75a6dfc6a3845d8c4b95f7bdc3b513c8637690210b492563a9966285cd51fbc7

Analysis

max time kernel
74s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 13:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40fc0b848538bf334a82993853997920.exe
Size

184KB
MD5

40fc0b848538bf334a82993853997920
SHA1

e129141dabecc13b156477aa8dd59a3ac1dd4e3a
SHA256

75a6dfc6a3845d8c4b95f7bdc3b513c8637690210b492563a9966285cd51fbc7
SHA512

c6dc0f9334bffda24bcf3c0eea80be68ac249599a6d53861f75bef9396d23c5e7b2b717313c222c1a288ceda9a17e6ce603c8d07920e56986e35f1a4adb0cb69
SSDEEP

3072:SRfeoz/POYA01OjqdqCTI8FsKGj62DfI1Dyx8qPqINlPvpFe:SRmoa501ld1TI8eQzUNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1408	Unicorn-45062.exe
2808	Unicorn-64579.exe
2708	Unicorn-32461.exe
2932	Unicorn-10355.exe
2724	Unicorn-39690.exe
2588	Unicorn-55472.exe
2024	Unicorn-43194.exe
2736	Unicorn-14605.exe
2400	Unicorn-39856.exe
2004	Unicorn-59722.exe
1860	Unicorn-28756.exe
600	Unicorn-17979.exe
1152	Unicorn-60910.exe
952	Unicorn-35467.exe
1660	Unicorn-60718.exe
1504	Unicorn-19493.exe
2312	Unicorn-23023.exe
1524	Unicorn-6878.exe
844	Unicorn-39359.exe
2460	Unicorn-22564.exe
2452	Unicorn-47815.exe
1548	Unicorn-63404.exe
1312	Unicorn-32569.exe
1424	Unicorn-53736.exe
1896	Unicorn-56881.exe
704	Unicorn-57628.exe
2240	Unicorn-7872.exe
2196	Unicorn-40907.exe
1668	Unicorn-36269.exe
296	Unicorn-15849.exe
2716	Unicorn-55978.exe
2700	Unicorn-15884.exe
2620	Unicorn-63570.exe
2688	Unicorn-16211.exe
3064	Unicorn-56170.exe
2904	Unicorn-14924.exe
2956	Unicorn-44089.exe
1664	Unicorn-14582.exe
2432	Unicorn-63378.exe
2612	Unicorn-63783.exe
2232	Unicorn-64146.exe
2164	Unicorn-2330.exe
2900	Unicorn-13684.exe
2760	Unicorn-59870.exe
2496	Unicorn-38551.exe
2148	Unicorn-35557.exe
2544	Unicorn-36304.exe
560	Unicorn-28707.exe
564	Unicorn-41343.exe
792	Unicorn-17930.exe
2484	Unicorn-11645.exe
2392	Unicorn-10493.exe
1952	Unicorn-36150.exe
2872	Unicorn-18470.exe
1864	Unicorn-15537.exe
2396	Unicorn-48895.exe
852	Unicorn-18335.exe
2124	Unicorn-35164.exe
2204	Unicorn-38563.exe
2568	Unicorn-50815.exe
2664	Unicorn-20726.exe
2832	Unicorn-40042.exe
1756	Unicorn-16223.exe
1988	Unicorn-37027.exe

Loads dropped DLL 64 IoCs

pid	Process
2480	40fc0b848538bf334a82993853997920.exe
2480	40fc0b848538bf334a82993853997920.exe
1408	Unicorn-45062.exe
1408	Unicorn-45062.exe
2480	40fc0b848538bf334a82993853997920.exe
2480	40fc0b848538bf334a82993853997920.exe
2808	Unicorn-64579.exe
2808	Unicorn-64579.exe
1408	Unicorn-45062.exe
1408	Unicorn-45062.exe
2708	Unicorn-32461.exe
2708	Unicorn-32461.exe
2724	Unicorn-39690.exe
2724	Unicorn-39690.exe
2932	Unicorn-10355.exe
2932	Unicorn-10355.exe
2808	Unicorn-64579.exe
2808	Unicorn-64579.exe
2708	Unicorn-32461.exe
2708	Unicorn-32461.exe
2588	Unicorn-55472.exe
2588	Unicorn-55472.exe
2024	Unicorn-43194.exe
2024	Unicorn-43194.exe
2724	Unicorn-39690.exe
2724	Unicorn-39690.exe
2004	Unicorn-59722.exe
2004	Unicorn-59722.exe
2588	Unicorn-55472.exe
2588	Unicorn-55472.exe
2736	Unicorn-14605.exe
2932	Unicorn-10355.exe
2400	Unicorn-39856.exe
2736	Unicorn-14605.exe
2932	Unicorn-10355.exe
2400	Unicorn-39856.exe
1860	Unicorn-28756.exe
1860	Unicorn-28756.exe
600	Unicorn-17979.exe
600	Unicorn-17979.exe
2024	Unicorn-43194.exe
2024	Unicorn-43194.exe
1152	Unicorn-60910.exe
1152	Unicorn-60910.exe
1524	Unicorn-6878.exe
1524	Unicorn-6878.exe
2736	Unicorn-14605.exe
952	Unicorn-35467.exe
2736	Unicorn-14605.exe
952	Unicorn-35467.exe
1860	Unicorn-28756.exe
1860	Unicorn-28756.exe
1660	Unicorn-60718.exe
1660	Unicorn-60718.exe
2004	Unicorn-59722.exe
2004	Unicorn-59722.exe
1504	Unicorn-19493.exe
1504	Unicorn-19493.exe
844	Unicorn-39359.exe
844	Unicorn-39359.exe
2400	Unicorn-39856.exe
1524	Unicorn-6878.exe
2400	Unicorn-39856.exe
1896	Unicorn-56881.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1572	564	WerFault.exe	77
2640	440	WerFault.exe	113

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2480	40fc0b848538bf334a82993853997920.exe
1408	Unicorn-45062.exe
2808	Unicorn-64579.exe
2708	Unicorn-32461.exe
2724	Unicorn-39690.exe
2588	Unicorn-55472.exe
2932	Unicorn-10355.exe
2024	Unicorn-43194.exe
2736	Unicorn-14605.exe
2004	Unicorn-59722.exe
2400	Unicorn-39856.exe
1860	Unicorn-28756.exe
600	Unicorn-17979.exe
1152	Unicorn-60910.exe
952	Unicorn-35467.exe
1524	Unicorn-6878.exe
1660	Unicorn-60718.exe
1504	Unicorn-19493.exe
2312	Unicorn-23023.exe
844	Unicorn-39359.exe
2460	Unicorn-22564.exe
2452	Unicorn-47815.exe
1548	Unicorn-63404.exe
1312	Unicorn-32569.exe
1896	Unicorn-56881.exe
1424	Unicorn-53736.exe
704	Unicorn-57628.exe
1668	Unicorn-36269.exe
2240	Unicorn-7872.exe
2196	Unicorn-40907.exe
296	Unicorn-15849.exe
2716	Unicorn-55978.exe
2496	Unicorn-38551.exe
2432	Unicorn-63378.exe
2700	Unicorn-15884.exe
2620	Unicorn-63570.exe
2904	Unicorn-14924.exe
2164	Unicorn-2330.exe
3064	Unicorn-56170.exe
2148	Unicorn-35557.exe
2612	Unicorn-63783.exe
2760	Unicorn-59870.exe
2956	Unicorn-44089.exe
2232	Unicorn-64146.exe
1664	Unicorn-14582.exe
2900	Unicorn-13684.exe
2544	Unicorn-36304.exe
564	Unicorn-41343.exe
560	Unicorn-28707.exe
792	Unicorn-17930.exe
2396	Unicorn-48895.exe
852	Unicorn-18335.exe
2484	Unicorn-11645.exe
2832	Unicorn-40042.exe
2872	Unicorn-18470.exe
2392	Unicorn-10493.exe
1864	Unicorn-15537.exe
2568	Unicorn-50815.exe
1532	Unicorn-51142.exe
2124	Unicorn-35164.exe
1952	Unicorn-36150.exe
2204	Unicorn-38563.exe
1756	Unicorn-16223.exe
2992	Unicorn-40592.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 1408	2480	40fc0b848538bf334a82993853997920.exe	28
PID 2480 wrote to memory of 1408	2480	40fc0b848538bf334a82993853997920.exe	28
PID 2480 wrote to memory of 1408	2480	40fc0b848538bf334a82993853997920.exe	28
PID 2480 wrote to memory of 1408	2480	40fc0b848538bf334a82993853997920.exe	28
PID 1408 wrote to memory of 2808	1408	Unicorn-45062.exe	29
PID 1408 wrote to memory of 2808	1408	Unicorn-45062.exe	29
PID 1408 wrote to memory of 2808	1408	Unicorn-45062.exe	29
PID 1408 wrote to memory of 2808	1408	Unicorn-45062.exe	29
PID 2480 wrote to memory of 2708	2480	40fc0b848538bf334a82993853997920.exe	30
PID 2480 wrote to memory of 2708	2480	40fc0b848538bf334a82993853997920.exe	30
PID 2480 wrote to memory of 2708	2480	40fc0b848538bf334a82993853997920.exe	30
PID 2480 wrote to memory of 2708	2480	40fc0b848538bf334a82993853997920.exe	30
PID 2808 wrote to memory of 2932	2808	Unicorn-64579.exe	31
PID 2808 wrote to memory of 2932	2808	Unicorn-64579.exe	31
PID 2808 wrote to memory of 2932	2808	Unicorn-64579.exe	31
PID 2808 wrote to memory of 2932	2808	Unicorn-64579.exe	31
PID 1408 wrote to memory of 2724	1408	Unicorn-45062.exe	33
PID 1408 wrote to memory of 2724	1408	Unicorn-45062.exe	33
PID 1408 wrote to memory of 2724	1408	Unicorn-45062.exe	33
PID 1408 wrote to memory of 2724	1408	Unicorn-45062.exe	33
PID 2708 wrote to memory of 2588	2708	Unicorn-32461.exe	32
PID 2708 wrote to memory of 2588	2708	Unicorn-32461.exe	32
PID 2708 wrote to memory of 2588	2708	Unicorn-32461.exe	32
PID 2708 wrote to memory of 2588	2708	Unicorn-32461.exe	32
PID 2724 wrote to memory of 2024	2724	Unicorn-39690.exe	34
PID 2724 wrote to memory of 2024	2724	Unicorn-39690.exe	34
PID 2724 wrote to memory of 2024	2724	Unicorn-39690.exe	34
PID 2724 wrote to memory of 2024	2724	Unicorn-39690.exe	34
PID 2932 wrote to memory of 2736	2932	Unicorn-10355.exe	35
PID 2932 wrote to memory of 2736	2932	Unicorn-10355.exe	35
PID 2932 wrote to memory of 2736	2932	Unicorn-10355.exe	35
PID 2932 wrote to memory of 2736	2932	Unicorn-10355.exe	35
PID 2808 wrote to memory of 2400	2808	Unicorn-64579.exe	36
PID 2808 wrote to memory of 2400	2808	Unicorn-64579.exe	36
PID 2808 wrote to memory of 2400	2808	Unicorn-64579.exe	36
PID 2808 wrote to memory of 2400	2808	Unicorn-64579.exe	36
PID 2708 wrote to memory of 1860	2708	Unicorn-32461.exe	37
PID 2708 wrote to memory of 1860	2708	Unicorn-32461.exe	37
PID 2708 wrote to memory of 1860	2708	Unicorn-32461.exe	37
PID 2708 wrote to memory of 1860	2708	Unicorn-32461.exe	37
PID 2588 wrote to memory of 2004	2588	Unicorn-55472.exe	38
PID 2588 wrote to memory of 2004	2588	Unicorn-55472.exe	38
PID 2588 wrote to memory of 2004	2588	Unicorn-55472.exe	38
PID 2588 wrote to memory of 2004	2588	Unicorn-55472.exe	38
PID 2024 wrote to memory of 600	2024	Unicorn-43194.exe	39
PID 2024 wrote to memory of 600	2024	Unicorn-43194.exe	39
PID 2024 wrote to memory of 600	2024	Unicorn-43194.exe	39
PID 2024 wrote to memory of 600	2024	Unicorn-43194.exe	39
PID 2724 wrote to memory of 1152	2724	Unicorn-39690.exe	40
PID 2724 wrote to memory of 1152	2724	Unicorn-39690.exe	40
PID 2724 wrote to memory of 1152	2724	Unicorn-39690.exe	40
PID 2724 wrote to memory of 1152	2724	Unicorn-39690.exe	40
PID 2004 wrote to memory of 952	2004	Unicorn-59722.exe	41
PID 2004 wrote to memory of 952	2004	Unicorn-59722.exe	41
PID 2004 wrote to memory of 952	2004	Unicorn-59722.exe	41
PID 2004 wrote to memory of 952	2004	Unicorn-59722.exe	41
PID 2588 wrote to memory of 1660	2588	Unicorn-55472.exe	42
PID 2588 wrote to memory of 1660	2588	Unicorn-55472.exe	42
PID 2588 wrote to memory of 1660	2588	Unicorn-55472.exe	42
PID 2588 wrote to memory of 1660	2588	Unicorn-55472.exe	42
PID 2736 wrote to memory of 1524	2736	Unicorn-14605.exe	44
PID 2736 wrote to memory of 1524	2736	Unicorn-14605.exe	44
PID 2736 wrote to memory of 1524	2736	Unicorn-14605.exe	44
PID 2736 wrote to memory of 1524	2736	Unicorn-14605.exe	44

C:\Users\Admin\AppData\Local\Temp\40fc0b848538bf334a82993853997920.exe
"C:\Users\Admin\AppData\Local\Temp\40fc0b848538bf334a82993853997920.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32569.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56170.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15884.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40203.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32850.exe
        11⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        12⤵
        
        PID:1096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29243.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27816.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
        11⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
        12⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4956.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2262.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50291.exe
        9⤵
        
        PID:440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 220
        10⤵
        Program crash
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2330.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        11⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61064.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        10⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
        8⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52502.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31323.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        9⤵
        
        PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2559.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21063.exe
        12⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55854.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
        10⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49373.exe
        11⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
        5⤵
        Executes dropped EXE
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33372.exe
        6⤵
        
        PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13684.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        10⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
        9⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22444.exe
        11⤵
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38551.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36150.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47934.exe
        10⤵
        
        PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31345.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15034.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61625.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        11⤵
        
        PID:600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63378.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59746.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        10⤵
        
        PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14924.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48257.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10673.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46424.exe
        11⤵
        
        PID:3004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17930.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35164.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        12⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25969.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        12⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20726.exe
        8⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60488.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
        11⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59175.exe
        10⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        10⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50815.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        9⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27303.exe
        10⤵
        
        PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40592.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50613.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57686.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3135.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
        9⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2590.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5723.exe
        11⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        8⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6674.exe
        9⤵
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7872.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 244
        7⤵
        Program crash
        
        PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
        9⤵
        
        PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        6⤵
        Executes dropped EXE
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56404.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52870.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54733.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        8⤵
        
        PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10156.exe

Filesize
184KB

MD5
dd54ab116529af2661efba004b67785d

SHA1
5887685c47ef7255e7b0088b6277f2246b2b97b0

SHA256
4d545db61eb3fa10ad479b705d3a6cc95a3822caa8b49112b7ce8414e3c7a596

SHA512
c7c915ec72557c03bf596295d385534f3367cf45f2724aaeae10fc152002449d623c4c6b7d381c7a35a67d69cbb7644c1a5b930ecda18cb8d26391d956f746da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10493.exe

Filesize
184KB

MD5
699ff1401760226f068ebbbb591843ba

SHA1
823e4f4b8f6e99ac6a2be0b3ae3974f051228d18

SHA256
cb7fb9dec67a72d0100345761a9410ae6b442e5793f4e122e6f2e8dc6709d3d4

SHA512
3b07f599cbff5e0ee7ef9a97d03a5446beb2a42b3408fc52a4279d35462d12a6ab1b4269fe81a67fc5460a25224c357fc388bcdf058594f0e3d206af5cfdb314

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40907.exe

Filesize
184KB

MD5
f9ff0d263f01b01e18859f8f9372ad96

SHA1
f643d6ad679ffe63f514b7a07c251cce765a7cd3

SHA256
724c2aa6c4eaf539847e304f5d6171b4560b52c66c77d6d828c09e8b289eade4

SHA512
d1886558d29d6fe30d5dcb936a667fb77a5168b3d3f7d55071dc638882a1bf80a3ea684fda9eecaf25b8f6ef166a033a2841ff940ae6858f732b89bf55fdcc32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6264.exe

Filesize
184KB

MD5
86f73d6ab15047c4ea8b3979afb9afd2

SHA1
a43926eaf61df981224c33863c94bfc431578add

SHA256
3f3d55c4373212922f2e30372a75f7ce36477aa40fd64f5039ef0c6a5c227486

SHA512
570d2e328f2d0708a4e2317a3f077703aedf78253b0705a98e1c4d9406ab89cc79964072ffd92ea0b04d84a898a2cf99062c1c39feff5c35a031117545c7af95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10355.exe

Filesize
184KB

MD5
b97655f9138136f0cfc5f1e7b11e5627

SHA1
25cec89e390244d597ab6544a079a2a8474e59e9

SHA256
4eeb05262625507409924a8876c60f15176d987ee7a3bf3f26474fa74b10c7f5

SHA512
c69024320da911a89c1303eff2105e4243d515e4fae30042bcdf2864fb85081308c54702d54515dec5f7217038b42354f3d3f8603bcea7a9bd6922e3db2cce4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe

Filesize
184KB

MD5
4c5987286239aedf8cba27b9901cfabc

SHA1
ac74bc80bee90f0bfefe07a1079127c313162bcc

SHA256
303785c2e8c2bd1f1c90a34db5f9f4831796b0f2b80013f51800a56d4e48c4a9

SHA512
dd9d30296c35540b052890694055399cec001450e92564aaa56894dcadbdb22187864d5e11b5d26c71029e057cb31120b3bc3bd91ed96ecda5034b07fa90c5e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe

Filesize
184KB

MD5
553105be007cfe0925b8eeba80e36c4a

SHA1
35d41f7bc8cce0f63e07c60cdaf7532e4471baff

SHA256
060268435a388f5d4a08b3aca51ddc3dd3a9950c89ae26dd6342738c3c06ded2

SHA512
03688cccf130d14f24794d5aabb1a7c21bbf79ef9fb20b16f56776d0fdb6e0196ee9909ecd014f8eea600aec81835b3e356c0ef526002cf43b671fc817379feb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe

Filesize
184KB

MD5
59b0d4815bcb818b5a39cc3a93d8b025

SHA1
0b0fc78ec41f01f7b9e7662d984ea611140b46c3

SHA256
d931b9e33caa021b03c4b5d9d83f3e8032f56ad460ab74cdd30ad3507fb429a4

SHA512
772dd8d7f0ed3be3e3f00e0e6578ca4b78c194104608e447133d147bba46e8b2a5e496707aba89e878a98b9871305af74a37dc4cc7df8f0604267bc3a5cd0b60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe

Filesize
184KB

MD5
a9db8bdab9c3f8e3df6836159c881597

SHA1
c367e5adac6567b49294c0ed9d8599dbd79c8cca

SHA256
34159da163a320606d74f7387fa9f5409bc085cc8ae7c4d9ae0e256ee94d338f

SHA512
9a1d9d6acfb6d6d05b44f776f59bdac1e1403c3f79997d321467d9e35ff2c2c09353bbe255ccdcbbd6d2fbf2df08f1e5bc0d6565d063e7ffb15ba7497369ecd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe

Filesize
184KB

MD5
b86f7f1b913666ebc689ebcd012d4934

SHA1
9b9a6367e7698764b00575aff29c349a46da6759

SHA256
91dae9ccba1fc39699e31319c1bca81c8c4123c91e738942046e969f078e19ce

SHA512
9afde731b80c6f2afba43e9061382b07e9bdac3831f334c2cf0dab953d1807cfd3dedb1d9df95a7bc49a978738455235bc70962692f44d81e533f16323d54c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe

Filesize
184KB

MD5
83276830e8f24acbfa7564753d58f3c1

SHA1
cdb824e6b5c74a438f53455e4f9850fcd2f3ba4e

SHA256
3e773eb3e10fff46802f2676e899cb38db6a3ee8b2b66b364000b3b2e5a91969

SHA512
9ce1aea09395d1b5f22c042f9307f3f47e999207b7eaaf3e49fb02fb76f238be4e73ba647509ef33b65a99cf7c28b3dfc572a1769ef11c28a06831366844e210

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe

Filesize
184KB

MD5
f431060333e1b36dcf4e99ecda88124e

SHA1
4f5c84cf1fb4ec36e0f382a65b84b0bef4e95a87

SHA256
e4d3432b4fecdb8452c72a6813632ea66b6b82c74f643af5791c997e0f8aca67

SHA512
21c2fdb31ec53b89694551777adef8517807be821722951d7fcf57721e84587dbce79edaad05fbad8a98da3274324cbb8e647f0f3dcb9521343d8f5d8f8357fd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39359.exe

Filesize
184KB

MD5
71e4443bcdf862a8aaf2bcb95fc7ce22

SHA1
ccc7ca5e380a9f54973b7de8eb410110ea2f7444

SHA256
8a1787eaacf32953f5c72ba4efe112254284c62b809d0e279089ae5832c789a7

SHA512
35ae66ec37b013d91d257607f4fb0e95047c96ca29dcd08eace19a8a838167598563ce1bce347f2e33af6659c77d2a00b838e3e733db60adc6d68d0511ad8564

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe

Filesize
184KB

MD5
5f3eb380a0ac4195a09ce7b687c1f784

SHA1
569eb000630b29acd81158295e4f553a9f09f403

SHA256
994837c994559af7aa12aa995e3575edb7c095aa09ee5b65156dd21cb454c427

SHA512
7f28ac7bdbbf85612a0d0c2d49db74a8b8a0f84668930352c6841e2ab8bcc9bccbeee387711ceef6590477af50ec96d367b7e7586665916f9063fd00f5912ff0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe

Filesize
184KB

MD5
742dd7ae84c828850cbba52ca2bc2d38

SHA1
caf9b0845b2c69588453e65b08f625c06a23fcba

SHA256
a252738919aa5a3a643375f787b80bcad66cd8fbbb9122a0bbdba3f4f93f2b1a

SHA512
39b655e48322ee5c32b0f99596e191feb58abe7c5f0aefd1fefb2d7718874377fa82b2fb1c6906f767b8e0f6a9114857cfd4f7232a68edbcd9486ea36f46bbd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe

Filesize
184KB

MD5
747c2e3e7f0a5cdb4609f524128177df

SHA1
8a70b7b84381bd1d9f4dcf15bb89cd5fe5d3fb6e

SHA256
14907689d129b7a34d1a925382f2f2d71bd6426b5436712a1f82577a65174691

SHA512
65f2e0703ca09e42bbadf8e8b23d79ee53fee132339fbe6fe4cc6ca8d2d89c1601dd18af86ed306b30230fbb3635d172e0b27e6bfd9f00c2ce9a003ef1f9e6d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45062.exe

Filesize
184KB

MD5
e4d5cd701293fbfca4b4891f694cf5f0

SHA1
6e0bebbb68c5bc7fa5bb9c209cde01917b25f63e

SHA256
fa2ea74d5ce67e22b3bcc77d744bbe55aa7539ed8043ac24a5db446bbcd10516

SHA512
a008e387e1de8e5466a91d73113f912b9fa23c869009920a9f9df2e567649bc5e8499ccbb22e52e09be8d41b65826f27b23d4e4e16d20f13c468a459c50668b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe

Filesize
184KB

MD5
809c0ed0bc7051522b30076a4b6658b1

SHA1
96cd3dfb586a9ad80dba2ab57b4c202cee8156c5

SHA256
9f97dba3b654ae4e8783f5e6ec9671e4d88280e6083d89999ff1a92d820b0a80

SHA512
e1668ffbf515bf1c4bfecd6d9b1cc4f9c8d8702db0a5d564a381678740d30faf5c57b5462e0475205a60a839756cb0296476b5c7962282ae000bc325f99e9580

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe

Filesize
184KB

MD5
2552b20df8f5827e45d00f02acea3a60

SHA1
3f1835722b8c073434dd994fc0983930877da51b

SHA256
eb09a4b2fc4461a35e19764e4fac45778d7338590e8de2e82ea70dcacb56dcc2

SHA512
7d9ab67420be70e33ce9dd789a7b9aac1dc59e2b623d49063dd7383b2b4f563bea7c83131b32e9c25b08649082871a1cc97e35124ba55d10486aa1e0a89aa582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60718.exe

Filesize
184KB

MD5
8f685b453a548f5680c5abeda05223b0

SHA1
ceb0b6667ad3d43da93768db6c48a5d24f416f25

SHA256
bbb9037cb21bf6c59ef36378c2bbe5d9de3a0e66136c75d1b96fa98f20d17ec8

SHA512
8dac8290a70d72acf770b287bbe236a04ca32020e6ef9ad8a3eaece3de43d048ef7ba6dcf3cb4431f999795cae385f3b3109def6bd45ab15f1b1a8291cbe6538

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60910.exe

Filesize
184KB

MD5
df2550bdda85a0300563415540856f8e

SHA1
9d81e18dcc6ac321b47d8930fb973485b2aee74c

SHA256
d62360b8ab57e6444ea02ef53462d74504979b190a27627251dba2b0e01eed96

SHA512
8ff2b9a5824062b3c0385bf6c1f54fa16d984b035cd3233fa74809883413cfbc74978085f0642b3922ab90ae2b2d8bc0378e1a1d4401b6a20fbdda95bfac6f70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe

Filesize
184KB

MD5
082ecc81d6d05d23f6aec7ed7b71fe5f

SHA1
49e28b2743411beafc4f3da4f445322700820fb4

SHA256
18abac3a0efe95ea65e64be3ca5cca8b8ba9e1b7a33a64411aeb6646eaa7f68b

SHA512
7bb5b941460ed0a9ff9fb6cd468e402d86d711fa2050612bcb0d8c1fe4aceff7afb747a4e5a01f16262b25a6661c5d4afa807c7b2dc8afac00ebed4818dcbd7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6878.exe

Filesize
184KB

MD5
fdc05a0c3645e8d7b74ce16d43844c77

SHA1
3bdfb635456641db4d4f241dbea3467ff62236f8

SHA256
8d25d683111ad9deccd3180986d84088d1fa7fe85ba7ed9b260b99e47b1e4bd8

SHA512
9287cd021f3f9635f7945436240a0f87d36b0484f3620ceec7702c2d262380782ed3dd32ead8d972f558aa39942ddcc885c8790031280084388de4067baec420

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads