b27ec83deb94d7d93d60b22f887c0b5de617a1935178e712616c402cdb13e9e1

Analysis

max time kernel
66s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1adefee070e6bfa7768f5c56e953ad3e.exe
Size

184KB
MD5

1adefee070e6bfa7768f5c56e953ad3e
SHA1

4965fb8982b40f43d442764ec932ef29d8e0ac13
SHA256

b27ec83deb94d7d93d60b22f887c0b5de617a1935178e712616c402cdb13e9e1
SHA512

4cdea901708d4451cc23706450343a60e5aff974ba5d8ca56ccc7b4ad7d819b17cc110a50d31b7900e024fd3f0f2e9cfeda8551bf0e71dabb3f6256152312ff9
SSDEEP

3072:ceWqoF/PQALWMtjFMUZU3ccvFVJwMRDv/GOYpKrPx9glP6pF4:ce7o2aWMLMF3ccNXVbglP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3068	Unicorn-61225.exe
2680	Unicorn-53483.exe
2724	Unicorn-18158.exe
1628	Unicorn-35780.exe
2696	Unicorn-36356.exe
2544	Unicorn-29619.exe
2156	Unicorn-58982.exe
1380	Unicorn-38924.exe
2600	Unicorn-26310.exe
2444	Unicorn-34027.exe
768	Unicorn-22830.exe
1916	Unicorn-25483.exe
308	Unicorn-23598.exe
2028	Unicorn-10983.exe
2632	Unicorn-34954.exe
384	Unicorn-63028.exe
1168	Unicorn-18343.exe
1748	Unicorn-1129.exe
2132	Unicorn-18160.exe
1676	Unicorn-39780.exe
2084	Unicorn-22759.exe
2352	Unicorn-36141.exe
2120	Unicorn-9614.exe
608	Unicorn-7538.exe
2976	Unicorn-7118.exe
1880	Unicorn-46729.exe
2908	Unicorn-60112.exe
2092	Unicorn-15208.exe
2152	Unicorn-27849.exe
1372	Unicorn-45769.exe
1548	Unicorn-43692.exe
2304	Unicorn-55302.exe
3020	Unicorn-40035.exe
2712	Unicorn-35654.exe
2808	Unicorn-23040.exe
2668	Unicorn-1610.exe
2824	Unicorn-30068.exe
2532	Unicorn-2378.exe
2316	Unicorn-19409.exe
552	Unicorn-55528.exe
2504	Unicorn-64293.exe
1616	Unicorn-48066.exe
1564	Unicorn-37407.exe
1236	Unicorn-37407.exe
1256	Unicorn-16005.exe
1592	Unicorn-16005.exe
2416	Unicorn-45212.exe
2928	Unicorn-7557.exe
2032	Unicorn-36063.exe
1088	Unicorn-28191.exe
1092	Unicorn-23810.exe
1928	Unicorn-60889.exe
488	Unicorn-26332.exe
2408	Unicorn-46198.exe
1224	Unicorn-30364.exe
872	Unicorn-26349.exe
404	Unicorn-43571.exe
1416	Unicorn-54439.exe
1688	Unicorn-53131.exe
916	Unicorn-22727.exe
576	Unicorn-41511.exe
2920	Unicorn-61377.exe
3060	Unicorn-9571.exe
1380	Unicorn-60609.exe

Loads dropped DLL 64 IoCs

pid	Process
2404	1adefee070e6bfa7768f5c56e953ad3e.exe
2404	1adefee070e6bfa7768f5c56e953ad3e.exe
3068	Unicorn-61225.exe
2404	1adefee070e6bfa7768f5c56e953ad3e.exe
3068	Unicorn-61225.exe
2404	1adefee070e6bfa7768f5c56e953ad3e.exe
2724	Unicorn-18158.exe
2724	Unicorn-18158.exe
2680	Unicorn-53483.exe
2680	Unicorn-53483.exe
3068	Unicorn-61225.exe
3068	Unicorn-61225.exe
2696	Unicorn-36356.exe
2696	Unicorn-36356.exe
2680	Unicorn-53483.exe
2680	Unicorn-53483.exe
2544	Unicorn-29619.exe
2544	Unicorn-29619.exe
2156	Unicorn-58982.exe
2156	Unicorn-58982.exe
2696	Unicorn-36356.exe
2696	Unicorn-36356.exe
2600	Unicorn-26310.exe
2600	Unicorn-26310.exe
2544	Unicorn-29619.exe
2544	Unicorn-29619.exe
1380	Unicorn-38924.exe
1380	Unicorn-38924.exe
2444	Unicorn-34027.exe
2444	Unicorn-34027.exe
2156	Unicorn-58982.exe
2156	Unicorn-58982.exe
768	Unicorn-22830.exe
768	Unicorn-22830.exe
1916	Unicorn-25483.exe
1916	Unicorn-25483.exe
2600	Unicorn-26310.exe
2600	Unicorn-26310.exe
308	Unicorn-23598.exe
308	Unicorn-23598.exe
2028	Unicorn-10983.exe
2028	Unicorn-10983.exe
1380	Unicorn-38924.exe
1380	Unicorn-38924.exe
2632	Unicorn-34954.exe
2632	Unicorn-34954.exe
2444	Unicorn-34027.exe
2444	Unicorn-34027.exe
384	Unicorn-63028.exe
384	Unicorn-63028.exe
1168	Unicorn-18343.exe
1168	Unicorn-18343.exe
768	Unicorn-22830.exe
768	Unicorn-22830.exe
1748	Unicorn-1129.exe
1748	Unicorn-1129.exe
1916	Unicorn-25483.exe
1916	Unicorn-25483.exe
1676	Unicorn-39780.exe
1676	Unicorn-39780.exe
308	Unicorn-23598.exe
308	Unicorn-23598.exe
2132	Unicorn-18160.exe
2132	Unicorn-18160.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1784	2504	WerFault.exe	68
2020	636	WerFault.exe	117
3024	1192	WerFault.exe	105
3124	2012	WerFault.exe	154
4076	2844	WerFault.exe	181

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2404	1adefee070e6bfa7768f5c56e953ad3e.exe
3068	Unicorn-61225.exe
2724	Unicorn-18158.exe
2680	Unicorn-53483.exe
1628	Unicorn-35780.exe
2696	Unicorn-36356.exe
2544	Unicorn-29619.exe
2156	Unicorn-58982.exe
2600	Unicorn-26310.exe
1380	Unicorn-38924.exe
2444	Unicorn-34027.exe
768	Unicorn-22830.exe
308	Unicorn-23598.exe
1916	Unicorn-25483.exe
2028	Unicorn-10983.exe
2632	Unicorn-34954.exe
384	Unicorn-63028.exe
1168	Unicorn-18343.exe
1748	Unicorn-1129.exe
2132	Unicorn-18160.exe
1676	Unicorn-39780.exe
2352	Unicorn-36141.exe
2084	Unicorn-22759.exe
2120	Unicorn-9614.exe
608	Unicorn-7538.exe
2976	Unicorn-7118.exe
2908	Unicorn-60112.exe
2092	Unicorn-15208.exe
2152	Unicorn-27849.exe
1880	Unicorn-46729.exe
1372	Unicorn-45769.exe
1548	Unicorn-43692.exe
2304	Unicorn-55302.exe
2712	Unicorn-35654.exe
3020	Unicorn-40035.exe
2808	Unicorn-23040.exe
2668	Unicorn-1610.exe
2824	Unicorn-30068.exe
2532	Unicorn-2378.exe
552	Unicorn-55528.exe
2316	Unicorn-19409.exe
2504	Unicorn-64293.exe
1616	Unicorn-48066.exe
1236	Unicorn-37407.exe
1564	Unicorn-37407.exe
1592	Unicorn-16005.exe
2928	Unicorn-7557.exe
1256	Unicorn-16005.exe
1088	Unicorn-28191.exe
2416	Unicorn-45212.exe
2032	Unicorn-36063.exe
1928	Unicorn-60889.exe
1092	Unicorn-23810.exe
2408	Unicorn-46198.exe
488	Unicorn-26332.exe
1224	Unicorn-30364.exe
872	Unicorn-26349.exe
404	Unicorn-43571.exe
1416	Unicorn-54439.exe
1688	Unicorn-53131.exe
916	Unicorn-22727.exe
2920	Unicorn-61377.exe
576	Unicorn-41511.exe
3060	Unicorn-9571.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2404 wrote to memory of 3068	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	28
PID 2404 wrote to memory of 3068	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	28
PID 2404 wrote to memory of 3068	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	28
PID 2404 wrote to memory of 3068	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	28
PID 3068 wrote to memory of 2680	3068	Unicorn-61225.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-61225.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-61225.exe	29
PID 3068 wrote to memory of 2680	3068	Unicorn-61225.exe	29
PID 2404 wrote to memory of 2724	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	30
PID 2404 wrote to memory of 2724	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	30
PID 2404 wrote to memory of 2724	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	30
PID 2404 wrote to memory of 2724	2404	1adefee070e6bfa7768f5c56e953ad3e.exe	30
PID 2724 wrote to memory of 1628	2724	Unicorn-18158.exe	31
PID 2724 wrote to memory of 1628	2724	Unicorn-18158.exe	31
PID 2724 wrote to memory of 1628	2724	Unicorn-18158.exe	31
PID 2724 wrote to memory of 1628	2724	Unicorn-18158.exe	31
PID 2680 wrote to memory of 2696	2680	Unicorn-53483.exe	32
PID 2680 wrote to memory of 2696	2680	Unicorn-53483.exe	32
PID 2680 wrote to memory of 2696	2680	Unicorn-53483.exe	32
PID 2680 wrote to memory of 2696	2680	Unicorn-53483.exe	32
PID 3068 wrote to memory of 2544	3068	Unicorn-61225.exe	33
PID 3068 wrote to memory of 2544	3068	Unicorn-61225.exe	33
PID 3068 wrote to memory of 2544	3068	Unicorn-61225.exe	33
PID 3068 wrote to memory of 2544	3068	Unicorn-61225.exe	33
PID 2696 wrote to memory of 2156	2696	Unicorn-36356.exe	34
PID 2696 wrote to memory of 2156	2696	Unicorn-36356.exe	34
PID 2696 wrote to memory of 2156	2696	Unicorn-36356.exe	34
PID 2696 wrote to memory of 2156	2696	Unicorn-36356.exe	34
PID 2680 wrote to memory of 1380	2680	Unicorn-53483.exe	35
PID 2680 wrote to memory of 1380	2680	Unicorn-53483.exe	35
PID 2680 wrote to memory of 1380	2680	Unicorn-53483.exe	35
PID 2680 wrote to memory of 1380	2680	Unicorn-53483.exe	35
PID 2544 wrote to memory of 2600	2544	Unicorn-29619.exe	36
PID 2544 wrote to memory of 2600	2544	Unicorn-29619.exe	36
PID 2544 wrote to memory of 2600	2544	Unicorn-29619.exe	36
PID 2544 wrote to memory of 2600	2544	Unicorn-29619.exe	36
PID 2156 wrote to memory of 2444	2156	Unicorn-58982.exe	37
PID 2156 wrote to memory of 2444	2156	Unicorn-58982.exe	37
PID 2156 wrote to memory of 2444	2156	Unicorn-58982.exe	37
PID 2156 wrote to memory of 2444	2156	Unicorn-58982.exe	37
PID 2696 wrote to memory of 768	2696	Unicorn-36356.exe	38
PID 2696 wrote to memory of 768	2696	Unicorn-36356.exe	38
PID 2696 wrote to memory of 768	2696	Unicorn-36356.exe	38
PID 2696 wrote to memory of 768	2696	Unicorn-36356.exe	38
PID 2600 wrote to memory of 1916	2600	Unicorn-26310.exe	39
PID 2600 wrote to memory of 1916	2600	Unicorn-26310.exe	39
PID 2600 wrote to memory of 1916	2600	Unicorn-26310.exe	39
PID 2600 wrote to memory of 1916	2600	Unicorn-26310.exe	39
PID 2544 wrote to memory of 308	2544	Unicorn-29619.exe	40
PID 2544 wrote to memory of 308	2544	Unicorn-29619.exe	40
PID 2544 wrote to memory of 308	2544	Unicorn-29619.exe	40
PID 2544 wrote to memory of 308	2544	Unicorn-29619.exe	40
PID 1380 wrote to memory of 2028	1380	Unicorn-38924.exe	41
PID 1380 wrote to memory of 2028	1380	Unicorn-38924.exe	41
PID 1380 wrote to memory of 2028	1380	Unicorn-38924.exe	41
PID 1380 wrote to memory of 2028	1380	Unicorn-38924.exe	41
PID 2444 wrote to memory of 2632	2444	Unicorn-34027.exe	42
PID 2444 wrote to memory of 2632	2444	Unicorn-34027.exe	42
PID 2444 wrote to memory of 2632	2444	Unicorn-34027.exe	42
PID 2444 wrote to memory of 2632	2444	Unicorn-34027.exe	42
PID 2156 wrote to memory of 384	2156	Unicorn-58982.exe	43
PID 2156 wrote to memory of 384	2156	Unicorn-58982.exe	43
PID 2156 wrote to memory of 384	2156	Unicorn-58982.exe	43
PID 2156 wrote to memory of 384	2156	Unicorn-58982.exe	43

C:\Users\Admin\AppData\Local\Temp\1adefee070e6bfa7768f5c56e953ad3e.exe
"C:\Users\Admin\AppData\Local\Temp\1adefee070e6bfa7768f5c56e953ad3e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26349.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        11⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        11⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64181.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32025.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-504.exe
        9⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        11⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2032.exe
        11⤵
        
        PID:3708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61377.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8447.exe
        10⤵
        
        PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46729.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5399.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52267.exe
        11⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
        8⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13616.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
        9⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55528.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        9⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        11⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55408.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62044.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33756.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
        8⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        9⤵
        
        PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
        11⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
        9⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36134.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
        9⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37602.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33466.exe
        9⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        10⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12636.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54197.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41183.exe
        10⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10039.exe
        10⤵
        
        PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16165.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25535.exe
        11⤵
        
        PID:3656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 368
        11⤵
        Program crash
        
        PID:4076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 380
        10⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19629.exe
        9⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 380
        9⤵
        Program crash
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26332.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
        7⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        8⤵
        
        PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        10⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51106.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30364.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18446.exe
        11⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64293.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 188
        8⤵
        Program crash
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36063.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62227.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47549.exe
        11⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        10⤵
        
        PID:3536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55259.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56555.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10700.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
        10⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31240.exe
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51857.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        10⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33830.exe
        11⤵
        
        PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39780.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
        8⤵
        Executes dropped EXE
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36851.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38727.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57468.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        9⤵
        
        PID:2888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 236
        9⤵
        Program crash
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35558.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40046.exe
        7⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        8⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43692.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48066.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9815.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
        8⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53606.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22402.exe
        9⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35061.exe
        6⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53367.exe
        7⤵
        
        PID:540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21079.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45981.exe
        5⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
        6⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
      4⤵
      PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10983.exe

Filesize
184KB

MD5
2ef2e8fb5dddd5cc932074dee06339f1

SHA1
96d0f7f437060652bd4c2948c03cd372a13899ad

SHA256
dd62a14debb3e1e51cc1ae4c7aa9c127ba875ecf1d50edf2c88a502d41f7a53a

SHA512
28386d77cf863956b9c2451517027b48f6a4dd2923bc8073eeb0210bdee8a14e71550f90afc007235d00b3817d27483c5f7b4dc3748219bb30a36c481b523d18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe

Filesize
184KB

MD5
535aa6a99968a7877abc331909d5956d

SHA1
452679ae55e0f663343a234d8f262c161008b87c

SHA256
d1af4f858d1be978593947813bb1b7e0fbeca6c181d7e3ac8d23fc171771247f

SHA512
8a4283aca8e0fff4dfd8cce7b6b6ba92cd30b944a42d989a11db8304535652a6492b1f388c2fc6eb8049c1cdb368805e8f5e8cab3a7a1229be15f41095532fa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe

Filesize
92KB

MD5
d37f648ed865e4557b70fcd8a60683b3

SHA1
34158ca815d870a8c18209f541402d4f678ce8f1

SHA256
4b34af7177f7aa36b62ad049775b48068aa4830edcf3179d5f7a3c45c17423dc

SHA512
724a29f9587bec14f9c47beadb7cda66c0e7f370879989038900911ef27ecc3562097edad530ac7d7ae9b684a250120c8709af75bb21134fd266fbbcf7e07858

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25483.exe

Filesize
184KB

MD5
f4fc66045acd3112cc3fdc53db784835

SHA1
82bb1797049132171a2b49405cb40e21d2666cb0

SHA256
112f2fd6a18bea218591dbc52a2b9f6d8272fe9a2fba07fadf6c62c8bc23eb8f

SHA512
13308a6719d3efb33e088bb346cedf99732a7be4e87d6172f69daeb04909445bf84e6035158cc112d90f0841b33687a0e4282ac45dafafcc11037e6a11b2b1ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34027.exe

Filesize
184KB

MD5
f0d8dfcbadfbbdeaf32249f169f78537

SHA1
c5cb4280e6421eca2b5e777b411f027fa1948a8d

SHA256
24364781de7cb648cf318e136e1317e75c25c5ecfbb111e0c41d5836ade9f277

SHA512
d77d902f24c30d33e83074c230bb2feef7ff2b8ea352d47d112e62729ae2fee72b62c3efe6fb61ae202a9c0361c6bbf304a408884b88c7bb9dd3b594b4e52c60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34954.exe

Filesize
184KB

MD5
378e79775c5cf22b83296ca5e0678d1f

SHA1
8ebd41c1fd7a50389d188040283ebe53e8824dec

SHA256
3a61bc89cb816c5fff94b73be067727bb14a78dd9d51f4f61b867d48e5e164cb

SHA512
999220d421b3b95650fe2b408ba1801edfbcf93e05c6a59251ff9c7c52670e3a824b0bf11f61eeed8d97e9d928c55836e68b461e8424dbf9951bbd8542e3a4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61225.exe

Filesize
184KB

MD5
d4a3878f82e99d6ab8ea7205884a2922

SHA1
5711ec87d3d0dd9425e6d19b3bc76f86233358a3

SHA256
b00d1de2ac1350c35360727f6a0bccf132ceadc122e40801f173620c20d17186

SHA512
f74aa5cc08a1f4cf21626feac2e54a60ab690ec9e361e5ae74d296ed5d25ceb3fabd81e062c756a75d7f718f39f392bb50e66976a8db2db74d8ef3407512c279

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe

Filesize
184KB

MD5
e12787bf7a767e8fd071b8eabd40a05b

SHA1
ea25b845e0723860e940035f3a2b4406cf5a7df9

SHA256
ec920fe9715c02946306a8f5d09cd09290e5cd9cf27e289e027fd96f1ded2bba

SHA512
cb2d8f71c7d0783aebe0a13533c8d2158355284200642bca8a6b939d61bdb5f44ff48463de1a7f6ee31563d0e98f87cba9d56613912635dd57731ba98d780332

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8727.exe

Filesize
184KB

MD5
68f48872b3b190bbc92fdb85ab35048d

SHA1
e431091436425845403ca48198c360d81af13227

SHA256
8810da3186346fddf188b27113eedbfb41dd7fb3949c9d1c570faacee6977624

SHA512
0efb78735286f8a7e268d6550059b632851004961830a658201819154e80f67f6e6d323b6ae60f963695b92bdcfae164051eb3ac825266c5a5e0628f861f3a8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1129.exe

Filesize
184KB

MD5
348ae32bd36811b8cf6b7ae1140a540d

SHA1
c10f0e1a927b7113c387bdd9123a616e4b35cd29

SHA256
1029de7ace9f7f406007de54951714999f1a3e8e8851e188e0940ea40e8de90f

SHA512
796805c110cb6106e0839a88b0fa78cc02e91eb57d41fed0dc7383a49ac849305a06192b8c5c48291149fce1a918e86337d5fa69e3baa281ebdf12e5d4b1ad1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18158.exe

Filesize
184KB

MD5
47bf6a7e4f54c8f2d67598f4bf4e95ec

SHA1
2e78580f162c6ee59992282f038ed421f9f0a0e8

SHA256
92ec5587d58d6dcc66274896d1027b298409ffbc735a9754e65228e7942b75d2

SHA512
9e592c3cfb56767b5c81c05b5c4f5cbaeec78a2c57e1c060841b9359477baf6ea52f4b86bfbfc00b02bb90f0905ac99177c841c93644dc6deb3d955cb5f46a18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe

Filesize
184KB

MD5
97d1e8d788bde023497b3e150b479b1e

SHA1
f2ff89a96e1a2989b132df252131a32fecaa2d69

SHA256
1bcd8024f575a38f32bc5f819675d6835e60acd6a7881b35fdf5909596c8d36c

SHA512
18910bb74743640a4a6ab91829ae37ca3a8b78bc6dd07594c250a2dda41065f727761b45705dc9962561d92c03172c6d1cf2596331c2579bf9d17917b8fbe107

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe

Filesize
184KB

MD5
a80c1b5e4a4d41a2b55b4b4551f0a358

SHA1
7690cac802774690093b2efe1e7c3aa256cb384b

SHA256
7a4b2ebbb7b105cf8bf8953e6fdf0525aead42a4f4faf21b00b92d4836dd41ac

SHA512
e11b907e91d9edf6ed70e85ed916ef7d9aaf6ce248c0e96c3a8d5fa9012a93c902c8d36426038b0be9208ee13294c24735586fa7ee1dde3230224d9f970451b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe

Filesize
184KB

MD5
7c182932dbd067f26fe7fdd6a7565c20

SHA1
1fa73b5884761fd4f841827c8384262afe64e819

SHA256
fc7e4499a6eba049ce4bc458c7da12564f0d85857a68b8b5ada61a9ac07025ee

SHA512
d5bad58261284ee967c38e9ab5291e7afd2ef8afdc694fd48838555fda28031bc030c3c590eca64ac386dde86e830b12a4e6b2127cb77853c69a54885af1a7a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23598.exe

Filesize
128KB

MD5
7a307e9f2e9042a66d89a4e8ce3ccde9

SHA1
bc8e8524b4568d0929005bc009e654d21b5c8cb5

SHA256
7e382c601ac04e8bbb8853ad36eb9efbe9bbeabc7c7e8cf081bf5f4e7c3fa792

SHA512
246044d7640c49db8441430cc23e7fcf6464fbb96b605662ef65405b6c0a70460b0df7d69b698b1ab2b661b2c673c2bd8e1b1f3e2a3ce756feb007fb5bd0bd1e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe

Filesize
184KB

MD5
74682fc7fcc14d85328cb1513dcde8dd

SHA1
9b88e346b1dde535bd64477d4c81537c288fc1f0

SHA256
6ee0bfa06d4088e17eb764d1b296060c0ca369001d537698eb1c731e7f0ceeb3

SHA512
a06abeb0fb159ed3bf6160bfa876c07c7185bb975651193c334ca3fa8f0cf273966e23bc8c9ef08c6e607ed31be1a00d723e3d4ff5440c38f2d9f3fd995dc62a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe

Filesize
184KB

MD5
9273fbeae8ce96e42bc8cf123c8a0a06

SHA1
deea139b4f17f11cbe4a25f4d0beaac4dad5903d

SHA256
890e820ba41d2746c57faa07fc302c422a19362c963f0b3b7bffdf03c2c7463b

SHA512
0f3ccd3d6e7e6e341958d39362ded89c864904e5b3fc59aa40bc2cdc3902ae7c7ad5e977ee7f6d063c8a6b591f6ea36ef7b7cb20062c9f2ffa20f20eb153a264

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe

Filesize
184KB

MD5
db11530785a83adbca3ca08af7fb4880

SHA1
b3c14bfbc79297156e480dae7846c6d893221eb9

SHA256
9c3e90e41941835014fb6116ca88e93096fa1c23dd9ace638f66f4dbc9bbefea

SHA512
f581e31ae1d2bc999804608b1031063f260b61029050731aa4a752966cb093cec7aa0c5a15a6447638494eca531b01c3aaf419ca0bc61535ce2589d683f236e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36356.exe

Filesize
184KB

MD5
5c3c7b5f3c7d6dc462d8e2a05ee80a5e

SHA1
d961ec56d1e166d51625be6adc81fcdaa53d3bd0

SHA256
b9fb3ac9328aff761c469ec058a92767452835510fba8f86115370d64ca8d687

SHA512
52c3959233cca8033458500947e8adb360530da7be7f52ee25598b6cd9727fce969bc351a9bdedb458f18a7eb03a734e2070af97e147c1dc3e6a7ac7d30c4341

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38924.exe

Filesize
184KB

MD5
a6c4f9247f7dc4b76c8b4153f7da7439

SHA1
b690a82166727e111f0e63a8314b87e908c341dc

SHA256
823d7b9d135fbe93a9df8e9e09934aa607d1742061b748ca61bd640f54593501

SHA512
3f6fba6acd49ade8a16d64917d37acad20e368df268b80bd331fad4a496e26d2294581f6d437a4746c9662d8cace61b310f77266be6b1fbc53c95259c56415e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53483.exe

Filesize
184KB

MD5
20e1f5772abe5658b55aea77cdf25588

SHA1
763b75e3d10797428c7c016cf94f18359b88797e

SHA256
8f4d5cce9861c3167f8b739d450ce99cd6656b22b4896b3008f56e33fad14fa6

SHA512
d6d82afcb0e9ac01ea49f00292573f92e28a34a22b6c2167c0428dc8948bf5e87ad60706928245bbffe4786140d8625f0ba1327c10dfb932f969c6bbabe6bf27

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58982.exe

Filesize
184KB

MD5
1b148bad1a1658a2ea22ca28707d8782

SHA1
dd79c16a6833e74c51cb1f4679c92bcd44c01b36

SHA256
3ef40d113935872d82ea9288156976503eb6b96855a5c954408c5d60c246718c

SHA512
3cd63ff046ad796cc02659d2473d43df93dcdfcc6258815c9fb0c765c56c287f41b040895038110046a25ab2596868f24c54e5b6ca3c34d791d96995a763dbaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63028.exe

Filesize
93KB

MD5
a90b570be26562a0780a8c17ade2d415

SHA1
90288560b38d76debd37d75599fbd98de6c94305

SHA256
6dc9479470cd8023836a23bae2646b908ee9cdc1349ba82a73a0a5be35d81595

SHA512
1064bd93e9763156709be6218fd48e871ca7da8bae3f044df82ed0c8eed35cf5ad77efbcfde7759754ed9585378a4dbe42a0db64cab0fbcd6708afd148279cc4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads