f0fbce76446359758a9dd782a50d98960b5e2a738651a091428d5f1a849ae024

Analysis

max time kernel
124s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 19:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

705a5eb679ee1cbf12a94b1d0137e7c6.exe
Size

184KB
MD5

705a5eb679ee1cbf12a94b1d0137e7c6
SHA1

f86ae6997b893c80ece36f013a2da8701cc0ca64
SHA256

f0fbce76446359758a9dd782a50d98960b5e2a738651a091428d5f1a849ae024
SHA512

075cf3e305a7b48272b90e099c60d140605cbccefc89f518b35cb2778c748609ed14538c04755320c01dd80d5d55863bc3922c611eac21489f8338f16e986e8b
SSDEEP

3072:+PyHoVUmVWAC4ePeHaLOJPcZClJJMDDkl1QrxKVL8+ClP6pFy:+PaoJ7C4hHvJPcJEZBClP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2500	Unicorn-47042.exe
2720	Unicorn-43041.exe
2776	Unicorn-53902.exe
2836	Unicorn-48241.exe
2224	Unicorn-28375.exe
1304	Unicorn-52325.exe
1868	Unicorn-3207.exe
2564	Unicorn-25766.exe
1036	Unicorn-36626.exe
2936	Unicorn-61131.exe
1888	Unicorn-50270.exe
548	Unicorn-60659.exe
828	Unicorn-22319.exe
704	Unicorn-22341.exe
2040	Unicorn-22341.exe
1216	Unicorn-59844.exe
1696	Unicorn-25033.exe
2980	Unicorn-14172.exe
2976	Unicorn-14172.exe
292	Unicorn-33799.exe
1896	Unicorn-13933.exe
2404	Unicorn-64525.exe
1368	Unicorn-34161.exe
1536	Unicorn-40706.exe
1652	Unicorn-54027.exe
1744	Unicorn-63819.exe
484	Unicorn-44790.exe
1836	Unicorn-61126.exe
1612	Unicorn-41260.exe
2420	Unicorn-7841.exe
388	Unicorn-6450.exe
864	Unicorn-65210.exe
2080	Unicorn-37966.exe
2456	Unicorn-48827.exe
2736	Unicorn-60524.exe
2616	Unicorn-31552.exe
2596	Unicorn-57379.exe
2644	Unicorn-11707.exe
2320	Unicorn-1401.exe
3044	Unicorn-47073.exe
1012	Unicorn-6040.exe
2864	Unicorn-52548.exe
2568	Unicorn-25906.exe
2820	Unicorn-17738.exe
836	Unicorn-63409.exe
1516	Unicorn-29990.exe
2556	Unicorn-10124.exe
2988	Unicorn-29990.exe
1844	Unicorn-40850.exe
2436	Unicorn-25761.exe
536	Unicorn-36621.exe
1716	Unicorn-60571.exe
1008	Unicorn-46181.exe
804	Unicorn-57042.exe
1136	Unicorn-20115.exe
1532	Unicorn-20669.exe
936	Unicorn-50649.exe
872	Unicorn-24583.exe
2252	Unicorn-20499.exe
2192	Unicorn-12885.exe
2400	Unicorn-57255.exe
2092	Unicorn-33305.exe
1592	Unicorn-59201.exe
1664	Unicorn-43419.exe

Loads dropped DLL 64 IoCs

pid	Process
2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe
2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe
2500	Unicorn-47042.exe
2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe
2500	Unicorn-47042.exe
2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe
2720	Unicorn-43041.exe
2720	Unicorn-43041.exe
2500	Unicorn-47042.exe
2500	Unicorn-47042.exe
2776	Unicorn-53902.exe
2776	Unicorn-53902.exe
2836	Unicorn-48241.exe
2224	Unicorn-28375.exe
2720	Unicorn-43041.exe
2836	Unicorn-48241.exe
2224	Unicorn-28375.exe
2720	Unicorn-43041.exe
2776	Unicorn-53902.exe
2776	Unicorn-53902.exe
1304	Unicorn-52325.exe
1304	Unicorn-52325.exe
1868	Unicorn-3207.exe
1868	Unicorn-3207.exe
2224	Unicorn-28375.exe
2224	Unicorn-28375.exe
1036	Unicorn-36626.exe
2936	Unicorn-61131.exe
1036	Unicorn-36626.exe
2936	Unicorn-61131.exe
2836	Unicorn-48241.exe
2836	Unicorn-48241.exe
1304	Unicorn-52325.exe
1304	Unicorn-52325.exe
1888	Unicorn-50270.exe
2564	Unicorn-25766.exe
1888	Unicorn-50270.exe
2564	Unicorn-25766.exe
548	Unicorn-60659.exe
548	Unicorn-60659.exe
1868	Unicorn-3207.exe
1868	Unicorn-3207.exe
828	Unicorn-22319.exe
828	Unicorn-22319.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
704	Unicorn-22341.exe
2040	Unicorn-22341.exe
2936	Unicorn-61131.exe
2040	Unicorn-22341.exe
2936	Unicorn-61131.exe
704	Unicorn-22341.exe
1036	Unicorn-36626.exe
1036	Unicorn-36626.exe
1216	Unicorn-59844.exe
1216	Unicorn-59844.exe
1888	Unicorn-50270.exe
2976	Unicorn-14172.exe
2980	Unicorn-14172.exe
2976	Unicorn-14172.exe
1888	Unicorn-50270.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1524	2404	WerFault.exe	49
2652	1368	WerFault.exe	52
1864	864	WerFault.exe	60

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe
2500	Unicorn-47042.exe
2720	Unicorn-43041.exe
2776	Unicorn-53902.exe
2836	Unicorn-48241.exe
2224	Unicorn-28375.exe
1304	Unicorn-52325.exe
1868	Unicorn-3207.exe
1036	Unicorn-36626.exe
2936	Unicorn-61131.exe
2564	Unicorn-25766.exe
1888	Unicorn-50270.exe
548	Unicorn-60659.exe
828	Unicorn-22319.exe
704	Unicorn-22341.exe
2040	Unicorn-22341.exe
1216	Unicorn-59844.exe
1696	Unicorn-25033.exe
2980	Unicorn-14172.exe
2976	Unicorn-14172.exe
292	Unicorn-33799.exe
1896	Unicorn-13933.exe
2404	Unicorn-64525.exe
1536	Unicorn-40706.exe
1368	Unicorn-34161.exe
1652	Unicorn-54027.exe
484	Unicorn-44790.exe
1744	Unicorn-63819.exe
1836	Unicorn-61126.exe
1612	Unicorn-41260.exe
2420	Unicorn-7841.exe
388	Unicorn-6450.exe
864	Unicorn-65210.exe
2080	Unicorn-37966.exe
2456	Unicorn-48827.exe
2736	Unicorn-60524.exe
2616	Unicorn-31552.exe
2644	Unicorn-11707.exe
2596	Unicorn-57379.exe
3044	Unicorn-47073.exe
2320	Unicorn-1401.exe
2820	Unicorn-17738.exe
2988	Unicorn-29990.exe
2556	Unicorn-10124.exe
1012	Unicorn-6040.exe
1844	Unicorn-40850.exe
836	Unicorn-63409.exe
2864	Unicorn-52548.exe
2568	Unicorn-25906.exe
1516	Unicorn-29990.exe
536	Unicorn-36621.exe
2436	Unicorn-25761.exe
1716	Unicorn-60571.exe
1008	Unicorn-46181.exe
804	Unicorn-57042.exe
1136	Unicorn-20115.exe
1532	Unicorn-20669.exe
936	Unicorn-50649.exe
872	Unicorn-24583.exe
2252	Unicorn-20499.exe
2192	Unicorn-12885.exe
2400	Unicorn-57255.exe
2092	Unicorn-33305.exe
1592	Unicorn-59201.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 2500	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	28
PID 2116 wrote to memory of 2500	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	28
PID 2116 wrote to memory of 2500	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	28
PID 2116 wrote to memory of 2500	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	28
PID 2500 wrote to memory of 2720	2500	Unicorn-47042.exe	30
PID 2500 wrote to memory of 2720	2500	Unicorn-47042.exe	30
PID 2500 wrote to memory of 2720	2500	Unicorn-47042.exe	30
PID 2500 wrote to memory of 2720	2500	Unicorn-47042.exe	30
PID 2116 wrote to memory of 2776	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	29
PID 2116 wrote to memory of 2776	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	29
PID 2116 wrote to memory of 2776	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	29
PID 2116 wrote to memory of 2776	2116	705a5eb679ee1cbf12a94b1d0137e7c6.exe	29
PID 2720 wrote to memory of 2836	2720	Unicorn-43041.exe	31
PID 2720 wrote to memory of 2836	2720	Unicorn-43041.exe	31
PID 2720 wrote to memory of 2836	2720	Unicorn-43041.exe	31
PID 2720 wrote to memory of 2836	2720	Unicorn-43041.exe	31
PID 2500 wrote to memory of 2224	2500	Unicorn-47042.exe	32
PID 2500 wrote to memory of 2224	2500	Unicorn-47042.exe	32
PID 2500 wrote to memory of 2224	2500	Unicorn-47042.exe	32
PID 2500 wrote to memory of 2224	2500	Unicorn-47042.exe	32
PID 2776 wrote to memory of 1304	2776	Unicorn-53902.exe	33
PID 2776 wrote to memory of 1304	2776	Unicorn-53902.exe	33
PID 2776 wrote to memory of 1304	2776	Unicorn-53902.exe	33
PID 2776 wrote to memory of 1304	2776	Unicorn-53902.exe	33
PID 2836 wrote to memory of 2564	2836	Unicorn-48241.exe	34
PID 2836 wrote to memory of 2564	2836	Unicorn-48241.exe	34
PID 2836 wrote to memory of 2564	2836	Unicorn-48241.exe	34
PID 2836 wrote to memory of 2564	2836	Unicorn-48241.exe	34
PID 2224 wrote to memory of 1868	2224	Unicorn-28375.exe	35
PID 2224 wrote to memory of 1868	2224	Unicorn-28375.exe	35
PID 2224 wrote to memory of 1868	2224	Unicorn-28375.exe	35
PID 2224 wrote to memory of 1868	2224	Unicorn-28375.exe	35
PID 2720 wrote to memory of 1036	2720	Unicorn-43041.exe	37
PID 2720 wrote to memory of 1036	2720	Unicorn-43041.exe	37
PID 2720 wrote to memory of 1036	2720	Unicorn-43041.exe	37
PID 2720 wrote to memory of 1036	2720	Unicorn-43041.exe	37
PID 2776 wrote to memory of 2936	2776	Unicorn-53902.exe	36
PID 2776 wrote to memory of 2936	2776	Unicorn-53902.exe	36
PID 2776 wrote to memory of 2936	2776	Unicorn-53902.exe	36
PID 2776 wrote to memory of 2936	2776	Unicorn-53902.exe	36
PID 1304 wrote to memory of 1888	1304	Unicorn-52325.exe	38
PID 1304 wrote to memory of 1888	1304	Unicorn-52325.exe	38
PID 1304 wrote to memory of 1888	1304	Unicorn-52325.exe	38
PID 1304 wrote to memory of 1888	1304	Unicorn-52325.exe	38
PID 1868 wrote to memory of 548	1868	Unicorn-3207.exe	39
PID 1868 wrote to memory of 548	1868	Unicorn-3207.exe	39
PID 1868 wrote to memory of 548	1868	Unicorn-3207.exe	39
PID 1868 wrote to memory of 548	1868	Unicorn-3207.exe	39
PID 2224 wrote to memory of 828	2224	Unicorn-28375.exe	40
PID 2224 wrote to memory of 828	2224	Unicorn-28375.exe	40
PID 2224 wrote to memory of 828	2224	Unicorn-28375.exe	40
PID 2224 wrote to memory of 828	2224	Unicorn-28375.exe	40
PID 1036 wrote to memory of 704	1036	Unicorn-36626.exe	42
PID 1036 wrote to memory of 704	1036	Unicorn-36626.exe	42
PID 1036 wrote to memory of 704	1036	Unicorn-36626.exe	42
PID 1036 wrote to memory of 704	1036	Unicorn-36626.exe	42
PID 2936 wrote to memory of 2040	2936	Unicorn-61131.exe	41
PID 2936 wrote to memory of 2040	2936	Unicorn-61131.exe	41
PID 2936 wrote to memory of 2040	2936	Unicorn-61131.exe	41
PID 2936 wrote to memory of 2040	2936	Unicorn-61131.exe	41
PID 2836 wrote to memory of 1216	2836	Unicorn-48241.exe	43
PID 2836 wrote to memory of 1216	2836	Unicorn-48241.exe	43
PID 2836 wrote to memory of 1216	2836	Unicorn-48241.exe	43
PID 2836 wrote to memory of 1216	2836	Unicorn-48241.exe	43

C:\Users\Admin\AppData\Local\Temp\705a5eb679ee1cbf12a94b1d0137e7c6.exe
"C:\Users\Admin\AppData\Local\Temp\705a5eb679ee1cbf12a94b1d0137e7c6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61126.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17738.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10000.exe
        9⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19295.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
        12⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        13⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17348.exe
        10⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59756.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
        10⤵
        
        PID:4052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25906.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1832.exe
        8⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16777.exe
        7⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        8⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        10⤵
        
        PID:1856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11707.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
        9⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31226.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        12⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37472.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47499.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16865.exe
        10⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22528.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65350.exe
        8⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8884.exe
        7⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        9⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7240.exe
        10⤵
        
        PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20115.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62444.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59189.exe
        11⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        9⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20669.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48786.exe
        8⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62645.exe
        10⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15210.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        10⤵
        
        PID:3612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47203.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        8⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39233.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
        10⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20499.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51308.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21496.exe
        11⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65433.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        8⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24563.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36929.exe
        9⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27856.exe
        10⤵
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12885.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29793.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
        9⤵
        
        PID:2140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63669.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8993.exe
        8⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12522.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61682.exe
        10⤵
        
        PID:3312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48827.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51967.exe
        9⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        10⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
        10⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
        11⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4909.exe
        7⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
        8⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        9⤵
        
        PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64219.exe
        9⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        7⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62382.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43559.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14650.exe
        9⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8509.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63325.exe
        11⤵
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10384.exe
        7⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        8⤵
        
        PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64525.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47504.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58957.exe
        8⤵
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36643.exe
        7⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32507.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55620.exe
        8⤵
        
        PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        7⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        8⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        6⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        8⤵
        
        PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
        6⤵
        Program crash
        
        PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        6⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58189.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29285.exe
        9⤵
        
        PID:3460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59201.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        7⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
        8⤵
        
        PID:1464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
        6⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        8⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6040.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55117.exe
        6⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63425.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        8⤵
        
        PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
        5⤵
        Program crash
        
        PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe

Filesize
184KB

MD5
dd4b6e10ed739dc7ab0ac5dab8b7cbdd

SHA1
300b9cc2018a0b78feda7e0e535d614e8821f139

SHA256
1d1a363854e66f92f6094faefb37081a05847359fd1b567c8499c9cb1383b83b

SHA512
daace13db74abc193425f9e581cdb8ca761e49db3526c4744ea0da27322601296e0ed4cc746a52935f748461269d0eb463e9b15b385fc9f6035e72f46b4dcb9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14172.exe

Filesize
184KB

MD5
28f3a1e576e247eeff7284093924a0b0

SHA1
02142842dfa9fbac36369ce022abdfc9594918bf

SHA256
5dbbf312d5ce075753005b4c27ae75a2fcccd168c96f9a31e58a2381f5023535

SHA512
71996447af2774fc71454c3cfa1e7260390273c98ce1bc0c15f9e5040b4e19e08e40a3a1550f81253d8e648ca7e49d2d6fb2780120974ab291142f21925a820b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22341.exe

Filesize
184KB

MD5
1ee71aca12492a01a32bd654c571d71a

SHA1
5b17e707663a429e63707499ba14cab5ca882d8f

SHA256
ee11b2ee6493e528d69d675a3e3f876d35cfc93fedf7a66b1800b099bec94cb4

SHA512
45fd905ed5a325cd0290b6f8cd2d954eaa4daaccffdb64aab311d43057c476a3ffa4f19ba72252760bb818e15a396df870e3c551d2cfff4909a46e15e98f414c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25766.exe

Filesize
184KB

MD5
a35afca3588cabe253fab74feff77f42

SHA1
0b7b026a1bac0d388758fffe30f45a797a81331b

SHA256
b78d663d2d51bdebc4b724e3749c69cf23ba1c1a7dcf51ff0af9009955fa51d3

SHA512
786ed5a349cd929dd22d878ef6d6ee4e843ed32b710ea1dc5ca6c479861cc98554f7f52f82c1e4137ec7064c8e500132e0a6d2120e934d1026c44f31fbe90c63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43041.exe

Filesize
184KB

MD5
af6dcc2076b693cb715c0706d5e40d1a

SHA1
9a18a61f9d10ad27a73db2dbb34b7799454f374d

SHA256
c54d289396ddc19eb1d5c6d361a2971fc620d78f85cd419a606ae82beebc1b46

SHA512
97f096dc88e39c09abb857ef7e847f6dfa6866b1d5f1417a86570884efce11488e1e3b11f2913792903e514421f370ca1df7711aabe5855bdfb15751667250e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47042.exe

Filesize
184KB

MD5
9c65ac6ae14473d325687617f42a0cfe

SHA1
c24592f164340bd5fb410eb19c7aaeb55dfd2c70

SHA256
f0845acea3ee2660db9ec65ed57d5b94c52ba864bd21f20d78cffa218352d187

SHA512
33e788eaf46190175cb6334987793ce09a21155a2df67b800ec7fc7b4d3759deaf77812e520ad5cdfe1db8d43107a02a3fb5e0cc8f4394fe6215143302a8b7d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe

Filesize
184KB

MD5
b615051823dedf6ca5c194a487071cda

SHA1
f34aff78bac8dac06c516cf1464c1bf8566b7197

SHA256
5ac2a2ba4f8632a47af525eab04c168dec690f526f4dee0b92bddc2c19744186

SHA512
a7d6c5314d29b57cd4caef0601ee0f17d9bae96063c7b0c260511fd0870b6d4293e4e20a394f8cdcf00ac5cc5ab7fba914f49e233910aeabe37bd7fd32105400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe

Filesize
184KB

MD5
13bdc66e3e5a6abe9fdf32c931d2dd5b

SHA1
b0c541633784990951fba15f1c2e6933f47eda7f

SHA256
02df72091aca1b94db6797aeeb7501ace2c748449f73d6020f55c910553d77ce

SHA512
0b1748d673246e9028b16654b6bb8b02253d559403b04634ba020df58c8d1992de6cba072f5668becd552bb6255e66d9dd28b012545201ed5ef6d5ebd9f713b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22319.exe

Filesize
184KB

MD5
1d58836be7a149a3829bc63daacaad29

SHA1
05be74e7bfb8b0f5c05ae6a8f2251bdb7a672ca3

SHA256
195e23e823ca8bff42a76de02844b4dea4c8719f9043d819c014af5924d160d2

SHA512
fc88c1e778e091ce42108d28148dac7bc439f34e7400c09c830e94bc205007626bf6aed955c1b1510f9bd609288ee7311c48b7614e3263f9abb64671aca0bb95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe

Filesize
184KB

MD5
7b81a49c578521660d85f008a8e99d36

SHA1
5453953a7a1f4a3731f923429c9879e17dc08d81

SHA256
3078c8809639411a1dc13cee1860ed0c557f38cae62f6d48ffc955ec63aed2cd

SHA512
68ed5ad7d6c9d34d35ebb3a1c6003c3426306a187f68c748a76886f5fc98bca0d145c009b0d98fd5b6ceff5b81b4680fa37b53f0ebc211adeaa0e9e6f646f092

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28375.exe

Filesize
184KB

MD5
9fe14fed4699780e912c80facb6893ef

SHA1
8c5fc1311d32623a96600c529f85ad493ad44b3e

SHA256
fe1547f6a5bf99c0cce408be7ea02fd54ddc3a02cadabf2f47bb223b28e460d6

SHA512
b8bb261c1e936dc49901c6399c087dd1e8965228c5d539f32682d3d5c8e5b3e02e20202ce03f437594039e02b24c8c995c964348257edc57c9e762b38bc0126e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3207.exe

Filesize
184KB

MD5
2b15f12affd74cc6b9d6330a24e2487f

SHA1
4ae558948eaa4d7d8f39dbe170be293568fea5cf

SHA256
dbff76b10e7b5e75db684d625f345ebadad04a70d31abe7857aa4b77e7ecaef5

SHA512
efacdee4dec7faf99b96bb45ad23177d0ee00daee0bb5c23ee9e66a4fbcba53d035e865b5df86ccf8bfcffa8389a214e2e9694deb4f465370c467286ee9446ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe

Filesize
184KB

MD5
12b73d7fc8ce70cde281b95e904cf3ec

SHA1
3d98e37554b36fb480c84e52e95e0f31464c43f6

SHA256
53abdd1f2aacdd22c1437e267400262ac073cec0dfbd1fc3ed2cf8a135818f11

SHA512
e828052823883fee500a9cdb42fb697ecd1bcf299f965e3021bed08392a0a8cced67f2a59b62c7b6c1e92c17406992b0328e5984597e6641f228ece147872d15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe

Filesize
184KB

MD5
c134982e675bdcf41a3d5d2435f37e2a

SHA1
46fccb1ccc9d03770573667553c0cceee5580d9c

SHA256
82d954e46ad22f22076ba91a808b133d38b72c12f0f94361f79eea5cde33e95f

SHA512
903e5999e3f1e9ddc7a39521a33cfac2097db87549312c57525cdea5348b3405d1c2c92b81b7b65ca805581aba233637af835a01bf3d8e25b28ced22a6cafb72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50270.exe

Filesize
184KB

MD5
bfd9bedd3cc2408fee5544bee2559a29

SHA1
e7fac01e14609d30deee2c0901887fcc228859d9

SHA256
0f428a6a28231ebca2eb843d3dcfde963388c2ed3f7e688f372c7a197a7f54b0

SHA512
3dfd654903692f166ef9d3f694317f48b565017657baabf482f317c243e66fe07b2186d354c68c80bd3e7f8f7bd7a0db8171d997c207d7f4d1970173227ae328

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53902.exe

Filesize
184KB

MD5
8918cb89e22da7744de923ace3caa9df

SHA1
81b25dc0c263de097bc565bc5dfc7b22e2482f70

SHA256
f9e7938e0e018cb7d34c89df27a6c7273a34a15a356d606466001912b5e470aa

SHA512
befceeb30dd1c238351d3782010e16fa6e1af86da990826f823eb2ee1b1a34683d994a9fc9e6e3991a30eb3a7ed7ca88ca37e867516b3919ff17e3643b83e3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe

Filesize
184KB

MD5
d2af5ffd96067bfe06a02eac146a72e5

SHA1
5abbfe92c10966a5490ebbf77ab20d870717e94a

SHA256
bca55c35815b7ecb01711c676d388b86f3b97c506a0b7eba584eb20b9c6b395e

SHA512
58b26fded9c835852ce7446367e9004ee0d361918faba64e4c78f90083f50f97281775701cd964d0917c979014397931e769130eff1716603369bbc085604e2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe

Filesize
184KB

MD5
b5d33b9839a958c6389524d0e2028617

SHA1
566a7b8bc08061c657cb8a07481dcb4608c293e3

SHA256
e4ef033241a3ee61a436f4f2d7199fa48cc119db5a73220e5c12e7f67d4efdac

SHA512
18d7fba61dfd95b2bac9c721962b9f4d8292c083fd09ac901354053541b3c7854c104f6085e0e3e0749e36c121b953d4a111b92eb4bf68fbd01f05b9e95a072b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads