c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33

Analysis

max time kernel
17s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/04/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
Size

184KB
MD5

b8e69b2d9183c84bd0e07d2e211546d6
SHA1

b97ddd809d0edf8bd968ba345f87dc37113837e4
SHA256

c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33
SHA512

a0f4188589547bd7fb804256a03b00f9321b1b8ffca87773885f9196e5e62865e525ee4a86986a763924b7be6b8509be0dcf02a5c2eebe96fa6d493aad2f7cae
SSDEEP

3072:KCPSq0ow7jJ2d47tMGZGbh6AlvnqlTiuuQq:KCoo8C473Gl6AlPqlTiuR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 30 IoCs

pid	Process
2596	Unicorn-22434.exe
2628	Unicorn-60752.exe
2640	Unicorn-57223.exe
2832	Unicorn-32276.exe
2472	Unicorn-59887.exe
2468	Unicorn-35156.exe
2940	Unicorn-31626.exe
656	Unicorn-7844.exe
548	Unicorn-41321.exe
2788	Unicorn-23989.exe
2816	Unicorn-57346.exe
2084	Unicorn-8337.exe
1652	Unicorn-4703.exe
1908	Unicorn-54009.exe
1268	Unicorn-4808.exe
1164	Unicorn-25721.exe
1700	Unicorn-29251.exe
1840	Unicorn-45395.exe
2268	Unicorn-36464.exe
2992	Unicorn-3231.exe
2256	Unicorn-2774.exe
844	Unicorn-19376.exe
436	Unicorn-45918.exe
2648	Unicorn-32867.exe
1748	Unicorn-2655.exe
1548	Unicorn-35136.exe
1612	Unicorn-47943.exe
1780	Unicorn-32483.exe
748	Unicorn-2271.exe
888	Unicorn-52349.exe

Loads dropped DLL 62 IoCs

pid	Process
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2596	Unicorn-22434.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2596	Unicorn-22434.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2640	Unicorn-57223.exe
2640	Unicorn-57223.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2628	Unicorn-60752.exe
2628	Unicorn-60752.exe
2596	Unicorn-22434.exe
2596	Unicorn-22434.exe
2472	Unicorn-59887.exe
2472	Unicorn-59887.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2832	Unicorn-32276.exe
2940	Unicorn-31626.exe
2940	Unicorn-31626.exe
2832	Unicorn-32276.exe
2640	Unicorn-57223.exe
2468	Unicorn-35156.exe
2628	Unicorn-60752.exe
2640	Unicorn-57223.exe
2468	Unicorn-35156.exe
2628	Unicorn-60752.exe
2596	Unicorn-22434.exe
2596	Unicorn-22434.exe
2472	Unicorn-59887.exe
656	Unicorn-7844.exe
2472	Unicorn-59887.exe
656	Unicorn-7844.exe
548	Unicorn-41321.exe
548	Unicorn-41321.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
1652	Unicorn-4703.exe
1652	Unicorn-4703.exe
2596	Unicorn-22434.exe
2596	Unicorn-22434.exe
1908	Unicorn-54009.exe
1908	Unicorn-54009.exe
2640	Unicorn-57223.exe
2640	Unicorn-57223.exe
2084	Unicorn-8337.exe
2084	Unicorn-8337.exe
2468	Unicorn-35156.exe
2468	Unicorn-35156.exe
2816	Unicorn-57346.exe
2816	Unicorn-57346.exe
2940	Unicorn-31626.exe
2788	Unicorn-23989.exe
2940	Unicorn-31626.exe
2788	Unicorn-23989.exe
2832	Unicorn-32276.exe
1268	Unicorn-4808.exe
2832	Unicorn-32276.exe
1268	Unicorn-4808.exe
2628	Unicorn-60752.exe
2628	Unicorn-60752.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1628	2244	WerFault.exe	58

Suspicious use of SetWindowsHookEx 23 IoCs

pid	Process
2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
2596	Unicorn-22434.exe
2640	Unicorn-57223.exe
2628	Unicorn-60752.exe
2472	Unicorn-59887.exe
2832	Unicorn-32276.exe
2468	Unicorn-35156.exe
2940	Unicorn-31626.exe
656	Unicorn-7844.exe
548	Unicorn-41321.exe
2816	Unicorn-57346.exe
2788	Unicorn-23989.exe
1652	Unicorn-4703.exe
1908	Unicorn-54009.exe
2084	Unicorn-8337.exe
1268	Unicorn-4808.exe
1164	Unicorn-25721.exe
1700	Unicorn-29251.exe
2268	Unicorn-36464.exe
1840	Unicorn-45395.exe
2992	Unicorn-3231.exe
844	Unicorn-19376.exe
436	Unicorn-45918.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 2596	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	28
PID 2000 wrote to memory of 2596	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	28
PID 2000 wrote to memory of 2596	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	28
PID 2000 wrote to memory of 2596	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	28
PID 2596 wrote to memory of 2628	2596	Unicorn-22434.exe	29
PID 2596 wrote to memory of 2628	2596	Unicorn-22434.exe	29
PID 2596 wrote to memory of 2628	2596	Unicorn-22434.exe	29
PID 2596 wrote to memory of 2628	2596	Unicorn-22434.exe	29
PID 2000 wrote to memory of 2640	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	30
PID 2000 wrote to memory of 2640	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	30
PID 2000 wrote to memory of 2640	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	30
PID 2000 wrote to memory of 2640	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	30
PID 2640 wrote to memory of 2832	2640	Unicorn-57223.exe	31
PID 2640 wrote to memory of 2832	2640	Unicorn-57223.exe	31
PID 2640 wrote to memory of 2832	2640	Unicorn-57223.exe	31
PID 2640 wrote to memory of 2832	2640	Unicorn-57223.exe	31
PID 2000 wrote to memory of 2472	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	32
PID 2000 wrote to memory of 2472	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	32
PID 2000 wrote to memory of 2472	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	32
PID 2000 wrote to memory of 2472	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	32
PID 2628 wrote to memory of 2468	2628	Unicorn-60752.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-60752.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-60752.exe	33
PID 2628 wrote to memory of 2468	2628	Unicorn-60752.exe	33
PID 2596 wrote to memory of 2940	2596	Unicorn-22434.exe	34
PID 2596 wrote to memory of 2940	2596	Unicorn-22434.exe	34
PID 2596 wrote to memory of 2940	2596	Unicorn-22434.exe	34
PID 2596 wrote to memory of 2940	2596	Unicorn-22434.exe	34
PID 2472 wrote to memory of 656	2472	Unicorn-59887.exe	35
PID 2472 wrote to memory of 656	2472	Unicorn-59887.exe	35
PID 2472 wrote to memory of 656	2472	Unicorn-59887.exe	35
PID 2472 wrote to memory of 656	2472	Unicorn-59887.exe	35
PID 2000 wrote to memory of 548	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	36
PID 2000 wrote to memory of 548	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	36
PID 2000 wrote to memory of 548	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	36
PID 2000 wrote to memory of 548	2000	c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe	36
PID 2940 wrote to memory of 2816	2940	Unicorn-31626.exe	38
PID 2940 wrote to memory of 2816	2940	Unicorn-31626.exe	38
PID 2940 wrote to memory of 2816	2940	Unicorn-31626.exe	38
PID 2940 wrote to memory of 2816	2940	Unicorn-31626.exe	38
PID 2832 wrote to memory of 2788	2832	Unicorn-32276.exe	37
PID 2832 wrote to memory of 2788	2832	Unicorn-32276.exe	37
PID 2832 wrote to memory of 2788	2832	Unicorn-32276.exe	37
PID 2832 wrote to memory of 2788	2832	Unicorn-32276.exe	37
PID 2640 wrote to memory of 1908	2640	Unicorn-57223.exe	39
PID 2640 wrote to memory of 1908	2640	Unicorn-57223.exe	39
PID 2640 wrote to memory of 1908	2640	Unicorn-57223.exe	39
PID 2468 wrote to memory of 2084	2468	Unicorn-35156.exe	40
PID 2640 wrote to memory of 1908	2640	Unicorn-57223.exe	39
PID 2468 wrote to memory of 2084	2468	Unicorn-35156.exe	40
PID 2468 wrote to memory of 2084	2468	Unicorn-35156.exe	40
PID 2468 wrote to memory of 2084	2468	Unicorn-35156.exe	40
PID 2628 wrote to memory of 1268	2628	Unicorn-60752.exe	41
PID 2628 wrote to memory of 1268	2628	Unicorn-60752.exe	41
PID 2628 wrote to memory of 1268	2628	Unicorn-60752.exe	41
PID 2628 wrote to memory of 1268	2628	Unicorn-60752.exe	41
PID 2596 wrote to memory of 1652	2596	Unicorn-22434.exe	42
PID 2596 wrote to memory of 1652	2596	Unicorn-22434.exe	42
PID 2596 wrote to memory of 1652	2596	Unicorn-22434.exe	42
PID 2596 wrote to memory of 1652	2596	Unicorn-22434.exe	42
PID 2472 wrote to memory of 1164	2472	Unicorn-59887.exe	44
PID 2472 wrote to memory of 1164	2472	Unicorn-59887.exe	44
PID 2472 wrote to memory of 1164	2472	Unicorn-59887.exe	44
PID 2472 wrote to memory of 1164	2472	Unicorn-59887.exe	44

C:\Users\Admin\AppData\Local\Temp\c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe
"C:\Users\Admin\AppData\Local\Temp\c40dacc81c4d43d2180b27ec5e0d9eba9bb0dcb86632ebcaa2a3463ff6cdcc33.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
        6⤵
        Executes dropped EXE
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        6⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
        6⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45944.exe
        6⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        6⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
        5⤵
        Executes dropped EXE
        
        PID:2648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        6⤵
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        6⤵
        
        PID:2116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        6⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
        6⤵
        
        PID:3400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        6⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59393.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        5⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
        5⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31851.exe
        5⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57386.exe
        5⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6062.exe
        5⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18766.exe
        5⤵
        
        PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52349.exe
        5⤵
        Executes dropped EXE
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
        5⤵
        
        PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37567.exe
        5⤵
        
        PID:876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
        5⤵
        
        PID:1372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        5⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
        5⤵
        
        PID:472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
      4⤵
      PID:2244
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
        5⤵
        Program crash
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
      4⤵
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
      4⤵
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
      4⤵
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5043.exe
      4⤵
      PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
      4⤵
      PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52051.exe
      4⤵
      PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10262.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
      4⤵
      PID:3860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        5⤵
        Executes dropped EXE
        
        PID:1548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        5⤵
        
        PID:524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        5⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27664.exe
        5⤵
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47943.exe
      4⤵
      Executes dropped EXE
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        5⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9009.exe
        5⤵
        
        PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        5⤵
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
        5⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51349.exe
        5⤵
        
        PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
        5⤵
        
        PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18846.exe
      4⤵
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45214.exe
      4⤵
      PID:1352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        5⤵
        
        PID:328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        5⤵
        
        PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        5⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
        5⤵
        
        PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14006.exe
        5⤵
        
        PID:3080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
      4⤵
      PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
      4⤵
      PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59723.exe
      4⤵
      PID:3264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
    3⤵
    - Executes dropped EXE
    PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1443.exe
      4⤵
      PID:740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3263.exe
      4⤵
      PID:564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51185.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39685.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12850.exe
      4⤵
      PID:1084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15862.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
      4⤵
      PID:3848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
    3⤵
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34192.exe
    3⤵
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
    3⤵
    PID:1184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
    3⤵
    PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
    3⤵
    PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56252.exe
    3⤵
    PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
    3⤵
    PID:692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
    3⤵
    PID:3596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32434.exe
    3⤵
    PID:908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        5⤵
        Executes dropped EXE
        
        PID:748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20483.exe
        5⤵
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
        6⤵
        
        PID:668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
        6⤵
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41644.exe
        6⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
        5⤵
        
        PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
        5⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49121.exe
        5⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        5⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51320.exe
        5⤵
        
        PID:3672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32483.exe
      4⤵
      Executes dropped EXE
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11540.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42613.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20098.exe
        5⤵
        
        PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
      4⤵
      PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19944.exe
      4⤵
      PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
      4⤵
      PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
      4⤵
      PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37013.exe
      4⤵
      PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
      4⤵
      PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        5⤵
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2037.exe
        6⤵
        
        PID:3744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33535.exe
        5⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
        5⤵
        
        PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        5⤵
        
        PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
        5⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        5⤵
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26609.exe
      4⤵
      PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
      4⤵
      PID:240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28610.exe
      4⤵
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
      4⤵
      PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
      4⤵
      PID:824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
      4⤵
      PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17697.exe
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50728.exe
    3⤵
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23129.exe
      4⤵
      PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37449.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
      4⤵
      PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21515.exe
      4⤵
      PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32397.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24366.exe
      4⤵
      PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
    3⤵
    PID:2100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20643.exe
    3⤵
    PID:3144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63634.exe
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
      4⤵
      PID:1716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
      4⤵
      PID:1828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
      4⤵
      PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23102.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      4⤵
      PID:2712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      4⤵
      PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
      4⤵
      PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29269.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
      4⤵
      PID:3364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
    3⤵
    PID:1528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
    3⤵
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55334.exe
    3⤵
    PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
    3⤵
    PID:3108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
      4⤵
      PID:572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
      4⤵
      PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
      4⤵
      PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5115.exe
      4⤵
      PID:760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36572.exe
      4⤵
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5782.exe
      4⤵
      PID:3568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38360.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
    3⤵
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5956.exe
    3⤵
    PID:2152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
    3⤵
    PID:1444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20855.exe
    3⤵
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63993.exe
    3⤵
    PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9982.exe
    3⤵
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35234.exe
    3⤵
    PID:4008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
    3⤵
    PID:2352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61242.exe
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22242.exe
    3⤵
    PID:868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46015.exe
    3⤵
    PID:1972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28881.exe
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
    3⤵
    PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52633.exe
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    3⤵
    PID:3408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
    3⤵
    PID:3964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21009.exe
  2⤵
  PID:2364
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
  2⤵
  PID:1316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48290.exe
    3⤵
    PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
    3⤵
    PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
    3⤵
    PID:3792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
  2⤵
  PID:1712
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34510.exe
  2⤵
  PID:2016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
  2⤵
  PID:2708
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10878.exe
  2⤵
  PID:2896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
  2⤵
  PID:2328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
  2⤵
  PID:3384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57369.exe
  2⤵
  PID:3076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-42680.exe

Filesize
184KB

MD5
d0f9eb7bea85e0c5f031b7222b318625

SHA1
68236652c5ac70c3ec669bbc7e0f8a940df465d5

SHA256
f439fdd17e1e91b9e1e4b090d5169276fcfa2b49ea2e132a8e6511b288c41e54

SHA512
30e3ba1a16053b865310fd38864c0828e8ee4465855f64289dc21bfa453753fd91c42cd86fb954b6d333c004e0df1b9fc13ba04fbdfe5b9dcff915b0fbf3dca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe

Filesize
184KB

MD5
f7f6c8663b9507fe79f2a37a2752a1c4

SHA1
0632174914dccddc9a6815ad99518d6da9f7109c

SHA256
8dac74e961b91c90d9db3e989f0f0f693cfc9fa2d3675a854b97e06b30389336

SHA512
22c587d738845bf1e283ddc6db22033b2a400ca6f0dffadd435ddb951ce32ffbcc0bfb2c2ddb8884affa667c9aa5dce37e8202624835aba1b1befcaf879e0f46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe

Filesize
184KB

MD5
db7af810538b9fd23114bb4b9f716db9

SHA1
8c14e43a6c034686755339e8927b1d4d87ce9c32

SHA256
866c7e2d9d6ea3646d3857b7ce9ebf851fab7e35c959551f8c6e0c5ce1f48b6e

SHA512
098ab051a7247a452caa88409bdc443fbf0398091643d8266ff31bbbc1637b4fa08be8949831138ebac6bf6a1c392856b779f1f28416cc7e755a8ae4ac263323

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57346.exe

Filesize
184KB

MD5
49d2f13ca4de56dcf92008c83746b0c7

SHA1
b25f94e0b92bc46d009c57b65d4d0bd9f861d946

SHA256
c3de6893ae1aed57f4572468b33da165b957a0ec085a9cf2f7dbb4159b9d1dd1

SHA512
900f3fb7f9d36931c71128a2b735444ece33f2586139afcf515933f57bde072aabf281d640af2da77503dd99dab7d6da5cd90668d0f674a3294c2c7dbd56b074

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59887.exe

Filesize
184KB

MD5
fb92df64aa853ff9fe6dfc506bb9f9d5

SHA1
6f7d1c667242462dd7625101e8025f18ead2f613

SHA256
7f8906ead10b1ed8ab0852eed8a87339c13ad5a5bdc45c1b519344da9d56f808

SHA512
5cc0e4eb1399e0ff5b2b31f9ab9e0c8bf61ef3710b70699b92ab8263f707a0f06c94b22dfcda2778257db762738bfa34961c8d36872de01e6b21a8ee0578b0d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe

Filesize
184KB

MD5
2afd4ee523d7f972c6633d2c2da8f325

SHA1
47e962f3bd8f1cf183e10262153f186f8d8296dc

SHA256
dfeea05eda733aecc98f1a4b64d6eaaaa8f15cf8e812ccb666a42457a0d7bf05

SHA512
f6ee75c9d1f4129cdae5112829f201df6bdcdfef9a91a1316c8d979e3727a2ab312843c5c38d93d6e724bade1f8e18fad5a1c86d5a34d34f6a61099bdf816fbf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22434.exe

Filesize
184KB

MD5
fd4e13077d464f6e71b1f4d140e7cfac

SHA1
30b3917cc499382a63e3a7473017ada8388deda2

SHA256
937bec9b0d9e6e636e6dfb17079dd046f9b5be5520d2259e119f17289c277c5d

SHA512
3ef90d2f174272307211310d7bfa0f0a9a65547e963b775eaf3b55c25299e72339669105ddf65579b37aaf00468796aa87efbb40b15b79f7c18c2d3b0fc3f3ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23989.exe

Filesize
184KB

MD5
d959932701503b508df004de6336326f

SHA1
659dfe741a5aa60d1027b15934d4c5731c8670e7

SHA256
9764ce934dd16e7b9cc47fb4543b668914fbfe969839f12d42130c25f7c88e4e

SHA512
078b47b5478033a95d62542776c3a4dd2b3e254a4fb87ac62da0dde1030d8da8a543b74b84c43de182aded4eeaf422cbed3f3feba4a7958112f1b98808a4dc59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25721.exe

Filesize
184KB

MD5
d0097021faae1aa33fae2d8ef7277b26

SHA1
48242d7f846c947c436100fe09c9a2b4b468a855

SHA256
0b596485df7f71027095ff9d3c03b03bad0325156f6415991b02285796c60d05

SHA512
647e287721ae92bb34ea7662a9c346e42c8381d6d988ddd00340ba95dcaf7a5bf56678434ead8fbcc2ed83771584df12f17b82455177b16b0b8616a387c1ff0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29251.exe

Filesize
184KB

MD5
6bee8cf552a540a6c2d28b01c50f9180

SHA1
d87d270b1be250216c71278262b1602e25ffbeb9

SHA256
06a1f99897c9943852e0310098961ee4860342030cc4b30d8a23c8a8fbb2d916

SHA512
905beedea3c961c5deea10d0613df2d9a7df01c9b29ba80acf75347412eecbc1cfe211d315357f4c2f64b12e5643b17013744d945bd78a684872b7119e1be758

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe

Filesize
184KB

MD5
1c88eae4c06b51fcf7c3ddaa34926e4f

SHA1
a1ed7606f7204a7c6883d14d5ecfd7f24b911e21

SHA256
a947b4e0bfefc6faa29a0ec1cd24b1c17913752fef4025756dcb1b91447ac0ab

SHA512
76f07cc524db5347335855c707518a57930f6e1d96954f64565bc1efeb2b8632020776fada0d69eac376166c8e964824eeab858b9fe0ff2935cdbf930c2560da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32276.exe

Filesize
184KB

MD5
ffaf2cbfb94fabde6fcaa47aeb560794

SHA1
41e601511fa7c61028ec37773fd3d9be59ccd34a

SHA256
d7937141f796bbc8e14d349ff9543abb9badacc3ae6e9431e5f12819b3cd6ba9

SHA512
971f2244c5217673dad9a07a00d105bbceff8041450bdd5bfc2e708d3eddee8293eb32424a91d3bd7082801d49b8225469b1d6629fdc852da94f5464a4d2b39c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35156.exe

Filesize
184KB

MD5
067f00e1af0d95bdccea6e3eea40039e

SHA1
d15c9117ae5539eaab3208c55674f74f8b036906

SHA256
219fa89c92da784facc3478f9556ba8c9c267fbce419c5d98471d6805596c247

SHA512
008b3685b3b43b728cffe6acc0d904d38a698c0bb60d1491141bcce9a83f48f759598b8b237ce0df3a65031deb124d56c6434d09ccc50a467de9534f2583ba7f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe

Filesize
184KB

MD5
ddf28e6bdd84e51e5f3000664f7407c5

SHA1
1cf4736a74a316ebf1479387465ffefa79c66dce

SHA256
965aabb0249175df045eb1fb0cce70d8fcc1fcbaf5d788068d7a5bfd1a190370

SHA512
728b10f82f4538ffc301630002a13dbb068ffd841127b233e94c90d9239f50fffd1a64262cd6d2b657e37b6ff68803f3f40dcd8d845e7e1507be04b8c5a154fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41321.exe

Filesize
184KB

MD5
a94f7891e419ac7b33875e102a977d0a

SHA1
dd3505f6414d95f0be977ef25905889c80e30ed2

SHA256
86829a320b2cc41c54ff7d1cedc7e4e4dc83e798b443f6d8013c168db0b4941a

SHA512
d9355bc97bdf67f34a7b7907fdaa70df6d5e4c14a2504be94a04041bef431eba8c98c46f7f50e510e575ab373233979ca26b61da2edcc86eaadabb174cd4637b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe

Filesize
184KB

MD5
798cac36d08554a3e3251ad2457c0e87

SHA1
882335c284dd220f49bee2f444e5b08d03f88b5c

SHA256
4c08df896abbf6674b5774fa9c5c8050b8112dd018de8858fad700dec92e7a24

SHA512
2243313f3d3e6a40685b476810ea0fb70902d8d4f157bd8e03b951714f63db9657ff1708b1b0c718cb454ae02f53c039360164414e72de16e698372e4c24d508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4808.exe

Filesize
184KB

MD5
52eeff06b88bf069e1697f457df31b5f

SHA1
20128636ceec63d021cd93f532e37231908f381f

SHA256
ecb25df318cccdec46ad6f17eebb78f159d33596aa50f22685b37db3d992d30e

SHA512
bd030b190c24118644b1ccbcb01c26b20507e08faa29e766038640eb8df58c3e407a9d88653e094212e22b95cf58448d9cde278648ca7f36a90908cc6071905e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe

Filesize
184KB

MD5
428f2074935d93e3c1b62b19a50efa67

SHA1
8b581bf5181407fdd6889af514aa411ed8a43edf

SHA256
46ab1ccf6bd3f086c5144f8bf8afd52d3836aa5e7716d3906e0301ee274751c9

SHA512
9fb08c5f9cedf6fce78c32c2fdaac6c55f4ecfc78105e8d1c3c6e8ecdbe0656f7d9dd026c636a937a8c0c1740e326b2208bae2e6884b2eca56be34a419e1a4da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe

Filesize
184KB

MD5
11ba933a547aeedbfa6633d42c696e0c

SHA1
d5cf2e8aa6a78d8fd2283f00c8f294eeea7e92d9

SHA256
a7410c16ae0885e6218da4cecb2298dab2a7273c9d6b147ccc45d5792495c356

SHA512
aa42504af660192c77857c0891aa204e58e4aa4d49000dc59cec1a81115ba40ae00d7b5c6f70496a225c7707e2bed542ab4c3628c2f7fd0b820cf89240b37e1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe

Filesize
184KB

MD5
36d2d7a6ac6a7aa51e3161099d036255

SHA1
357d678aaddf2c633b3f56b592c478f068fc350a

SHA256
8a512f995860d1df6d3d372ba07efaf7ae2c34f7b2f26c05536c3c4c715b7f0d

SHA512
43da528f91b42361a5414c90585a8b43bc85a1b29eba887d9934d39ec91430ff41cb9bbd06e5e432679d1a1b3f65318180fe44b29cd74ae38ef34b1d9f86c1f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8337.exe

Filesize
184KB

MD5
e922709b434b12d3089a14d0de566f1c

SHA1
f7ec068074e9c6f128f6be0420dfcb55d5c2e481

SHA256
cf136bd37284478096e1f9c930084bb59c7243c9164096b4d51bfd216a699a8f

SHA512
0e94706ddc783bf4702505f6701e1e3f757b8d8172949bf763251cf3c04ee5b99a058f79405f46feb1e9f807a93763edc5805d5cd768e7d16e27d840d132a7a7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads