40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28

Analysis

max time kernel
146s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
Size

184KB
MD5

334b49d0df7568874fd98e8f870ba1f1
SHA1

54262b370d4a0185aa6156bb599628f4fd2de4da
SHA256

40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28
SHA512

bcffaabc402082b8050d6ff00976a53f877afd274584e8be02fbf26ef474cb899cb0130ac1c7a501b6df65025798ecb7efb502a8ff443490dfbeb4dfd5cc7521
SSDEEP

3072:ZklX3aon1jrYd4DZWiBn8s/1zlvn1nxiut:ZkwoxE4Dh8O1zlP1nxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 35 IoCs

pid	Process
2004	Unicorn-55796.exe
2496	Unicorn-20275.exe
2680	Unicorn-53118.exe
3044	Unicorn-11888.exe
2412	Unicorn-61644.exe
2500	Unicorn-61089.exe
2448	Unicorn-59043.exe
1728	Unicorn-23485.exe
1832	Unicorn-29616.exe
2768	Unicorn-46263.exe
2444	Unicorn-46528.exe
1876	Unicorn-18132.exe
1204	Unicorn-2350.exe
1740	Unicorn-22216.exe
672	Unicorn-55635.exe
2316	Unicorn-48531.exe
880	Unicorn-27654.exe
2804	Unicorn-32003.exe
1656	Unicorn-3969.exe
1932	Unicorn-65443.exe
916	Unicorn-43192.exe
2792	Unicorn-45023.exe
2340	Unicorn-44509.exe
2300	Unicorn-27234.exe
3028	Unicorn-15942.exe
552	Unicorn-160.exe
952	Unicorn-37300.exe
3056	Unicorn-46952.exe
1112	Unicorn-65142.exe
348	Unicorn-1643.exe
1156	Unicorn-48998.exe
1908	Unicorn-44577.exe
560	Unicorn-46201.exe
2972	Unicorn-13227.exe
1868	Unicorn-33093.exe

Loads dropped DLL 64 IoCs

pid	Process
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2004	Unicorn-55796.exe
2004	Unicorn-55796.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2496	Unicorn-20275.exe
2496	Unicorn-20275.exe
2004	Unicorn-55796.exe
2004	Unicorn-55796.exe
2680	Unicorn-53118.exe
2680	Unicorn-53118.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2004	Unicorn-55796.exe
2412	Unicorn-61644.exe
2004	Unicorn-55796.exe
2412	Unicorn-61644.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2448	Unicorn-59043.exe
2448	Unicorn-59043.exe
3044	Unicorn-11888.exe
3044	Unicorn-11888.exe
2496	Unicorn-20275.exe
2496	Unicorn-20275.exe
2500	Unicorn-61089.exe
2500	Unicorn-61089.exe
2680	Unicorn-53118.exe
2680	Unicorn-53118.exe
1728	Unicorn-23485.exe
1728	Unicorn-23485.exe
2004	Unicorn-55796.exe
2004	Unicorn-55796.exe
1832	Unicorn-29616.exe
1832	Unicorn-29616.exe
2412	Unicorn-61644.exe
2412	Unicorn-61644.exe
2768	Unicorn-46263.exe
2768	Unicorn-46263.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2444	Unicorn-46528.exe
2444	Unicorn-46528.exe
2448	Unicorn-59043.exe
2448	Unicorn-59043.exe
1204	Unicorn-2350.exe
1204	Unicorn-2350.exe
1876	Unicorn-18132.exe
1876	Unicorn-18132.exe
3044	Unicorn-11888.exe
3044	Unicorn-11888.exe
2500	Unicorn-61089.exe
2500	Unicorn-61089.exe
2680	Unicorn-53118.exe
2680	Unicorn-53118.exe
2496	Unicorn-20275.exe
2496	Unicorn-20275.exe
1740	Unicorn-22216.exe
1740	Unicorn-22216.exe
672	Unicorn-55635.exe
672	Unicorn-55635.exe
2316	Unicorn-48531.exe
2316	Unicorn-48531.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3068	1932	WerFault.exe	47

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
2004	Unicorn-55796.exe
2496	Unicorn-20275.exe
2680	Unicorn-53118.exe
2412	Unicorn-61644.exe
2448	Unicorn-59043.exe
2500	Unicorn-61089.exe
3044	Unicorn-11888.exe
1728	Unicorn-23485.exe
1832	Unicorn-29616.exe
2768	Unicorn-46263.exe
2444	Unicorn-46528.exe
1204	Unicorn-2350.exe
1876	Unicorn-18132.exe
672	Unicorn-55635.exe
1740	Unicorn-22216.exe
2316	Unicorn-48531.exe
2804	Unicorn-32003.exe
880	Unicorn-27654.exe
1656	Unicorn-3969.exe
916	Unicorn-43192.exe
1932	Unicorn-65443.exe
2792	Unicorn-45023.exe
2340	Unicorn-44509.exe
2300	Unicorn-27234.exe
3028	Unicorn-15942.exe
552	Unicorn-160.exe
952	Unicorn-37300.exe
348	Unicorn-1643.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2004	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	28
PID 2176 wrote to memory of 2004	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	28
PID 2176 wrote to memory of 2004	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	28
PID 2176 wrote to memory of 2004	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	28
PID 2004 wrote to memory of 2496	2004	Unicorn-55796.exe	29
PID 2004 wrote to memory of 2496	2004	Unicorn-55796.exe	29
PID 2004 wrote to memory of 2496	2004	Unicorn-55796.exe	29
PID 2004 wrote to memory of 2496	2004	Unicorn-55796.exe	29
PID 2176 wrote to memory of 2680	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	30
PID 2176 wrote to memory of 2680	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	30
PID 2176 wrote to memory of 2680	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	30
PID 2176 wrote to memory of 2680	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	30
PID 2496 wrote to memory of 3044	2496	Unicorn-20275.exe	31
PID 2496 wrote to memory of 3044	2496	Unicorn-20275.exe	31
PID 2496 wrote to memory of 3044	2496	Unicorn-20275.exe	31
PID 2496 wrote to memory of 3044	2496	Unicorn-20275.exe	31
PID 2004 wrote to memory of 2412	2004	Unicorn-55796.exe	32
PID 2004 wrote to memory of 2412	2004	Unicorn-55796.exe	32
PID 2004 wrote to memory of 2412	2004	Unicorn-55796.exe	32
PID 2004 wrote to memory of 2412	2004	Unicorn-55796.exe	32
PID 2680 wrote to memory of 2500	2680	Unicorn-53118.exe	33
PID 2680 wrote to memory of 2500	2680	Unicorn-53118.exe	33
PID 2680 wrote to memory of 2500	2680	Unicorn-53118.exe	33
PID 2680 wrote to memory of 2500	2680	Unicorn-53118.exe	33
PID 2176 wrote to memory of 2448	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	34
PID 2176 wrote to memory of 2448	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	34
PID 2176 wrote to memory of 2448	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	34
PID 2176 wrote to memory of 2448	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	34
PID 2004 wrote to memory of 1728	2004	Unicorn-55796.exe	35
PID 2004 wrote to memory of 1728	2004	Unicorn-55796.exe	35
PID 2004 wrote to memory of 1728	2004	Unicorn-55796.exe	35
PID 2004 wrote to memory of 1728	2004	Unicorn-55796.exe	35
PID 2412 wrote to memory of 1832	2412	Unicorn-61644.exe	36
PID 2412 wrote to memory of 1832	2412	Unicorn-61644.exe	36
PID 2412 wrote to memory of 1832	2412	Unicorn-61644.exe	36
PID 2412 wrote to memory of 1832	2412	Unicorn-61644.exe	36
PID 2176 wrote to memory of 2768	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	37
PID 2176 wrote to memory of 2768	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	37
PID 2176 wrote to memory of 2768	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	37
PID 2176 wrote to memory of 2768	2176	40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe	37
PID 2448 wrote to memory of 2444	2448	Unicorn-59043.exe	38
PID 2448 wrote to memory of 2444	2448	Unicorn-59043.exe	38
PID 2448 wrote to memory of 2444	2448	Unicorn-59043.exe	38
PID 2448 wrote to memory of 2444	2448	Unicorn-59043.exe	38
PID 3044 wrote to memory of 1876	3044	Unicorn-11888.exe	39
PID 3044 wrote to memory of 1876	3044	Unicorn-11888.exe	39
PID 3044 wrote to memory of 1876	3044	Unicorn-11888.exe	39
PID 3044 wrote to memory of 1876	3044	Unicorn-11888.exe	39
PID 2496 wrote to memory of 1204	2496	Unicorn-20275.exe	40
PID 2496 wrote to memory of 1204	2496	Unicorn-20275.exe	40
PID 2496 wrote to memory of 1204	2496	Unicorn-20275.exe	40
PID 2496 wrote to memory of 1204	2496	Unicorn-20275.exe	40
PID 2500 wrote to memory of 1740	2500	Unicorn-61089.exe	41
PID 2500 wrote to memory of 1740	2500	Unicorn-61089.exe	41
PID 2500 wrote to memory of 1740	2500	Unicorn-61089.exe	41
PID 2500 wrote to memory of 1740	2500	Unicorn-61089.exe	41
PID 2680 wrote to memory of 672	2680	Unicorn-53118.exe	42
PID 2680 wrote to memory of 672	2680	Unicorn-53118.exe	42
PID 2680 wrote to memory of 672	2680	Unicorn-53118.exe	42
PID 2680 wrote to memory of 672	2680	Unicorn-53118.exe	42
PID 1728 wrote to memory of 2316	1728	Unicorn-23485.exe	43
PID 1728 wrote to memory of 2316	1728	Unicorn-23485.exe	43
PID 1728 wrote to memory of 2316	1728	Unicorn-23485.exe	43
PID 1728 wrote to memory of 2316	1728	Unicorn-23485.exe	43

C:\Users\Admin\AppData\Local\Temp\40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe
"C:\Users\Admin\AppData\Local\Temp\40f688c38b6a868bcf4899d20a7418a73631a6fcb9db433973b1ff25f7f27f28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15942.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9259.exe
        6⤵
        
        PID:2960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        6⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
        6⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
        6⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
        6⤵
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
        6⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        6⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58786.exe
        6⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        6⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        5⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        5⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45401.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
        5⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        5⤵
        
        PID:1572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        5⤵
        
        PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27234.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37753.exe
        6⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        6⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27588.exe
        6⤵
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
        6⤵
        
        PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21971.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
        5⤵
        
        PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
        5⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
        5⤵
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
        5⤵
        
        PID:3548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
        5⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        5⤵
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        5⤵
        
        PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38422.exe
      4⤵
      PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48976.exe
      4⤵
      PID:1688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29685.exe
      4⤵
      PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41235.exe
      4⤵
      PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25727.exe
      4⤵
      PID:2160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
        6⤵
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        6⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        6⤵
        
        PID:488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64446.exe
        6⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        6⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        6⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
        6⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13227.exe
        5⤵
        Executes dropped EXE
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44298.exe
        5⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46645.exe
        5⤵
        
        PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
        5⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40884.exe
        5⤵
        
        PID:1568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
        5⤵
        
        PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
        5⤵
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
        5⤵
        
        PID:2368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2074.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      4⤵
      PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      4⤵
      PID:108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
      4⤵
      PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
      4⤵
      PID:3352
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
        5⤵
        Executes dropped EXE
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15897.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        5⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        5⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46201.exe
      4⤵
      Executes dropped EXE
      PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
      4⤵
      PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
      4⤵
      PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
      4⤵
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
      4⤵
      PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
      4⤵
      PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7915.exe
      4⤵
      PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
      4⤵
      Executes dropped EXE
      PID:1868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
      4⤵
      PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
    3⤵
    PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
    3⤵
    PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
    3⤵
    PID:2188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14289.exe
    3⤵
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
    3⤵
    PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
    3⤵
    PID:3392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        5⤵
        Executes dropped EXE
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19098.exe
        5⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        5⤵
        
        PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
        5⤵
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57981.exe
        5⤵
        
        PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        5⤵
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35487.exe
        5⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
        5⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4610.exe
        5⤵
        
        PID:360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        5⤵
        
        PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
      4⤵
      PID:352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
      4⤵
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
      4⤵
      PID:2248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48998.exe
      4⤵
      Executes dropped EXE
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38687.exe
        5⤵
        
        PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3121.exe
        5⤵
        
        PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        5⤵
        
        PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57420.exe
        5⤵
        
        PID:1008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32474.exe
        5⤵
        
        PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
      4⤵
      PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16856.exe
      4⤵
      PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60423.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54431.exe
      4⤵
      PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
      4⤵
      PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31451.exe
      4⤵
      PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46952.exe
    3⤵
    - Executes dropped EXE
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
    3⤵
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
    3⤵
    PID:1412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
    3⤵
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8093.exe
    3⤵
    PID:2016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
    3⤵
    PID:932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
    3⤵
    PID:3384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5080.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54886.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        5⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        5⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
        5⤵
        
        PID:3280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50752.exe
      4⤵
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
      4⤵
      PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
      4⤵
      PID:2452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64965.exe
      4⤵
      PID:996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13248.exe
      4⤵
      PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
      4⤵
      PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
    3⤵
    PID:676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32686.exe
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
    3⤵
    PID:3012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48555.exe
    3⤵
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17803.exe
    3⤵
    PID:2056
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65443.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1932
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
      4⤵
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26055.exe
    3⤵
    PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51719.exe
    3⤵
    PID:848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
    3⤵
    PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52099.exe
    3⤵
    PID:1852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
    3⤵
    PID:3176
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8204.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37983.exe
    3⤵
    PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-920.exe
    3⤵
    PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
    3⤵
    PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9637.exe
    3⤵
    PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11156.exe
    3⤵
    PID:3556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48275.exe
  2⤵
  PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
  2⤵
  PID:2484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
  2⤵
  PID:612
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38629.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38629.exe
  2⤵
  PID:2236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18489.exe
  2⤵
  PID:240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41838.exe
  2⤵
  PID:1540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29408.exe
  2⤵
  PID:3344

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe

Filesize
184KB

MD5
12ab08d113a8ccafd37f88317ec47e82

SHA1
e24e24036ac5f0b5896128778e2cc681bd36b8f8

SHA256
a9af5f011d0e476c6bffe74a78ce33cb113b957bbc0a60b2a4d7fe2dca2b1a61

SHA512
85068a39e722a6561bf8f0f9c6eb4b2c32046d898211739568448f45b360f9cd5f2104eb60378b32e5e7ad67b2216fe8dd272ffbb981c5f427692e05246f2ff2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22216.exe

Filesize
184KB

MD5
c8b848ff8a65ff6991f51287975ed6f8

SHA1
a844af39c6afbc38cae0f5739d88cadf1b9bf123

SHA256
78948009928619210e8791ba2d9034968875ead19fdd07e42fef6b07bca021d9

SHA512
a3d1cdc5053d7a2514033389a721b0650ab1a0f456e0116a69977dda603efa19cd725bcac257d0b66443b701c3c129c3853c032a11c8c3c45fdda29ff53315dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe

Filesize
184KB

MD5
42a7061e2f541945150ef460ee5fb883

SHA1
b2954a4c01aaec52ed761809abf4f8eb89df5ea6

SHA256
e7de32c715cce01b9ce6ba8bb1dc93160510ed21cd4561bf1d2c06943761194f

SHA512
909e06a101dc2546b11f61db213c528d5481d8249eecd45fec9874906c45e3546cd28ee49478da68fdaa238909188b057480a2f470e2c9d526abe988ad22daf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe

Filesize
184KB

MD5
a723ff234bde591efd1b0abff8b75af1

SHA1
41417535e3a4bedae57178405af157065e28b063

SHA256
075da293d87afa7083836f4720e0aca16ae29fd0d3fa0205458da00a8ccff54c

SHA512
9b0f44fb2f2399e7ef325ba35378350dcc8e62d7bd8dd952d3a79ae17e42f591b79c03cfda1ce995e7f82755e59f4445ab01b7d494b7c645329a20c661d09cf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55635.exe

Filesize
184KB

MD5
12ad4887f8dbb50d50aa6cd8a029ee1f

SHA1
e684d575f314c56fc3a9bda1a7d63b0f7cd2c456

SHA256
09d5322e0f430170bc113dfe3eee39f000bfd9a5122b9eb3f70d7bfd45ef44b5

SHA512
bfa220badcea9db196dc2ff9ac9959bbcbfbfe720e65adea3e7753c7ad292779c3fcfe5df0a0446593ea58f847f189c8edfa01431bac66515216bd8122a2df53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe

Filesize
184KB

MD5
82f1c1e7756427f84443905d1d9bf834

SHA1
4357f2c7b396008e7bcf7ac054c30cf0ac3f1ed9

SHA256
5507c27abf35bc9ce773c8833191c07330048f66f526a36b7f55bbd358b8711d

SHA512
335c7eee9134bfd50ac477047b7845c35d85a55e964e8a2c873824cfd961558deebdabc129a30e83530dd636b8ce79747e77d15f477057e97892c66e6727a62b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61644.exe

Filesize
184KB

MD5
040883b62674f6e59d5bf1201143303f

SHA1
cb29be915f22e7f5d10c4d0cb6f84b9c86ebed19

SHA256
e74558eddc82461d4398a918942bb9c260f72919135fcbe9226323eb57c36332

SHA512
e01fb924728aa25ccc1192b8239a1db1b5467cede3a53087f6b91dc0025969be75210451c5dce32b6edc66c419739f14d3363b2cf567614abdc4b05c48c5ceee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11888.exe

Filesize
184KB

MD5
86a194f62964744d93df688857215f3f

SHA1
71c4d1d079153496dd4c80104391747a656250ef

SHA256
ed1dfd6357521169a50d2a994f77fb2632481c39451b1f1d5c3368a9739dd8de

SHA512
d4c9b0ee0a19836c1ba52d5217ac149e323453d25503eb5667c690fd1cba9761438bc1e46b26626433b2e32f3e61630b4bcdfc3df2dcb3681b6ce10ff00cba8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20275.exe

Filesize
184KB

MD5
825c37f7f345f99298d07228e621e593

SHA1
08a994cf3205afcbab4f7dd281175074cdf783ab

SHA256
279a1f0ddcb33e5d452321511575e9ce1aa0271a5f77c0a5535a82a6876541c2

SHA512
3d4ac9ce3dde1aa177cc1f615d634da7c103c0153155a18785cd67b3a096396e209f3e02bb4d960b3febac997b225c6d81a3a547afa0d3fcf8ed9d9a4ba08a6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23485.exe

Filesize
184KB

MD5
4f692e7136bd36ac36e09447c02efef9

SHA1
8b7a025eff3c4b8dab588eb08139fb7aa3355c84

SHA256
2dc7b522582283ad386f4e84a235d2a7e082266e736297fcffcfabb09cc8c6a8

SHA512
4178907d4f79325110d46bbea09127220727a4a32323616a1fffcd90194699749c8bad47f8481adb3fab387ea9dde903f6eedbd4bff8adfcab511f0b7e0aa0ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2350.exe

Filesize
184KB

MD5
45d9d4f30915561851eb1550091b7c5e

SHA1
52a64d0f3f64457118476c8bfd55d85b9a6f9bd5

SHA256
a801396fcb8dfb3141fbdd45cf76fc2822035eaa32cb0f7c12113d166ffffc96

SHA512
60d4ce7571e9c61ef0c140f4b9f3868caf7c17c115cca7ec246ab48716141626e02c70e33374c8d1e404166a897c3a26a73a3ee9293d66cfa001b2f5188945ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27654.exe

Filesize
184KB

MD5
6fc5c7b5b536ce52206ccad0998cfc6b

SHA1
365d304c4ba1a099c184ead2019acd9f2585f534

SHA256
172835d61f3fd9a02fb4df3e8ab4b7349adc7335c71daeff65501cd17c212bc9

SHA512
cb6a2fe4d54eb0bdc6116ef3c14eaeeaa3236e260eed4bb977ee0293e6495e2a4c160a8a1f62c1fac3e181adfbb90547e9fc8562521c130c1c22dfa97bb3eeb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe

Filesize
184KB

MD5
a4c873adfb183d705f7a090709e1f35d

SHA1
5bf418ff551542fe1ce829ca9c3ec17573733c36

SHA256
b206ff0ac232aee29fdb8a411bb02c5ce44cea57c656af05adeac449bd9d93ee

SHA512
0aab77cafc5ee173ad65699929b5c11e5765d13ab66054098b514d2c3a5547d44f94cfed36aa4768cdb56b44f9e1ee8ee6755ca5266e22839543c9bbcf820c03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3969.exe

Filesize
184KB

MD5
c9ff41eb4d45325216b162f33211a47b

SHA1
0a43951b94c9023475bf64312cdb601bb18d849e

SHA256
f2483f4ea93c3b15c40074a80a51238a4f40cb75bfb8235a8a5635fa8a7172b8

SHA512
906df49fda33fdfa6c2d09b184028e728da827ae7382c36553c65da898e05c5230e5680cc6e47daebfbb9b6f63150f7d422b698f46f259ff5b3d73d239ce26bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46263.exe

Filesize
184KB

MD5
e59246513c471e2b067631189694c0d9

SHA1
e4536d8cd9b0abbcfd407a2fd5f9729928123a69

SHA256
7de59c485457ec38dc8c1f5f3fb5e08dc21029d70903e82b6cab5e555e817ade

SHA512
9494396c551e0b1cda6c971ad73a4fd43ef3b1c6a424d4c2883a82ed0d49134bd7971ff5240915580300f0be861fbbe8c79f242895cd4cc6159ee1ef031400bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46528.exe

Filesize
184KB

MD5
adf18d11358329bfbf4f0b712df619af

SHA1
c65c9dbc6ec3b8bcbc1d6742b6ff4b04b9b63871

SHA256
2ca71d722b09e04f69725e6cc091ed34e6dc0781e44ea5cafb7af6a2be4c1f1c

SHA512
462c23e560a19b97d59fefada0b2a6b362f31ca9e80e6c0c379032a27acdba6149b70a00e70155e8002ecf2c99de5925c22d90e39f42869cd1b68afbf7517746

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48531.exe

Filesize
184KB

MD5
fcc20591a93c1d173cef8ca2780e5458

SHA1
362c90f0d4d1c72dff8af0e2f506606b3ae7aad4

SHA256
f441bd2e57caa86acc962a98455dbf4c3d932594949709cd273c8208cbb28a6c

SHA512
de9f7c29e792541dbc9e9c2ad8a067722aec98163b25b104ed233c3d6689241678ec4c88cdef526ce0e27bd859561bc22c6795e7f95926e2ef7b3db9cad2bfcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe

Filesize
184KB

MD5
c95f9d757841cce763950f61748d18eb

SHA1
2ae44c3731e672386f6be7d75e9246c1c08db0e5

SHA256
f18ea07e7667d80a84117c99cb821407fcea152d89f4b0dfcd50cf615a221dfa

SHA512
90ed4a0d532da9b597ac2fa5aaa18ed89147adfee0dd1990e1ed0c7998c2e1a2e8e811a07f6e4df29a69444833aa7067248065e52c3ff976ea3ce166f67600d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55796.exe

Filesize
184KB

MD5
f7e17d6b211bd0b165ccfe30e464f0a0

SHA1
426511a761a9ecdf7ad92b0ef77375c63b412a57

SHA256
eb347798bdb524faeca65d6bd145504f3d1d7e2da46ae9ace0afd08e5fdc4b2c

SHA512
04b28c8f8f324bfed3ba8ed9fc248c2a57a55af1a7a7bf6671685f573bca227af1879a795a76a9ac3148b438f76d70679e428cdf4608dbe84cd7fc0fa5474b03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe

Filesize
184KB

MD5
88a0533dc922b57c9d2cb2615559d6f3

SHA1
c5faa0ede0d7beae3959abc19e21410d044d1aa8

SHA256
20182b686a4d38265afc8c85b6e214ff363a07882dfca3970f3fb5202ab3ac30

SHA512
6157a5ee7278bec413ecdd7531d96ca0c98c1928d67b644af961a7b2028bf830573d885be0aff4210b28d7c4056841c12a6b3bfde492874714a93dd9d57ef24d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads