08e8d8e0248607ab126f8708d8dbda69ff8

SHA256
53088230d1a35d27cf9b1af642737f5eac456f7e58dc44bfa6474b1f82166c1c

SHA512
e0410a3dc08e5f4f2eb4848b21d730b6e6a3144f48987ce37816044d8ed5832beae94eed10fc4a7e0a29f800374ce24b902cc4ec74a95c8f203070115b934625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26353.exe

Filesize
468KB

MD5
031500eb615c5e0c63dfdddf1d055925

SHA1
7dfd1451b7951f21bb2a73b3632cf59dba2d09b7

SHA256
1d908cd6dcc8de1e57042ca3aec0b8b243d9062eef99cb01b2ce9ba0db13c06b

SHA512
b988fe3eaf53d39f51fd09e789b0c7bdd1e5a519baf8e2c6796659f8be49d0b8dc3a68eb847c09d0f813da94929ca509b4c063056af1a550b6158d03c8efe565

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe

Filesize
468KB

MD5
556168c7e49b48d5211e803d1f692cd1

SHA1
6cc28028cf73f9e36272e7f7c692a1d14e0b32a5

SHA256
8ab6b272df0fae7c560b94b0a15212a052021ba44acd216ae1d8b591d33c779d

SHA512
f5d3e6a92c37ad4e47e28d0e2b14b74f26b4d53fe0a03ef0972e3f8c9a291fa41aa017fc5d2b751daf238171fbbe55e696e24d75ac7151f1268f1b994d6d38a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43924.exe

Filesize
468KB

MD5
2fe7cbcf963187d30e2f06f70192b3e6

SHA1
f57b42a502ef87e06cdf583ffcae498abb03f971

SHA256
5604561ad0c262f664c6c45729e4e12ac5f842ea482d2b690eac78ed8a3fa315

SHA512
e2c2645debaacb3ae6044d31144ee04412db3718c23ab45fa9cfe4fbdb8861de8f627951907eff364aceca3290cac3f7506630bf812d58b792bcb819c67701b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe

Filesize
468KB

MD5
bfe55a2e9216e5efbfe5fbc1a460188a

SHA1
18500cd1f732dd5967e86d3b0ca0f0f3e1f5a1d8

SHA256
2800fbb1811c10ee253ffc4866af4a12ec71f0e14b8ea19ec9908cba5a56b766

SHA512
692f554616b53a2bcf04c90263d69b877708fd47c477b7867773c3e91e1f5307b4a6b944319528e69632456dc62f4188df909d796e80de4984d0fb961b032186

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe

Filesize
468KB

MD5
83dd57cce59d73759106cc8f33c6fbd8

SHA1
6dc7261ec7b0563d233cb77b1583a29c52e6ea50

SHA256
7b1d431c220a401e585cb1ff700d89210c6dddfb87fa5277d8dbe28a19c9e4a5

SHA512
0eef65e139acf16f027cf973714779b82b58696ad482d4caf1a08a21e47eefa70777cc9166baa572d59008847e0458aff3c9208ee11c353df6f5a2bb6603f646

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51900.exe

Filesize
468KB

MD5
4f020c2cbf7faf667c2f39df0747a359

SHA1
bbb17e75f843b744377554d3e7c7c76f40d05c11

SHA256
7740b4aa3a54f588b3e7a0e2cc4bedecf584727eeeb640613f5112654ffbbc45

SHA512
c2642c94cfbdbf627eae817461b4bf26fca29c5de4f04b14c0874fcd52b78a0075a05d8a21d0e10f73fd756409ede0b0f6fa98b3e9ca7c491ed235fc135bf199

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe

Filesize
468KB

MD5
b3b4f337b0f6d2595d545134b0c78cd8

SHA1
930f46fa2c0188d2cfc6c51dd539ca81d3a282fd

SHA256
7cce40adfd197a3062fc3167125e15a7ac9f843fb64b06a3cfb9f5ebf9bb3498

SHA512
bea78e285ba6ba09372f904096b9d5eeb92cb61807dca741764cff87ed4e820ded18148bcbdd2bd65b0e7704e9ea1f7a39806c4c726c393b891adb4ba0c5b23e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe

Filesize
468KB

MD5
2f6a836a04bd8858934e39c30955a369

SHA1
f0ac92cefaa6ba0d0e22b5312b17eb0da42434e5

SHA256
c89eda22daf767b145a12e2c92bfc226397556f548e2a8cb54dc089cce80d6ee

SHA512
d25c4e9e3c35904d9121d0ef98b221c2a1b37e25ce2d60c74e75da81d880b156ac25990c2cf1fdb171e2cd6637d10750b222adc5843ec9e434e8b391d97d4c43

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads