86ea4938fb458745a4a9daee11656f78143ae85907acf855a85c5d7c01c1ebfc

Analysis

max time kernel
38s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 12:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

278a3c74c7d69165efdc3037eba9c966.exe
Size

184KB
MD5

278a3c74c7d69165efdc3037eba9c966
SHA1

f6e318156cb69af79ae5c8ff8fcf3f4d7f568f6d
SHA256

86ea4938fb458745a4a9daee11656f78143ae85907acf855a85c5d7c01c1ebfc
SHA512

6c5b1aee62c819e6b1b4db787435be79fa87399ab3ea92374c2ddc5bab5fcc85b58190945c21f0a1ecc14759410572f80248115c74f997fb164bf5204ec3e324
SSDEEP

3072:ORplo+zyCaUD0jrqp2wn58allMrxeMr12QxqyzonNKxvwF1:OR/o9Fs0Kp3n58a2ahNKxvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2108	Unicorn-4501.exe
2064	Unicorn-45664.exe
2740	Unicorn-45643.exe
1824	Unicorn-1206.exe
2548	Unicorn-50962.exe
2524	Unicorn-62659.exe
2424	Unicorn-18970.exe
2040	Unicorn-55918.exe
2836	Unicorn-60002.exe
2156	Unicorn-31968.exe
1544	Unicorn-52581.exe
1244	Unicorn-28529.exe
2988	Unicorn-495.exe
1988	Unicorn-49141.exe
764	Unicorn-24122.exe
1828	Unicorn-65368.exe
1916	Unicorn-21321.exe
752	Unicorn-12830.exe
1400	Unicorn-24528.exe
2112	Unicorn-16635.exe
2712	Unicorn-13105.exe
1304	Unicorn-38015.exe
1864	Unicorn-34485.exe
2956	Unicorn-33931.exe
1580	Unicorn-58627.exe
2388	Unicorn-55290.exe
2948	Unicorn-30017.exe
1212	Unicorn-49883.exe
2920	Unicorn-53967.exe
1036	Unicorn-1429.exe
2428	Unicorn-4958.exe
2436	Unicorn-9701.exe
2748	Unicorn-31696.exe
2736	Unicorn-6445.exe
2892	Unicorn-27058.exe
2556	Unicorn-11276.exe
2576	Unicorn-55838.exe
2648	Unicorn-10721.exe
2980	Unicorn-7384.exe
2108	Unicorn-43586.exe
1504	Unicorn-27228.exe
2628	Unicorn-6061.exe
1456	Unicorn-55454.exe
2704	Unicorn-7000.exe
2132	Unicorn-18698.exe
1016	Unicorn-48246.exe
352	Unicorn-7960.exe
2128	Unicorn-35994.exe
320	Unicorn-40824.exe
2020	Unicorn-31033.exe
2184	Unicorn-56881.exe
648	Unicorn-12703.exe
1048	Unicorn-52413.exe
2496	Unicorn-65412.exe
492	Unicorn-44437.exe
2524	Unicorn-27032.exe
1484	Unicorn-61520.exe
1600	Unicorn-63980.exe
356	Unicorn-37229.exe
360	Unicorn-40244.exe
1648	Unicorn-150.exe
612	Unicorn-150.exe
1136	Unicorn-7763.exe
1564	Unicorn-65111.exe

Loads dropped DLL 64 IoCs

pid	Process
1656	278a3c74c7d69165efdc3037eba9c966.exe
1656	278a3c74c7d69165efdc3037eba9c966.exe
2108	Unicorn-4501.exe
2108	Unicorn-4501.exe
1656	278a3c74c7d69165efdc3037eba9c966.exe
1656	278a3c74c7d69165efdc3037eba9c966.exe
2064	Unicorn-45664.exe
2064	Unicorn-45664.exe
2108	Unicorn-4501.exe
2108	Unicorn-4501.exe
2740	Unicorn-45643.exe
2740	Unicorn-45643.exe
2548	Unicorn-50962.exe
2548	Unicorn-50962.exe
1824	Unicorn-1206.exe
1824	Unicorn-1206.exe
2524	Unicorn-62659.exe
2524	Unicorn-62659.exe
2064	Unicorn-45664.exe
2064	Unicorn-45664.exe
2740	Unicorn-45643.exe
2740	Unicorn-45643.exe
2424	Unicorn-18970.exe
2424	Unicorn-18970.exe
2548	Unicorn-50962.exe
2548	Unicorn-50962.exe
2040	Unicorn-55918.exe
2040	Unicorn-55918.exe
1824	Unicorn-1206.exe
1824	Unicorn-1206.exe
2156	Unicorn-31968.exe
2156	Unicorn-31968.exe
2836	Unicorn-60002.exe
2836	Unicorn-60002.exe
2524	Unicorn-62659.exe
2524	Unicorn-62659.exe
1544	Unicorn-52581.exe
1544	Unicorn-52581.exe
1244	Unicorn-28529.exe
1244	Unicorn-28529.exe
2424	Unicorn-18970.exe
2424	Unicorn-18970.exe
1988	Unicorn-49141.exe
1988	Unicorn-49141.exe
2040	Unicorn-55918.exe
2040	Unicorn-55918.exe
764	Unicorn-24122.exe
764	Unicorn-24122.exe
1400	Unicorn-24528.exe
1400	Unicorn-24528.exe
1544	Unicorn-52581.exe
1544	Unicorn-52581.exe
2156	Unicorn-31968.exe
2156	Unicorn-31968.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2988	Unicorn-495.exe
2988	Unicorn-495.exe
752	Unicorn-12830.exe
752	Unicorn-12830.exe
1916	Unicorn-21321.exe
1916	Unicorn-21321.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2940	1828	WerFault.exe	45
1432	1600	WerFault.exe	86

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1656	278a3c74c7d69165efdc3037eba9c966.exe
2108	Unicorn-4501.exe
2064	Unicorn-45664.exe
2740	Unicorn-45643.exe
2548	Unicorn-50962.exe
1824	Unicorn-1206.exe
2524	Unicorn-62659.exe
2424	Unicorn-18970.exe
2040	Unicorn-55918.exe
2156	Unicorn-31968.exe
2836	Unicorn-60002.exe
1544	Unicorn-52581.exe
1244	Unicorn-28529.exe
2988	Unicorn-495.exe
1988	Unicorn-49141.exe
764	Unicorn-24122.exe
1828	Unicorn-65368.exe
1400	Unicorn-24528.exe
752	Unicorn-12830.exe
1916	Unicorn-21321.exe
2112	Unicorn-16635.exe
2712	Unicorn-13105.exe
1304	Unicorn-38015.exe
1864	Unicorn-34485.exe
2956	Unicorn-33931.exe
1580	Unicorn-58627.exe
2388	Unicorn-55290.exe
2948	Unicorn-30017.exe
1212	Unicorn-49883.exe
2920	Unicorn-53967.exe
1036	Unicorn-1429.exe
2428	Unicorn-4958.exe
2436	Unicorn-9701.exe
2892	Unicorn-27058.exe
2556	Unicorn-11276.exe
2736	Unicorn-6445.exe
2748	Unicorn-31696.exe
2576	Unicorn-55838.exe
2648	Unicorn-10721.exe
2108	Unicorn-43586.exe
2628	Unicorn-6061.exe
2980	Unicorn-7384.exe
1504	Unicorn-27228.exe
1456	Unicorn-55454.exe
2704	Unicorn-7000.exe
2132	Unicorn-18698.exe
1016	Unicorn-48246.exe
2128	Unicorn-35994.exe
352	Unicorn-7960.exe
320	Unicorn-40824.exe
2020	Unicorn-31033.exe
2184	Unicorn-56881.exe
648	Unicorn-12703.exe
2496	Unicorn-65412.exe
1048	Unicorn-52413.exe
2524	Unicorn-27032.exe
492	Unicorn-44437.exe
1600	Unicorn-63980.exe
1484	Unicorn-61520.exe
356	Unicorn-37229.exe
360	Unicorn-40244.exe
1648	Unicorn-150.exe
1136	Unicorn-7763.exe
612	Unicorn-150.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1656 wrote to memory of 2108	1656	278a3c74c7d69165efdc3037eba9c966.exe	28
PID 1656 wrote to memory of 2108	1656	278a3c74c7d69165efdc3037eba9c966.exe	28
PID 1656 wrote to memory of 2108	1656	278a3c74c7d69165efdc3037eba9c966.exe	28
PID 1656 wrote to memory of 2108	1656	278a3c74c7d69165efdc3037eba9c966.exe	28
PID 2108 wrote to memory of 2064	2108	Unicorn-4501.exe	29
PID 2108 wrote to memory of 2064	2108	Unicorn-4501.exe	29
PID 2108 wrote to memory of 2064	2108	Unicorn-4501.exe	29
PID 2108 wrote to memory of 2064	2108	Unicorn-4501.exe	29
PID 1656 wrote to memory of 2740	1656	278a3c74c7d69165efdc3037eba9c966.exe	30
PID 1656 wrote to memory of 2740	1656	278a3c74c7d69165efdc3037eba9c966.exe	30
PID 1656 wrote to memory of 2740	1656	278a3c74c7d69165efdc3037eba9c966.exe	30
PID 1656 wrote to memory of 2740	1656	278a3c74c7d69165efdc3037eba9c966.exe	30
PID 2064 wrote to memory of 1824	2064	Unicorn-45664.exe	31
PID 2064 wrote to memory of 1824	2064	Unicorn-45664.exe	31
PID 2064 wrote to memory of 1824	2064	Unicorn-45664.exe	31
PID 2064 wrote to memory of 1824	2064	Unicorn-45664.exe	31
PID 2108 wrote to memory of 2548	2108	Unicorn-4501.exe	32
PID 2108 wrote to memory of 2548	2108	Unicorn-4501.exe	32
PID 2108 wrote to memory of 2548	2108	Unicorn-4501.exe	32
PID 2108 wrote to memory of 2548	2108	Unicorn-4501.exe	32
PID 2740 wrote to memory of 2524	2740	Unicorn-45643.exe	33
PID 2740 wrote to memory of 2524	2740	Unicorn-45643.exe	33
PID 2740 wrote to memory of 2524	2740	Unicorn-45643.exe	33
PID 2740 wrote to memory of 2524	2740	Unicorn-45643.exe	33
PID 2548 wrote to memory of 2424	2548	Unicorn-50962.exe	34
PID 2548 wrote to memory of 2424	2548	Unicorn-50962.exe	34
PID 2548 wrote to memory of 2424	2548	Unicorn-50962.exe	34
PID 2548 wrote to memory of 2424	2548	Unicorn-50962.exe	34
PID 1824 wrote to memory of 2040	1824	Unicorn-1206.exe	35
PID 1824 wrote to memory of 2040	1824	Unicorn-1206.exe	35
PID 1824 wrote to memory of 2040	1824	Unicorn-1206.exe	35
PID 1824 wrote to memory of 2040	1824	Unicorn-1206.exe	35
PID 2524 wrote to memory of 2836	2524	Unicorn-62659.exe	36
PID 2524 wrote to memory of 2836	2524	Unicorn-62659.exe	36
PID 2524 wrote to memory of 2836	2524	Unicorn-62659.exe	36
PID 2524 wrote to memory of 2836	2524	Unicorn-62659.exe	36
PID 2064 wrote to memory of 2156	2064	Unicorn-45664.exe	38
PID 2064 wrote to memory of 2156	2064	Unicorn-45664.exe	38
PID 2064 wrote to memory of 2156	2064	Unicorn-45664.exe	38
PID 2064 wrote to memory of 2156	2064	Unicorn-45664.exe	38
PID 2740 wrote to memory of 1544	2740	Unicorn-45643.exe	37
PID 2740 wrote to memory of 1544	2740	Unicorn-45643.exe	37
PID 2740 wrote to memory of 1544	2740	Unicorn-45643.exe	37
PID 2740 wrote to memory of 1544	2740	Unicorn-45643.exe	37
PID 2424 wrote to memory of 1244	2424	Unicorn-18970.exe	39
PID 2424 wrote to memory of 1244	2424	Unicorn-18970.exe	39
PID 2424 wrote to memory of 1244	2424	Unicorn-18970.exe	39
PID 2424 wrote to memory of 1244	2424	Unicorn-18970.exe	39
PID 2548 wrote to memory of 2988	2548	Unicorn-50962.exe	40
PID 2548 wrote to memory of 2988	2548	Unicorn-50962.exe	40
PID 2548 wrote to memory of 2988	2548	Unicorn-50962.exe	40
PID 2548 wrote to memory of 2988	2548	Unicorn-50962.exe	40
PID 2040 wrote to memory of 1988	2040	Unicorn-55918.exe	41
PID 2040 wrote to memory of 1988	2040	Unicorn-55918.exe	41
PID 2040 wrote to memory of 1988	2040	Unicorn-55918.exe	41
PID 2040 wrote to memory of 1988	2040	Unicorn-55918.exe	41
PID 1824 wrote to memory of 764	1824	Unicorn-1206.exe	42
PID 1824 wrote to memory of 764	1824	Unicorn-1206.exe	42
PID 1824 wrote to memory of 764	1824	Unicorn-1206.exe	42
PID 1824 wrote to memory of 764	1824	Unicorn-1206.exe	42
PID 2156 wrote to memory of 1828	2156	Unicorn-31968.exe	45
PID 2156 wrote to memory of 1828	2156	Unicorn-31968.exe	45
PID 2156 wrote to memory of 1828	2156	Unicorn-31968.exe	45
PID 2156 wrote to memory of 1828	2156	Unicorn-31968.exe	45

C:\Users\Admin\AppData\Local\Temp\278a3c74c7d69165efdc3037eba9c966.exe
"C:\Users\Admin\AppData\Local\Temp\278a3c74c7d69165efdc3037eba9c966.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27058.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        11⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        12⤵
        
        PID:3880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26758.exe
        9⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11276.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27032.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44235.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56813.exe
        10⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21765.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45755.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2496.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23087.exe
        8⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10721.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17115.exe
        9⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3103.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2303.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15028.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        8⤵
        
        PID:3052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 244
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7763.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12329.exe
        8⤵
        
        PID:3892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65111.exe
        6⤵
        Executes dropped EXE
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        7⤵
        
        PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37027.exe
        11⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        9⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13383.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
        10⤵
        
        PID:4092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63980.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 188
        8⤵
        Program crash
        
        PID:1432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44188.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7410.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
        9⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52465.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
        9⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        7⤵
        
        PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-495.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20784.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55122.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        8⤵
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61795.exe
        6⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        7⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7000.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56388.exe
        6⤵
        
        PID:2668
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4958.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
        9⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28568.exe
        7⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1429.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3264.exe
        8⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8702.exe
        6⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        7⤵
        
        PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60664.exe
        7⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8894.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        7⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
        8⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12423.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17515.exe
        7⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18340.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
        7⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3393.exe
        8⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
        6⤵
        
        PID:1128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43586.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33865.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27276.exe
        8⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58739.exe
        7⤵
        
        PID:412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        6⤵
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44437.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
        7⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2387.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23855.exe
        7⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50742.exe
        6⤵
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
        6⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        7⤵
        
        PID:1616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe

Filesize
184KB

MD5
97e55c9e93fe68b1d6777a8d32423e48

SHA1
b5c30d25b591786575e9b436e5f2c6343e12127c

SHA256
7df7f70fb39736515eed26b2908c813f756e9589fe7d923ea14151fa7b0d487a

SHA512
73ac810f4d9d772dd25fc083076d4e0812eaa42875664842864a8f115ff56a18af5933d937a47282530ce6818cf976ea97c6c1e90ff42a00157093697a5096cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40824.exe

Filesize
184KB

MD5
b2f416ad10dc50cbdf28602e3838436e

SHA1
437261189d1296b07c2d4af66e1a1d8b19bad763

SHA256
673e1812d59584d3fbb9530017bf4b773c689e07284fea7472a9ca2390cafc9f

SHA512
da03c7929028a12b27b7ec147db428f197239376680a2acf98dea5adfcbf10b86efcf346950ca60926cbf30ee70e3084ef3a936bf7ac3e2e20e38f75dc94dcdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe

Filesize
184KB

MD5
9312a8f079dc987dd42409a6500f8dc9

SHA1
6d2c9b50a4f20830fb6f97fa9cf66553ed801245

SHA256
fde638dd1214925acc48e71d78cbf4955637e9b61a39716d32a1120a1b9f51b5

SHA512
121308b8e9ccd7481bbf41489a79573abe9f6f636862f0d86d74047e1aca9e9c61f68b922ecf9132379aae97fd7a21368e5f5f60d945063ab872784d5dfaf042

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe

Filesize
184KB

MD5
32188ac519e159e6d1b404a4c3ef171a

SHA1
5d6f6ae2c359ca49979d264dc772e6b81e7c2114

SHA256
029bde2e9f7d1c334e82117e0003da25ff59f44260f0fef9e62e921fb99d354d

SHA512
9b5f7e1d383604374eef45e5160a9b396873cab08bc1b839c20c9f66c57919c5e200ef2102c1946c38c6175ac3006ed08ece46d2504c63b4649d6a86585436b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6445.exe

Filesize
66KB

MD5
d2dbf6f3182f004acd1c0204f88242db

SHA1
2343815ee75b0ee89898c19b83d42ea7c8f52775

SHA256
1bc30c7bbfb246f98fd77ff673e63603a84927d518e3f8482a34a267af653b77

SHA512
d2d1e98c7fd83431135d91b2bd56367f2dde129539626513a8b292818fd28a91cd64ea075be3bf185ec363802dac20cd826d1dd939127d76318243a1be18173c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65368.exe

Filesize
184KB

MD5
029020591bf60b6f0e0fb26e48aca4d1

SHA1
a25437f561af1328b1a93c4343ab5a33321b5fa6

SHA256
d0476c2dd4abdb6589eaaec5b813cf35be9fa2824272c4f40d1534cc902b99e4

SHA512
f8ec4a0925e50ce01086f42e2dfbd49d436619d68eb3bdb24bc4e9ea492d19cf719fc35ef5c49ce8eafcb81f202c9da0c7cb2d0f974a0b70b76e5724b2c37e35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe

Filesize
184KB

MD5
1f63f6105a4714d6c154edfee6d6ce83

SHA1
9cf34f6ee6ba48797b7eaba59b44e4db9287e608

SHA256
ab3bf80d161dc7d4e7ec53cd726f703f905e0c7f2ea876c828c7adb8898ee3a2

SHA512
ffc3107ddd3dc33a20aa6d9c0e8d3af35d3bcb193c1c179395e4b2a959dd01baea00b24e994d2ab0a19d9b09231ee6637b32c6d2c62f9e613da16d9e6d972120

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12830.exe

Filesize
184KB

MD5
14f9e9a89baf00f73dea5dadbe8dcb59

SHA1
d27e70f93825259a2128790aaaa3b35ce58be62e

SHA256
a01cd42964ef8904ea80a080b30e724104eb79079f15002057483d7c2a1b1b90

SHA512
667923b36e74c9bf61e8d4518553ee2ed108bd6240a52cc41182a479b20581d9244405c716bcf38d80ecdadd3a7aee2f1b34b2737e5d8d675238f38c092b31d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18970.exe

Filesize
184KB

MD5
b04eeb9762656a03f3a5c83d4e7cf2eb

SHA1
3da15571bde591cf1cc35fc6e21d0d820b0c0bf1

SHA256
e1451781238dfe10ce79361238f40aaa9355273dfb7a8106fa5f9c5a47108b3e

SHA512
3b2af8af5671508c394529f501da05444d9606456e9c56abbe62f4c1708f25574830609a0491be34fbb95c9c7fe92b5c291bb7c9bdea5db8805ecbcdce717bf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21321.exe

Filesize
184KB

MD5
c7d6ad8d4a49a1bcb265bf5e424ca728

SHA1
4bc3825e33a18bb7181c9e55ddbb3b286b88d270

SHA256
d954ad06b962c2e7084222e185644e8d0906da5f1ebf699ab5000e8d091ebc88

SHA512
9aac82ef08c364b1985621cf0a97848a34de8610975319e7f75909eef241ab64c51153ad11f8af89d4b8c4461f3926b0e2195a905b87fc6b91a4c047e7664080

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe

Filesize
184KB

MD5
5d82e8c0d96a6f90c4b94a435ed7c973

SHA1
044adec11b9cdcdaecd00bac3fc8388d5d33fd13

SHA256
fcf459c3b75ce2f6425798476e01488908be5a70bab29076cf2e60b54123d85c

SHA512
bee18861734d28ac280d825e6f07d63e17add1bf6d071d0cd7386e6d8f3abc0e999e066def2bf3d0a9618bd4a486d042e96854f7364ac9c137b4d9aeb37860cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe

Filesize
184KB

MD5
c6cd9d340b71e399b6516a740e3e7335

SHA1
bd218da3eb04888bf72f98f267b41dbf4cd1bcca

SHA256
d7deafb1cc6364ea242d215cbce6b2b75523922a558a1888314987f5981e6e5b

SHA512
076d1c6b03e0675eac07fa4671794679f44b4fef28c173dffde466309ca899e8754792fc0b3cf5ddcd01f9bd72d6c07362ccad0ac7f375b4fa2f56e161af202c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe

Filesize
184KB

MD5
dbb8f2b4aeb98eaf36bf7d4c53e3864c

SHA1
01f387177e5c21ee26299b299626ade791768433

SHA256
f90099e51fc5cf6c8ccfe7aff1d28b0f2e80d879ff5ec614acde833413dd656d

SHA512
1462ff27ee51e6caa1baf6d62ee500d2fe06ba494fb07b6fe5090d62f3d26c5e34ad7e7b9fa9f330833b8bea4f954147e1f3d43e7854f3b159721b0e41688ed3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45643.exe

Filesize
184KB

MD5
1e14d36d28642eb32691966eb4fc45e0

SHA1
bdd12632497e5154eb2ed6432ad963533461acc1

SHA256
8a60e87a5947ce1f49698587724c1c8f4cd9c1c88dd590e3b03d6ae6ed62e2eb

SHA512
73e9e8ec5ee37a80a9bcc3037ce7bd7f83219a539b44b5ff0e5cc68159d80aa00d27fbbf40b7086d3ec40c9cf1db9cad4bce745892b835174c22e51de07988df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45664.exe

Filesize
184KB

MD5
1e3f7cca72c11bf5210f7bb0b81768d7

SHA1
139ce7504522e878fedc45d86cdffd3751af4d16

SHA256
20a119224cdecf75f853317d833c8222f5d44e0a690f0e105cc54d18f0bd049f

SHA512
2ff4e2a37e5475d62504a0b8f0b3ad525907a13968ffc87ec0ddd8d37982b29519fa7a003b12277d6d5ab88e4542342ff8000ed6d5e4bc91d760dd14d84bc33c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe

Filesize
184KB

MD5
ae5896fadeebe2716c8875d39f1e562a

SHA1
37d9c95d1b0b8d91487ecdbcb15caea1a193b310

SHA256
208787658feb29b7beb563e3b1b25682ddfc8668d5a4781efe5f2b2c99726edd

SHA512
3bec6c8b11c8d44d859d011a886302cf7cc6c2eb0908dfa5cb938c639b53886010857f4eda96e90d9ea6a142ed9069f37864f0fa6c1db074b06060ac36e12ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-495.exe

Filesize
184KB

MD5
5018eb16c613f001c88ae95bd13ec9c3

SHA1
9bf9fc73c5df01d488dec989ba67179ce711fa8f

SHA256
fb1a2b4fc79abad8616297ec88815f276ddae04b4cc0145b13bd6a3d80371b11

SHA512
680af858ad8a79b54a2bfd33a6ad7d4b8526bc67e45720948dbf59d426e32a8cccb1c452f96b39008aafce94700d81adb78732e644546074b7ae4d9ea163245c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe

Filesize
184KB

MD5
7a5b61f25289d5c99438fff4abbb648f

SHA1
89b20049a492d12a88f2b56736ef07cd7fd937e7

SHA256
1326273877ed00dc025bc6600193340663a9f2b835e48b399764210192cbab4c

SHA512
5f9ef5973d88cd5708ec5a01836f5f12e8e037d78f3f22930de9e1d50a7e3c0a9e0a87d3ddcc76de1192fd2da4d46f332d66e93640ff88daeed6f49adc6c04d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55918.exe

Filesize
184KB

MD5
44b33a7bc776de7abb107cb3fd892c42

SHA1
dcd2e402faaf4b8e24ad4c58c92498c3171c2583

SHA256
b5ccf2b169d8c14689ad639021d9d11fb36ab6d771ec0d1e1e52822b74ae63d3

SHA512
d01188d8f72ae7e5825ec4f3a23ba30b711a165d46ea44f16799f41389e6c24cfc8bb42c2e8f62be4351aae3d8cc62f2186aa90d458a19e85dbb77ffaefee4aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe

Filesize
184KB

MD5
c7ad89927856be1556e77ec4acd0ccb4

SHA1
59691535df2338b80444a2dbc3d3d79e08c51293

SHA256
c886ed2deb8ce02c1ea79f00c01d741d6ea9a7faa18a281509390491dc2703b6

SHA512
04898d977b73ed65ae153332a1cbee21280117ada640b63aa9b3ba8af866c5eba1f3e2f6cc1093230c8e6bf8dd274db84ed0f7233b31d0ca7c8b79f9fb34dd24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62659.exe

Filesize
184KB

MD5
c667e9162f343edc7b23d67c38f02ad5

SHA1
7d75530f3187dcec13074cc2a6b794ecf1ebeca3

SHA256
f46b21f0eed7a89217965b55ef27595711edd91129eb6a5076f95de6f4c9e840

SHA512
32a60692a53e66c56cc45ebcc889f1ba049170b2d1d21848589d0440ecca33a8e3ac08de95e8bb878602da0ac422fa24a9de6353c617654e31b980b45fa74461

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads