18a965dfff0fbed674a3fd697ae88156832f0d071fa3d2dc947f8249fb4cf081

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6677e8eb63f22fff71c18333b4eb2a8c.exe
Size

184KB
MD5

6677e8eb63f22fff71c18333b4eb2a8c
SHA1

4ef16ed52f3dfc09679d2154acbfaae895516954
SHA256

18a965dfff0fbed674a3fd697ae88156832f0d071fa3d2dc947f8249fb4cf081
SHA512

9cf1557cce6573b152d23bf0137a684e4a5cf01388557303380894df818844371a52e75d9c2ffb2cb98b1cb431068b0202adc7c3b006bea569ea0f5299414993
SSDEEP

3072:bfGpoA7UP0A7uBCH4d3RL08bpeH2r/Q5ZHQ2x7ltfKBlVvwFn:bfUoZFaBjdBL08SbpCBlVvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2864	Unicorn-32128.exe
2828	Unicorn-11230.exe
2836	Unicorn-24037.exe
2776	Unicorn-45429.exe
2748	Unicorn-9912.exe
2596	Unicorn-61381.exe
2556	Unicorn-65408.exe
2892	Unicorn-61879.exe
3016	Unicorn-15824.exe
2304	Unicorn-64640.exe
2464	Unicorn-61111.exe
760	Unicorn-44223.exe
1360	Unicorn-59718.exe
1520	Unicorn-62863.exe
2328	Unicorn-26469.exe
2340	Unicorn-46335.exe
2988	Unicorn-13086.exe
2296	Unicorn-28908.exe
2476	Unicorn-26242.exe
1672	Unicorn-6184.exe
1848	Unicorn-9521.exe
2072	Unicorn-30565.exe
648	Unicorn-63045.exe
556	Unicorn-54171.exe
2496	Unicorn-8499.exe
2936	Unicorn-37642.exe
968	Unicorn-24644.exe
1488	Unicorn-27332.exe
1660	Unicorn-37917.exe
2688	Unicorn-49584.exe
1728	Unicorn-1623.exe
2736	Unicorn-49008.exe
2848	Unicorn-4576.exe
2684	Unicorn-64311.exe
2392	Unicorn-1535.exe
2752	Unicorn-45754.exe
2632	Unicorn-35443.exe
2500	Unicorn-18339.exe
1720	Unicorn-64010.exe
3064	Unicorn-30953.exe
2928	Unicorn-44234.exe
2300	Unicorn-26938.exe
2616	Unicorn-28365.exe
788	Unicorn-24259.exe
1308	Unicorn-4213.exe
616	Unicorn-34966.exe
1196	Unicorn-64576.exe
2288	Unicorn-64685.exe
2808	Unicorn-46367.exe
1276	Unicorn-26885.exe
2352	Unicorn-62376.exe
2256	Unicorn-31432.exe
1268	Unicorn-47135.exe
2040	Unicorn-51167.exe
1156	Unicorn-37976.exe
328	Unicorn-5770.exe
1552	Unicorn-51442.exe
1656	Unicorn-51250.exe
1612	Unicorn-5578.exe
2264	Unicorn-28386.exe
1872	Unicorn-62236.exe
1756	Unicorn-16565.exe
1568	Unicorn-16565.exe
2104	Unicorn-48853.exe

Loads dropped DLL 64 IoCs

pid	Process
2392	6677e8eb63f22fff71c18333b4eb2a8c.exe
2392	6677e8eb63f22fff71c18333b4eb2a8c.exe
2864	Unicorn-32128.exe
2392	6677e8eb63f22fff71c18333b4eb2a8c.exe
2864	Unicorn-32128.exe
2392	6677e8eb63f22fff71c18333b4eb2a8c.exe
2828	Unicorn-11230.exe
2828	Unicorn-11230.exe
2864	Unicorn-32128.exe
2864	Unicorn-32128.exe
2836	Unicorn-24037.exe
2836	Unicorn-24037.exe
2776	Unicorn-45429.exe
2776	Unicorn-45429.exe
2828	Unicorn-11230.exe
2828	Unicorn-11230.exe
2748	Unicorn-9912.exe
2748	Unicorn-9912.exe
2596	Unicorn-61381.exe
2596	Unicorn-61381.exe
2836	Unicorn-24037.exe
2836	Unicorn-24037.exe
2892	Unicorn-61879.exe
2892	Unicorn-61879.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
2776	Unicorn-45429.exe
2776	Unicorn-45429.exe
3016	Unicorn-15824.exe
3016	Unicorn-15824.exe
2748	Unicorn-9912.exe
2464	Unicorn-61111.exe
2464	Unicorn-61111.exe
2748	Unicorn-9912.exe
2304	Unicorn-64640.exe
2304	Unicorn-64640.exe
2596	Unicorn-61381.exe
2596	Unicorn-61381.exe
1628	WerFault.exe
760	Unicorn-44223.exe
760	Unicorn-44223.exe
2892	Unicorn-61879.exe
2892	Unicorn-61879.exe
1360	Unicorn-59718.exe
1360	Unicorn-59718.exe
2328	Unicorn-26469.exe
2328	Unicorn-26469.exe
2988	Unicorn-13086.exe
2988	Unicorn-13086.exe
2304	Unicorn-64640.exe
2304	Unicorn-64640.exe
1520	Unicorn-62863.exe
1520	Unicorn-62863.exe
3016	Unicorn-15824.exe
3016	Unicorn-15824.exe
2296	Unicorn-28908.exe
2296	Unicorn-28908.exe
2340	Unicorn-46335.exe
2340	Unicorn-46335.exe
2464	Unicorn-61111.exe

Program crash 22 IoCs

pid	pid_target	Process	procid_target
1628	2556	WerFault.exe	34
3040	2296	WerFault.exe	42
1312	1488	WerFault.exe	56
2080	1660	WerFault.exe	57
2900	788	WerFault.exe	74
2424	2752	WerFault.exe	64
856	556	WerFault.exe	52
1832	328	WerFault.exe	87
648	1088	WerFault.exe	127
2460	1464	WerFault.exe	103
2808	3008	WerFault.exe	126
2684	2024	WerFault.exe	134
1972	1572	WerFault.exe	146
268	1968	WerFault.exe	145
2392	1916	WerFault.exe	141
2068	896	WerFault.exe	132
2196	2012	WerFault.exe	147
2788	2652	WerFault.exe	138
1732	688	WerFault.exe	142
2916	1008	WerFault.exe	136
2812	2300	WerFault.exe	148
2696	2352	WerFault.exe	156

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2392	6677e8eb63f22fff71c18333b4eb2a8c.exe
2864	Unicorn-32128.exe
2828	Unicorn-11230.exe
2836	Unicorn-24037.exe
2776	Unicorn-45429.exe
2748	Unicorn-9912.exe
2596	Unicorn-61381.exe
2556	Unicorn-65408.exe
2892	Unicorn-61879.exe
3016	Unicorn-15824.exe
2464	Unicorn-61111.exe
2304	Unicorn-64640.exe
760	Unicorn-44223.exe
1360	Unicorn-59718.exe
1520	Unicorn-62863.exe
2328	Unicorn-26469.exe
2988	Unicorn-13086.exe
2340	Unicorn-46335.exe
2296	Unicorn-28908.exe
2476	Unicorn-26242.exe
1672	Unicorn-6184.exe
1848	Unicorn-9521.exe
2072	Unicorn-30565.exe
648	Unicorn-63045.exe
2496	Unicorn-8499.exe
2936	Unicorn-37642.exe
968	Unicorn-24644.exe
1488	Unicorn-27332.exe
1660	Unicorn-37917.exe
2688	Unicorn-49584.exe
2736	Unicorn-49008.exe
2684	Unicorn-64311.exe
2392	Unicorn-1535.exe
2632	Unicorn-35443.exe
2752	Unicorn-45754.exe
2848	Unicorn-4576.exe
1728	Unicorn-1623.exe
1720	Unicorn-64010.exe
2928	Unicorn-44234.exe
2500	Unicorn-18339.exe
3064	Unicorn-30953.exe
2300	Unicorn-26938.exe
2616	Unicorn-28365.exe
788	Unicorn-24259.exe
2808	Unicorn-46367.exe
616	Unicorn-34966.exe
1196	Unicorn-64576.exe
2352	Unicorn-62376.exe
1276	Unicorn-26885.exe
1308	Unicorn-4213.exe
2040	Unicorn-51167.exe
2256	Unicorn-31432.exe
2288	Unicorn-64685.exe
1612	Unicorn-5578.exe
1268	Unicorn-47135.exe
1552	Unicorn-51442.exe
1156	Unicorn-37976.exe
1656	Unicorn-51250.exe
328	Unicorn-5770.exe
1872	Unicorn-62236.exe
2104	Unicorn-48853.exe
2264	Unicorn-28386.exe
1568	Unicorn-16565.exe
3060	Unicorn-55057.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 2864	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	28
PID 2392 wrote to memory of 2864	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	28
PID 2392 wrote to memory of 2864	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	28
PID 2392 wrote to memory of 2864	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	28
PID 2864 wrote to memory of 2828	2864	Unicorn-32128.exe	29
PID 2864 wrote to memory of 2828	2864	Unicorn-32128.exe	29
PID 2864 wrote to memory of 2828	2864	Unicorn-32128.exe	29
PID 2864 wrote to memory of 2828	2864	Unicorn-32128.exe	29
PID 2392 wrote to memory of 2836	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	30
PID 2392 wrote to memory of 2836	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	30
PID 2392 wrote to memory of 2836	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	30
PID 2392 wrote to memory of 2836	2392	6677e8eb63f22fff71c18333b4eb2a8c.exe	30
PID 2828 wrote to memory of 2776	2828	Unicorn-11230.exe	31
PID 2828 wrote to memory of 2776	2828	Unicorn-11230.exe	31
PID 2828 wrote to memory of 2776	2828	Unicorn-11230.exe	31
PID 2828 wrote to memory of 2776	2828	Unicorn-11230.exe	31
PID 2864 wrote to memory of 2748	2864	Unicorn-32128.exe	32
PID 2864 wrote to memory of 2748	2864	Unicorn-32128.exe	32
PID 2864 wrote to memory of 2748	2864	Unicorn-32128.exe	32
PID 2864 wrote to memory of 2748	2864	Unicorn-32128.exe	32
PID 2836 wrote to memory of 2596	2836	Unicorn-24037.exe	33
PID 2836 wrote to memory of 2596	2836	Unicorn-24037.exe	33
PID 2836 wrote to memory of 2596	2836	Unicorn-24037.exe	33
PID 2836 wrote to memory of 2596	2836	Unicorn-24037.exe	33
PID 2776 wrote to memory of 2556	2776	Unicorn-45429.exe	34
PID 2776 wrote to memory of 2556	2776	Unicorn-45429.exe	34
PID 2776 wrote to memory of 2556	2776	Unicorn-45429.exe	34
PID 2776 wrote to memory of 2556	2776	Unicorn-45429.exe	34
PID 2828 wrote to memory of 2892	2828	Unicorn-11230.exe	35
PID 2828 wrote to memory of 2892	2828	Unicorn-11230.exe	35
PID 2828 wrote to memory of 2892	2828	Unicorn-11230.exe	35
PID 2828 wrote to memory of 2892	2828	Unicorn-11230.exe	35
PID 2748 wrote to memory of 3016	2748	Unicorn-9912.exe	36
PID 2748 wrote to memory of 3016	2748	Unicorn-9912.exe	36
PID 2748 wrote to memory of 3016	2748	Unicorn-9912.exe	36
PID 2748 wrote to memory of 3016	2748	Unicorn-9912.exe	36
PID 2596 wrote to memory of 2304	2596	Unicorn-61381.exe	37
PID 2596 wrote to memory of 2304	2596	Unicorn-61381.exe	37
PID 2596 wrote to memory of 2304	2596	Unicorn-61381.exe	37
PID 2596 wrote to memory of 2304	2596	Unicorn-61381.exe	37
PID 2836 wrote to memory of 2464	2836	Unicorn-24037.exe	38
PID 2836 wrote to memory of 2464	2836	Unicorn-24037.exe	38
PID 2836 wrote to memory of 2464	2836	Unicorn-24037.exe	38
PID 2836 wrote to memory of 2464	2836	Unicorn-24037.exe	38
PID 2892 wrote to memory of 760	2892	Unicorn-61879.exe	46
PID 2892 wrote to memory of 760	2892	Unicorn-61879.exe	46
PID 2892 wrote to memory of 760	2892	Unicorn-61879.exe	46
PID 2892 wrote to memory of 760	2892	Unicorn-61879.exe	46
PID 2556 wrote to memory of 1628	2556	Unicorn-65408.exe	39
PID 2556 wrote to memory of 1628	2556	Unicorn-65408.exe	39
PID 2556 wrote to memory of 1628	2556	Unicorn-65408.exe	39
PID 2556 wrote to memory of 1628	2556	Unicorn-65408.exe	39
PID 2776 wrote to memory of 1360	2776	Unicorn-45429.exe	45
PID 2776 wrote to memory of 1360	2776	Unicorn-45429.exe	45
PID 2776 wrote to memory of 1360	2776	Unicorn-45429.exe	45
PID 2776 wrote to memory of 1360	2776	Unicorn-45429.exe	45
PID 3016 wrote to memory of 1520	3016	Unicorn-15824.exe	40
PID 3016 wrote to memory of 1520	3016	Unicorn-15824.exe	40
PID 3016 wrote to memory of 1520	3016	Unicorn-15824.exe	40
PID 3016 wrote to memory of 1520	3016	Unicorn-15824.exe	40
PID 2464 wrote to memory of 2340	2464	Unicorn-61111.exe	43
PID 2464 wrote to memory of 2340	2464	Unicorn-61111.exe	43
PID 2464 wrote to memory of 2340	2464	Unicorn-61111.exe	43
PID 2464 wrote to memory of 2340	2464	Unicorn-61111.exe	43

C:\Users\Admin\AppData\Local\Temp\6677e8eb63f22fff71c18333b4eb2a8c.exe
"C:\Users\Admin\AppData\Local\Temp\6677e8eb63f22fff71c18333b4eb2a8c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9521.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        9⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47474.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        10⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        11⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64311.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46675.exe
        9⤵
        
        PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47135.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12348.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23974.exe
        10⤵
        
        PID:896
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 224
        11⤵
        Program crash
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-707.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55342.exe
        11⤵
        
        PID:1736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 380
        11⤵
        Program crash
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
        9⤵
        
        PID:2652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 224
        10⤵
        Program crash
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1623.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37792.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
        9⤵
        
        PID:1572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
        10⤵
        Program crash
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
        7⤵
        
        PID:1464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 244
        8⤵
        Program crash
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49008.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46367.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55057.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11624.exe
        13⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        8⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19395.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7975.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12467.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61739.exe
        12⤵
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        7⤵
        
        PID:3008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
        8⤵
        Program crash
        
        PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31432.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23880.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65346.exe
        10⤵
        
        PID:1968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
        11⤵
        Program crash
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51442.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32826.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
        9⤵
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
        10⤵
        Program crash
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5770.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 220
        8⤵
        Program crash
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37976.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63578.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
        10⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40567.exe
        8⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 224
        9⤵
        Program crash
        
        PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4213.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49255.exe
        10⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64576.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32795.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24688.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46259.exe
        11⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 224
        6⤵
        Program crash
        
        PID:2424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13086.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63045.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        8⤵
        Executes dropped EXE
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
        9⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44786.exe
        10⤵
        
        PID:688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 224
        11⤵
        Program crash
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
        9⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43791.exe
        8⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 244
        9⤵
        Program crash
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56214.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25653.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65066.exe
        8⤵
        
        PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54171.exe
        5⤵
        Executes dropped EXE
        
        PID:556
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 220
        6⤵
        Program crash
        
        PID:856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16565.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16075.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50699.exe
        9⤵
        
        PID:1008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 224
        10⤵
        Program crash
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62236.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22275.exe
        9⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18116.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        8⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 244
        9⤵
        Program crash
        
        PID:2696
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 248
        5⤵
        Program crash
        
        PID:3040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 244
        6⤵
        Program crash
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 244
        6⤵
        Program crash
        
        PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37917.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28365.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28386.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        7⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
        8⤵
        
        PID:1916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
        9⤵
        Program crash
        
        PID:2392
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 228
        5⤵
        Program crash
        
        PID:2080

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe

Filesize
184KB

MD5
b3224bbff861ab43077d383428099b3c

SHA1
17b8aab19876f17ac60a47c5838b39a4148bafb9

SHA256
8765e5c41179d246be1a4214361deed3952f866d0ba72496183614c548896a8a

SHA512
74aa3c2e540b542945fcda0631dbeeacc3a26e2dbddf6e79e5815c2672f226839453f9b8e47110221330400b54fa7493676ecedb261f8b55e532a539e2851251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61111.exe

Filesize
184KB

MD5
a783044dfec3d1a3baf9e09d7181e1d5

SHA1
155f7a544c61e9135ced81a6803a9540dd015d34

SHA256
ffec117f75f6022edab11df347a92daa09cbfd38aad357a6439a3cbdd6284565

SHA512
59f87b399eeafde94a4ee8da9e28a9bbe71c58ce5614ef5a1084bd1c2418176c18c780dd22d6fd3b0c98bfd3393350c396d01326eb6b9b7089b2edb9ee1e66cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61879.exe

Filesize
184KB

MD5
a83c063b3e11413a9a6dd82ebc7413d7

SHA1
a3a12c81159cba562c589480e767d29a5b0922ba

SHA256
885be7dd5653ea103be0c09c17f00213ec734e147ec678b69a8566770eb24585

SHA512
325031a2688d6132992019467e90af38635b5c0ca1b5fc43571610212127f69206d7d9574a40b39bab3bb82e94c1b2e98b5c0c7d62e296da18b2154fbd232a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe

Filesize
184KB

MD5
b0908eb74a488926fa7821e3a6b24ef1

SHA1
5c6b0290f8c03f469f3f35a5593ffa89432dd739

SHA256
f44b7a35e429beee87114ca194e83c87d410a9170f3d040bd43a936b5309ba66

SHA512
4b606aa8f3507b4e43feb4dd0da9b2646e74d75301b4ba246ad90d2a80ae19e7fc3f103ee375cf5c7a260914ae215e26d44c743263d673277d5063ee5b29f469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe

Filesize
184KB

MD5
07ca7ee0d53508890b737e7a751e707a

SHA1
e00a137fb7b1c90162a94aed22977f9dceed2e02

SHA256
daea607ae747b4b8685f4bebb921846ac3c7175c478c7ea821dffcddff3c0af9

SHA512
e0679e24207a78b73d1407a492d807d519d7be1e8f796cc66e3695e6bb0925cc2a3ce128ae59a7223aa5195c307ef880cd1681f5f1ec5da2a5de884ca802abc9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe

Filesize
184KB

MD5
1aa06f8acb2df13604274b78286f6302

SHA1
8915c6970d877b6df636451c34d94de6e7750c9a

SHA256
565e5fb4a3b4e0ab2adf952ec44d1327b3f8c91bcfba205498a8cddfbe30f322

SHA512
d9fbdbf9beeee846725128402dff8ffa9013652297ca485ffa7c54890ab9cfaf7d5ad0acb436b208636aee9e5c422d30c94b09d5c8202b7285eaccde2bc8f85d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15824.exe

Filesize
184KB

MD5
555a2b646905a1490a4172f1d9d92cd0

SHA1
821a8fcbcd84dc830a77db67b0181265d02af947

SHA256
e7e271286f32fa68fe1d2a8aca697f13058959debaea7007dd8469a36be6f6ae

SHA512
f7010fcc5307d2c613db0091026123fe2b697fd5c61da524cb43283da5f8b0fb13e597a80e7e47e9564de2765faed89aa268b8d0e326fd03551bdc0885252a13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24037.exe

Filesize
184KB

MD5
cbe915ca886deeaca64c8449eff8e518

SHA1
9561aeb5f195315c68353805edf8396102b5ae8d

SHA256
0166bdc9af5c11cab439dc084322411281807afd52c2545a76b6d5756a960c22

SHA512
820a3aec19a02f116b2f91d6aca2397a3375a2823fc031f6707ef646cb0c1a4337aa4fa659bbdd660a3da9963e26f68c9ee415eb7e50803f05cf5224424355e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26469.exe

Filesize
184KB

MD5
b19f6efe6e71c9a10814ac6d174b1755

SHA1
6f7441c490f6c6e80883d140c1e2710575a03cca

SHA256
207499bac379ad636d252518e80dac8ac404e3f48f01f40f23a23ed3389528a4

SHA512
d82f117c75e5b73e70db4ae2fcc1323b9d0852f7b1873275113ea7e82ed719dbf983e31ed5fe56c84cadc4f2af7189a13dbe98e0b263d6441987a07cc7fee32b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe

Filesize
184KB

MD5
1157badecf04c2836e51f7573e329d5e

SHA1
ade6b335211d8596ecb0ec1651eeffc05458b466

SHA256
8f1e7ae2d4e088678ea5f1580cbd18246c5737f3660483080bfb6b144696583a

SHA512
f2ac4d4e53d846552ad1e81f640f52208a17c5b860b45d1cc808fdf9146640933898680d3403decb53b5ac177b281f6f41164f7b0c74013dbe3106acaacc86fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe

Filesize
184KB

MD5
0ebbc5c2e6ba2e148422fc6963436614

SHA1
b8f4d01c44d5a82c80aae7f051cdb8ed93fe81ec

SHA256
da6f1ac18a9b048ab3095891c014455af5e4a0d98955c55a15e3b99794e04240

SHA512
6e7143d5a6d821fb918c6b0f54a3748c2e77fe940988e4300b7209eba51e0da24c7a617bcff2a62037e6338f4bced70c28fa271a49abd68f0f0901b88305b7aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe

Filesize
184KB

MD5
e9eaa10fd0273af4b975c6ad7d6034ac

SHA1
406724e13632695af25ae4f9bd80f58d466ecb51

SHA256
968874817204ec890151769b94368ac20bd57e85e51af85bb0b4776404c3455f

SHA512
55d928e4d614a00574393e6b521fb5b6ab35d9216e3dfe3d044e02608c4f5cb7e79031636eb819a1e337a522807bf513c581c8901cd328edee3c9cde9bb6fe67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe

Filesize
184KB

MD5
734d1638deb08d82a10c11f8245c5729

SHA1
0a336689d0770342d0024076a5d255c8e57ff9ca

SHA256
af594a51b8054131cd68a58148e2c66fb37e2b49963cd782178727b2498bac40

SHA512
5e78026f0dfb70e6e1fe9c8f2331a01c78d80967e9445f6c07a802255c1d4a2b3fa19556a16a377c0ba8540a1f8c0eff8867e663cfb29702a5853d28036cc00f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61381.exe

Filesize
184KB

MD5
f765cc369d5cb7d48cdc3e90940da0c8

SHA1
64d1c82c7720355daa35ca29dd4792b6f9721265

SHA256
f9a4d0010cb39eb60fd7446f57c8bc4852030f37fb8f835877545f71e82c21af

SHA512
ac777e796c8b9bcee7cb10bb3ec531e6b6b1c4cf6954bc434048a39e5d771d2f3704a1a47eed0c2a53e82da5e5f7dbaa85cc8358330fac4c21881650a2aa39aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe

Filesize
184KB

MD5
a7a37a3c2a999907a1521819922bdb37

SHA1
b3038dbdc8e078ddc05a0bb257038dfa819e2f1a

SHA256
a283cab58506ce57e587db4bdb5ebfc11638d12914a487d862374c1576685370

SHA512
7bf333f7fd4a9db98f0c1746ca942600c88fd99506979286f833909d3b22d38ccda318373aedfe64132a6f335ed00a096142fe0e0d8deaa79bd6d450e9a1b916

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe

Filesize
184KB

MD5
4118ca6a651ffc3f196c4930af00cffd

SHA1
ebadd15cf438c893076aa6982dacb9d16284d4f7

SHA256
b67d520cc3897e561ddc25054e1e5649aa7bf38795c59e7ec6d1aeb20f7da410

SHA512
df9e0ca488b4a439e7f7cad6d02dbd935f91e1346a012a3bb4041e25cd777dbd1c4b2738c5f9ffa2e0d0bd903b0839bac4f875c4bc9a8090517ea5ee0b0aeae6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9912.exe

Filesize
184KB

MD5
3e330366f98c1ee76a0e89136baaf682

SHA1
e064c702ab9d52fd6a54aee875895d9261c7c354

SHA256
6d56bcd71686d9357a671dbc7d6a9903dee8a7c3772ea7ff58da7fb252335e69

SHA512
82c3ab34537d82041160a7257f70e83c69a55357276318325f7776dd6ab55886632cd007f3ff014bb2d8f3e6135d87ae3b022d08f24d5a492f536e7238f3c11b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads