7af2e406a30f1c8c865d375a485cf6e8cc460a03098195f7ad4e0669b94e8d61

Analysis

max time kernel
65s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07/01/2024, 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f4afdbfecdb119289fe916d7013157.exe
Size

184KB
MD5

49f4afdbfecdb119289fe916d7013157
SHA1

2ea907cf7681e3e45339cb7bf6dc533d8fbfc4b2
SHA256

7af2e406a30f1c8c865d375a485cf6e8cc460a03098195f7ad4e0669b94e8d61
SHA512

0559beee7b87b6fbc77d21b45adfbb1419f1fd42758d6a6c50df1a8ad63028d3bf29a6f3cf5feefeb37d03bd98a07765d70773aaa031a2694e63eaa92968b0e1
SSDEEP

3072:s7VXomPeoJA8k5jhwaRS48KdKVYJc40hhDLx+WFfTNlPvpF0:s79oGm8kXwaS48cc2yNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1648	Unicorn-2431.exe
2176	Unicorn-43547.exe
2576	Unicorn-54408.exe
2476	Unicorn-19126.exe
2132	Unicorn-29986.exe
2580	Unicorn-45576.exe
2960	Unicorn-65202.exe
1880	Unicorn-57034.exe
1892	Unicorn-18140.exe
2804	Unicorn-63811.exe
1896	Unicorn-59535.exe
776	Unicorn-63303.exe
1604	Unicorn-4543.exe
1472	Unicorn-50859.exe
1740	Unicorn-22825.exe
1924	Unicorn-65249.exe
604	Unicorn-26355.exe
1484	Unicorn-53573.exe
560	Unicorn-56266.exe
2032	Unicorn-52011.exe
1928	Unicorn-41382.exe
1568	Unicorn-31591.exe
1156	Unicorn-37320.exe
1672	Unicorn-62571.exe
1732	Unicorn-12815.exe
2152	Unicorn-19400.exe
2384	Unicorn-371.exe
1904	Unicorn-371.exe
1092	Unicorn-41958.exe
2228	Unicorn-22930.exe
1984	Unicorn-3064.exe
2892	Unicorn-27590.exe
2288	Unicorn-34366.exe
2884	Unicorn-41980.exe
2548	Unicorn-14522.exe
2508	Unicorn-61030.exe
2848	Unicorn-28912.exe
2500	Unicorn-44694.exe
1648	Unicorn-38280.exe
3024	Unicorn-63531.exe
1652	Unicorn-40226.exe
1632	Unicorn-12192.exe
2456	Unicorn-62784.exe
2348	Unicorn-46448.exe
308	Unicorn-46448.exe
1056	Unicorn-49717.exe
1796	Unicorn-10822.exe
1376	Unicorn-26412.exe
2320	Unicorn-53054.exe
1064	Unicorn-7252.exe
1168	Unicorn-9945.exe
1824	Unicorn-7828.exe
716	Unicorn-30387.exe
2188	Unicorn-55446.exe
2220	Unicorn-1606.exe
1804	Unicorn-23.exe
1992	Unicorn-19889.exe
1668	Unicorn-50615.exe
2036	Unicorn-33463.exe
284	Unicorn-45161.exe
1372	Unicorn-44.exe
1708	Unicorn-18327.exe
2956	Unicorn-36801.exe
3064	Unicorn-63443.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	49f4afdbfecdb119289fe916d7013157.exe
2548	49f4afdbfecdb119289fe916d7013157.exe
1648	Unicorn-2431.exe
1648	Unicorn-2431.exe
2548	49f4afdbfecdb119289fe916d7013157.exe
2548	49f4afdbfecdb119289fe916d7013157.exe
2176	Unicorn-43547.exe
2176	Unicorn-43547.exe
1648	Unicorn-2431.exe
1648	Unicorn-2431.exe
2576	Unicorn-54408.exe
2576	Unicorn-54408.exe
2132	Unicorn-29986.exe
2132	Unicorn-29986.exe
2476	Unicorn-19126.exe
2476	Unicorn-19126.exe
2176	Unicorn-43547.exe
2176	Unicorn-43547.exe
2580	Unicorn-45576.exe
2580	Unicorn-45576.exe
2576	Unicorn-54408.exe
2576	Unicorn-54408.exe
2960	Unicorn-65202.exe
2960	Unicorn-65202.exe
2132	Unicorn-29986.exe
2132	Unicorn-29986.exe
1880	Unicorn-57034.exe
1880	Unicorn-57034.exe
2476	Unicorn-19126.exe
2476	Unicorn-19126.exe
2804	Unicorn-63811.exe
2804	Unicorn-63811.exe
1896	Unicorn-59535.exe
1896	Unicorn-59535.exe
1892	Unicorn-18140.exe
1892	Unicorn-18140.exe
2580	Unicorn-45576.exe
2580	Unicorn-45576.exe
776	Unicorn-63303.exe
776	Unicorn-63303.exe
2960	Unicorn-65202.exe
2960	Unicorn-65202.exe
1604	Unicorn-4543.exe
1604	Unicorn-4543.exe
1740	Unicorn-22825.exe
1740	Unicorn-22825.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2100	WerFault.exe
2804	Unicorn-63811.exe
2804	Unicorn-63811.exe
1484	Unicorn-53573.exe
1484	Unicorn-53573.exe
1892	Unicorn-18140.exe
1892	Unicorn-18140.exe
604	Unicorn-26355.exe
1472	Unicorn-50859.exe
604	Unicorn-26355.exe
1472	Unicorn-50859.exe
1880	Unicorn-57034.exe
1880	Unicorn-57034.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
2100	1924	WerFault.exe	43
1692	1904	WerFault.exe	55
964	2384	WerFault.exe	56
2328	308	WerFault.exe	72
2164	1648	WerFault.exe	67
860	3064	WerFault.exe	94
2764	2348	WerFault.exe	73
1908	1472	WerFault.exe	123
2248	1992	WerFault.exe	86
604	1900	WerFault.exe	95
2096	1708	WerFault.exe	92
2604	1124	WerFault.exe	157
1308	1604	WerFault.exe	140
2152	2744	WerFault.exe	167

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2548	49f4afdbfecdb119289fe916d7013157.exe
1648	Unicorn-2431.exe
2176	Unicorn-43547.exe
2576	Unicorn-54408.exe
2132	Unicorn-29986.exe
2476	Unicorn-19126.exe
2580	Unicorn-45576.exe
2960	Unicorn-65202.exe
1880	Unicorn-57034.exe
1892	Unicorn-18140.exe
2804	Unicorn-63811.exe
1896	Unicorn-59535.exe
776	Unicorn-63303.exe
1604	Unicorn-4543.exe
1472	Unicorn-50859.exe
1740	Unicorn-22825.exe
1924	Unicorn-65249.exe
604	Unicorn-26355.exe
1484	Unicorn-53573.exe
560	Unicorn-56266.exe
2032	Unicorn-52011.exe
1568	Unicorn-31591.exe
1156	Unicorn-37320.exe
1672	Unicorn-62571.exe
1732	Unicorn-12815.exe
2384	Unicorn-371.exe
1904	Unicorn-371.exe
2152	Unicorn-19400.exe
1984	Unicorn-3064.exe
2228	Unicorn-22930.exe
1092	Unicorn-41958.exe
2892	Unicorn-27590.exe
2884	Unicorn-41980.exe
2288	Unicorn-34366.exe
2508	Unicorn-61030.exe
2548	Unicorn-14522.exe
2848	Unicorn-28912.exe
2500	Unicorn-44694.exe
1648	Unicorn-38280.exe
3024	Unicorn-63531.exe
1652	Unicorn-40226.exe
1632	Unicorn-12192.exe
2456	Unicorn-62784.exe
1796	Unicorn-10822.exe
1056	Unicorn-49717.exe
2348	Unicorn-46448.exe
308	Unicorn-46448.exe
1376	Unicorn-26412.exe
2320	Unicorn-53054.exe
1064	Unicorn-7252.exe
1168	Unicorn-9945.exe
2188	Unicorn-55446.exe
1824	Unicorn-7828.exe
716	Unicorn-30387.exe
2220	Unicorn-1606.exe
1668	Unicorn-50615.exe
1804	Unicorn-23.exe
1992	Unicorn-19889.exe
2036	Unicorn-33463.exe
284	Unicorn-45161.exe
1372	Unicorn-44.exe
1708	Unicorn-18327.exe
2956	Unicorn-36801.exe
3064	Unicorn-63443.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 1648	2548	49f4afdbfecdb119289fe916d7013157.exe	28
PID 2548 wrote to memory of 1648	2548	49f4afdbfecdb119289fe916d7013157.exe	28
PID 2548 wrote to memory of 1648	2548	49f4afdbfecdb119289fe916d7013157.exe	28
PID 2548 wrote to memory of 1648	2548	49f4afdbfecdb119289fe916d7013157.exe	28
PID 1648 wrote to memory of 2176	1648	Unicorn-2431.exe	29
PID 1648 wrote to memory of 2176	1648	Unicorn-2431.exe	29
PID 1648 wrote to memory of 2176	1648	Unicorn-2431.exe	29
PID 1648 wrote to memory of 2176	1648	Unicorn-2431.exe	29
PID 2548 wrote to memory of 2576	2548	49f4afdbfecdb119289fe916d7013157.exe	30
PID 2548 wrote to memory of 2576	2548	49f4afdbfecdb119289fe916d7013157.exe	30
PID 2548 wrote to memory of 2576	2548	49f4afdbfecdb119289fe916d7013157.exe	30
PID 2548 wrote to memory of 2576	2548	49f4afdbfecdb119289fe916d7013157.exe	30
PID 2176 wrote to memory of 2476	2176	Unicorn-43547.exe	31
PID 2176 wrote to memory of 2476	2176	Unicorn-43547.exe	31
PID 2176 wrote to memory of 2476	2176	Unicorn-43547.exe	31
PID 2176 wrote to memory of 2476	2176	Unicorn-43547.exe	31
PID 1648 wrote to memory of 2132	1648	Unicorn-2431.exe	32
PID 1648 wrote to memory of 2132	1648	Unicorn-2431.exe	32
PID 1648 wrote to memory of 2132	1648	Unicorn-2431.exe	32
PID 1648 wrote to memory of 2132	1648	Unicorn-2431.exe	32
PID 2576 wrote to memory of 2580	2576	Unicorn-54408.exe	33
PID 2576 wrote to memory of 2580	2576	Unicorn-54408.exe	33
PID 2576 wrote to memory of 2580	2576	Unicorn-54408.exe	33
PID 2576 wrote to memory of 2580	2576	Unicorn-54408.exe	33
PID 2132 wrote to memory of 2960	2132	Unicorn-29986.exe	34
PID 2132 wrote to memory of 2960	2132	Unicorn-29986.exe	34
PID 2132 wrote to memory of 2960	2132	Unicorn-29986.exe	34
PID 2132 wrote to memory of 2960	2132	Unicorn-29986.exe	34
PID 2476 wrote to memory of 1880	2476	Unicorn-19126.exe	35
PID 2476 wrote to memory of 1880	2476	Unicorn-19126.exe	35
PID 2476 wrote to memory of 1880	2476	Unicorn-19126.exe	35
PID 2476 wrote to memory of 1880	2476	Unicorn-19126.exe	35
PID 2176 wrote to memory of 2804	2176	Unicorn-43547.exe	38
PID 2176 wrote to memory of 2804	2176	Unicorn-43547.exe	38
PID 2176 wrote to memory of 2804	2176	Unicorn-43547.exe	38
PID 2176 wrote to memory of 2804	2176	Unicorn-43547.exe	38
PID 2580 wrote to memory of 1892	2580	Unicorn-45576.exe	36
PID 2580 wrote to memory of 1892	2580	Unicorn-45576.exe	36
PID 2580 wrote to memory of 1892	2580	Unicorn-45576.exe	36
PID 2580 wrote to memory of 1892	2580	Unicorn-45576.exe	36
PID 2576 wrote to memory of 1896	2576	Unicorn-54408.exe	37
PID 2576 wrote to memory of 1896	2576	Unicorn-54408.exe	37
PID 2576 wrote to memory of 1896	2576	Unicorn-54408.exe	37
PID 2576 wrote to memory of 1896	2576	Unicorn-54408.exe	37
PID 2960 wrote to memory of 776	2960	Unicorn-65202.exe	39
PID 2960 wrote to memory of 776	2960	Unicorn-65202.exe	39
PID 2960 wrote to memory of 776	2960	Unicorn-65202.exe	39
PID 2960 wrote to memory of 776	2960	Unicorn-65202.exe	39
PID 2132 wrote to memory of 1604	2132	Unicorn-29986.exe	40
PID 2132 wrote to memory of 1604	2132	Unicorn-29986.exe	40
PID 2132 wrote to memory of 1604	2132	Unicorn-29986.exe	40
PID 2132 wrote to memory of 1604	2132	Unicorn-29986.exe	40
PID 1880 wrote to memory of 1472	1880	Unicorn-57034.exe	41
PID 1880 wrote to memory of 1472	1880	Unicorn-57034.exe	41
PID 1880 wrote to memory of 1472	1880	Unicorn-57034.exe	41
PID 1880 wrote to memory of 1472	1880	Unicorn-57034.exe	41
PID 2476 wrote to memory of 1740	2476	Unicorn-19126.exe	42
PID 2476 wrote to memory of 1740	2476	Unicorn-19126.exe	42
PID 2476 wrote to memory of 1740	2476	Unicorn-19126.exe	42
PID 2476 wrote to memory of 1740	2476	Unicorn-19126.exe	42
PID 2804 wrote to memory of 1924	2804	Unicorn-63811.exe	43
PID 2804 wrote to memory of 1924	2804	Unicorn-63811.exe	43
PID 2804 wrote to memory of 1924	2804	Unicorn-63811.exe	43
PID 2804 wrote to memory of 1924	2804	Unicorn-63811.exe	43

C:\Users\Admin\AppData\Local\Temp\49f4afdbfecdb119289fe916d7013157.exe
"C:\Users\Admin\AppData\Local\Temp\49f4afdbfecdb119289fe916d7013157.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19889.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49759.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        11⤵
        
        PID:1728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        11⤵
        Program crash
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
        10⤵
        Program crash
        
        PID:2248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        9⤵
        Program crash
        
        PID:2164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
        8⤵
        Program crash
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63531.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45161.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9987.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
        10⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31595.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
        10⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26412.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47299.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        9⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13962.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16655.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        10⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61030.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37180.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42551.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48581.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32799.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        9⤵
        
        PID:1644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36801.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        8⤵
        
        PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3313.exe
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
        8⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33925.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe
        10⤵
        
        PID:3304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55446.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        7⤵
        
        PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27590.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56790.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        10⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3272.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2732.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32607.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26904.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28632.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57133.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26957.exe
        10⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30387.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49292.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        7⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58254.exe
        9⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        5⤵
        Executes dropped EXE
        
        PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
        8⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62291.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64533.exe
        8⤵
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
        7⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28265.exe
        8⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
        9⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32524.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60205.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
        8⤵
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        6⤵
        
        PID:976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        7⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        8⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29256.exe
        8⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19696.exe
        7⤵
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45353.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43838.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45265.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63267.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
        11⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43401.exe
        9⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60729.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11544.exe
        8⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14382.exe
        7⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54715.exe
        8⤵
        
        PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        7⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2644.exe
        9⤵
        
        PID:2980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
        8⤵
        Program crash
        
        PID:604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
        7⤵
        Program crash
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45524.exe
        6⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
        7⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49717.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        6⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27694.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54523.exe
        8⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41268.exe
        6⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27881.exe
        8⤵
        
        PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18327.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11627.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        10⤵
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
        9⤵
        Program crash
        
        PID:2152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
        8⤵
        Program crash
        
        PID:2096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
        7⤵
        Program crash
        
        PID:2764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        6⤵
        Program crash
        
        PID:964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63443.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
        9⤵
        
        PID:2112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
        9⤵
        Program crash
        
        PID:2604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        8⤵
        Program crash
        
        PID:1908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        7⤵
        Program crash
        
        PID:860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24164.exe
        6⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
        7⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3064.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
        6⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
        5⤵
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9603.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        7⤵
        
        PID:2688

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe

Filesize
184KB

MD5
c6e71396b1e4bd66af5188eca134ee77

SHA1
1a57747485b993ae06388521e3d76d60380916c7

SHA256
98a514a669d947e3fd4b06abbb83ada58bb2891ec23d19731451ed60b438e6c7

SHA512
e8f551f671af6477608287a7f4eaed99fd37643549d87e03dcc9137b8d0917e1c0112a8e34eeac3f9531300e1440f9e24fdb8ab878700d1cc07025dcc7250ddb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe

Filesize
184KB

MD5
317db21557f575322dc4666c4f50e499

SHA1
f2b3a83a4749aef740294c405525151e1dd48845

SHA256
96585c2630a595c8104cb38d06715d9a851ee8d51c60ee512bc482f29f3edc72

SHA512
0868ebd5e349c16385a01a09b4eb30535f0df550fe382d1ab8d4722d67a9732ed08dc0205b5290270f7a4997b682f5c245c0a06b9a03cc87f6ac201198bec6b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe

Filesize
184KB

MD5
bedca2d62c231023cab9c0b1f311cc43

SHA1
0c4cfcb9324d55d75aa76500cd52be7cb067a05e

SHA256
734228450316b15ffcae77060390a983ed21db49283ed875882ee8bac3cce28e

SHA512
cf28e432337137236a22b009ba81ec14bb12769541039be4f7bb86410b1144bb1190efcbdf4a920f3936113329f3c013c4c9ea667a390f0f0290ab9c346a2317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe

Filesize
184KB

MD5
1b56b8e1f973580a5d93d7fb1515237e

SHA1
54024cc80672fe7eba14042996f0b7bd390c7a7f

SHA256
6251fdb1492e2d116c792efa5fe4de78c8534697a2556f3b258a71237cc68486

SHA512
9dbb1ec135fe81c99186b3340da4f1ba9852cf24fa8103cfd7bc72473f0dac4e43f0ebe52a2a58e7920ebfa8af87881906fd0ac7bfa33d4c1c2283288ab18a3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5659.exe

Filesize
184KB

MD5
c8844f81e4c3f2f01626abcd15338f46

SHA1
5ed012ef3aad5574659f29ae02e3d0d4950fbfb7

SHA256
58ddc16c50b0c6e1004f054cc52713ac712324aee5bc3e8b793b1ca4416f97f0

SHA512
beb45fd0c59e40ba969f102fb9efa5a96e40bf25b88d65f1efbc2dacba5b6d544e2766e7d5bbd509325ae7f3184d4fafcb6fff31edce834d1d7b844be3cdbe58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe

Filesize
184KB

MD5
742ea4e10336eb6a36e62b6367a1387f

SHA1
c7fd62df3000c78feabbcf0204a7df60c5a0d9ca

SHA256
6926fd6a682d4554963c7b25414c86aafce9221e6eb6116238b94288d5470ff0

SHA512
626f1f815a9f20dace8205e0d7c7b8691232bf59cf94bd27a67f748bf1b14673ba7604af512fea5cf8a41b1d7072d6603878081355c748960a8c591024b193f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58550.exe

Filesize
184KB

MD5
11f77fca8d36a248fd849998c49e0a40

SHA1
da2eb3c0e7dad84ed86fb72da26333abffeb86d6

SHA256
2ee8a439dfe4dca65588c50c03e1c6f8872ed263b3b72eaa0bc114647e14b56a

SHA512
70df1725544391dd9f02d8ecce6e07c72df763ec9a877f8175fb94fd2a1ec12c269425425ef4f27ceb21837f2a382c6c9a7c7cdcf0e8efa1efaa657d5c79dc58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65249.exe

Filesize
184KB

MD5
7242953da87fc7e9f115f87eaa7c3701

SHA1
6d5e59c1e14616b7d31be5604b706bb31f4112b0

SHA256
0d43bf10a4ac42702ce7208484bfd2d59e376f171a4d83c331309224cfa533aa

SHA512
80815231fc4d50e14aa26c31aff81fe5664bef3e0d6ae7a151d4e4d8163c048aac00648342f8559ee5d2b2299388f2ea7628c3893f1a6f8cb915358643e9dab9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe

Filesize
184KB

MD5
8898e6afd98ee893d31a4863d3a2f411

SHA1
eea85e6f6afbfc0bcda42b6f4f8a3a113f9c24d0

SHA256
44920f4d181704a8ab70c8523f5f59ef9b1305f92b8690163e598d23f478edf7

SHA512
c7c7d069c0d5e65bf91b7359214d95896aaa531a78c76e308d86de3321517fffbb25f2da77dfb834b08cc11cf3146cbcce4bee4256bbacb7bb302f8a8da66ffb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe

Filesize
184KB

MD5
4bc4bf39ed96ee7857be7f1d4078db80

SHA1
04a3a35c07647c4b52ef0385a2d217f0c14b0889

SHA256
6b0e10850a6dd39a0cae7e8ea5f2231dc049897d3725fcd8b5df9ee061903aa4

SHA512
60e5013793ebcf01c1b722a83eff6b49d3d8a65ae2ab0bd1101515ef20bc1929237259fd164e62a1eb5b26681d437fc1327581367506aadb27c80b22d2c6d599

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2431.exe

Filesize
184KB

MD5
ddbdca5641097df44760077fa1cfd726

SHA1
fed94c20d59f4c60a9c9aec0e305c3764be658e6

SHA256
d08ad85cfc9a89a6eceb419e1d2c7565f9b4bb7018ca99e8d71b243f5c8f0460

SHA512
14b30cbd7d84536f23a1bcc6b0e45c9af660f0ec2dff3fb05d10624297288ce72442da68850645758a25355e10b6a5ef3743744ce675e30842b25a843f63116d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26355.exe

Filesize
184KB

MD5
28ab900c6507d7c52e28eecdfc470004

SHA1
82f3d51e86751b2cef91a82c14c871cec68f3475

SHA256
6793c74435119c276940bffb0afe496b33c4772777925e7f7a6c22b80dd1eda0

SHA512
14bd9b52853ec01957a3313d28514b45958ad26dc388618cbbde9de509643229d55122708ea6ec1de1f367115ddc4ee5686be98da08293a6a310f433a256ccf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29986.exe

Filesize
184KB

MD5
d68beb700bb0a4c2d02422b32ce53f06

SHA1
634e56c07f8aeb76e81b9516764487e04eaa0ddb

SHA256
13c67a296e37d83f48a2e1a0da4fe506a2dd9e80d27f56ac7dd099447167bf63

SHA512
b4b87b99b47665eb0e977bbf84a970e58c3e9a4eb98380549d0cc94a6bf41710f6e91e9022e8385e21314c10c28becb944fe0a5cdc4cf8f647f292e4b1d003d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe

Filesize
184KB

MD5
0981f8c07636e0e53ba1c031844e19f8

SHA1
31b232e283c597a4fe932feb8c7334136ce5c149

SHA256
0d9c9c88dd1a5e6023b7d96ce744f4a9e5270e672a06789f17d3b04d43ef27dd

SHA512
ea8f4edfac7aa03ae70962ec51a920f3a4619d9fd68f163a79ae92154bfb824f43d924d3cdd2328d2c46f7e7c5e8dde6bf25ea63896f51a48592991069ec2171

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50859.exe

Filesize
184KB

MD5
9327dbccb4e1ef47078153eab77129c1

SHA1
dd027e0739c9e3bd92324e47ad10264dc329a76c

SHA256
e96fb42c3a4870d2724b7d418bdf68966b5a5eeb8a7d9c2698a5713063407b27

SHA512
610ec4b53ebc7469a93c825fa1e807f3f1c0f3f0ac6a39b60b91f4400f5b12f1c457b5d7ad41826f4fa598269f1bdacf07b11970afa38eec74c8221cb44a929f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53573.exe

Filesize
184KB

MD5
8181a4d720eed120b9106129d0539ebf

SHA1
caf0670b892c72903ac940d970f058c4f0ea33dc

SHA256
19801661cbf8a67242c76e5a589bd4ccda8c57990bcbeeefc4dcf64ff703918f

SHA512
bc8fb5aa665f9f37f0c2668a617e8e7c5d88b558a5ba27cec947b26c4d7fbf64eea0a8d272d1d4f582e60176bb2d00d516fb179f577410c22b818730a0ae5786

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54408.exe

Filesize
184KB

MD5
c90128e2f0403ca1c6e6380d3174f044

SHA1
8e4b08de4a5facdfb3aec5d001cb4c2dfe91d78c

SHA256
293fdad7e1e3f63abfb7f5eb80e24ef3fdd5e5f2ceb9ffb95b887fe95509cb2b

SHA512
40d36727b318ba829ec7bbdeb8120ab20e88c60c1dba8fe11881c9d41f1e0d36c5c444ca18fe932b20e0b88321d35a2a2257b21d5815106acf5c58497f8a8ada

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe

Filesize
184KB

MD5
8e0d2c3d107fa18c69d0cb30cf0ffc37

SHA1
912a7fca5795c34a349d874ab83caa20d32357bf

SHA256
7cf401291a277f564508f42b7841e69344fd3869457df98bed01b241f17c857c

SHA512
191fd6a4d85229232d42f55f87e38d5e382583facdaf1e67fd1ad444cd8c1e5bf4e2157dc24086ebe7860c043b5107477ad4d6ae3d2ffadeadf69b055cd67b7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe

Filesize
184KB

MD5
d10862de0d6abb857f6bdad3e2a7f62b

SHA1
fb170edaf8f21b60a9591142b3733f87eba89e8f

SHA256
8f69ed49225079470b46e6ec6cf826f8b956e85e6ca9b4e85b50e62a0666ef00

SHA512
6ce3b2a76d6a80b0ce17933376f41887015cade2ff56e3c08bdc7411659d299fe9561e6a2e0b313618753ea7b4dcfb455c2dea11c0612206f85a659cf3c69c1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe

Filesize
184KB

MD5
7e617b159cd165288b1c80632cfac736

SHA1
77538a645763674b41f37eb77e3e5df575a99242

SHA256
0af123dc08291f7389473692a62fabceb7c82936dd4df914147478d3e09216d4

SHA512
c36aea78b26841aeacf92b7f21a038b89624dfab80d1c10ac9521478102aa5c1f747d3d0b4505088f5e384b3c83970358b990d3b6ca965742bd4cf689538f6b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65202.exe

Filesize
184KB

MD5
0940b989da72b5f6d733b10d75cb51bd

SHA1
38104bf151ae84172abec1096cacff06f1854f8f

SHA256
f8478524f590b0b7d1fbe5b9e07ace51899cc76eb714cb66aace96a9081d2805

SHA512
a0913676d35593c1ecab88d46d583c1f1e2d8588887c6ef9f197a34f194eab83306cb42c508cc8ac82eb38d283fa040a9b2aff13a8586f55d1cddc65ebcda0d6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads