f0aa8eaab788ade4ec7ee5c76d24c031e8568da3459c3b0440abf012e087579d

Analysis

max time kernel
146s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56287aabf74a0f9fc798182890ca905b.exe
Size

188KB
MD5

56287aabf74a0f9fc798182890ca905b
SHA1

687121c6b0992dba9cbb0be98706f288a808c813
SHA256

f0aa8eaab788ade4ec7ee5c76d24c031e8568da3459c3b0440abf012e087579d
SHA512

ba56ffe91be213ee8cb97de3a3df72b30da8d55352069da8ca5b03335c79f3b91d665e1eb96c615e2803d47e38b3595d42819ebc2a56902984017b7fa1a09c0b
SSDEEP

3072:yUjRomqDmJwQdOjXIBaDnJSLPTPJGXIVVjx0zoYjOlv1pF1:yUdoUiQdoIoDnJr4mxOlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2400	Unicorn-31961.exe
2332	Unicorn-19922.exe
2728	Unicorn-16392.exe
2708	Unicorn-39460.exe
2548	Unicorn-35053.exe
2796	Unicorn-23124.exe
1972	Unicorn-18433.exe
2504	Unicorn-8743.exe
1276	Unicorn-61281.exe
2832	Unicorn-6735.exe
2884	Unicorn-26601.exe
1944	Unicorn-32133.exe
1644	Unicorn-30715.exe
1216	Unicorn-58749.exe
2584	Unicorn-34245.exe
2776	Unicorn-34245.exe
1236	Unicorn-55412.exe
2312	Unicorn-18293.exe
1060	Unicorn-22739.exe
1000	Unicorn-47273.exe
2308	Unicorn-13448.exe
1552	Unicorn-26447.exe
1788	Unicorn-21425.exe
1656	Unicorn-54289.exe
2388	Unicorn-34423.exe
1668	Unicorn-63033.exe
556	Unicorn-19348.exe
2976	Unicorn-30361.exe
1120	Unicorn-59504.exe
2344	Unicorn-57854.exe
1516	Unicorn-57854.exe
1412	Unicorn-12223.exe
2444	Unicorn-1782.exe
2352	Unicorn-21648.exe
2724	Unicorn-35592.exe
2804	Unicorn-16110.exe
2552	Unicorn-27917.exe
2748	Unicorn-26848.exe
2688	Unicorn-43568.exe
3056	Unicorn-40915.exe
2400	Unicorn-19749.exe
3048	Unicorn-40915.exe
2424	Unicorn-62893.exe
2624	Unicorn-62701.exe
564	Unicorn-55109.exe
2700	Unicorn-13884.exe
2940	Unicorn-26883.exe
1556	Unicorn-50236.exe
2132	Unicorn-4564.exe
1948	Unicorn-38005.exe
1800	Unicorn-53417.exe
2704	Unicorn-10049.exe
1492	Unicorn-48430.exe
1468	Unicorn-2758.exe
2328	Unicorn-18135.exe
1780	Unicorn-6821.exe
2548	Unicorn-59359.exe
2064	Unicorn-21341.exe
1036	Unicorn-8259.exe
900	Unicorn-16428.exe
1152	Unicorn-48415.exe
2072	Unicorn-49100.exe
1980	Unicorn-64979.exe
1932	Unicorn-48451.exe

Loads dropped DLL 64 IoCs

pid	Process
1360	56287aabf74a0f9fc798182890ca905b.exe
1360	56287aabf74a0f9fc798182890ca905b.exe
2400	Unicorn-31961.exe
2400	Unicorn-31961.exe
1360	56287aabf74a0f9fc798182890ca905b.exe
1360	56287aabf74a0f9fc798182890ca905b.exe
2332	Unicorn-19922.exe
2332	Unicorn-19922.exe
2400	Unicorn-31961.exe
2400	Unicorn-31961.exe
2728	Unicorn-16392.exe
2728	Unicorn-16392.exe
2796	Unicorn-23124.exe
2332	Unicorn-19922.exe
2708	Unicorn-39460.exe
2796	Unicorn-23124.exe
2332	Unicorn-19922.exe
2708	Unicorn-39460.exe
2728	Unicorn-16392.exe
2728	Unicorn-16392.exe
2548	Unicorn-35053.exe
2548	Unicorn-35053.exe
1276	Unicorn-61281.exe
2708	Unicorn-39460.exe
1276	Unicorn-61281.exe
2708	Unicorn-39460.exe
1972	Unicorn-18433.exe
1972	Unicorn-18433.exe
2832	Unicorn-6735.exe
2832	Unicorn-6735.exe
2504	Unicorn-8743.exe
2504	Unicorn-8743.exe
2796	Unicorn-23124.exe
2796	Unicorn-23124.exe
2884	Unicorn-26601.exe
2884	Unicorn-26601.exe
2548	Unicorn-35053.exe
2548	Unicorn-35053.exe
1644	Unicorn-30715.exe
1644	Unicorn-30715.exe
1944	Unicorn-32133.exe
1944	Unicorn-32133.exe
1276	Unicorn-61281.exe
1276	Unicorn-61281.exe
2776	Unicorn-34245.exe
2776	Unicorn-34245.exe
1216	Unicorn-58749.exe
2504	Unicorn-8743.exe
1216	Unicorn-58749.exe
2504	Unicorn-8743.exe
1236	Unicorn-55412.exe
2312	Unicorn-18293.exe
2312	Unicorn-18293.exe
2884	Unicorn-26601.exe
2884	Unicorn-26601.exe
1236	Unicorn-55412.exe
1972	Unicorn-18433.exe
1972	Unicorn-18433.exe
2584	Unicorn-34245.exe
1060	Unicorn-22739.exe
2584	Unicorn-34245.exe
1060	Unicorn-22739.exe
2832	Unicorn-6735.exe
2832	Unicorn-6735.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2188	1668	WerFault.exe	53

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1360	56287aabf74a0f9fc798182890ca905b.exe
2400	Unicorn-31961.exe
2332	Unicorn-19922.exe
2728	Unicorn-16392.exe
2708	Unicorn-39460.exe
2548	Unicorn-35053.exe
2796	Unicorn-23124.exe
1972	Unicorn-18433.exe
2504	Unicorn-8743.exe
1276	Unicorn-61281.exe
2832	Unicorn-6735.exe
2884	Unicorn-26601.exe
1944	Unicorn-32133.exe
1644	Unicorn-30715.exe
2776	Unicorn-34245.exe
1216	Unicorn-58749.exe
2584	Unicorn-34245.exe
2312	Unicorn-18293.exe
1060	Unicorn-22739.exe
1236	Unicorn-55412.exe
1000	Unicorn-47273.exe
2308	Unicorn-13448.exe
1552	Unicorn-26447.exe
1656	Unicorn-54289.exe
1788	Unicorn-21425.exe
2388	Unicorn-34423.exe
2976	Unicorn-30361.exe
1120	Unicorn-59504.exe
1668	Unicorn-63033.exe
556	Unicorn-19348.exe
1516	Unicorn-57854.exe
2344	Unicorn-57854.exe
1412	Unicorn-12223.exe
2352	Unicorn-21648.exe
2444	Unicorn-1782.exe
2724	Unicorn-35592.exe
2804	Unicorn-16110.exe
2552	Unicorn-27917.exe
2748	Unicorn-26848.exe
2688	Unicorn-43568.exe
3048	Unicorn-40915.exe
2424	Unicorn-62893.exe
3056	Unicorn-40915.exe
2400	Unicorn-19749.exe
2624	Unicorn-62701.exe
564	Unicorn-55109.exe
2700	Unicorn-13884.exe
2940	Unicorn-26883.exe
1556	Unicorn-50236.exe
2132	Unicorn-4564.exe
1948	Unicorn-38005.exe
1800	Unicorn-53417.exe
2704	Unicorn-10049.exe
2328	Unicorn-18135.exe
1492	Unicorn-48430.exe
1468	Unicorn-2758.exe
1780	Unicorn-6821.exe
2548	Unicorn-59359.exe
2064	Unicorn-21341.exe
1036	Unicorn-8259.exe
1152	Unicorn-48415.exe
2072	Unicorn-49100.exe
900	Unicorn-16428.exe
1980	Unicorn-64979.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 2400	1360	56287aabf74a0f9fc798182890ca905b.exe	28
PID 1360 wrote to memory of 2400	1360	56287aabf74a0f9fc798182890ca905b.exe	28
PID 1360 wrote to memory of 2400	1360	56287aabf74a0f9fc798182890ca905b.exe	28
PID 1360 wrote to memory of 2400	1360	56287aabf74a0f9fc798182890ca905b.exe	28
PID 2400 wrote to memory of 2332	2400	Unicorn-31961.exe	29
PID 2400 wrote to memory of 2332	2400	Unicorn-31961.exe	29
PID 2400 wrote to memory of 2332	2400	Unicorn-31961.exe	29
PID 2400 wrote to memory of 2332	2400	Unicorn-31961.exe	29
PID 1360 wrote to memory of 2728	1360	56287aabf74a0f9fc798182890ca905b.exe	30
PID 1360 wrote to memory of 2728	1360	56287aabf74a0f9fc798182890ca905b.exe	30
PID 1360 wrote to memory of 2728	1360	56287aabf74a0f9fc798182890ca905b.exe	30
PID 1360 wrote to memory of 2728	1360	56287aabf74a0f9fc798182890ca905b.exe	30
PID 2332 wrote to memory of 2708	2332	Unicorn-19922.exe	31
PID 2332 wrote to memory of 2708	2332	Unicorn-19922.exe	31
PID 2332 wrote to memory of 2708	2332	Unicorn-19922.exe	31
PID 2332 wrote to memory of 2708	2332	Unicorn-19922.exe	31
PID 2400 wrote to memory of 2548	2400	Unicorn-31961.exe	32
PID 2400 wrote to memory of 2548	2400	Unicorn-31961.exe	32
PID 2400 wrote to memory of 2548	2400	Unicorn-31961.exe	32
PID 2400 wrote to memory of 2548	2400	Unicorn-31961.exe	32
PID 2728 wrote to memory of 2796	2728	Unicorn-16392.exe	33
PID 2728 wrote to memory of 2796	2728	Unicorn-16392.exe	33
PID 2728 wrote to memory of 2796	2728	Unicorn-16392.exe	33
PID 2728 wrote to memory of 2796	2728	Unicorn-16392.exe	33
PID 2796 wrote to memory of 1972	2796	Unicorn-23124.exe	36
PID 2796 wrote to memory of 1972	2796	Unicorn-23124.exe	36
PID 2796 wrote to memory of 1972	2796	Unicorn-23124.exe	36
PID 2796 wrote to memory of 1972	2796	Unicorn-23124.exe	36
PID 2332 wrote to memory of 2504	2332	Unicorn-19922.exe	34
PID 2332 wrote to memory of 2504	2332	Unicorn-19922.exe	34
PID 2332 wrote to memory of 2504	2332	Unicorn-19922.exe	34
PID 2332 wrote to memory of 2504	2332	Unicorn-19922.exe	34
PID 2708 wrote to memory of 1276	2708	Unicorn-39460.exe	35
PID 2708 wrote to memory of 1276	2708	Unicorn-39460.exe	35
PID 2708 wrote to memory of 1276	2708	Unicorn-39460.exe	35
PID 2708 wrote to memory of 1276	2708	Unicorn-39460.exe	35
PID 2728 wrote to memory of 2832	2728	Unicorn-16392.exe	38
PID 2728 wrote to memory of 2832	2728	Unicorn-16392.exe	38
PID 2728 wrote to memory of 2832	2728	Unicorn-16392.exe	38
PID 2728 wrote to memory of 2832	2728	Unicorn-16392.exe	38
PID 2548 wrote to memory of 2884	2548	Unicorn-35053.exe	37
PID 2548 wrote to memory of 2884	2548	Unicorn-35053.exe	37
PID 2548 wrote to memory of 2884	2548	Unicorn-35053.exe	37
PID 2548 wrote to memory of 2884	2548	Unicorn-35053.exe	37
PID 1276 wrote to memory of 1944	1276	Unicorn-61281.exe	39
PID 1276 wrote to memory of 1944	1276	Unicorn-61281.exe	39
PID 1276 wrote to memory of 1944	1276	Unicorn-61281.exe	39
PID 1276 wrote to memory of 1944	1276	Unicorn-61281.exe	39
PID 2708 wrote to memory of 1644	2708	Unicorn-39460.exe	40
PID 2708 wrote to memory of 1644	2708	Unicorn-39460.exe	40
PID 2708 wrote to memory of 1644	2708	Unicorn-39460.exe	40
PID 2708 wrote to memory of 1644	2708	Unicorn-39460.exe	40
PID 1972 wrote to memory of 1216	1972	Unicorn-18433.exe	46
PID 1972 wrote to memory of 1216	1972	Unicorn-18433.exe	46
PID 1972 wrote to memory of 1216	1972	Unicorn-18433.exe	46
PID 1972 wrote to memory of 1216	1972	Unicorn-18433.exe	46
PID 2832 wrote to memory of 2584	2832	Unicorn-6735.exe	45
PID 2832 wrote to memory of 2584	2832	Unicorn-6735.exe	45
PID 2832 wrote to memory of 2584	2832	Unicorn-6735.exe	45
PID 2832 wrote to memory of 2584	2832	Unicorn-6735.exe	45
PID 2504 wrote to memory of 2776	2504	Unicorn-8743.exe	44
PID 2504 wrote to memory of 2776	2504	Unicorn-8743.exe	44
PID 2504 wrote to memory of 2776	2504	Unicorn-8743.exe	44
PID 2504 wrote to memory of 2776	2504	Unicorn-8743.exe	44

C:\Users\Admin\AppData\Local\Temp\56287aabf74a0f9fc798182890ca905b.exe
"C:\Users\Admin\AppData\Local\Temp\56287aabf74a0f9fc798182890ca905b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55109.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        11⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36940.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35463.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33462.exe
        12⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15597.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6837.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
        9⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19749.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8259.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        10⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20087.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10921.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        9⤵
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10049.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61274.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48430.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63651.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52131.exe
        9⤵
        
        PID:1852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1782.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53869.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
        10⤵
        
        PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27917.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31688.exe
        9⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        8⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27272.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        11⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
        6⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        7⤵
        
        PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 188
        7⤵
        Program crash
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50206.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        9⤵
        
        PID:892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        6⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
        8⤵
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62561.exe
        7⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26869.exe
        8⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59796.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
        7⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63487.exe
        8⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
        6⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48067.exe
        10⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53417.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
        6⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29044.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47821.exe
        8⤵
        
        PID:1376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18135.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61892.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
        11⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        9⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50190.exe
        9⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        10⤵
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43786.exe
        7⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30340.exe
        8⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26848.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
        8⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39552.exe
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        11⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28506.exe
        9⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        10⤵
        
        PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30361.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        8⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10215.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36423.exe
        7⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65358.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11513.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        9⤵
        
        PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        9⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40391.exe
        6⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        9⤵
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
        9⤵
        
        PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12223.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49100.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43013.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29760.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62785.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22844.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1311.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7250.exe
        9⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48451.exe
        5⤵
        Executes dropped EXE
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
        6⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
        7⤵
        
        PID:268

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe

Filesize
188KB

MD5
d3184acc26e7e9142be1489335692e6d

SHA1
3b10e023cfb8b95b8ebdcb52276f011f32804dc2

SHA256
291574a2e631b10ecad1d93f20b30e76bb0d7ce6bef0d31ca700ea2c71905d83

SHA512
a37affffdec3f8947174abe90764b39d30d4374ab39e3abb97e7bf12436b3421339984f7c60a0ec4176cb4063a2b2a5a623b238e30113be96d782369305132d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16392.exe

Filesize
65KB

MD5
835482cd94ea5a4cec4567578ea848bf

SHA1
ba17df967fe143df1cd520d6ff8c1d4096eeed19

SHA256
e5392bf01ec42ceb803a39befc5e75fff1cd258e057113169e044370227d4be0

SHA512
51237053d8f05b9d5bb08c8f7c742fed965639803a9392a698374ee8bae5d731d67644a0564b223a3fe945fb3b414dad52cd9fc2839f1f434919b0814fa1ab95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe

Filesize
188KB

MD5
ed8f41ff08fda71f409e78003289f710

SHA1
a8e395910ca4d64107a94c51d3f78a8bccbcca82

SHA256
853ae01f06aadf12ffbf36e31baa4d5729930908c7fc10eaf7959d7fb04cc8bc

SHA512
1cbe8332c58926fd5a274ca096c704a91bb0a5b4e6c621d74378dc5ec2cf113f65ae5ddaf13ed88f156505d5d956992b4813ebb7af8f84e1496aa38b33246019

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe

Filesize
106KB

MD5
cbcda929ec3b53c7a21182dec36dd231

SHA1
729b57c0c7a463ed893fa503f85b26fce086ed5e

SHA256
2cabacda93a696a72ac3ac3bb20ab27886def12bb1264470b577795fd6e1561f

SHA512
8869d6f87e64a2b7a9d872582a0b709720f0de46f351f769e5d9da5d5f5298237c372786cc28fc3c00ebb71be410c8a0c504c51972fd3efdd79347595712cf87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe

Filesize
64KB

MD5
a58d53d690ead5098fd9a4fc47ac99c0

SHA1
f9aec2dc2131fd4a91f4df133b4074b7fcd050a0

SHA256
7c6471223e3016367d0f6b3bacafbfbf03ed7ebde5c0c888d53e3ee2a19fec99

SHA512
9c5f706222c8c32c9a9d977c754ea2b9d509d6103ba01adefbbbca7d346de813a4a795fd5acab095a80857dbbec6d3fcd99f30fda668bbe8710c4c3e603a7c67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51041.exe

Filesize
188KB

MD5
8d2b7a17e316f81a21b44db92d9dd73b

SHA1
74fa642666dd4a5ca9e86536d549f0e228f610a4

SHA256
82ea5c4f74d572e4c836759daab24d1c5fd1cab7b5cccfa7ad5aa58cdea0d919

SHA512
976e7b8f99bf78c4d5b8c664de608f044bcacd1df337628e0730d6e8951083d97f446702b30218ebf83c5669069c216f438c5bd10abfbb8aa11bfe72ff8ff495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe

Filesize
89KB

MD5
64999dc7b691426b3b811b2c08f3e25e

SHA1
0700c99a770ff792489137d58f340c67fcab2e8e

SHA256
31165daf7526e18e95e98274973420a6bff546d7b4501406d1908dd8fa205836

SHA512
1f774fa7a6c7fe8454c9d65f4e608485ae52631af1466c3323d524ada2aa86c8a5f74389f45c0bd3ebf9b5f8f492f2265131066f45d21710e5ab4a736db7bf45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5898.exe

Filesize
188KB

MD5
387e4288ce5972724fb6f93e276d9af2

SHA1
896c580cc2cf06545fd87ff546d65a5592da83a1

SHA256
cebb3505ed688df5ceeacd45b73a81bd2e0db0bfef470008ac02d21076052984

SHA512
077bcb35dbd0209286bcceb610d035a039a9dfafc16e377d42706bba507e5eacd081d5469c69a63a628fb7a88225f7ab527a379b2a4ab0135719753b4bdebf18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe

Filesize
188KB

MD5
9de5bd63b66e7c50b70d63fe0fccbb9b

SHA1
3ce51d0ca1e34e8369c2987d50ed057ba8e5607a

SHA256
c581f11be5d9c4d72c45c06828fdb0daa3ce382e4ca4dd43c1915767610c44a5

SHA512
fc5e4c0b75328a1becc66af0b88ef75a097890e421b9d29394f327638ad25d7debcaed71be3339ba5950bf576e1a316c589ef83c0c35c6d106724dcb03a2e870

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe

Filesize
188KB

MD5
8491fbd30026e9413d96c817e28f5ec2

SHA1
98b4fd17359bb843fbece5b9cfd54b5ad9577062

SHA256
2f6f2438179f81574ae09f473992524c374f08bc2087cc35ac075c0be8b9771b

SHA512
4fe790aba07fa667104127ae52357681640800fa5761f9be9d25eab7a44c20047f6651dff1fcc72bf3810be158035d49b02d571f771d7716f6c18cce48e18a1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe

Filesize
188KB

MD5
b414a91892869e977a1ac1f48d159ad4

SHA1
3e08008f585444480bd115212d2c5f4664185605

SHA256
e9cebf0c42f7fd62e246a8db9fce2c0d671b1de7b370981021a94c6b2a254ac4

SHA512
3d334f7d17e18d13c79a78d63a36e8789f076a434801860ae8a7bfef5a72ae49ac996e9f2fcba6c8df7498cf7963e93912eb294ddf4e415389d5a8488b2c8d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe

Filesize
188KB

MD5
cb02cd47d772384867bf23303487dfbe

SHA1
cabd0cb42748dfdc9cf11959d135976f94eab33e

SHA256
b32f67b80bf9f1d902800ebd26a310b719771febda07d391b1ff941f7f2022ea

SHA512
c1617593f4af716202b011f76a6192c9914162eb2eda736f2dfb1dbdb261db7804712f4b787cd90804a73a3694666d561512426c82e9e3e971163b40ccef149c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18293.exe

Filesize
188KB

MD5
e60aa83c25a7840172c978692ad84afc

SHA1
43a78f91abc3f3cd015e1c5df890a5138ab335c7

SHA256
95460de1a4ce026d59e905209a0f9f279f812e6f802fe0a6a995ac8c1b7a9715

SHA512
5ca10480c64e957faba3e46b442c2249c43d6a0ed60cd8ecee2e1e8a8384ab8dc8685cdb57a3c868b9f54f3d596e3f8e9419e3a8e231134afc29540e9a7995ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18433.exe

Filesize
188KB

MD5
179257e0e9c90591d3d01cbbf4e5f89c

SHA1
b3dece02df646438ef06d75ad6da73cdd877cdb6

SHA256
a4d78e4aaf7bdeecb238aef063c3a67cb6a9baea29dfd98fa0034f516ae31860

SHA512
aea8a083fc3a2785a448df81d1370bce7d9db21f569412f3e87d883ab57a7547e6385819b490511f5df0bb825cc135571263fc0560de67d6659d854e163c60c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe

Filesize
188KB

MD5
b52d78e9d29e92298b0ea69d00e7e3f6

SHA1
5cba51fe3a83fc4fc893f342cde623958920ffc8

SHA256
3f8a897220a88192066f1070da48a296bc7cbf8c2e317171a5fc49c71c111e0b

SHA512
c66265a77ea1001ffd7c0164da6b3f18b02af40eacb73e2ab7f66b7258e2dfcb102d528d71ae474047c44304a8242189a6ab27f43e37aa355dd2c76efeeb0162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19922.exe

Filesize
64KB

MD5
e6808d0786a570442fc2348e3f8bfba8

SHA1
a1f333447102feaa9d085ecf1c4816844e4d482a

SHA256
c6bf56930481e24fc56ad287c5e03568b62fd8c05f40d72072bba3ac8e894a37

SHA512
7f573c70f32fcf8b2da24f8fc9aa97c569bd979fad7c2b82c127cacc22be6a38f5c66d7077d2eb5d5165c99061939b0dcb29e4c35ae70d06431b8fdf5e43f1c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23124.exe

Filesize
188KB

MD5
a0ed81739a6ed840372a9b4e207eac42

SHA1
ed847d53ceb509aeeb9589f3e9faba15b23e9310

SHA256
091428b4d8145c84e2f8ea04dd49b13b1b112d58644a20df5d32daf87edfc2b6

SHA512
9f724fc4d5aa412d521f7256684dd30d269f476753ed87a9a096fe3c48d9d52b85d4fa4490a39ee10cc37a056aedcef636cbbe88653575be03fc30efa0a4c3ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26601.exe

Filesize
188KB

MD5
2312986d06308edb9381b10cc49511d2

SHA1
b7b48b9fd906b1a8fcb6c05a15d2371262ca0fa5

SHA256
b2ce7a86883a4c3c29e55d2bca67a302c075eea4c6c71e7d5b21c0947d68b132

SHA512
6181762b269c37afded345f98f2eb79d9ab2f30657bbcecd3d600a8171b1eb3ffe85f7715f8fced2956e8ddfc528b919e9c6376673c38360cbcf2bebba8c5d45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe

Filesize
188KB

MD5
8b7a00a7ac39b8daf119ee465c590efc

SHA1
ff5cb75acd19386309f19077c781ad199d685886

SHA256
c76978cdc91a74fff1269ff7879c3ef246ee32b408ca5208ff99f87f170f010b

SHA512
6c994d8ac1364d4cf8fedbff748c262d9cbae0d711634dc30f851f7d8d0c5821170f3ec9fd6f092fc6ed9e8ee01168c437f4bc0062d98c9fb44f0083d9c074b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31961.exe

Filesize
188KB

MD5
02ef11ce2321285731f85f77d6292e2b

SHA1
a1364318b6f4812a6bc4526747b118b2a75ef53f

SHA256
625035489cc99895adc8b07d74b78ec70e9810941ad9fe8d06e6f48705cf29ca

SHA512
18f4aa37a28121ed992d03815e301dc22eb46cd7c4955d2ae7763ba12a54f1a19df0441ff4c990baf2a8daecee5ea56fa2d3236e4358e550aadd733113a19f46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe

Filesize
188KB

MD5
4dec29948b849397d2be192095e36850

SHA1
0546560eb1653ba7c353ae3a1191920fe9f154b0

SHA256
6361845d08ddff89c500383fbc723524155953e9000e8e04610a5a143a514dad

SHA512
5b6a479b2a550a45ffd4da8fb41043574bad502981e0998fbb1ca07f9434539174a1919ced087e771acb9d7379fd38633b0562a681f96dde7ada13872299abe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34245.exe

Filesize
188KB

MD5
f7fc0293efaac39419e42a6e218b0e2a

SHA1
ec1085702b9c6c3fb73053b345d27cac6a0e0377

SHA256
3cb935ed543d8b86ea5cdce4c31687d5afa72ee01cd8b642d948ae6ff59815f0

SHA512
fc2fbce436e17f294f4b79777c378b4b757a393d4ca4930a1dfbe18e83b1c4b361b95d3a7026e6aa0ab7774177747e9cae8d3c838f0811b3a0502f8a9eb3cbe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35053.exe

Filesize
188KB

MD5
d16c3b745ba95616c0775c6fce7c45c0

SHA1
10ae4a539a7c54257b4ee0ad11fe9562e8f361e6

SHA256
4a41367f4dc7bc9f547a381028fd4fbba96e5a8f2efe2fa81327e895db8825c9

SHA512
2606a6caa7b6e12d503893bcd50efea3504f7eb1bfdfde7d81dab06da9910fab36d9be9c58817830becb7ca00c2a6bc2538cc693f801c2889d5423a11806cf59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39460.exe

Filesize
188KB

MD5
dc3727e43a42c5b3e513e38b2c79a75f

SHA1
482873c9edeb582eeef49220d2504b338a600ac6

SHA256
bc072aeb4a170033663aacc92c89f55b21621b975609f697ce3c8393364b0c1a

SHA512
b15e127798994c123561d6479b063439854d2f01a1cdc5f39e3c71be2aaabf54e3e986f2349bfd7bbf51bdf870b77c64823bd1ea64a0846c934a6c956e224513

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55412.exe

Filesize
188KB

MD5
20708d6b56db4f7d002563a3bc5800a1

SHA1
475f19b8fda7906f36e53231de2121dfe160fb42

SHA256
9a182bbbd608f5b509bc270da0d9e5cecd41f0b1a9ff278102d5591243b6a37c

SHA512
62c47d5aa71061004e0982da60279fc15f334b691e3597a42584ffe8126061a91886e0db3a10ed1f94e365eea9b2f44ceda745c9f2a385080ae30870eadba2e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe

Filesize
188KB

MD5
e3ca7b74fc0e9a486adfc5b18a3225a5

SHA1
002ad156bba0261d3fba849141566239be883a39

SHA256
d21504dfbcea46cbdf301b63af95a4a4a8d1dd96d1e83ae46efde399118c6e0f

SHA512
d7134ec499268a2ff7196d9c54a4b5bc198e3171497db1da300a74faebc427c6bcc7db2d18053f3150468bf21b4b2b1ad74784f551728ba7da9186dc5427a7ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe

Filesize
188KB

MD5
630820de2170d62dff2eebd96db01c3b

SHA1
3164336789a81e09ed312779abb34360e042bb6c

SHA256
3a055184eca6ccedd1318d5bcf48bc5881ab6fc12cb0555a0ba7971eb99b48e5

SHA512
a6f8c47ae1f991d1de9dc2c54e4e3c7dc49dda8913d0a80f7590caa2b5b6b8f49f0365ad5fabf01b5d2331b846eb7c9bdd7dbd2ce91ee0b5bfc58c417046421c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads