a55a3d27fe48b738df516bdc43027f098a1bebb8eccaf6ec803747247256ca13

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 04:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7172be18888524ea1d1ec04ab47ddf51.exe
Size

184KB
MD5

7172be18888524ea1d1ec04ab47ddf51
SHA1

2a541d4cbf9ceb1913dc80c4dc1c9a451dc0e2ed
SHA256

a55a3d27fe48b738df516bdc43027f098a1bebb8eccaf6ec803747247256ca13
SHA512

f6bd7d2a8539dc02a6cb7b62145dda0afcfc404f23c6fb6a26c4041a55eac6fbfc1fc764e4383c2773fccf1f9946710bb459b668bb95f734451217653c06d189
SSDEEP

3072:3E2ooCBUmeEQROjCQWd/S7Z9zTPJY2IOhjxVRoYhDlv1pFD:3ERoMXQR9Qi/S76LYdDlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2332	Unicorn-58042.exe
2348	Unicorn-57697.exe
2668	Unicorn-53291.exe
2788	Unicorn-60619.exe
2584	Unicorn-10385.exe
2560	Unicorn-14983.exe
2244	Unicorn-63743.exe
2900	Unicorn-2160.exe
2936	Unicorn-5113.exe
3060	Unicorn-53738.exe
904	Unicorn-50401.exe
1532	Unicorn-39015.exe
980	Unicorn-42436.exe
1508	Unicorn-22762.exe
580	Unicorn-25524.exe
1516	Unicorn-9379.exe
2100	Unicorn-60007.exe
1996	Unicorn-8538.exe
1848	Unicorn-9239.exe
2292	Unicorn-22582.exe
2456	Unicorn-11377.exe
1912	Unicorn-54870.exe
1036	Unicorn-38534.exe
536	Unicorn-5020.exe
1184	Unicorn-8549.exe
596	Unicorn-4636.exe
2996	Unicorn-24502.exe
1636	Unicorn-39385.exe
1936	Unicorn-19135.exe
2248	Unicorn-29471.exe
1296	Unicorn-61302.exe
1960	Unicorn-22237.exe
2804	Unicorn-25443.exe
2796	Unicorn-43472.exe
2680	Unicorn-42246.exe
2764	Unicorn-62304.exe
2608	Unicorn-61344.exe
2536	Unicorn-27219.exe
300	Unicorn-7353.exe
2620	Unicorn-11110.exe
2028	Unicorn-30976.exe
2544	Unicorn-12994.exe
2912	Unicorn-29139.exe
3040	Unicorn-25225.exe
3052	Unicorn-12418.exe
1728	Unicorn-60394.exe
2348	Unicorn-60078.exe
2668	Unicorn-56933.exe
684	Unicorn-10877.exe
848	Unicorn-45444.exe
1356	Unicorn-61396.exe
1148	Unicorn-57867.exe
2020	Unicorn-27764.exe
1700	Unicorn-26045.exe
2752	Unicorn-30068.exe
1984	Unicorn-28807.exe
1720	Unicorn-15101.exe
1752	Unicorn-18823.exe
1856	Unicorn-21048.exe
1820	Unicorn-57442.exe
1092	Unicorn-7400.exe
828	Unicorn-38811.exe
1708	Unicorn-59362.exe
2240	Unicorn-24203.exe

Loads dropped DLL 64 IoCs

pid	Process
2412	7172be18888524ea1d1ec04ab47ddf51.exe
2412	7172be18888524ea1d1ec04ab47ddf51.exe
2332	Unicorn-58042.exe
2332	Unicorn-58042.exe
2412	7172be18888524ea1d1ec04ab47ddf51.exe
2412	7172be18888524ea1d1ec04ab47ddf51.exe
2348	Unicorn-57697.exe
2348	Unicorn-57697.exe
2332	Unicorn-58042.exe
2332	Unicorn-58042.exe
2668	Unicorn-53291.exe
2668	Unicorn-53291.exe
2788	Unicorn-60619.exe
2788	Unicorn-60619.exe
2348	Unicorn-57697.exe
2348	Unicorn-57697.exe
2584	Unicorn-10385.exe
2584	Unicorn-10385.exe
2560	Unicorn-14983.exe
2560	Unicorn-14983.exe
2668	Unicorn-53291.exe
2668	Unicorn-53291.exe
2788	Unicorn-60619.exe
2788	Unicorn-60619.exe
3060	Unicorn-53738.exe
3060	Unicorn-53738.exe
2560	Unicorn-14983.exe
2560	Unicorn-14983.exe
2900	Unicorn-2160.exe
2900	Unicorn-2160.exe
2936	Unicorn-5113.exe
2936	Unicorn-5113.exe
904	Unicorn-50401.exe
904	Unicorn-50401.exe
2584	Unicorn-10385.exe
2584	Unicorn-10385.exe
1532	Unicorn-39015.exe
1532	Unicorn-39015.exe
580	Unicorn-25524.exe
580	Unicorn-25524.exe
2900	Unicorn-2160.exe
2900	Unicorn-2160.exe
980	Unicorn-42436.exe
980	Unicorn-42436.exe
1508	Unicorn-22762.exe
1508	Unicorn-22762.exe
3060	Unicorn-53738.exe
3060	Unicorn-53738.exe
1996	Unicorn-8538.exe
1516	Unicorn-9379.exe
1996	Unicorn-8538.exe
1516	Unicorn-9379.exe
2936	Unicorn-5113.exe
2936	Unicorn-5113.exe
2100	Unicorn-60007.exe
2100	Unicorn-60007.exe
904	Unicorn-50401.exe
904	Unicorn-50401.exe
1848	Unicorn-9239.exe
1848	Unicorn-9239.exe
1532	Unicorn-39015.exe
1532	Unicorn-39015.exe
2292	Unicorn-22582.exe
2292	Unicorn-22582.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	2132	WerFault.exe	153

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2412	7172be18888524ea1d1ec04ab47ddf51.exe
2332	Unicorn-58042.exe
2348	Unicorn-57697.exe
2668	Unicorn-53291.exe
2788	Unicorn-60619.exe
2584	Unicorn-10385.exe
2560	Unicorn-14983.exe
2244	Unicorn-63743.exe
2900	Unicorn-2160.exe
3060	Unicorn-53738.exe
904	Unicorn-50401.exe
2936	Unicorn-5113.exe
1532	Unicorn-39015.exe
1508	Unicorn-22762.exe
980	Unicorn-42436.exe
2100	Unicorn-60007.exe
1996	Unicorn-8538.exe
580	Unicorn-25524.exe
1516	Unicorn-9379.exe
1848	Unicorn-9239.exe
2292	Unicorn-22582.exe
1036	Unicorn-38534.exe
2456	Unicorn-11377.exe
1912	Unicorn-54870.exe
536	Unicorn-5020.exe
2996	Unicorn-24502.exe
1936	Unicorn-19135.exe
1636	Unicorn-39385.exe
596	Unicorn-4636.exe
1184	Unicorn-8549.exe
2248	Unicorn-29471.exe
1296	Unicorn-61302.exe
1960	Unicorn-22237.exe
2804	Unicorn-25443.exe
2796	Unicorn-43472.exe
2680	Unicorn-42246.exe
2764	Unicorn-62304.exe
2608	Unicorn-61344.exe
2536	Unicorn-27219.exe
300	Unicorn-7353.exe
2620	Unicorn-11110.exe
2544	Unicorn-12994.exe
2912	Unicorn-29139.exe
2028	Unicorn-30976.exe
3040	Unicorn-25225.exe
3052	Unicorn-12418.exe
1728	Unicorn-60394.exe
2348	Unicorn-60078.exe
2668	Unicorn-56933.exe
684	Unicorn-10877.exe
848	Unicorn-45444.exe
1356	Unicorn-61396.exe
1148	Unicorn-57867.exe
2020	Unicorn-27764.exe
1700	Unicorn-26045.exe
2752	Unicorn-30068.exe
1984	Unicorn-28807.exe
1752	Unicorn-18823.exe
1720	Unicorn-15101.exe
1820	Unicorn-57442.exe
1092	Unicorn-7400.exe
828	Unicorn-38811.exe
1856	Unicorn-21048.exe
1708	Unicorn-59362.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2412 wrote to memory of 2332	2412	7172be18888524ea1d1ec04ab47ddf51.exe	28
PID 2412 wrote to memory of 2332	2412	7172be18888524ea1d1ec04ab47ddf51.exe	28
PID 2412 wrote to memory of 2332	2412	7172be18888524ea1d1ec04ab47ddf51.exe	28
PID 2412 wrote to memory of 2332	2412	7172be18888524ea1d1ec04ab47ddf51.exe	28
PID 2332 wrote to memory of 2348	2332	Unicorn-58042.exe	29
PID 2332 wrote to memory of 2348	2332	Unicorn-58042.exe	29
PID 2332 wrote to memory of 2348	2332	Unicorn-58042.exe	29
PID 2332 wrote to memory of 2348	2332	Unicorn-58042.exe	29
PID 2412 wrote to memory of 2668	2412	7172be18888524ea1d1ec04ab47ddf51.exe	30
PID 2412 wrote to memory of 2668	2412	7172be18888524ea1d1ec04ab47ddf51.exe	30
PID 2412 wrote to memory of 2668	2412	7172be18888524ea1d1ec04ab47ddf51.exe	30
PID 2412 wrote to memory of 2668	2412	7172be18888524ea1d1ec04ab47ddf51.exe	30
PID 2348 wrote to memory of 2788	2348	Unicorn-57697.exe	31
PID 2348 wrote to memory of 2788	2348	Unicorn-57697.exe	31
PID 2348 wrote to memory of 2788	2348	Unicorn-57697.exe	31
PID 2348 wrote to memory of 2788	2348	Unicorn-57697.exe	31
PID 2332 wrote to memory of 2584	2332	Unicorn-58042.exe	32
PID 2332 wrote to memory of 2584	2332	Unicorn-58042.exe	32
PID 2332 wrote to memory of 2584	2332	Unicorn-58042.exe	32
PID 2332 wrote to memory of 2584	2332	Unicorn-58042.exe	32
PID 2668 wrote to memory of 2560	2668	Unicorn-53291.exe	33
PID 2668 wrote to memory of 2560	2668	Unicorn-53291.exe	33
PID 2668 wrote to memory of 2560	2668	Unicorn-53291.exe	33
PID 2668 wrote to memory of 2560	2668	Unicorn-53291.exe	33
PID 2788 wrote to memory of 2244	2788	Unicorn-60619.exe	34
PID 2788 wrote to memory of 2244	2788	Unicorn-60619.exe	34
PID 2788 wrote to memory of 2244	2788	Unicorn-60619.exe	34
PID 2788 wrote to memory of 2244	2788	Unicorn-60619.exe	34
PID 2348 wrote to memory of 2900	2348	Unicorn-57697.exe	35
PID 2348 wrote to memory of 2900	2348	Unicorn-57697.exe	35
PID 2348 wrote to memory of 2900	2348	Unicorn-57697.exe	35
PID 2348 wrote to memory of 2900	2348	Unicorn-57697.exe	35
PID 2584 wrote to memory of 2936	2584	Unicorn-10385.exe	36
PID 2584 wrote to memory of 2936	2584	Unicorn-10385.exe	36
PID 2584 wrote to memory of 2936	2584	Unicorn-10385.exe	36
PID 2584 wrote to memory of 2936	2584	Unicorn-10385.exe	36
PID 2560 wrote to memory of 3060	2560	Unicorn-14983.exe	37
PID 2560 wrote to memory of 3060	2560	Unicorn-14983.exe	37
PID 2560 wrote to memory of 3060	2560	Unicorn-14983.exe	37
PID 2560 wrote to memory of 3060	2560	Unicorn-14983.exe	37
PID 2668 wrote to memory of 904	2668	Unicorn-53291.exe	38
PID 2668 wrote to memory of 904	2668	Unicorn-53291.exe	38
PID 2668 wrote to memory of 904	2668	Unicorn-53291.exe	38
PID 2668 wrote to memory of 904	2668	Unicorn-53291.exe	38
PID 2788 wrote to memory of 1532	2788	Unicorn-60619.exe	39
PID 2788 wrote to memory of 1532	2788	Unicorn-60619.exe	39
PID 2788 wrote to memory of 1532	2788	Unicorn-60619.exe	39
PID 2788 wrote to memory of 1532	2788	Unicorn-60619.exe	39
PID 3060 wrote to memory of 980	3060	Unicorn-53738.exe	40
PID 3060 wrote to memory of 980	3060	Unicorn-53738.exe	40
PID 3060 wrote to memory of 980	3060	Unicorn-53738.exe	40
PID 3060 wrote to memory of 980	3060	Unicorn-53738.exe	40
PID 2560 wrote to memory of 1508	2560	Unicorn-14983.exe	41
PID 2560 wrote to memory of 1508	2560	Unicorn-14983.exe	41
PID 2560 wrote to memory of 1508	2560	Unicorn-14983.exe	41
PID 2560 wrote to memory of 1508	2560	Unicorn-14983.exe	41
PID 2900 wrote to memory of 580	2900	Unicorn-2160.exe	42
PID 2900 wrote to memory of 580	2900	Unicorn-2160.exe	42
PID 2900 wrote to memory of 580	2900	Unicorn-2160.exe	42
PID 2900 wrote to memory of 580	2900	Unicorn-2160.exe	42
PID 2936 wrote to memory of 1516	2936	Unicorn-5113.exe	43
PID 2936 wrote to memory of 1516	2936	Unicorn-5113.exe	43
PID 2936 wrote to memory of 1516	2936	Unicorn-5113.exe	43
PID 2936 wrote to memory of 1516	2936	Unicorn-5113.exe	43

C:\Users\Admin\AppData\Local\Temp\7172be18888524ea1d1ec04ab47ddf51.exe
"C:\Users\Admin\AppData\Local\Temp\7172be18888524ea1d1ec04ab47ddf51.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9239.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60078.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43005.exe
        12⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21759.exe
        8⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
        9⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        10⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61302.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11952.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        10⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-631.exe
        11⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22582.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22237.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45444.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        10⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57738.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34955.exe
        9⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18427.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        10⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29045.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4789.exe
        9⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11377.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33207.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        10⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        9⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11479.exe
        7⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34064.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20533.exe
        10⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        11⤵
        
        PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        9⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
        10⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43561.exe
        11⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        6⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        9⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
        7⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17047.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
        9⤵
        
        PID:2996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54870.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25372.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
        10⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        8⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45957.exe
        9⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18619.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14358.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        10⤵
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11012.exe
        7⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26398.exe
        9⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40582.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        10⤵
        
        PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43472.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23186.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15203.exe
        9⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40058.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58093.exe
        10⤵
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23530.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30056.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        9⤵
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 188
        10⤵
        Program crash
        
        PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39385.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10488.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63239.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14659.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        10⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        11⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25225.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50312.exe
        6⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6669.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1509.exe
        9⤵
        
        PID:2756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19135.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12418.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        7⤵
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24203.exe
        5⤵
        Executes dropped EXE
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40252.exe
        6⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44696.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52962.exe
        8⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        9⤵
        
        PID:1184

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14983.exe

Filesize
184KB

MD5
0366f7f7da0c8d3cd20cf18d6ef92bb2

SHA1
669b6201611344dd0b76d75c796c92fa1463e263

SHA256
3f39a7123c90c70c60582925e9538cf8620ecb90e4e0668fd5840ce255765001

SHA512
05dbbbaeeb8196857802d359cee4e31411b7962f6daae485828cf91b412a21e6670216716b000e3afb687a8c07a374e6fc5161d013613d537b51b40c626e52cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40399.exe

Filesize
184KB

MD5
1c9cfe96799cbc484e6e7d40c7ca1730

SHA1
3cbfb65f2b3435ee5e86e5a305c7373a154482c3

SHA256
28a3ffa82cc422984aa6047d8896a2b2a16693002a3cb450e4f4b6064e7cfd75

SHA512
27ed95ac5d91f1b950c3c230a4e44b30f0c3851825e66c5d2686225b0742e78deca78a3ac1eee6db3ce50f36dcb8169ef8e47bd179731e6a946c952185941f3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53738.exe

Filesize
184KB

MD5
f0169a7c0fbdfcccc767e4bbabc55086

SHA1
d8abe3faf23978844b93e27fd8c516f88057d87b

SHA256
aabd7b84d7d9f38d12544d626c73b26e7d7914f55bd9ad16f8be849d4e56e9db

SHA512
854bab9c071b9cfd1d9eabf2de4bdac4ad47334f422d626fb81c88d92196a869d9d6872376318276f8c0dc8d4cec627925f3c4ba5c5556b46c8560e454fdf94e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8538.exe

Filesize
184KB

MD5
e840a6c33cde741dd85c33eb7414e8ce

SHA1
8c6b828f098dc8800350e43abb3522f5c5e7a21c

SHA256
40d5bbba84c30d69b8ca194624e6b994b27d2b33eaeb9297bdd98232326fc76b

SHA512
f783ef5bbf0945a5cf9ccff139af0129bded9ae48c4a010e9ec60d4d1744acaca662903524f8a3b021b9136f1975c289d3e10424aac6b4fec4214911eff4e661

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10385.exe

Filesize
184KB

MD5
6e710ffbc9116c927f6f4cda35969334

SHA1
d20d0bc34f29122e114ef540f4a39b6dc535b925

SHA256
ab8fb98407f583308f9dc8429c4d9c8a4cd32d821b04af3728fb36bb1caca413

SHA512
8f3083ceb3ae0db845a3c3e388f35fa6946822c595442c41715729ba1d564f77945dbccd85ec7a33d92e234a7d27b8425b9a0f00c93ad2e7c60aeb6de1ae4cab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2160.exe

Filesize
184KB

MD5
d57fb8f8284d3ad3196dd059ca49ee5a

SHA1
48b07741f6aa364a28c29e34cb301854aeec2c70

SHA256
d6e769a336b8e5bb6fb2db625c473beded00ae99ef85534bdf082024323d8e9f

SHA512
650d4071720e9c1efc357d9c35474012620972ea2320951b8fcd7a3ba01e9b1095b6d10bdbc6eaffe72cd4cfca6edc10c364c552e786f01e913bb875c3bcebbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22762.exe

Filesize
184KB

MD5
32dafc4b0a82b861c38c5511d8faba21

SHA1
a2d8822a006af03f0832d84227514e20958033e1

SHA256
14cda89d83ac2076d3e1b025c0b52babedde82d50d2e6d04a2f802b80d791c13

SHA512
be28c57f6f287fd1fa6ee6a5a7d2a662d6e0e0a89c252011336d0dfab1caca5befe699d553f328d03453b6e4c2952f9951cd07e04ce3f4740c6c5fdd642daf35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25524.exe

Filesize
184KB

MD5
d51388238e8cddedc35e38066fdd2770

SHA1
05825b2022ccda0d6891abbd2c739ca8d166f20e

SHA256
b8df4fdebd45575f892a2a562fb9d1a5a884b6cbfe6ecbf24d309a64cf4df3ab

SHA512
65784ebd4cf3013340a597de77b177b83dbce57a4cc215c840403daf56ff3bd01e345b4ca7419a0a9619d1fcac1fe101d59b0a02044a6c5c305c92179461a573

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe

Filesize
184KB

MD5
e48e2c7c9a026b3981ecb4df681f3baf

SHA1
35e69de1aab0947428485e20e9fe53d18b5395e9

SHA256
f3fe7cc392ccd36e4fecfa29ca1e693b725a30ca4a3eea1a449a5e1d8b8217e1

SHA512
1722a12a1ef5f89aa8b1f8ecebb1bf2b9ebe5bff22e7f34b9895078edf53d41a4fe8d8629b947242ef07408f0a94ce71d82ad4765fc3f54977068ae75e00e03e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe

Filesize
184KB

MD5
67ee1db88cc405b388636a57ec8c40aa

SHA1
1af8d82280993bf4c0744e11825e97bda15dcf89

SHA256
3ed95cdd2b0ec1b242a6a0c428195d8cf19014c60bde0ac20aab9c9720d0e8f0

SHA512
f4fa1c126a3d2a1a6fb2fc6344514fa9620aa37db7bf9e45479a4dda6a2cb9e01c22620007354babb08a683e8f2b6e00b4fb6697576bd942b8b86a3392b21456

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50401.exe

Filesize
184KB

MD5
9ac4ef06e4d4ee7c79aae7dae42a02b6

SHA1
47e63ca029785cd3018b85c5aff109ebc7347ffa

SHA256
954c757ea1bb637c0c23bb7c4d5685fe76bf055a02effdb4bccb70301112f620

SHA512
297f28c2b5b88310b554c11a947391a85af2a909294012bc36fe1765cfabdf710601d909ff1b8ca5ffcac93c0bc3e9332a675ee8b08f90fa0c0a22c2770e586f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5113.exe

Filesize
184KB

MD5
c61511c660a5f0b179969ead564fdd2d

SHA1
3428092b78fc22def2d3e0161411efc0a709acf9

SHA256
f59e4f4f2aae92268ee5b2eeae1c55d365e92bb7fc1c9066fc1b82f0acc0213b

SHA512
4af4a9deafe06855c63ec787467ee41ac3916174ab17c3bf4d7bab68c3afc9ea07981a635d6c4389acb20fbe2ecbad0e30a0f96542fb2ebacffe5bc883864583

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe

Filesize
184KB

MD5
c244554546b9d61efd97e1a353df6206

SHA1
1354b1e1eb9e16baa4f598440404dae038a1f7a6

SHA256
4288ad69d7725af5da008e88cbb741763cf3eace95c3c08a744e1d22db4850c0

SHA512
86a3765aee425fd8d89835a0d36a61f82bb01c532093a0abca8ad58fb4f9b152b42a6e40e7d111a004084dfeaca86db1cc177474c7ca1db3e240293696c2d3d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57697.exe

Filesize
184KB

MD5
337ed1d04b821b3b64b314bcd0e33f5e

SHA1
1fa8c4d4a6b7faaaf664a909ac8ad65e2c038c84

SHA256
2aa65b892a297c86458bf64b42b68c561a1b9096b62e5a4013f09e3edc4ba2f3

SHA512
4dcae2dac72963f78b347aec9b7e2aa6e25eec6f63c652b089b8469768ba62a8faa4a2aec1734a215ce9b8807031e66a4adffe93d2807a85a271e1c2302c62ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58042.exe

Filesize
184KB

MD5
ec851d6f45e1df9a785ee8f898686e5a

SHA1
b9cb512ccfddf983a6dcf6fa39f5578120d06e8b

SHA256
acbbfda0cdbc507ddb60b3f24e87f9bb96756e77c6ff9df61af2bed270f4c4aa

SHA512
a6e0add833ec39bcfb5643c54e94b0d7a28196c9c42eb2385990595bf818f299dac0619c1d3b21c7ca7d5a4ae775aa12532d550dc84a2f0609507e779e7f7fd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60007.exe

Filesize
184KB

MD5
f6cfeda405db2759f90c206b58b5c08f

SHA1
5292c34b101c90cf375a5e6b1c451fb9243283a9

SHA256
6ea03b272106365201df5598c095bce76b6469a50c85908ca3517097a931c408

SHA512
cd35467fc960f758696015a164ec139f5f3dcb8eeb580c6d92c42826f05c2141b4e045f8b8e0216e16d58564e891e826666a49042af2f90e875b83f5c36b7b71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60619.exe

Filesize
184KB

MD5
70f40115b43c86257b80f445892ca2dc

SHA1
92680658b7d311ec8fdfdf81e14819f22aa3b0f8

SHA256
70c66ba376085d23c23660b78e81410738c4c1212622e88adc8e19a0e63d4381

SHA512
a1f0a17d5d70ea2f1e4843c4a9ed8a01b63adf273f4a522190a4b280c351b32907435d4f4b4e3963040390e252dad61bc046952fe34dddfc11f6ed16e7c186e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe

Filesize
184KB

MD5
699c26405d31606fa1ee09a905276291

SHA1
80fddcb275206bb1865fb34b89eb8b0f30350f96

SHA256
5e5ad653e4ffc28501b91faaad92be0dd8152afec18b9f04af0a730beaa90ea9

SHA512
6e5dafd6e75a3b9c564d3adfbd6e1db0f8d9c671275fb07066cceb2bba4a5dd1afb4a54c9c25cc49d19cbf53765e090488f29ff101a155139a2e7d86dfd04e55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe

Filesize
184KB

MD5
811f627bbe1c1af48219f710894f6a7b

SHA1
8e39d133d942f7f1e9f4a416584fa91f854a6ee3

SHA256
4459d5a0b5b7c814eaf23ee14f118ed18337ebb9bad61baacd07d375b3267aa8

SHA512
8e3af12b9d79eb68db7cc5a6b22ad0d7826d4a3fa3bc80aba6df07cbe6a7146fc74a6cb90015ed08da3cca59be362085a075d67aa02dda39f5f170e7c571d197

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads