efa59f0101aafbc4e56d84071c5598407475da84b253b55ec86d53b136ebc05d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 02:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

71400472da91211edd497a37dc6a240c.exe
Size

184KB
MD5

71400472da91211edd497a37dc6a240c
SHA1

86f1fbfcf5fcef708af8425d06b97fb4921881ac
SHA256

efa59f0101aafbc4e56d84071c5598407475da84b253b55ec86d53b136ebc05d
SHA512

9c9a84bc0729a87ff8ea3a2219eafbf81b2caa4060054772e7aa70e0bfbd85aae3eac64e6fc06216452b6769d39817d8433a7baf35f22df404ee5e09970bfc90
SSDEEP

3072:h10JomqHo8A8k5ab7TWSk8db3Bp6PIzh3oLx+jdGxhlPv2Fk:h1Coqd8kc7iSk8n1TshlPv2F

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2452	Unicorn-61571.exe
2824	Unicorn-20996.exe
2728	Unicorn-17274.exe
2720	Unicorn-38837.exe
2596	Unicorn-3320.exe
1120	Unicorn-39330.exe
2684	Unicorn-64867.exe
2432	Unicorn-60954.exe
2020	Unicorn-64099.exe
1620	Unicorn-63907.exe
1724	Unicorn-27513.exe
2652	Unicorn-35706.exe
1208	Unicorn-14771.exe
2772	Unicorn-17341.exe
1524	Unicorn-49364.exe
2016	Unicorn-52509.exe
2392	Unicorn-1855.exe
2104	Unicorn-14662.exe
1632	Unicorn-42172.exe
2404	Unicorn-24994.exe
304	Unicorn-61004.exe
1488	Unicorn-366.exe
1196	Unicorn-45654.exe
540	Unicorn-48799.exe
1132	Unicorn-12213.exe
2460	Unicorn-30626.exe
2236	Unicorn-64559.exe
2152	Unicorn-16786.exe
2228	Unicorn-45929.exe
1712	Unicorn-24347.exe
2692	Unicorn-4948.exe
2688	Unicorn-24814.exe
2948	Unicorn-24814.exe
1732	Unicorn-4948.exe
2868	Unicorn-39889.exe
2620	Unicorn-53189.exe
2644	Unicorn-57569.exe
2876	Unicorn-8368.exe
2704	Unicorn-24705.exe
3056	Unicorn-43864.exe
1916	Unicorn-45172.exe
2912	Unicorn-64388.exe
3028	Unicorn-60667.exe
524	Unicorn-62551.exe
2640	Unicorn-12125.exe
776	Unicorn-3340.exe
572	Unicorn-35830.exe
1528	Unicorn-55971.exe
1740	Unicorn-56573.exe
2316	Unicorn-44809.exe
2928	Unicorn-27705.exe
2008	Unicorn-41746.exe
2480	Unicorn-61612.exe
1060	Unicorn-61612.exe
1884	Unicorn-24725.exe
2308	Unicorn-44591.exe
1540	Unicorn-44591.exe
620	Unicorn-44591.exe
2352	Unicorn-62681.exe
1656	Unicorn-17010.exe
1472	Unicorn-51685.exe
2968	Unicorn-17010.exe
900	Unicorn-51685.exe
2964	Unicorn-51685.exe

Loads dropped DLL 64 IoCs

pid	Process
2512	71400472da91211edd497a37dc6a240c.exe
2512	71400472da91211edd497a37dc6a240c.exe
2452	Unicorn-61571.exe
2452	Unicorn-61571.exe
2512	71400472da91211edd497a37dc6a240c.exe
2512	71400472da91211edd497a37dc6a240c.exe
2824	Unicorn-20996.exe
2824	Unicorn-20996.exe
2452	Unicorn-61571.exe
2452	Unicorn-61571.exe
2728	Unicorn-17274.exe
2728	Unicorn-17274.exe
2720	Unicorn-38837.exe
2720	Unicorn-38837.exe
2824	Unicorn-20996.exe
2824	Unicorn-20996.exe
2596	Unicorn-3320.exe
2596	Unicorn-3320.exe
1120	Unicorn-39330.exe
1120	Unicorn-39330.exe
2728	Unicorn-17274.exe
2728	Unicorn-17274.exe
2684	Unicorn-64867.exe
2684	Unicorn-64867.exe
2720	Unicorn-38837.exe
2720	Unicorn-38837.exe
2020	Unicorn-64099.exe
2020	Unicorn-64099.exe
2596	Unicorn-3320.exe
2596	Unicorn-3320.exe
1724	Unicorn-27513.exe
1724	Unicorn-27513.exe
1620	Unicorn-63907.exe
1620	Unicorn-63907.exe
1120	Unicorn-39330.exe
1120	Unicorn-39330.exe
2652	Unicorn-35706.exe
2652	Unicorn-35706.exe
2684	Unicorn-64867.exe
2684	Unicorn-64867.exe
1208	Unicorn-14771.exe
1208	Unicorn-14771.exe
2772	Unicorn-17341.exe
2772	Unicorn-17341.exe
2020	Unicorn-64099.exe
2020	Unicorn-64099.exe
2392	Unicorn-1855.exe
2392	Unicorn-1855.exe
1620	Unicorn-63907.exe
1620	Unicorn-63907.exe
2104	Unicorn-14662.exe
2104	Unicorn-14662.exe
1524	Unicorn-49364.exe
1524	Unicorn-49364.exe
2016	Unicorn-52509.exe
2016	Unicorn-52509.exe
1724	Unicorn-27513.exe
1724	Unicorn-27513.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
892	2236	WerFault.exe	54

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2512	71400472da91211edd497a37dc6a240c.exe
2452	Unicorn-61571.exe
2824	Unicorn-20996.exe
2728	Unicorn-17274.exe
2720	Unicorn-38837.exe
2596	Unicorn-3320.exe
1120	Unicorn-39330.exe
2684	Unicorn-64867.exe
2020	Unicorn-64099.exe
1620	Unicorn-63907.exe
1724	Unicorn-27513.exe
2652	Unicorn-35706.exe
1208	Unicorn-14771.exe
1524	Unicorn-49364.exe
2772	Unicorn-17341.exe
2392	Unicorn-1855.exe
2016	Unicorn-52509.exe
2104	Unicorn-14662.exe
1632	Unicorn-42172.exe
2404	Unicorn-24994.exe
304	Unicorn-61004.exe
1488	Unicorn-366.exe
1196	Unicorn-45654.exe
540	Unicorn-48799.exe
1132	Unicorn-12213.exe
2460	Unicorn-30626.exe
2236	Unicorn-64559.exe
2152	Unicorn-16786.exe
2228	Unicorn-45929.exe
1712	Unicorn-24347.exe
2688	Unicorn-24814.exe
2692	Unicorn-4948.exe
1732	Unicorn-4948.exe
2948	Unicorn-24814.exe
2868	Unicorn-39889.exe
2620	Unicorn-53189.exe
2876	Unicorn-8368.exe
2704	Unicorn-24705.exe
3056	Unicorn-43864.exe
2644	Unicorn-57569.exe
2912	Unicorn-64388.exe
524	Unicorn-62551.exe
1916	Unicorn-45172.exe
3028	Unicorn-60667.exe
2640	Unicorn-12125.exe
776	Unicorn-3340.exe
572	Unicorn-35830.exe
1528	Unicorn-55971.exe
1740	Unicorn-56573.exe
900	Unicorn-51685.exe
1884	Unicorn-24725.exe
1656	Unicorn-17010.exe
2008	Unicorn-41746.exe
2308	Unicorn-44591.exe
2316	Unicorn-44809.exe
2424	Unicorn-23899.exe
2352	Unicorn-62681.exe
2968	Unicorn-17010.exe
1512	Unicorn-32036.exe
1472	Unicorn-51685.exe
2928	Unicorn-27705.exe
1112	Unicorn-4033.exe
1060	Unicorn-61612.exe
2984	Unicorn-33704.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2452	2512	71400472da91211edd497a37dc6a240c.exe	28
PID 2512 wrote to memory of 2452	2512	71400472da91211edd497a37dc6a240c.exe	28
PID 2512 wrote to memory of 2452	2512	71400472da91211edd497a37dc6a240c.exe	28
PID 2512 wrote to memory of 2452	2512	71400472da91211edd497a37dc6a240c.exe	28
PID 2452 wrote to memory of 2824	2452	Unicorn-61571.exe	29
PID 2452 wrote to memory of 2824	2452	Unicorn-61571.exe	29
PID 2452 wrote to memory of 2824	2452	Unicorn-61571.exe	29
PID 2452 wrote to memory of 2824	2452	Unicorn-61571.exe	29
PID 2512 wrote to memory of 2728	2512	71400472da91211edd497a37dc6a240c.exe	30
PID 2512 wrote to memory of 2728	2512	71400472da91211edd497a37dc6a240c.exe	30
PID 2512 wrote to memory of 2728	2512	71400472da91211edd497a37dc6a240c.exe	30
PID 2512 wrote to memory of 2728	2512	71400472da91211edd497a37dc6a240c.exe	30
PID 2824 wrote to memory of 2720	2824	Unicorn-20996.exe	31
PID 2824 wrote to memory of 2720	2824	Unicorn-20996.exe	31
PID 2824 wrote to memory of 2720	2824	Unicorn-20996.exe	31
PID 2824 wrote to memory of 2720	2824	Unicorn-20996.exe	31
PID 2452 wrote to memory of 2596	2452	Unicorn-61571.exe	32
PID 2452 wrote to memory of 2596	2452	Unicorn-61571.exe	32
PID 2452 wrote to memory of 2596	2452	Unicorn-61571.exe	32
PID 2452 wrote to memory of 2596	2452	Unicorn-61571.exe	32
PID 2728 wrote to memory of 1120	2728	Unicorn-17274.exe	33
PID 2728 wrote to memory of 1120	2728	Unicorn-17274.exe	33
PID 2728 wrote to memory of 1120	2728	Unicorn-17274.exe	33
PID 2728 wrote to memory of 1120	2728	Unicorn-17274.exe	33
PID 2720 wrote to memory of 2684	2720	Unicorn-38837.exe	34
PID 2720 wrote to memory of 2684	2720	Unicorn-38837.exe	34
PID 2720 wrote to memory of 2684	2720	Unicorn-38837.exe	34
PID 2720 wrote to memory of 2684	2720	Unicorn-38837.exe	34
PID 2824 wrote to memory of 2432	2824	Unicorn-20996.exe	35
PID 2824 wrote to memory of 2432	2824	Unicorn-20996.exe	35
PID 2824 wrote to memory of 2432	2824	Unicorn-20996.exe	35
PID 2824 wrote to memory of 2432	2824	Unicorn-20996.exe	35
PID 2596 wrote to memory of 2020	2596	Unicorn-3320.exe	36
PID 2596 wrote to memory of 2020	2596	Unicorn-3320.exe	36
PID 2596 wrote to memory of 2020	2596	Unicorn-3320.exe	36
PID 2596 wrote to memory of 2020	2596	Unicorn-3320.exe	36
PID 1120 wrote to memory of 1620	1120	Unicorn-39330.exe	38
PID 1120 wrote to memory of 1620	1120	Unicorn-39330.exe	38
PID 1120 wrote to memory of 1620	1120	Unicorn-39330.exe	38
PID 1120 wrote to memory of 1620	1120	Unicorn-39330.exe	38
PID 2728 wrote to memory of 1724	2728	Unicorn-17274.exe	37
PID 2728 wrote to memory of 1724	2728	Unicorn-17274.exe	37
PID 2728 wrote to memory of 1724	2728	Unicorn-17274.exe	37
PID 2728 wrote to memory of 1724	2728	Unicorn-17274.exe	37
PID 2684 wrote to memory of 2652	2684	Unicorn-64867.exe	39
PID 2684 wrote to memory of 2652	2684	Unicorn-64867.exe	39
PID 2684 wrote to memory of 2652	2684	Unicorn-64867.exe	39
PID 2684 wrote to memory of 2652	2684	Unicorn-64867.exe	39
PID 2720 wrote to memory of 1208	2720	Unicorn-38837.exe	40
PID 2720 wrote to memory of 1208	2720	Unicorn-38837.exe	40
PID 2720 wrote to memory of 1208	2720	Unicorn-38837.exe	40
PID 2720 wrote to memory of 1208	2720	Unicorn-38837.exe	40
PID 2020 wrote to memory of 2772	2020	Unicorn-64099.exe	41
PID 2020 wrote to memory of 2772	2020	Unicorn-64099.exe	41
PID 2020 wrote to memory of 2772	2020	Unicorn-64099.exe	41
PID 2020 wrote to memory of 2772	2020	Unicorn-64099.exe	41
PID 2596 wrote to memory of 1524	2596	Unicorn-3320.exe	42
PID 2596 wrote to memory of 1524	2596	Unicorn-3320.exe	42
PID 2596 wrote to memory of 1524	2596	Unicorn-3320.exe	42
PID 2596 wrote to memory of 1524	2596	Unicorn-3320.exe	42
PID 1724 wrote to memory of 2016	1724	Unicorn-27513.exe	43
PID 1724 wrote to memory of 2016	1724	Unicorn-27513.exe	43
PID 1724 wrote to memory of 2016	1724	Unicorn-27513.exe	43
PID 1724 wrote to memory of 2016	1724	Unicorn-27513.exe	43

C:\Users\Admin\AppData\Local\Temp\71400472da91211edd497a37dc6a240c.exe
"C:\Users\Admin\AppData\Local\Temp\71400472da91211edd497a37dc6a240c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64867.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3340.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        10⤵
        Executes dropped EXE
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15342.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4033.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39958.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52547.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60394.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27067.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7212.exe
        11⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        12⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        11⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40980.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14958.exe
        11⤵
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24994.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2038.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23020.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        10⤵
        
        PID:1464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55971.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2557.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36905.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51297.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34829.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
      4⤵
      Executes dropped EXE
      PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4093.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59952.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42857.exe
        11⤵
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        10⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3211.exe
        9⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
        10⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        7⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        8⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10175.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        9⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
        10⤵
        
        PID:868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:892
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33234.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2806.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14491.exe
        10⤵
        
        PID:296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61612.exe
        7⤵
        Executes dropped EXE
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
        9⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
        10⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        7⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31027.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52566.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27305.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        9⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10674.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
        9⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        6⤵
        Executes dropped EXE
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53294.exe
        7⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30067.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60087.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52039.exe
        8⤵
        
        PID:800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8160.exe
        8⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9075.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        10⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58873.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58425.exe
        10⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24725.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36958.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12936.exe
        10⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10041.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44576.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
        10⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45929.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12591.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
        8⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
        9⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50300.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34253.exe
        9⤵
        
        PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62681.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
        6⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        7⤵
        
        PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14771.exe

Filesize
184KB

MD5
21bd1b7860c2fa166623331dc57df842

SHA1
8320da1b459eed053da743247cf505381a0d051b

SHA256
ab1876ebcbc14b142f24f133bd4f659d4eff0ec843dd1f745a0b3f54f0a541fb

SHA512
b3647841a90d8ba766aa913f20e7aa16dcf7b20df689810b6b390011e80250047fed4379694029be85555a11d4668e6ef18d25b93d1bfa4b388e8fe05e3e9697

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe

Filesize
184KB

MD5
916cb99dc93233edc77bafba7ee4ba3d

SHA1
8a5f1aa354ef87fd61b695a34a16f2bb06158685

SHA256
83a7290e8faae86b88467e7b7d9eb8011c1c626a22b19d6061531da086236762

SHA512
25e5e87b79594590b4b4a40cf434aa03112de51a4d18a9affba461ef3b3d2a4e994018d0dd244feac1b4e104ae9c8db6677cf0c027debba4f69b0c645d6ec81d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1855.exe

Filesize
184KB

MD5
cea0aa9acf8fc8033f675a0121901840

SHA1
3d053ffa839a13fb9f9ff9df1373d5889609e0a1

SHA256
b7e05964c8d163ba52b3683db218b334cff7efded58741bafa30f2b75b3346eb

SHA512
7876dc38651f1e537626794b05aa00ecef8aee6493e8030039384e854d8acfef64935cb8cc6070e845859560d06f62cdbdd7f885ef9343a9d3a3c8c68473484e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe

Filesize
184KB

MD5
4232b5fec5322da5d5c708768607c817

SHA1
5d023f035855545f5613e4a5657766b7c1201cdb

SHA256
f6f329cf3ec7b96f41c1c409c31b8ba4db0553a426397abac52d85e4fecd8b5f

SHA512
a88c9f20ab3112a00f98d6847e3974e27539cc29da490b59abe0e676e655d8f89c7aa813ed05b61275fd5831a77bffd59da2a898c0952ba9d8b3a2061283056c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe

Filesize
184KB

MD5
768a3f4350336e8ddb322b0c3c0145d2

SHA1
18617ab92d0aa07db9e0f706ad037e12d4bcc3ab

SHA256
38ef18c42f53060ee581db4a4be146c89f18035f11f3c1a4f24b8f482dd12d95

SHA512
ade11dd55419209a4f371eb31a75cb283fa2670debaf7840ba1c02accc47f2218dda38510ac106561a861d212d2cf55d7404abe7c6eb1c7b8f6e4dd5c563af5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe

Filesize
8KB

MD5
cc99d33cd2c56fbc7a432dd66fa2a501

SHA1
75b8948f94f4783273dda2b043af106b01f2468c

SHA256
be273ea2c7a2eaec472965c2741ab4bf68c399dc1b8ac98aca436b6ca4a70fa1

SHA512
3f25d90f8e63950dcb38661f6e1d77570f11d506958c03ff1411e7ecfc135d83cb8845fb4e7c5f5d5c2bab1270c46e470fdb63a65775e2f857878a2682ad343d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52509.exe

Filesize
184KB

MD5
97b49638369b6adec97536a5599a68c3

SHA1
9f6ddbf6f5617400e29ef85c82446057e56065ee

SHA256
6cb02a5b49287782ca84109052b8f47d3a41c7646425bf16e25a78970b3f2d92

SHA512
329870b41545133344db21709e0654b83a412a1db389be68a3ff426ad081fff5a3da6590652967e9b2c071940e8e9bde679d14c323a43c06796cc5e89264f940

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe

Filesize
184KB

MD5
2c55fee15da62a43e764b5d79e2c85d1

SHA1
c82612b04b3daf581d4a80a4fb584ef6f4df8c8d

SHA256
bd54322ee14aba33c7b76bf5c4c4b7840224fced9aec39ae407035214964e9ca

SHA512
10b89cd14793d70e80bf5e6994b18bae2606db5dbf57ce46b52bac2476564da99682e7d65edc5702a99779bc280c7d780d84adb243808b53d19d968051597fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64099.exe

Filesize
184KB

MD5
41d7fc52f55967bad21bdc903e7c6225

SHA1
ffa46c905ecb39a1c28a1704306595426b5fe0cd

SHA256
d57ef771a9840a93a7b0927462cbe92c28180221bbf1d9abc26fb595c0c240a1

SHA512
8a27f76474ae8ad4431418fd7453897382bde525260f68ea20c742f74145c37051a99f29d65be384f7f3bfde25e23d67969e1ff9ffaadb9e2ed3fbc736345cbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14662.exe

Filesize
184KB

MD5
061d7ea1c784c9dfc539c2b9962eb273

SHA1
1023dc0b9d2c05d98e565efde4c4eff351bab7cc

SHA256
76abf5a1418648aaeef4da1b4c71552edd2864eb32489cdee73d24c4d4f26464

SHA512
86488255e097065214b55d774ba0565c4ff5b8b4f3baab4a42d8c3d557ac5efbda3318958540880bc35cca82643dc915b951f3466a1a62cc2111aa423a504df3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17274.exe

Filesize
184KB

MD5
2a88b8f016a879858fc51be9e467c387

SHA1
3d48963e83f2984af5bb6365094254ca499d6233

SHA256
9452f848e1e9e1acbb2d3c3316768d3bcc3158a3d23c61398b647f33565f407f

SHA512
db6d70ed527c9f7138f179abd5b059a8ad8518dd2f0063214baa27be830314f7537c7445c4d812eec4a0151b8608bc92c003014452fd3d7192e93292781c22ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe

Filesize
184KB

MD5
595329ab27bf5810330e2ba5a3b844a1

SHA1
5cc0fe9b85250e82c28d2388c0d9da2dc8622637

SHA256
c7213b94245ec8f4d3678ee0afbdb6c3f5904bbcf90dda9a667e224a4d88f15e

SHA512
833df204c096abb242c78a06fb0368a7f9b74de5e6a13ee29771f8b54e2588715e5cd42c17a658e9b8ed97953f33478d7abf6960e2ea7fc8ad9d29daf45a0f9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe

Filesize
184KB

MD5
e79fc7feccbb7362b3e8627efa6a5198

SHA1
c25a3a3d44e4f971100dc795d7ef33847fa3718b

SHA256
e83451236caf7c4bc7d7765c9036c0ae4e0233973978db6cbc54f06b0776ba01

SHA512
deb67220f2fc4aa041ddd4004d4969537568dd4b93cc2947b726eb262be71aa71bcb56659b5fb7c5fa644d831ab62b49c971b3534073fb9001b9779889e65de4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3320.exe

Filesize
184KB

MD5
012104d316feaf85ac406daebafe7979

SHA1
5ba1ef8e88ebaab3d7926e5b89f3678fd5792675

SHA256
35caae26efbbfc6bc638b9c71e39b8c3514161a18f8f1ff4f66fa7070106da2b

SHA512
86cd9fbdf72df4d1c1a87e68f04164ad123a258e5d50e76db804526062727e4e008c1f999344918e29ac4acb7e2f2eec5a77d3450cea6a3c3a27918f71c2c193

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35706.exe

Filesize
184KB

MD5
e189bb7ea364488a53301c4c04ff0ca5

SHA1
beb4d2407094c1d90e18745d9d1691ca6a85aa63

SHA256
84c749f43cbefe94faeaa6443861d94050c75100f78fe65aaa353753f3d314dd

SHA512
f948368dc65cc067fd9c9399b9d80ff75bc96e11792f98e2848345c29c341e34caa140c32a3253d26a4d168840f2a377205848e90f5b535b0d4bfc6055dc3407

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe

Filesize
184KB

MD5
4d6aac452f902505afdbbe8303361f03

SHA1
a8bb1a6f5f43848f0d7f6fdcfbf591f80bcc2c87

SHA256
5e1d564dd427fc6e00d8c9f31ae11cf89f4cfeae77fd8ca34ef8d8bf0e440c1b

SHA512
c12ecbc02a6961fff0bb58eb527dfa701c75940c8033df28e510f216e077c9dfb16f800795697a541cf9070c99f585e65b0b37497a95674a9834e607b65b81ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe

Filesize
169KB

MD5
6de10fec92f25ee67f7066e767fc4d62

SHA1
71cb8d05f7ade70d172fda8482869da61e95db0f

SHA256
92ac8051706c29f2bfa0060964d5170a66f9c7f7e178693790ac50a71e90ab3f

SHA512
bee585fdc9ec688613d601ce44ac2d9e79a3deee34ee040ed653a79de9b5ebd2580613bfd184d633894cce019df4aa464f38d9a588525a38c7ecacbd8656cbd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe

Filesize
45KB

MD5
55a223cba7e2549282ce1c73133b87ba

SHA1
a54575ddb55436e60be1f0168751f89cc8d16f1b

SHA256
fa2ea31153b4240800cb52864404bdceede27632abb6d11a84edb423565cea53

SHA512
f37eb33053ea30e48c9650f2c031fa3e6a56ae968af1b69bf55394b4ded813c5f81e397456e3c67653d0a7b67ac93e91b1b9e715fc6426118c8042af2f8e4494

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe

Filesize
184KB

MD5
1719a4733c4adfb6e3f488fd94a2ef41

SHA1
fca37b06a5d3d5c705b013c7bf85073eb3eb7d5e

SHA256
d725e47aacbae22b17e0c9eb3ec015e45c15b58d51498921c9fd1f986f403a1b

SHA512
fb835cde6f991bb2c1b887bd32c0d2340b5863ff0a7b674544870358d453aaec5adf7f406ad632f5e9d4ceafa68ed2792e1aaf1fad0d5a5a8a9d5030d02e563a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe

Filesize
184KB

MD5
7f2fff785942ae2ff08a6e5250b7c211

SHA1
fb58b7073f89daead04618962e7a5e67e209c488

SHA256
c6e91dcb10e0e1ad8410bd6ac77fe08cd57b68302580b071068d10d40467c76b

SHA512
013dc60595bc26be0dc6324ab6ad94c5e2f4feced41959e210ef9f046d7921fa162215a0b5bfa66c930f660095f6806695e6dc2107e2af93d1a4be05bc31b080

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63907.exe

Filesize
184KB

MD5
f1f49d230c1eff5a8bca217db07106d4

SHA1
46c963c03855071e33df9193d96647ea2dca3c2a

SHA256
7541c24c2ccefc3b6b390c6f5c2f1fe342157dd374bb9323d51d6fe6fb6d8e3a

SHA512
294c302b1f4e6ed40de8ada03ec3b8c50aa9e4c34be7bc11e15cad682c3a31b050a04f5a75d0e3d7f677912c6aa86fb85ce37fd890ca5a1c6044d6d312386951

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64867.exe

Filesize
184KB

MD5
092792839dfe4b2b65591ad5d2d542b1

SHA1
53cc74fed44742a74be96c19433d3bcc089d2aac

SHA256
82fcaf274656db4e2f8c8dd0bccf00a8543405a81a4a2143c82d2beef4470cd0

SHA512
a9e84047c66285c200b516cc678bf6638c3b2e6da92e0e4efd49754a76b06afc06cac647a8c689202671e2c395326a0fe3f5df61b9ebd1b1c870ce6867dc80b1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads