7e5180181b3d645482bbd6c854c6b83531eb5d0494771845b16b583e25509111

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e194eb7d17732bcb12b07f6e75fad43.exe
Size

184KB
MD5

4e194eb7d17732bcb12b07f6e75fad43
SHA1

b5538b3ebeca24fe4de1ad22baa7767fe5e88176
SHA256

7e5180181b3d645482bbd6c854c6b83531eb5d0494771845b16b583e25509111
SHA512

02e7d4f8b931359a9cee7a53d3a40d9e1b3090a50c8430189b14ea291e06db28409c0ab3f6d4294817433acb6deb429e41eac305b7fc42116fde5eacf79d852c
SSDEEP

3072:6vHaomLyOzwQ/Ojm8ShjoJcXCzXMjofuBBxFTEtONlHvpFJ:6v6ocUQ/h8yjoJSGmHNlHvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1612	Unicorn-30401.exe
2640	Unicorn-46903.exe
2676	Unicorn-27037.exe
2708	Unicorn-41976.exe
2664	Unicorn-41976.exe
2568	Unicorn-62951.exe
2596	Unicorn-40.exe
2292	Unicorn-53880.exe
1264	Unicorn-53325.exe
2192	Unicorn-29375.exe
1316	Unicorn-49241.exe
2152	Unicorn-5037.exe
1192	Unicorn-61659.exe
2020	Unicorn-30295.exe
2944	Unicorn-9874.exe
2304	Unicorn-59630.exe
1188	Unicorn-58883.exe
476	Unicorn-47186.exe
1700	Unicorn-19880.exe
2348	Unicorn-33668.exe
2916	Unicorn-17140.exe
2912	Unicorn-62811.exe
1696	Unicorn-58172.exe
1780	Unicorn-25862.exe
1664	Unicorn-29946.exe
1540	Unicorn-25308.exe
1920	Unicorn-12863.exe
2208	Unicorn-21032.exe
3008	Unicorn-42198.exe
2948	Unicorn-647.exe
884	Unicorn-20513.exe
1424	Unicorn-20513.exe
1896	Unicorn-58722.exe
2764	Unicorn-64856.exe
2692	Unicorn-59677.exe
2600	Unicorn-51338.exe
1644	Unicorn-9594.exe
1176	Unicorn-4102.exe
1412	Unicorn-49629.exe
788	Unicorn-54912.exe
2008	Unicorn-35644.exe
2216	Unicorn-25333.exe
2884	Unicorn-13054.exe
1132	Unicorn-1570.exe
912	Unicorn-17606.exe
2496	Unicorn-51970.exe
3068	Unicorn-23657.exe
3012	Unicorn-56329.exe
1940	Unicorn-39993.exe
2072	Unicorn-39993.exe
2960	Unicorn-15296.exe
2804	Unicorn-64305.exe
2796	Unicorn-44440.exe
2968	Unicorn-47969.exe
2752	Unicorn-43885.exe
2816	Unicorn-51669.exe
2460	Unicorn-12727.exe
2888	Unicorn-64580.exe
2036	Unicorn-28186.exe
2916	Unicorn-4471.exe
1556	Unicorn-29530.exe
1612	Unicorn-37144.exe
2980	Unicorn-54035.exe
2588	Unicorn-53288.exe

Loads dropped DLL 64 IoCs

pid	Process
2076	4e194eb7d17732bcb12b07f6e75fad43.exe
2076	4e194eb7d17732bcb12b07f6e75fad43.exe
1612	Unicorn-30401.exe
2076	4e194eb7d17732bcb12b07f6e75fad43.exe
1612	Unicorn-30401.exe
2076	4e194eb7d17732bcb12b07f6e75fad43.exe
2640	Unicorn-46903.exe
2676	Unicorn-27037.exe
2640	Unicorn-46903.exe
2676	Unicorn-27037.exe
1612	Unicorn-30401.exe
1612	Unicorn-30401.exe
2708	Unicorn-41976.exe
2708	Unicorn-41976.exe
2640	Unicorn-46903.exe
2640	Unicorn-46903.exe
2676	Unicorn-27037.exe
2676	Unicorn-27037.exe
2664	Unicorn-41976.exe
2568	Unicorn-62951.exe
2568	Unicorn-62951.exe
2664	Unicorn-41976.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
2708	Unicorn-41976.exe
2708	Unicorn-41976.exe
356	WerFault.exe
2292	Unicorn-53880.exe
2292	Unicorn-53880.exe
2192	Unicorn-29375.exe
2192	Unicorn-29375.exe
1316	Unicorn-49241.exe
1316	Unicorn-49241.exe
2568	Unicorn-62951.exe
2568	Unicorn-62951.exe
1264	Unicorn-53325.exe
1264	Unicorn-53325.exe
2664	Unicorn-41976.exe
2664	Unicorn-41976.exe
2152	Unicorn-5037.exe
2152	Unicorn-5037.exe
1192	Unicorn-61659.exe
1192	Unicorn-61659.exe
2292	Unicorn-53880.exe
2020	Unicorn-30295.exe
2020	Unicorn-30295.exe
2292	Unicorn-53880.exe
2944	Unicorn-9874.exe
2944	Unicorn-9874.exe
2192	Unicorn-29375.exe
2192	Unicorn-29375.exe
1316	Unicorn-49241.exe
1316	Unicorn-49241.exe
2304	Unicorn-59630.exe
2304	Unicorn-59630.exe
1188	Unicorn-58883.exe
1188	Unicorn-58883.exe
476	Unicorn-47186.exe
476	Unicorn-47186.exe
1264	Unicorn-53325.exe
1264	Unicorn-53325.exe
1192	Unicorn-61659.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
356	2596	WerFault.exe	34
1020	2804	WerFault.exe	82
2044	2944	WerFault.exe	121
2688	2220	WerFault.exe	198

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2076	4e194eb7d17732bcb12b07f6e75fad43.exe
1612	Unicorn-30401.exe
2676	Unicorn-27037.exe
2640	Unicorn-46903.exe
2708	Unicorn-41976.exe
2664	Unicorn-41976.exe
2568	Unicorn-62951.exe
2596	Unicorn-40.exe
2292	Unicorn-53880.exe
1316	Unicorn-49241.exe
1264	Unicorn-53325.exe
2192	Unicorn-29375.exe
2152	Unicorn-5037.exe
1192	Unicorn-61659.exe
2020	Unicorn-30295.exe
2944	Unicorn-9874.exe
2304	Unicorn-59630.exe
1188	Unicorn-58883.exe
476	Unicorn-47186.exe
1700	Unicorn-19880.exe
2348	Unicorn-33668.exe
2916	Unicorn-17140.exe
1696	Unicorn-58172.exe
1920	Unicorn-12863.exe
1664	Unicorn-29946.exe
3008	Unicorn-42198.exe
2208	Unicorn-21032.exe
1780	Unicorn-25862.exe
2764	Unicorn-64856.exe
1424	Unicorn-20513.exe
1896	Unicorn-58722.exe
884	Unicorn-20513.exe
2948	Unicorn-647.exe
2692	Unicorn-59677.exe
2600	Unicorn-51338.exe
1644	Unicorn-9594.exe
1176	Unicorn-4102.exe
788	Unicorn-54912.exe
2912	Unicorn-62811.exe
1412	Unicorn-49629.exe
2008	Unicorn-35644.exe
2884	Unicorn-13054.exe
2216	Unicorn-25333.exe
1132	Unicorn-1570.exe
1540	Unicorn-25308.exe
912	Unicorn-17606.exe
2496	Unicorn-51970.exe
3068	Unicorn-23657.exe
3012	Unicorn-56329.exe
2072	Unicorn-39993.exe
1940	Unicorn-39993.exe
2960	Unicorn-15296.exe
2804	Unicorn-64305.exe
2968	Unicorn-47969.exe
2752	Unicorn-43885.exe
2796	Unicorn-44440.exe
2816	Unicorn-51669.exe
2460	Unicorn-12727.exe
2888	Unicorn-64580.exe
2036	Unicorn-28186.exe
2916	Unicorn-4471.exe
1556	Unicorn-29530.exe
1612	Unicorn-37144.exe
2980	Unicorn-54035.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 1612	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	28
PID 2076 wrote to memory of 1612	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	28
PID 2076 wrote to memory of 1612	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	28
PID 2076 wrote to memory of 1612	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	28
PID 1612 wrote to memory of 2640	1612	Unicorn-30401.exe	29
PID 1612 wrote to memory of 2640	1612	Unicorn-30401.exe	29
PID 1612 wrote to memory of 2640	1612	Unicorn-30401.exe	29
PID 1612 wrote to memory of 2640	1612	Unicorn-30401.exe	29
PID 2076 wrote to memory of 2676	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	30
PID 2076 wrote to memory of 2676	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	30
PID 2076 wrote to memory of 2676	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	30
PID 2076 wrote to memory of 2676	2076	4e194eb7d17732bcb12b07f6e75fad43.exe	30
PID 2640 wrote to memory of 2708	2640	Unicorn-46903.exe	31
PID 2640 wrote to memory of 2708	2640	Unicorn-46903.exe	31
PID 2640 wrote to memory of 2708	2640	Unicorn-46903.exe	31
PID 2640 wrote to memory of 2708	2640	Unicorn-46903.exe	31
PID 2676 wrote to memory of 2664	2676	Unicorn-27037.exe	32
PID 2676 wrote to memory of 2664	2676	Unicorn-27037.exe	32
PID 2676 wrote to memory of 2664	2676	Unicorn-27037.exe	32
PID 2676 wrote to memory of 2664	2676	Unicorn-27037.exe	32
PID 1612 wrote to memory of 2568	1612	Unicorn-30401.exe	33
PID 1612 wrote to memory of 2568	1612	Unicorn-30401.exe	33
PID 1612 wrote to memory of 2568	1612	Unicorn-30401.exe	33
PID 1612 wrote to memory of 2568	1612	Unicorn-30401.exe	33
PID 2708 wrote to memory of 2596	2708	Unicorn-41976.exe	34
PID 2708 wrote to memory of 2596	2708	Unicorn-41976.exe	34
PID 2708 wrote to memory of 2596	2708	Unicorn-41976.exe	34
PID 2708 wrote to memory of 2596	2708	Unicorn-41976.exe	34
PID 2640 wrote to memory of 2292	2640	Unicorn-46903.exe	35
PID 2640 wrote to memory of 2292	2640	Unicorn-46903.exe	35
PID 2640 wrote to memory of 2292	2640	Unicorn-46903.exe	35
PID 2640 wrote to memory of 2292	2640	Unicorn-46903.exe	35
PID 2676 wrote to memory of 2192	2676	Unicorn-27037.exe	38
PID 2676 wrote to memory of 2192	2676	Unicorn-27037.exe	38
PID 2676 wrote to memory of 2192	2676	Unicorn-27037.exe	38
PID 2676 wrote to memory of 2192	2676	Unicorn-27037.exe	38
PID 2568 wrote to memory of 1316	2568	Unicorn-62951.exe	36
PID 2568 wrote to memory of 1316	2568	Unicorn-62951.exe	36
PID 2568 wrote to memory of 1316	2568	Unicorn-62951.exe	36
PID 2568 wrote to memory of 1316	2568	Unicorn-62951.exe	36
PID 2664 wrote to memory of 1264	2664	Unicorn-41976.exe	37
PID 2664 wrote to memory of 1264	2664	Unicorn-41976.exe	37
PID 2664 wrote to memory of 1264	2664	Unicorn-41976.exe	37
PID 2664 wrote to memory of 1264	2664	Unicorn-41976.exe	37
PID 2596 wrote to memory of 356	2596	Unicorn-40.exe	39
PID 2596 wrote to memory of 356	2596	Unicorn-40.exe	39
PID 2596 wrote to memory of 356	2596	Unicorn-40.exe	39
PID 2596 wrote to memory of 356	2596	Unicorn-40.exe	39
PID 2708 wrote to memory of 2152	2708	Unicorn-41976.exe	46
PID 2708 wrote to memory of 2152	2708	Unicorn-41976.exe	46
PID 2708 wrote to memory of 2152	2708	Unicorn-41976.exe	46
PID 2708 wrote to memory of 2152	2708	Unicorn-41976.exe	46
PID 2292 wrote to memory of 1192	2292	Unicorn-53880.exe	45
PID 2292 wrote to memory of 1192	2292	Unicorn-53880.exe	45
PID 2292 wrote to memory of 1192	2292	Unicorn-53880.exe	45
PID 2292 wrote to memory of 1192	2292	Unicorn-53880.exe	45
PID 2192 wrote to memory of 2020	2192	Unicorn-29375.exe	44
PID 2192 wrote to memory of 2020	2192	Unicorn-29375.exe	44
PID 2192 wrote to memory of 2020	2192	Unicorn-29375.exe	44
PID 2192 wrote to memory of 2020	2192	Unicorn-29375.exe	44
PID 1316 wrote to memory of 2944	1316	Unicorn-49241.exe	43
PID 1316 wrote to memory of 2944	1316	Unicorn-49241.exe	43
PID 1316 wrote to memory of 2944	1316	Unicorn-49241.exe	43
PID 1316 wrote to memory of 2944	1316	Unicorn-49241.exe	43

C:\Users\Admin\AppData\Local\Temp\4e194eb7d17732bcb12b07f6e75fad43.exe
"C:\Users\Admin\AppData\Local\Temp\4e194eb7d17732bcb12b07f6e75fad43.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2596
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25333.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        10⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
        11⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46070.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3371.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12478.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32015.exe
        12⤵
        
        PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33668.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49629.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 200
        10⤵
        Program crash
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18259.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53826.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        8⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49166.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
        9⤵
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 188
        10⤵
        Program crash
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62811.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        7⤵
        Executes dropped EXE
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9370.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54869.exe
        11⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
        7⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        9⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        10⤵
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25254.exe
        6⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26667.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25759.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        9⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
        10⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        8⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28398.exe
        9⤵
        
        PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58722.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56329.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30175.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25820.exe
        11⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59318.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8846.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62847.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15540.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        11⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        10⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44926.exe
        11⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29946.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35644.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64580.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45395.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4487.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        12⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        13⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1700.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7785.exe
        12⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        13⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54118.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
        11⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        12⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        13⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8446.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        10⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
        11⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35292.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        13⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        12⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49853.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
        11⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
        9⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        6⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38125.exe
        7⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40266.exe
        9⤵
        
        PID:2420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12863.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17606.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51669.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63293.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8763.exe
        10⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62608.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7471.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60180.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48818.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48867.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
        11⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42198.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47186.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45120.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31631.exe
        13⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        14⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61864.exe
        13⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62011.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33875.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8024.exe
        12⤵
        
        PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54912.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4471.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23984.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15426.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59145.exe
        12⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39279.exe
        11⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23593.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55426.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55089.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        11⤵
        
        PID:2220
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
        12⤵
        Program crash
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
        11⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35223.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
        10⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1586.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53703.exe
        8⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
        7⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38594.exe
        9⤵
        
        PID:896

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29375.exe

Filesize
184KB

MD5
af455bc93c0ff90ac16025ed146e7989

SHA1
a8f840df370618dd3f42a1a8f9efa5079418025c

SHA256
9c74d81a23762c47c4829656d9ee43b2ec945fc6b56a2d35a0cba5c28f53ad29

SHA512
9e62f85cb0736fa3c1e7f4fa41687a6259fe82009c6aa2ede0f90ebda5c7dddbdc38d6ce5dc59c7bf808d5ecbd5a8b90782d16a8bb174594f63985238883fff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30295.exe

Filesize
184KB

MD5
0d1d350d49f52b4190273ba6579a1951

SHA1
89bc1c89c2ef61c46ddc28c32e4fd539ed033ae2

SHA256
98ef87819e0d53c117e00b5804ef7d76fd116b4f7cdcbc14cf4ac221c184c960

SHA512
c99add3ec78d1fbecb18aadd5cc8ef474c6e6034c54d06a6590a748aa5e5c329109a3ee7471254537c48013fd676df8f3a4768217cb669da8747a06f3825a578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe

Filesize
93KB

MD5
1843b7bd885d1c9260559f93e4bf9d3b

SHA1
f7449dcf769608219f4aa237bfd5d9a2123db875

SHA256
33eb23dabe16584f43653953116597a5b6870765a524501fd56ee6254ec6b4fd

SHA512
d46d1ba7a2700212ddec926876ab8b35e605019b665a0221958c24a4522e870bae2ff5625eb2ca5e6f0b8a656cfbd79d92444234338bd6332146eae148d9537b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe

Filesize
184KB

MD5
f6fb3a4c84ce0ab797afa8f52d1d185c

SHA1
467135474c00327b93cf3e72e216ae9db5d7164e

SHA256
7332669585ec3a342e70f8c16d931d902a29cdb6a781c6f287ebc4c75f421b5e

SHA512
8dd66725383dbe8cccbc1bdfee041217ab95f1e48a54d3d7f54aa418b038196580e8be6cd7e316553ee9f66eb7cc6a07235d7dfd8db586da4937f3f66917cdf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61659.exe

Filesize
184KB

MD5
651a55069152640a13fed33e60436f82

SHA1
8720f4c80f3bcc058e4768863b419dd5de3b3dcd

SHA256
4fafef24901929e6493f5795483e48999a2cc80f4ac07b1e8d3326558c4fb84a

SHA512
c8a49647d60b7f27468160cbc4b6e28bc1b20311bfb40ed403afcd55e6a08831ad2c8b544b8b9fb5e66e7ec45ba421c3feba54b2a9db449dd8815d519d9f3d8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62951.exe

Filesize
184KB

MD5
488ab33d2867896dbdf084905e83c80e

SHA1
e18e2d39d69464e63df83cace877edc8eb79cee3

SHA256
d8fd93dda22768173735d305a6c9b13b299b7c0166e09dc0a1089035e822c7f0

SHA512
ad196cdb5abe3754e3b95e203f3d82fbc65133d20a30cb9d2e70535215232434fdc2cadfc7aa5d064d553cbf73deb63c894ffdcee00dcd33f5cde7b4c30766b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe

Filesize
184KB

MD5
d9f294106797a9eeb41b487e5195ab7d

SHA1
c343b0cbd6039dadbe4e99a4d614d43fcc68af84

SHA256
81d108525aa74e9755ade5c4d06404638adfb0807d5a8c2f1f1cad07f63d19c8

SHA512
e5122ad319f8d854ece3c4c602b8728f9d12d2a9abca3fc576a3b6e38a203cb857c9f6768f0ea01ff6f3e1d9d355663f2ba2fdb8ad2e5299ec4904b1fcd04a81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30401.exe

Filesize
184KB

MD5
b73e2a219c9bc106bf7534421d5b22e3

SHA1
baa921d20b93f2c2b51e86ece1c0b829c95a3947

SHA256
88ef09e28b19222812fb34675fdb7e123971d18832e8029b887cc0a451394183

SHA512
40c57e6f93ba29cbc68cd63bc5aa89383df4c1868c3b0e863ee8a3485fd621135fefef5fecbc92165b7341c01d7b539260a438d5ac92873d55d38c6e38b1497d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40.exe

Filesize
184KB

MD5
9a641c76773900ba013e624dbdd32ed9

SHA1
1cce6a686fb9a58e14f2d0ce1db15f8227c3febf

SHA256
506b7ed9c6bab9452e34c393f8f57a130397413bcb2157745dad6f28e88edce6

SHA512
806fae50e57a193b063866a73d4af57b6ec348020bfbbe64efdfc9f9c9af8f062697d2d8c046bf15362d8ef87f824c6d3af32d0e117b5c3405dd413516e5faf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41976.exe

Filesize
184KB

MD5
6faa8f50c2612808f18514f47c8d02d2

SHA1
b8a2853070c6752eb8b54a763f2b26b79e3cae9b

SHA256
880775d77850f778e10389f9ff2c37b29bb6294402e3c3c6710e7f1f8a8026ee

SHA512
d4f438c89dfb8c3aca85215b325acb73a3153a27349dd10bf3d5a7990d315f3916d425ce5487aed5a39523f45a6305f3c5a71b967a85af5b446e89332cb32ac5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe

Filesize
184KB

MD5
90a11389ce06bc770aa61d19664c871c

SHA1
f4dd80f2582e5a9304997f59709470ab226bf7b8

SHA256
0f05a0259ecbee46b6afe5f0e1b6d8e1574ec44fd3db0068c52fdcb2d536bb06

SHA512
37614206b54115ae4b6b2d038883d17559183ab2a4a579a2642352246be4df01c94bc6db726794eef9bb643dcaca2bdab1d73f2814144fc4c487608011cb56af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe

Filesize
184KB

MD5
6226180a1c3b22021cdcd0d1f9ab42be

SHA1
5117f8bff34d7fed5fc2931f9f5f2fa46fd8470f

SHA256
4d203989a5fdc8adc8225c2f7a14ba17409fb09eee8bf447325331296d167357

SHA512
abab732e180931360b0653e090ab9b45d67ce12b7610c1ac7c2c386cbcb5f2e63316ed5f565241dcf6ca11cc361141f399635e6029ab5f03e5d38266a32fb59b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53325.exe

Filesize
184KB

MD5
15a6446f61ee1a254de3b799a2df1977

SHA1
a605d66ff0e2b42bf361e7dc4d7f17552653057e

SHA256
504bfb1dfa2aee9a2146ec5a31f9bde203e8b3ec1a53a580a9b735d85d5b2bed

SHA512
ce40199c794a35b2ac4d37da5670240fabbfdd9246d6fd3c577b00f645ab1e3547e68ad89ef81e9dc4643f9194dbdf774b8426f6a45896917a2a3ef6d12ed367

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53880.exe

Filesize
184KB

MD5
96e008bab461b30fd46f66486de48c82

SHA1
4da170221f8f17d63ff311cd2924677d72fc177a

SHA256
b6b7aeb91d381045bd5aca7f20313a6bbd123fdb9f79bf849f0b519616d3670a

SHA512
b5bd58ded27c332e4edcefb1da285d42ace481b846465663f1e10659f5652a2a7cd7904e0a48ddf15ab6180bc6b9d0c041c34bd1b3b2cecc9c7a7df205705a0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe

Filesize
184KB

MD5
fe3f598a104cc8ad33804c66e95fb524

SHA1
82eb2a3a159f2feb1c16d0c437af2ddf04c67e09

SHA256
2172a7f6581cadbb4f713e080795ca82734f449b74802d8af34a72a7e0e1e0e3

SHA512
86d837e93dca6b9d56f4e99e4f2cf8ad6586e0356493353ef3d3bc310dc5bbb1586ff3eab0abac89b8926429c92153efa549f953da0de2f967ddc34767f17b85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9874.exe

Filesize
184KB

MD5
e60738a41d8d9130368799334aa899fd

SHA1
f927450c7e5ca9aecf753550309173e38909b4e3

SHA256
0f0b31069a2aa9d0f766d61b03b969ed743b9c7cc5003ad2e3aa8728cb45812d

SHA512
f6e1b9ec8861c3705aa7fa3b8d5c6cd971eb507757989dc5734e7604ae23bc19307d926ab713404ebcc7a82db067eb89f7bf4cb245d5d8c1f01935f5c46eeb7d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads