6a8cc0b24d0f57384186399c40318523302dad04fd1af54ea120db5b3ab31567

Analysis

max time kernel
138s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 15:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9bfeb235463ae9ec2b3d79ad345a0648.exe
Size

184KB
MD5

9bfeb235463ae9ec2b3d79ad345a0648
SHA1

e7faa702af94828c5582228ef7cf581529bab750
SHA256

6a8cc0b24d0f57384186399c40318523302dad04fd1af54ea120db5b3ab31567
SHA512

db8df1de26ed5745ec2eb456b56f52aa4c4012c6e65db195ed13e5803e9800f193f613cd8122a0054e2bec0445fee87157db2827481b1a6d1679b3816bd6d442
SSDEEP

3072:RkoofBBIKwoogj1oaI1cJQCH/NMjYl7TGYxvMEiBNlvvpFL:RkooEvooMon1cJKYG8ENlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2780	Unicorn-64356.exe
2860	Unicorn-35671.exe
2736	Unicorn-11489.exe
1804	Unicorn-51427.exe
300	Unicorn-39175.exe
2444	Unicorn-2781.exe
1504	Unicorn-42356.exe
2908	Unicorn-44027.exe
3016	Unicorn-47556.exe
2408	Unicorn-60000.exe
2468	Unicorn-64447.exe
2676	Unicorn-63181.exe
2900	Unicorn-52361.exe
1636	Unicorn-27494.exe
1824	Unicorn-14665.exe
2240	Unicorn-55506.exe
1320	Unicorn-19496.exe
1792	Unicorn-10773.exe
1436	Unicorn-48085.exe
1952	Unicorn-55371.exe
3044	Unicorn-63539.exe
1280	Unicorn-43673.exe
536	Unicorn-26207.exe
2124	Unicorn-47182.exe
1500	Unicorn-55947.exe
2292	Unicorn-27359.exe
976	Unicorn-7493.exe
2012	Unicorn-32189.exe
2160	Unicorn-39803.exe
2156	Unicorn-19191.exe
2776	Unicorn-54048.exe
3036	Unicorn-21930.exe
2756	Unicorn-37904.exe
1924	Unicorn-23082.exe
2608	Unicorn-55392.exe
2868	Unicorn-63560.exe
2464	Unicorn-30866.exe
436	Unicorn-16005.exe
1492	Unicorn-52953.exe
1660	Unicorn-36425.exe
2976	Unicorn-41447.exe
2980	Unicorn-24365.exe
2904	Unicorn-16175.exe
752	Unicorn-23789.exe
1776	Unicorn-19705.exe
1692	Unicorn-24535.exe
1912	Unicorn-21219.exe
2896	Unicorn-13565.exe
1572	Unicorn-45169.exe
1248	Unicorn-31054.exe
1308	Unicorn-39200.exe
624	Unicorn-10249.exe
896	Unicorn-23056.exe
2576	Unicorn-23654.exe
1580	Unicorn-23654.exe
1668	Unicorn-28292.exe
1520	Unicorn-44650.exe
1704	Unicorn-46082.exe
1700	Unicorn-950.exe
1376	Unicorn-50343.exe
1088	Unicorn-26607.exe
1612	Unicorn-64323.exe
2612	Unicorn-17130.exe
2804	Unicorn-56840.exe

Loads dropped DLL 64 IoCs

pid	Process
1924	9bfeb235463ae9ec2b3d79ad345a0648.exe
1924	9bfeb235463ae9ec2b3d79ad345a0648.exe
1924	9bfeb235463ae9ec2b3d79ad345a0648.exe
1924	9bfeb235463ae9ec2b3d79ad345a0648.exe
2780	Unicorn-64356.exe
2780	Unicorn-64356.exe
2860	Unicorn-35671.exe
2860	Unicorn-35671.exe
2736	Unicorn-11489.exe
2736	Unicorn-11489.exe
2780	Unicorn-64356.exe
2780	Unicorn-64356.exe
1804	Unicorn-51427.exe
1804	Unicorn-51427.exe
2860	Unicorn-35671.exe
2860	Unicorn-35671.exe
300	Unicorn-39175.exe
300	Unicorn-39175.exe
2444	Unicorn-2781.exe
2736	Unicorn-11489.exe
2444	Unicorn-2781.exe
2736	Unicorn-11489.exe
1504	Unicorn-42356.exe
1504	Unicorn-42356.exe
1804	Unicorn-51427.exe
1804	Unicorn-51427.exe
2908	Unicorn-44027.exe
2908	Unicorn-44027.exe
2468	Unicorn-64447.exe
2468	Unicorn-64447.exe
3016	Unicorn-47556.exe
3016	Unicorn-47556.exe
300	Unicorn-39175.exe
300	Unicorn-39175.exe
2408	Unicorn-60000.exe
2408	Unicorn-60000.exe
2444	Unicorn-2781.exe
2444	Unicorn-2781.exe
2676	Unicorn-63181.exe
2676	Unicorn-63181.exe
2900	Unicorn-52361.exe
2900	Unicorn-52361.exe
1504	Unicorn-42356.exe
1504	Unicorn-42356.exe
1636	Unicorn-27494.exe
1636	Unicorn-27494.exe
2908	Unicorn-44027.exe
2908	Unicorn-44027.exe
2240	Unicorn-55506.exe
2240	Unicorn-55506.exe
1824	Unicorn-14665.exe
1824	Unicorn-14665.exe
3016	Unicorn-47556.exe
3016	Unicorn-47556.exe
2468	Unicorn-64447.exe
2468	Unicorn-64447.exe
1320	Unicorn-19496.exe
1320	Unicorn-19496.exe
1436	Unicorn-48085.exe
1436	Unicorn-48085.exe
1952	Unicorn-55371.exe
1952	Unicorn-55371.exe
2676	Unicorn-63181.exe
2676	Unicorn-63181.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2996	1612	WerFault.exe	90

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1924	9bfeb235463ae9ec2b3d79ad345a0648.exe
2780	Unicorn-64356.exe
2860	Unicorn-35671.exe
2736	Unicorn-11489.exe
1804	Unicorn-51427.exe
300	Unicorn-39175.exe
2444	Unicorn-2781.exe
1504	Unicorn-42356.exe
2908	Unicorn-44027.exe
2468	Unicorn-64447.exe
3016	Unicorn-47556.exe
2408	Unicorn-60000.exe
2676	Unicorn-63181.exe
2900	Unicorn-52361.exe
1636	Unicorn-27494.exe
1824	Unicorn-14665.exe
2240	Unicorn-55506.exe
1436	Unicorn-48085.exe
1320	Unicorn-19496.exe
1952	Unicorn-55371.exe
3044	Unicorn-63539.exe
1280	Unicorn-43673.exe
536	Unicorn-26207.exe
2124	Unicorn-47182.exe
1500	Unicorn-55947.exe
976	Unicorn-7493.exe
2292	Unicorn-27359.exe
2156	Unicorn-19191.exe
2012	Unicorn-32189.exe
2160	Unicorn-39803.exe
2776	Unicorn-54048.exe
3036	Unicorn-21930.exe
2756	Unicorn-37904.exe
2608	Unicorn-55392.exe
2464	Unicorn-30866.exe
1924	Unicorn-23082.exe
2868	Unicorn-63560.exe
2980	Unicorn-24365.exe
436	Unicorn-16005.exe
1492	Unicorn-52953.exe
1776	Unicorn-19705.exe
1660	Unicorn-36425.exe
752	Unicorn-23789.exe
1692	Unicorn-24535.exe
2976	Unicorn-41447.exe
2904	Unicorn-16175.exe
2896	Unicorn-13565.exe
1912	Unicorn-21219.exe
1248	Unicorn-31054.exe
1572	Unicorn-45169.exe
1580	Unicorn-23654.exe
624	Unicorn-10249.exe
1668	Unicorn-28292.exe
1308	Unicorn-39200.exe
2576	Unicorn-23654.exe
896	Unicorn-23056.exe
1520	Unicorn-44650.exe
1704	Unicorn-46082.exe
1376	Unicorn-50343.exe
1700	Unicorn-950.exe
2804	Unicorn-56840.exe
1612	Unicorn-64323.exe
660	Unicorn-218.exe
2580	Unicorn-24168.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2780	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	27
PID 1924 wrote to memory of 2780	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	27
PID 1924 wrote to memory of 2780	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	27
PID 1924 wrote to memory of 2780	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	27
PID 1924 wrote to memory of 2860	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	28
PID 1924 wrote to memory of 2860	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	28
PID 1924 wrote to memory of 2860	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	28
PID 1924 wrote to memory of 2860	1924	9bfeb235463ae9ec2b3d79ad345a0648.exe	28
PID 2780 wrote to memory of 2736	2780	Unicorn-64356.exe	29
PID 2780 wrote to memory of 2736	2780	Unicorn-64356.exe	29
PID 2780 wrote to memory of 2736	2780	Unicorn-64356.exe	29
PID 2780 wrote to memory of 2736	2780	Unicorn-64356.exe	29
PID 2860 wrote to memory of 1804	2860	Unicorn-35671.exe	30
PID 2860 wrote to memory of 1804	2860	Unicorn-35671.exe	30
PID 2860 wrote to memory of 1804	2860	Unicorn-35671.exe	30
PID 2860 wrote to memory of 1804	2860	Unicorn-35671.exe	30
PID 2736 wrote to memory of 300	2736	Unicorn-11489.exe	31
PID 2736 wrote to memory of 300	2736	Unicorn-11489.exe	31
PID 2736 wrote to memory of 300	2736	Unicorn-11489.exe	31
PID 2736 wrote to memory of 300	2736	Unicorn-11489.exe	31
PID 2780 wrote to memory of 2444	2780	Unicorn-64356.exe	32
PID 2780 wrote to memory of 2444	2780	Unicorn-64356.exe	32
PID 2780 wrote to memory of 2444	2780	Unicorn-64356.exe	32
PID 2780 wrote to memory of 2444	2780	Unicorn-64356.exe	32
PID 1804 wrote to memory of 1504	1804	Unicorn-51427.exe	33
PID 1804 wrote to memory of 1504	1804	Unicorn-51427.exe	33
PID 1804 wrote to memory of 1504	1804	Unicorn-51427.exe	33
PID 1804 wrote to memory of 1504	1804	Unicorn-51427.exe	33
PID 2860 wrote to memory of 2908	2860	Unicorn-35671.exe	34
PID 2860 wrote to memory of 2908	2860	Unicorn-35671.exe	34
PID 2860 wrote to memory of 2908	2860	Unicorn-35671.exe	34
PID 2860 wrote to memory of 2908	2860	Unicorn-35671.exe	34
PID 300 wrote to memory of 3016	300	Unicorn-39175.exe	35
PID 300 wrote to memory of 3016	300	Unicorn-39175.exe	35
PID 300 wrote to memory of 3016	300	Unicorn-39175.exe	35
PID 300 wrote to memory of 3016	300	Unicorn-39175.exe	35
PID 2444 wrote to memory of 2408	2444	Unicorn-2781.exe	36
PID 2444 wrote to memory of 2408	2444	Unicorn-2781.exe	36
PID 2444 wrote to memory of 2408	2444	Unicorn-2781.exe	36
PID 2444 wrote to memory of 2408	2444	Unicorn-2781.exe	36
PID 2736 wrote to memory of 2468	2736	Unicorn-11489.exe	37
PID 2736 wrote to memory of 2468	2736	Unicorn-11489.exe	37
PID 2736 wrote to memory of 2468	2736	Unicorn-11489.exe	37
PID 2736 wrote to memory of 2468	2736	Unicorn-11489.exe	37
PID 1504 wrote to memory of 2676	1504	Unicorn-42356.exe	38
PID 1504 wrote to memory of 2676	1504	Unicorn-42356.exe	38
PID 1504 wrote to memory of 2676	1504	Unicorn-42356.exe	38
PID 1504 wrote to memory of 2676	1504	Unicorn-42356.exe	38
PID 1804 wrote to memory of 2900	1804	Unicorn-51427.exe	39
PID 1804 wrote to memory of 2900	1804	Unicorn-51427.exe	39
PID 1804 wrote to memory of 2900	1804	Unicorn-51427.exe	39
PID 1804 wrote to memory of 2900	1804	Unicorn-51427.exe	39
PID 2908 wrote to memory of 1636	2908	Unicorn-44027.exe	40
PID 2908 wrote to memory of 1636	2908	Unicorn-44027.exe	40
PID 2908 wrote to memory of 1636	2908	Unicorn-44027.exe	40
PID 2908 wrote to memory of 1636	2908	Unicorn-44027.exe	40
PID 2468 wrote to memory of 1824	2468	Unicorn-64447.exe	41
PID 2468 wrote to memory of 1824	2468	Unicorn-64447.exe	41
PID 2468 wrote to memory of 1824	2468	Unicorn-64447.exe	41
PID 2468 wrote to memory of 1824	2468	Unicorn-64447.exe	41
PID 3016 wrote to memory of 2240	3016	Unicorn-47556.exe	42
PID 3016 wrote to memory of 2240	3016	Unicorn-47556.exe	42
PID 3016 wrote to memory of 2240	3016	Unicorn-47556.exe	42
PID 3016 wrote to memory of 2240	3016	Unicorn-47556.exe	42

C:\Users\Admin\AppData\Local\Temp\9bfeb235463ae9ec2b3d79ad345a0648.exe
"C:\Users\Admin\AppData\Local\Temp\9bfeb235463ae9ec2b3d79ad345a0648.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26607.exe
        9⤵
        Executes dropped EXE
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56892.exe
        10⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37644.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63009.exe
        11⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7493.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21812.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63550.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26441.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31475.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        13⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39631.exe
        9⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
        10⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8655.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11651.exe
        10⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23789.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        9⤵
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27359.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45548.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38122.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7120.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        10⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16175.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49305.exe
        7⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
        10⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        11⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19389.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        10⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        11⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46082.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30913.exe
        9⤵
        
        PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        5⤵
        Executes dropped EXE
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48209.exe
        6⤵
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19191.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27033.exe
        7⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-950.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18085.exe
        9⤵
        
        PID:2428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55371.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54048.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47193.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24049.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
        11⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5832.exe
        12⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32418.exe
        10⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
        11⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23312.exe
        10⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58925.exe
        10⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21930.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12102.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19773.exe
        9⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57510.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64908.exe
        12⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58563.exe
        8⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4763.exe
        11⤵
        
        PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64323.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 188
        9⤵
        Program crash
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
        7⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53903.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44324.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27960.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
        11⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34448.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55029.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13436.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14235.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
        11⤵
        
        PID:872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24168.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55548.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26628.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14775.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        11⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-218.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        7⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38309.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15912.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62497.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
        11⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47416.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58916.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
        10⤵
        
        PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55392.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
        12⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19757.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50006.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        11⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61023.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
        11⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        12⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6989.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
        10⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        7⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62362.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8271.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42496.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48572.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        10⤵
        
        PID:1556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47182.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37546.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12725.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        9⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60632.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        11⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        10⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42803.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34625.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
        10⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29434.exe
        9⤵
        
        PID:752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe

Filesize
184KB

MD5
0d74edaa7fc199ecfb98f2d6695845e9

SHA1
37c8c209378f082f6933f95ab4d431942b51fc5f

SHA256
5d98cef944e4dabe86039bc1b8b7ff9806eb43d3f7ae98627df6ce8bd8cc5cd5

SHA512
47c6e0bba381f21a83b348a4aaf6185a8fc38d0f1841f58c5a3fd0a5b07bad60442b14729cf688edbed4f57c4862632cf4fe376dd2d07d725aa70b1e8d7ae5b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe

Filesize
184KB

MD5
079c81184c86e057ae582659926bd2c3

SHA1
85f33584a1e5a892a6c4ce0fbc390505c490a6b0

SHA256
e8b0f14ae5ae74d07fad0fab439e6bfeb1a28d0e87302cce78643598f51e1255

SHA512
6ec3c2561da9faec9a7ed2e6d447fee233aa6b8405045022eca3d6a0bfffee89e2cd5b7a90f118ac1c2dec985375c1d8ee44c8e33aad6d8f8f4849b1aa6c22cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe

Filesize
162KB

MD5
5443243bc0421e6b603ec138b668dfd6

SHA1
61614321cdd2f81d53657114240d2f328b964cd3

SHA256
7bd8af8c545ae496234bf90a11aa62cb0d917b4b0e5ff2b1dd3acba947a69b82

SHA512
cba6d86cd218d83803b103c02161780831901d90d071b5a1b4060a4b425838ee673a832e3cf0a2f272f118c2a28ebbde19c717b8b283e8de41460325ac83aa6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe

Filesize
184KB

MD5
1e34d4400e36baeea423aae22c76ef5a

SHA1
d508c6c43a39bc61c6a29f0afc93e390c8f76423

SHA256
f89aa2aabdcb99bea2ee9aabb314dc60ab28adc739d20e571ad141495dd286fb

SHA512
1cee0716589273f575b7956d553beef01e2ddaada502ccffbb87a0a3d4dd080377c06e8e0f04de8004ced67d640669ad2aa44329da068d33869b3945e64eb119

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe

Filesize
184KB

MD5
f1307832a62806bc71d62b49147190e6

SHA1
3427951652eb8f07038737fa6aea06205680c25e

SHA256
0eb44437f0a3c34abc07414f46e0296ad64fb34a3586b9716f42469df2cdd741

SHA512
631550197ab10e487991ef533d124e9ae166571d415259f8c13594ec80c10e5b6d7d83f1b73317531acc63963b70f52aa57e98ddbbca3f7c8a4e11283690ceba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe

Filesize
184KB

MD5
7ece146a9b807cb3127ac2c66cc302af

SHA1
4aca5f61b1008d63fd7f123cda4fe39fa11a5e61

SHA256
6484b7c632f23044e75735c78a002f82ebbfd707ab8afda91a42a00553af8ca4

SHA512
3df4e9466a9645623a1d22e28bf77a9cbc0ab34b5dcba1c68761184ce953dc90b920b46f37dff41fa82770deeaa474301e3aab5b1443fff3a2dbf325309d6fe0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe

Filesize
184KB

MD5
a7ca4d545124c8b3f93106229d613e15

SHA1
05948619fd0cabb49c2a5b79a3b268ad49ac20f4

SHA256
0a53e43a7f73ca88bacadbc68ebddc0d11dc338a5177804461e202daab6e60f1

SHA512
3bd96ddfa3726008dc0f5964d3fd04bf38d2dbd6a2e21e8d6db876e56ae679e6bf71f066e2cb50a310d071a7258cdc8dc019583a9726d0e0de349507a81e6a6e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe

Filesize
184KB

MD5
cbb09d310908b4059c2dd2bb65341271

SHA1
490e7044a2a1acb396b2bb918d71474982848da2

SHA256
d138e171e5037881220955981e413991a10fa512b7d336903e1a4986ba2ac05e

SHA512
2f065d98ddfaf7c89de680ac14b0f634e37c6f327bb2953246798f3b11de8a622b568cdba8834e8c7c91632d3f6e6386bd54337d90f17e7c5e90a9ed7c19c812

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19496.exe

Filesize
184KB

MD5
706f7dc3c29fdc3b0d1a68c117b0e92d

SHA1
24079990dc32d70c553fd97da900c53b272b9de7

SHA256
9d490ed82a9aa6ffb342cabef5fd1d67e63f1aafcfe9e118b59defdbdc77c145

SHA512
f51605e8c7518247cc4245f2a0b463abc3fcc6b615e0230fed4b61b0c7921bedd9f3ae428ca052b78e5f76e16f1ea51b1bc3f9a5cbfc731f15dccc7a71456306

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2781.exe

Filesize
184KB

MD5
bd77a2db4c75b6ec2f94947274c2f4a5

SHA1
ef3353a80f795b373f63b437e5f9f36d9302c50c

SHA256
b03f948b8a2883c372d9647dffbd13b1be059e56e2e933bddca4dd46bb0dc2f3

SHA512
4d65d055292dc2a288d335ed4981b2aec98431b5d899fa6fc0d15b5d8bcb7ce7f05dd3c879ef3d392b352712c62563a6870c0713bdb3b598976dc565ce077356

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe

Filesize
184KB

MD5
2712004fdfd5560584aeb7c8a166ea7a

SHA1
612f744e60df9776bbcfe929dafc6d6390f73f1a

SHA256
e6bee3787a52d1ec51779fb1916328cbe116d88245ee759cf41147ef07021bca

SHA512
51083b5e6488ccf08b8846e3f6db98124e482f7fc569fdaaf86d3cd04c9cb50e60e39c2d46f3bd1c8abef7a0fdb5a1df376927b4cb088e733dd86212c51a9354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe

Filesize
184KB

MD5
ba5a59fa65d2658ecd53d4a127b199eb

SHA1
0596c6d3bbfa29f4d9284b4f26542ec4ed802b5c

SHA256
afec179ce0e9c7d2f340b6ebede1daa0cb07b8335358d26d9de907fe25e08dbf

SHA512
37a39113b66e22589ecda8903aaaea0a80d394370e1c0dbe7c0aaa7ed8115a0acbb7f3822ac7f5a759d2425031a44da9fedcd5dca5ba0b04be5d93dbdd05bf56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47556.exe

Filesize
184KB

MD5
7ea737b24b56088d849659be77fd22b6

SHA1
afb480f10ad0f2eab115a1a3d1c72f78e952d246

SHA256
ca506f94ea9caf48baa6b3efc426400dbb8db998599b2c496f9ad2d504226211

SHA512
cb74afa0a831f52fc5e4a87026cda0831ad3cfac8b080ba6cb1df250a017a578ca8a854099315dfadc27ae10ac828a1b591aa8e6e4254524bbf6b212940c2054

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51427.exe

Filesize
184KB

MD5
24a753751155962798b7a8ba39f404dd

SHA1
7828f69a67bbc5c41a064955868a31c49fc2b24d

SHA256
0960b3e53263830acc6f780737dc7ca15db810ede800315ced015dc02cd0dd48

SHA512
7530c18b7ae12cc66dd7061403d6f2a329e7df4aabcc26e4543af3009d9dab48c6f6ffc089eaa0464bd20f1316a7a4534c889f37b7525207c0c1f522652a17e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe

Filesize
184KB

MD5
16df5b0bbcc0a7ca0523fa42419765dc

SHA1
1ad8ef598fa1e3ef251a95882e0cd1a28f265cea

SHA256
a3bbb0fd8255ace20055bbb8d9d7924258c15951acbeb4826197204db04f8c61

SHA512
06770c986aea4c41c2a1a01023911075196e3f4acc11a678bce6b5f3e6d1d255dca107494be839c897548e22f653924098f657acf9ea6f6d5a7a1a453dc17354

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55506.exe

Filesize
184KB

MD5
3a91652c903df8a1df9a4805e96e2c4e

SHA1
584a5a7578a1289ddd31a6421fbdc4d508a04e12

SHA256
97cdaebebb41eaef264a21af65ab2591e5412e0578715124cf8935f272a1ca01

SHA512
2f80a22e1e9d7a8ee4878c735cbebcc7553e75bcf3ac9824212deb3dd30a8a4950430220680a951247d18c979747a59a9bddb78f84b13e66388c7cce8c622b8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe

Filesize
184KB

MD5
75d55bf0e5a802cd4e582f1fce72af0a

SHA1
e84b4f50f1448a66faa9d6d05ab12f4bf06709bd

SHA256
17d534c8357b2b7ea69bb5a0a05fb785ee6b5a7f0a785703013903090bd6d2ed

SHA512
b1c1f7e2bd62ef449bae69d5e0149700c48b4809e86ecd1914e569d96fe92981f46146e7c43a267168ed0bfd96c30f85a2c895799782663084e3790d355f17dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe

Filesize
184KB

MD5
5face2a09f416116f2c1b82747fb6c5f

SHA1
0a66e75119ca09b7f7b628a41f9fa508b837d6b8

SHA256
2a2106169c1a8ae14822915bd6ab3c275d2d92cc674b043d8153bc6ce5efb4d2

SHA512
8df6172be7cc6cf41f6bc56f3ac1704116f463e308a30db1fc3245060547ea6688f131871a7ae594f83157da7b2d7a14791745d49f49dff1ea6d7974185dab2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe

Filesize
184KB

MD5
86c6c3dab9ab801b11412f12d57bbb6a

SHA1
532082a06ff44363bdfe58e4261c7cc53e5345b5

SHA256
880b19cc7812cc951e7e971d7bf4a603f7a413a962a0dc9df526a94043a7cc53

SHA512
23b4374aa934149f84a949d598eafb2b0d4b6d7c82b54a0a85b92e899dd7dec9d9836f8febe9ddeea77c986b02a971b70029249407f2af4c91c4f220d1afc5de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe

Filesize
184KB

MD5
73a94ec319c61d9c0a5b500350ffe620

SHA1
c3d7b3f34d473fd9326814f387b271e8b51becff

SHA256
87ae4d77004c3384d730d6dce5f277007a5b79c7e0bc467cb996ea089c099835

SHA512
64571cbae470da51d7780c798a54b9d156a7d83e60c72aa8bc796fbe5f6b7cb03da13db76903871c046ae39008d819ba89a64a48049a170491fead7b03f70d5d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads