ac09fbac0f681c64dc09ff4dd488af41f4331f82b6fb54ef9627883af5f0bfa4

Analysis

max time kernel
135s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

751bc75646c5a506f7da5fb288022213.exe
Size

184KB
MD5

751bc75646c5a506f7da5fb288022213
SHA1

2739ec0670ef2a967260933c0cc02864d47d6df3
SHA256

ac09fbac0f681c64dc09ff4dd488af41f4331f82b6fb54ef9627883af5f0bfa4
SHA512

b609a791e67dce981c3de0259ffa93b075db7f9ec2a4ffb4401308b68e767f7f7ea8198ccbd7d9ebedba57f8146fe86a34ebbac57195a00ae9797f59550e6861
SSDEEP

3072:gelPoMrfYA0bOjkdTAcoz4bBSp6NvuIjxYlp2PM17lPdppuT:gexoy50bTd0cozGfk77lPdp8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-62631.exeUnicorn-55589.exeUnicorn-11219.exeUnicorn-30566.exeUnicorn-18868.exeUnicorn-59154.exeUnicorn-14935.exeUnicorn-51884.exeUnicorn-32018.exeUnicorn-18143.exeUnicorn-64883.exeUnicorn-9756.exeUnicorn-13840.exeUnicorn-35007.exeUnicorn-42621.exeUnicorn-39283.exeUnicorn-59149.exeUnicorn-39497.exeUnicorn-19631.exeUnicorn-1993.exeUnicorn-15314.exeUnicorn-3233.exeUnicorn-48755.exeUnicorn-32419.exeUnicorn-61754.exeUnicorn-7914.exeUnicorn-28527.exeUnicorn-4577.exeUnicorn-48926.exeUnicorn-10519.exeUnicorn-35770.exeUnicorn-39300.exeUnicorn-47447.exeUnicorn-47084.exeUnicorn-11287.exeUnicorn-40622.exeUnicorn-40622.exeUnicorn-14795.exeUnicorn-52491.exeUnicorn-872.exeUnicorn-28885.exeUnicorn-13295.exeUnicorn-25917.exeUnicorn-26109.exeUnicorn-50784.exeUnicorn-54313.exeUnicorn-51573.exeUnicorn-26301.exeUnicorn-64873.exeUnicorn-20354.exeUnicorn-28522.exeUnicorn-19970.exeUnicorn-20908.exeUnicorn-1256.exeUnicorn-3633.exeUnicorn-17784.exeUnicorn-50670.exeUnicorn-60654.exeUnicorn-22575.exeUnicorn-22575.exeUnicorn-64354.exeUnicorn-18683.exeUnicorn-23343.exeUnicorn-19259.exe

pid	process
2540	Unicorn-62631.exe
2180	Unicorn-55589.exe
2756	Unicorn-11219.exe
2400	Unicorn-30566.exe
2640	Unicorn-18868.exe
2472	Unicorn-59154.exe
2248	Unicorn-14935.exe
2940	Unicorn-51884.exe
2916	Unicorn-32018.exe
1752	Unicorn-18143.exe
1656	Unicorn-64883.exe
1908	Unicorn-9756.exe
2592	Unicorn-13840.exe
976	Unicorn-35007.exe
688	Unicorn-42621.exe
2412	Unicorn-39283.exe
2404	Unicorn-59149.exe
2972	Unicorn-39497.exe
2256	Unicorn-19631.exe
1720	Unicorn-1993.exe
1876	Unicorn-15314.exe
1300	Unicorn-3233.exe
1988	Unicorn-48755.exe
1828	Unicorn-32419.exe
1980	Unicorn-61754.exe
948	Unicorn-7914.exe
2568	Unicorn-28527.exe
2484	Unicorn-4577.exe
984	Unicorn-48926.exe
1728	Unicorn-10519.exe
2980	Unicorn-35770.exe
1984	Unicorn-39300.exe
2300	Unicorn-47447.exe
2764	Unicorn-47084.exe
1736	Unicorn-11287.exe
2632	Unicorn-40622.exe
2780	Unicorn-40622.exe
2776	Unicorn-14795.exe
2744	Unicorn-52491.exe
2656	Unicorn-872.exe
2116	Unicorn-28885.exe
2900	Unicorn-13295.exe
1696	Unicorn-25917.exe
2576	Unicorn-26109.exe
2952	Unicorn-50784.exe
1328	Unicorn-54313.exe
2748	Unicorn-51573.exe
1156	Unicorn-26301.exe
668	Unicorn-64873.exe
2096	Unicorn-20354.exe
2392	Unicorn-28522.exe
1584	Unicorn-19970.exe
272	Unicorn-20908.exe
1588	Unicorn-1256.exe
3008	Unicorn-3633.exe
1920	Unicorn-17784.exe
2472	Unicorn-50670.exe
2496	Unicorn-60654.exe
1544	Unicorn-22575.exe
1552	Unicorn-22575.exe
1276	Unicorn-64354.exe
936	Unicorn-18683.exe
1628	Unicorn-23343.exe
2012	Unicorn-19259.exe

Loads dropped DLL 64 IoCs

Processes:

751bc75646c5a506f7da5fb288022213.exeUnicorn-62631.exeUnicorn-55589.exeUnicorn-11219.exeUnicorn-30566.exeUnicorn-18868.exeUnicorn-59154.exeUnicorn-32018.exeUnicorn-18143.exeUnicorn-51884.exeUnicorn-14935.exeUnicorn-64883.exeUnicorn-35007.exeUnicorn-13840.exeUnicorn-39283.exeUnicorn-39497.exeUnicorn-19631.exeUnicorn-59149.exeUnicorn-15314.exeUnicorn-1993.exe

pid	process
1736	751bc75646c5a506f7da5fb288022213.exe
1736	751bc75646c5a506f7da5fb288022213.exe
2540	Unicorn-62631.exe
1736	751bc75646c5a506f7da5fb288022213.exe
2540	Unicorn-62631.exe
1736	751bc75646c5a506f7da5fb288022213.exe
2540	Unicorn-62631.exe
2180	Unicorn-55589.exe
2756	Unicorn-11219.exe
2180	Unicorn-55589.exe
2540	Unicorn-62631.exe
2756	Unicorn-11219.exe
2400	Unicorn-30566.exe
2400	Unicorn-30566.exe
2180	Unicorn-55589.exe
2640	Unicorn-18868.exe
2640	Unicorn-18868.exe
2180	Unicorn-55589.exe
2472	Unicorn-59154.exe
2472	Unicorn-59154.exe
2756	Unicorn-11219.exe
2756	Unicorn-11219.exe
2916	Unicorn-32018.exe
2916	Unicorn-32018.exe
1752	Unicorn-18143.exe
1752	Unicorn-18143.exe
2472	Unicorn-59154.exe
2472	Unicorn-59154.exe
2940	Unicorn-51884.exe
2940	Unicorn-51884.exe
2640	Unicorn-18868.exe
2640	Unicorn-18868.exe
2248	Unicorn-14935.exe
2248	Unicorn-14935.exe
1656	Unicorn-64883.exe
1656	Unicorn-64883.exe
2400	Unicorn-30566.exe
2400	Unicorn-30566.exe
976	Unicorn-35007.exe
976	Unicorn-35007.exe
2592	Unicorn-13840.exe
2592	Unicorn-13840.exe
1752	Unicorn-18143.exe
1752	Unicorn-18143.exe
2412	Unicorn-39283.exe
2412	Unicorn-39283.exe
2972	Unicorn-39497.exe
2972	Unicorn-39497.exe
1656	Unicorn-64883.exe
1656	Unicorn-64883.exe
2256	Unicorn-19631.exe
2256	Unicorn-19631.exe
2404	Unicorn-59149.exe
2404	Unicorn-59149.exe
2940	Unicorn-51884.exe
2940	Unicorn-51884.exe
2248	Unicorn-14935.exe
2248	Unicorn-14935.exe
1876	Unicorn-15314.exe
1876	Unicorn-15314.exe
2592	Unicorn-13840.exe
2592	Unicorn-13840.exe
1720	Unicorn-1993.exe
1720	Unicorn-1993.exe

Program crash 4 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2944	272	WerFault.exe	Unicorn-20908.exe
624	2812	WerFault.exe	Unicorn-42471.exe
1380	1276	WerFault.exe	Unicorn-64192.exe
668	2728	WerFault.exe	Unicorn-492.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

751bc75646c5a506f7da5fb288022213.exeUnicorn-62631.exeUnicorn-11219.exeUnicorn-55589.exeUnicorn-18868.exeUnicorn-59154.exeUnicorn-30566.exeUnicorn-14935.exeUnicorn-32018.exeUnicorn-51884.exeUnicorn-18143.exeUnicorn-64883.exeUnicorn-13840.exeUnicorn-9756.exeUnicorn-35007.exeUnicorn-42621.exeUnicorn-39283.exeUnicorn-59149.exeUnicorn-19631.exeUnicorn-39497.exeUnicorn-15314.exeUnicorn-1993.exeUnicorn-3233.exeUnicorn-48755.exeUnicorn-32419.exeUnicorn-7914.exeUnicorn-61754.exeUnicorn-28527.exeUnicorn-48926.exeUnicorn-4577.exeUnicorn-10519.exeUnicorn-35770.exeUnicorn-39300.exeUnicorn-47447.exeUnicorn-47084.exeUnicorn-40622.exeUnicorn-11287.exeUnicorn-40622.exeUnicorn-52491.exeUnicorn-14795.exeUnicorn-25917.exeUnicorn-872.exeUnicorn-28885.exeUnicorn-13295.exeUnicorn-50784.exeUnicorn-54313.exeUnicorn-26109.exeUnicorn-64873.exeUnicorn-51573.exeUnicorn-26301.exeUnicorn-28522.exeUnicorn-20908.exeUnicorn-3633.exeUnicorn-20354.exeUnicorn-19970.exeUnicorn-1256.exeUnicorn-17784.exeUnicorn-50670.exeUnicorn-22575.exeUnicorn-64354.exeUnicorn-60654.exeUnicorn-22575.exeUnicorn-18683.exeUnicorn-57167.exe

pid	process
1736	751bc75646c5a506f7da5fb288022213.exe
2540	Unicorn-62631.exe
2756	Unicorn-11219.exe
2180	Unicorn-55589.exe
2640	Unicorn-18868.exe
2472	Unicorn-59154.exe
2400	Unicorn-30566.exe
2248	Unicorn-14935.exe
2916	Unicorn-32018.exe
2940	Unicorn-51884.exe
1752	Unicorn-18143.exe
1656	Unicorn-64883.exe
2592	Unicorn-13840.exe
1908	Unicorn-9756.exe
976	Unicorn-35007.exe
688	Unicorn-42621.exe
2412	Unicorn-39283.exe
2404	Unicorn-59149.exe
2256	Unicorn-19631.exe
2972	Unicorn-39497.exe
1876	Unicorn-15314.exe
1720	Unicorn-1993.exe
1300	Unicorn-3233.exe
1988	Unicorn-48755.exe
1828	Unicorn-32419.exe
948	Unicorn-7914.exe
1980	Unicorn-61754.exe
2568	Unicorn-28527.exe
984	Unicorn-48926.exe
2484	Unicorn-4577.exe
1728	Unicorn-10519.exe
2980	Unicorn-35770.exe
1984	Unicorn-39300.exe
2300	Unicorn-47447.exe
2764	Unicorn-47084.exe
2780	Unicorn-40622.exe
1736	Unicorn-11287.exe
2632	Unicorn-40622.exe
2744	Unicorn-52491.exe
2776	Unicorn-14795.exe
1696	Unicorn-25917.exe
2656	Unicorn-872.exe
2116	Unicorn-28885.exe
2900	Unicorn-13295.exe
2952	Unicorn-50784.exe
1328	Unicorn-54313.exe
2576	Unicorn-26109.exe
668	Unicorn-64873.exe
2748	Unicorn-51573.exe
1156	Unicorn-26301.exe
2392	Unicorn-28522.exe
272	Unicorn-20908.exe
3008	Unicorn-3633.exe
2096	Unicorn-20354.exe
1584	Unicorn-19970.exe
1588	Unicorn-1256.exe
1920	Unicorn-17784.exe
2472	Unicorn-50670.exe
1544	Unicorn-22575.exe
1276	Unicorn-64354.exe
2496	Unicorn-60654.exe
1552	Unicorn-22575.exe
936	Unicorn-18683.exe
2152	Unicorn-57167.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

751bc75646c5a506f7da5fb288022213.exeUnicorn-62631.exeUnicorn-55589.exeUnicorn-11219.exeUnicorn-30566.exeUnicorn-18868.exeUnicorn-59154.exeUnicorn-32018.exeUnicorn-18143.exeUnicorn-51884.exe

description	pid	process	target process
PID 1736 wrote to memory of 2540	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-62631.exe
PID 1736 wrote to memory of 2540	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-62631.exe
PID 1736 wrote to memory of 2540	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-62631.exe
PID 1736 wrote to memory of 2540	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-62631.exe
PID 2540 wrote to memory of 2180	2540	Unicorn-62631.exe	Unicorn-55589.exe
PID 2540 wrote to memory of 2180	2540	Unicorn-62631.exe	Unicorn-55589.exe
PID 2540 wrote to memory of 2180	2540	Unicorn-62631.exe	Unicorn-55589.exe
PID 2540 wrote to memory of 2180	2540	Unicorn-62631.exe	Unicorn-55589.exe
PID 1736 wrote to memory of 2756	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-11219.exe
PID 1736 wrote to memory of 2756	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-11219.exe
PID 1736 wrote to memory of 2756	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-11219.exe
PID 1736 wrote to memory of 2756	1736	751bc75646c5a506f7da5fb288022213.exe	Unicorn-11219.exe
PID 2180 wrote to memory of 2400	2180	Unicorn-55589.exe	Unicorn-30566.exe
PID 2180 wrote to memory of 2400	2180	Unicorn-55589.exe	Unicorn-30566.exe
PID 2180 wrote to memory of 2400	2180	Unicorn-55589.exe	Unicorn-30566.exe
PID 2180 wrote to memory of 2400	2180	Unicorn-55589.exe	Unicorn-30566.exe
PID 2540 wrote to memory of 2640	2540	Unicorn-62631.exe	Unicorn-18868.exe
PID 2540 wrote to memory of 2640	2540	Unicorn-62631.exe	Unicorn-18868.exe
PID 2540 wrote to memory of 2640	2540	Unicorn-62631.exe	Unicorn-18868.exe
PID 2540 wrote to memory of 2640	2540	Unicorn-62631.exe	Unicorn-18868.exe
PID 2756 wrote to memory of 2472	2756	Unicorn-11219.exe	Unicorn-59154.exe
PID 2756 wrote to memory of 2472	2756	Unicorn-11219.exe	Unicorn-59154.exe
PID 2756 wrote to memory of 2472	2756	Unicorn-11219.exe	Unicorn-59154.exe
PID 2756 wrote to memory of 2472	2756	Unicorn-11219.exe	Unicorn-59154.exe
PID 2400 wrote to memory of 2248	2400	Unicorn-30566.exe	Unicorn-14935.exe
PID 2400 wrote to memory of 2248	2400	Unicorn-30566.exe	Unicorn-14935.exe
PID 2400 wrote to memory of 2248	2400	Unicorn-30566.exe	Unicorn-14935.exe
PID 2400 wrote to memory of 2248	2400	Unicorn-30566.exe	Unicorn-14935.exe
PID 2640 wrote to memory of 2940	2640	Unicorn-18868.exe	Unicorn-51884.exe
PID 2640 wrote to memory of 2940	2640	Unicorn-18868.exe	Unicorn-51884.exe
PID 2640 wrote to memory of 2940	2640	Unicorn-18868.exe	Unicorn-51884.exe
PID 2640 wrote to memory of 2940	2640	Unicorn-18868.exe	Unicorn-51884.exe
PID 2180 wrote to memory of 2916	2180	Unicorn-55589.exe	Unicorn-32018.exe
PID 2180 wrote to memory of 2916	2180	Unicorn-55589.exe	Unicorn-32018.exe
PID 2180 wrote to memory of 2916	2180	Unicorn-55589.exe	Unicorn-32018.exe
PID 2180 wrote to memory of 2916	2180	Unicorn-55589.exe	Unicorn-32018.exe
PID 2472 wrote to memory of 1752	2472	Unicorn-59154.exe	Unicorn-18143.exe
PID 2472 wrote to memory of 1752	2472	Unicorn-59154.exe	Unicorn-18143.exe
PID 2472 wrote to memory of 1752	2472	Unicorn-59154.exe	Unicorn-18143.exe
PID 2472 wrote to memory of 1752	2472	Unicorn-59154.exe	Unicorn-18143.exe
PID 2756 wrote to memory of 1656	2756	Unicorn-11219.exe	Unicorn-64883.exe
PID 2756 wrote to memory of 1656	2756	Unicorn-11219.exe	Unicorn-64883.exe
PID 2756 wrote to memory of 1656	2756	Unicorn-11219.exe	Unicorn-64883.exe
PID 2756 wrote to memory of 1656	2756	Unicorn-11219.exe	Unicorn-64883.exe
PID 2916 wrote to memory of 1908	2916	Unicorn-32018.exe	Unicorn-9756.exe
PID 2916 wrote to memory of 1908	2916	Unicorn-32018.exe	Unicorn-9756.exe
PID 2916 wrote to memory of 1908	2916	Unicorn-32018.exe	Unicorn-9756.exe
PID 2916 wrote to memory of 1908	2916	Unicorn-32018.exe	Unicorn-9756.exe
PID 1752 wrote to memory of 2592	1752	Unicorn-18143.exe	Unicorn-13840.exe
PID 1752 wrote to memory of 2592	1752	Unicorn-18143.exe	Unicorn-13840.exe
PID 1752 wrote to memory of 2592	1752	Unicorn-18143.exe	Unicorn-13840.exe
PID 1752 wrote to memory of 2592	1752	Unicorn-18143.exe	Unicorn-13840.exe
PID 2472 wrote to memory of 976	2472	Unicorn-59154.exe	Unicorn-35007.exe
PID 2472 wrote to memory of 976	2472	Unicorn-59154.exe	Unicorn-35007.exe
PID 2472 wrote to memory of 976	2472	Unicorn-59154.exe	Unicorn-35007.exe
PID 2472 wrote to memory of 976	2472	Unicorn-59154.exe	Unicorn-35007.exe
PID 2940 wrote to memory of 688	2940	Unicorn-51884.exe	Unicorn-42621.exe
PID 2940 wrote to memory of 688	2940	Unicorn-51884.exe	Unicorn-42621.exe
PID 2940 wrote to memory of 688	2940	Unicorn-51884.exe	Unicorn-42621.exe
PID 2940 wrote to memory of 688	2940	Unicorn-51884.exe	Unicorn-42621.exe
PID 2640 wrote to memory of 2412	2640	Unicorn-18868.exe	Unicorn-39283.exe
PID 2640 wrote to memory of 2412	2640	Unicorn-18868.exe	Unicorn-39283.exe
PID 2640 wrote to memory of 2412	2640	Unicorn-18868.exe	Unicorn-39283.exe
PID 2640 wrote to memory of 2412	2640	Unicorn-18868.exe	Unicorn-39283.exe

C:\Users\Admin\AppData\Local\Temp\751bc75646c5a506f7da5fb288022213.exe
"C:\Users\Admin\AppData\Local\Temp\751bc75646c5a506f7da5fb288022213.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44915.exe
9⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12237.exe
10⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
10⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11820.exe
11⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
12⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28936.exe
13⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20649.exe
14⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19259.exe
8⤵
- Executes dropped EXE
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22627.exe
9⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3439.exe
10⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47098.exe
11⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
12⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
13⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
14⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
15⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
16⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48926.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58044.exe
8⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33364.exe
9⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49944.exe
10⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55079.exe
11⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
12⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64192.exe
13⤵
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 188
14⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19631.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
9⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
10⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49560.exe
11⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
12⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
13⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11104.exe
14⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
15⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
16⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
12⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23404.exe
13⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
14⤵
PID:524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
8⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8506.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
10⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
11⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62282.exe
12⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
13⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42869.exe
14⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
15⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9667.exe
16⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
17⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31124.exe
11⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58250.exe
12⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
13⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
14⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
15⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
16⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59750.exe
14⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-207.exe
15⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
8⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
10⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
11⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23881.exe
12⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
13⤵
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
14⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
14⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8899.exe
15⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
16⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12681.exe
10⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
11⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
12⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
13⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
14⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
15⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
6⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
8⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51542.exe
8⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
9⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
10⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39262.exe
11⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
12⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
13⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60897.exe
14⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
15⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
10⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
11⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9101.exe
12⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
13⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36528.exe
14⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29180.exe
15⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4577.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54313.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35787.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
8⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61620.exe
9⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33175.exe
10⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
11⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50321.exe
12⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
13⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
14⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
6⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28931.exe
7⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1773.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48769.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49532.exe
10⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28422.exe
11⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33077.exe
12⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
13⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48755.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22575.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19254.exe
8⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
9⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
10⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10310.exe
11⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
12⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
13⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
14⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
15⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52491.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57167.exe
6⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42471.exe
7⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
8⤵
- Program crash
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15314.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10519.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15767.exe
9⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
10⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33507.exe
11⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
12⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5017.exe
13⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43990.exe
14⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46040.exe
15⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
16⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
17⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35021.exe
10⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18681.exe
11⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
12⤵
PID:432

C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34499.exe
13⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
14⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
11⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
12⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
13⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
14⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17784.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12808.exe
8⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
9⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49459.exe
10⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
11⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32978.exe
12⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
13⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
14⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
9⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15188.exe
10⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9812.exe
11⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
12⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21915.exe
13⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
14⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25777.exe
8⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
9⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14757.exe
10⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
11⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
12⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31150.exe
13⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
14⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4955.exe
15⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
16⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26122.exe
14⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25847.exe
15⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
16⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34876.exe
12⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
13⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
14⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
15⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3233.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51573.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11282.exe
8⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20977.exe
9⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17054.exe
10⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8670.exe
11⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
12⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61810.exe
13⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61613.exe
14⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38448.exe
15⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
16⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
7⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
9⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58587.exe
10⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
11⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43948.exe
12⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38214.exe
13⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
14⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
15⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15780.exe
16⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43269.exe
17⤵
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
15⤵
- Program crash
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
11⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20778.exe
12⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
13⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
14⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 200
7⤵
- Program crash
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39300.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26301.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48797.exe
9⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
10⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3631.exe
11⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
12⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44535.exe
13⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18163.exe
14⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
15⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
7⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
9⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5297.exe
10⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
11⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
12⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
13⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59626.exe
14⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47447.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20354.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
7⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35370.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
9⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
10⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28749.exe
11⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
12⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
13⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-64883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64883.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32419.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11287.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3633.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36166.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-829.exe
10⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
11⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26528.exe
12⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39543.exe
13⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
14⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64941.exe
7⤵
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46314.exe
8⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
10⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51016.exe
11⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41027.exe
12⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
13⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5225.exe
14⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
6⤵
- Executes dropped EXE
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
8⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23769.exe
9⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28520.exe
10⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
11⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
12⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64550.exe
13⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
14⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5334.exe
15⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
16⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
17⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61754.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50670.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
10⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
11⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51369.exe
12⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27794.exe
13⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
14⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6512.exe
15⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
11⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2573.exe
12⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3912.exe
13⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
14⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
9⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29475.exe
10⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
11⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17400.exe
12⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
13⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
14⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8345.exe
6⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
7⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
8⤵
PID:456

C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40383.exe
9⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
10⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
11⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
12⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53492.exe
13⤵
PID:1808

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
Filesize
184KB

MD5
a2434dc0e33645b54c2223fcb406d513

SHA1
6aab68ec14ddde0092b8ebb6c6661330aa0ccb78

SHA256
389dfa2fa59158728a2469cfe5da601c51b6c87acfb879cbab24d0e6e1263be3

SHA512
5dea2d711272b08149d2d9e26c4112d37fbe40e58273c78cf1af39cef5d5086cee2437628f2736a6cc455e2f3abf2aa5955cdfcba872976387c673824bc5edc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18868.exe
Filesize
184KB

MD5
b7d2071788dd878ff22fbc055bb3e8c8

SHA1
55745700f853551f2053973e4ecc8e26b1587d7b

SHA256
cfe7018a3e9973cdcc3b4bf3c3f7e86125732479f5bf3cece31dedd3dee46785

SHA512
89926c69ff2765db082e0bf13f94589d9091e2960518b06acc45ec788fd79a7f5f4e7f76d838854b96c0c81f9ef5bf6cf9d7bb4eac51a27b497db1c1a3e83755

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
Filesize
184KB

MD5
9b5967d880a2f796037f0356992736c2

SHA1
8a71056d2177893655eade184cefcbdf572c08ff

SHA256
597261fa645d7eb09ec521c363735eb6b6096a84505ad57c1cba6d9f8429c2fa

SHA512
459a2b725934a01b8d0390455ed87b76c082e8989da6b76e0b3bf307ca794462d27144b0f7f60497a0481c374baf5904e3d28ea20fa365599a80f7e389db7f55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32018.exe
Filesize
184KB

MD5
885b2a5e800e3a5618501887b6b6f066

SHA1
09b672d1fc4c61e90a2b9c2f1275101daf3eae3e

SHA256
ab2839d8ef25c461c0d3d082470b2c1b2f789a7e0215ec9b51292cd1e188f3d3

SHA512
00de61a84f9b05ad0df07f5e651e3e0db8eb71de1d6b0a3b5bc7b0fab434b88319a954c77e86a09a785b8e1d11b21ad5661800d66fa6c8cbb07ac674ee283d46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
Filesize
184KB

MD5
8187a83bcbc08eea54d73dad0283700c

SHA1
6daaba442d9caa4a580339a46b0ff0d9d1b94d10

SHA256
9270f15920f538e7fc227ee75d1f7fe703297bd917d80307262fe7ceff4a41e0

SHA512
1593fdf70fe02de513f4a8ce633856b53e078bc035389ac79c18bfc4d167ed76fc8bef7b0379561c272c1ec626d16e00e7959dfc51c1a63d9a32329c22afc2a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42621.exe
Filesize
184KB

MD5
dbf2384cf1a9179481dab2edabe16fe8

SHA1
663b6d4effc9bee17574b19d480c4cb32f6d8b1f

SHA256
22d907a804b2008dd0ca7ecdb6ab444fea6fcfa471e53b982e0e464dfcffca44

SHA512
e7394527c46f14cefb152e22a428bca077f05ae729a10e7f829c8dda132fc3564bc7ca41ae99dc0ae1f59d451b50dbfd23739cd448cf7270d9bf5c6dbd3c12ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
Filesize
184KB

MD5
1c0f3556f58814ae6e58037399b91942

SHA1
bd6aa7e401d3b86614558631826b8105f0d91b73

SHA256
876d3e1b6e1a9635caaf3111cfeeaa49c1f102863bc1f4ea2c2c235ce3bfcf3a

SHA512
c552a60806e3aca716d2ad57b754f0cce00ad846a28740098dc759dbd7a3cd76374731f30cb58a0376aa7a8dee0da48789747fb2a41d7aadf5ee55d1c2c21f8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
Filesize
184KB

MD5
5c6a79df312f712ab5437f37647823e6

SHA1
b0dcc21f282e09e0eb6a8be9023dc6b7428705ef

SHA256
5b1b7950861ae0a9cb34f086068507472cfa8e1affd6894a5494697db3148acd

SHA512
9ac623c07ebef49fb05665e1a9797b3944cd55fe630cc6363ec0ca6cd984b82bedb2cfb20ee35936db51da0943f485aa39787f5a72b1e0478f5e30608a72a31f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13840.exe
Filesize
184KB

MD5
f1533200cfb711fa434157b6486a6ac4

SHA1
872a89029d053f5d01169532ffce92d732c3157c

SHA256
13c506811263768c6e596b933dbc739a19f85836b190b8c756fd5418c3a38a67

SHA512
940ab1649c97a77fbed38b1c2d6d652e65b7d274f108312a5f0c22246eaa2573d113d7b05bfbf6b95fedda5333a3c7dbe8680ab80bcb0c136318651e84d4b0cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
Filesize
184KB

MD5
8b9640448805b7e6e2a376eb86deb1cd

SHA1
54b03bc2cb5ac399d9c2c976ad56fa74f18dbeb7

SHA256
2ca7f4eabb35b715148da406c3207c98690a3c6bbcbdfcad3d81e3333c71a0ba

SHA512
6e478a6f73d8e461d4fc93df7039d0b39dae76475cb3a648f7f9f8d2c70fa96c7412d9b12e0d09f27a94a99edfb66bde0039364c7eac83fe57ee078fa659a468

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30566.exe
Filesize
184KB

MD5
0222d8dbfdaec5293ec2066bf22dc46b

SHA1
fd5686b3508ac3c3eb5c5eeef3bfeac77a3f75bf

SHA256
275e44c295ed9640dafc0b75dae4ef1eb2659819e1703b3ebe73b2229af12962

SHA512
b3bc846761c05de2f39b2c686e27ef8299a58e797bf0eb138e0899331d93bd5311509b85958a2bace5c84de6bb0633eecf4b64525f19aaae68789d3aaf4158be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35007.exe
Filesize
184KB

MD5
8557dce5ef2f78300b902a8046367de2

SHA1
3da8041efadb8a44ce498ff4349e91073d323754

SHA256
8d1a28c753e14b2753548878350f573e3a68a6e65212f07417cd0e76f05a8c55

SHA512
8c6420472a44de25139728fec621062bdd245a4c43a14a7e724f99d22dd596ce26fea1287b5450ed30288a97faa47ef97345ec9b9de940769f1c33fbb7753b3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39497.exe
Filesize
184KB

MD5
472430cd59f5230019608bf14fbca6d1

SHA1
d51912492029a3a289c0f798658c748517b6561c

SHA256
cf77ea1d7e6191a0e06de0e373d74205f10753fa0754da06d24335f4fba37255

SHA512
785645da220d949c71e9eb3c22df7b680cb46c6dfac277da82375543f5d97ab09461cfac9541f6efec61d6f83661d10959044a22e34a1a0ff7530c38bc5cf475

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51884.exe
Filesize
184KB

MD5
bdf7d154e894178d92204406928bd70d

SHA1
e361d1eb533d0504a342f1efa676c4fb8b32cb9d

SHA256
a4eb87c79b210c1556fc145e60954a817462661679832d927d918ee634239a4f

SHA512
0396bc9aa059b7434f19948fea39e16df6c7aac44819431eb812ff21500a60386cd7923ded423228a62897585e265650fa5c8d3f5db01bdc8cecb751a2225ad7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55589.exe
Filesize
184KB

MD5
ff8e193398a0791148dbc933adb3f00d

SHA1
f50d7ff919bf1c8e182b86dfa67457dbfafaa503

SHA256
630369607bcffeaee838425b79e7a21ee729be35fbbcece80c6d937ab7ab65d8

SHA512
1bcaf568c628370edd532f34f3a71fd6f515d60e0e27a4715e440e064e348f4a3da3c0994cbecf943684371ac14382b0d48c869b8ff827cf4533c6ebc06efd8b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59149.exe
Filesize
184KB

MD5
773ec6584ada88251aacf5c76d56e419

SHA1
f43060c725eb6718bba774253f4dccc843b6332e

SHA256
f0d28bc5827960538f55a48167a9dd745d56df99113eb34b8bb0bd06dc86faa4

SHA512
e0bd8e37ae693b4d689a347fd9430f79c7db401d4ac707c01653d08c22b31df4142bb0b16b7012ed9cbeac7d661df3963f31a54b12269ab57d00ea614ad4c283

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59154.exe
Filesize
184KB

MD5
575ee5b6b9b8035a17b5474210aee73d

SHA1
8ee80468982725c0d24126c1164351b4c5cf53bd

SHA256
f91d5f35fe4e483d6a8bc1caf68aa926d8edcbe02a129b9b9ebef626e6258d45

SHA512
d5a2825e152dc9c40d320151ca1cada579235bbafa6740a8d946ed6e78d790dfd7e304a7e5cc8ccefea2c4d3011ab1a4dc539a3c18b46019b716cb511a518720

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62631.exe
Filesize
184KB

MD5
435212d62ec64c3c2a921d343f87197a

SHA1
65ede841476c16f3b0c67ba79f53fbbe0bbc7434

SHA256
59f58c96d085b6deb24e977bdba2e37e15ca2460605e7be15052b15e83c92e21

SHA512
e99a8b107f14e3325f2f81ebae8bfa8eac4d6fd21c174d3a5520e6ec7789202298a4d1d05aa8853ff49953d65468320d17803f18122a05f56613ea9f40aab4ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64883.exe
Filesize
184KB

MD5
101ba1d630987a95074db9b5fad1528f

SHA1
4a8ef67927917e25dd4e5817cce1bdf80f027583

SHA256
fb436512e61b5d44c22ec5471c78daddba5d13cc3ad1889057d8f9edb9603776

SHA512
a3e6156f98477ada5f7027cc732b6473321b71dfb556b408327291ef22bf616c0456087fe196624b4536e42b60ba7ace273b5dd2a1970ceac752357dc58a6042

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9756.exe
Filesize
184KB

MD5
a7e75f830235e410999db8f57ae843bc

SHA1
8c07e357afb8acbe814404c83e7bf6c2c9818c54

SHA256
0cd763dcd05fb418977740a11f34cb890c7958582aa22ff95fef27578beefbaf

SHA512
71709f14c5dfaa29e73702b862c1eb5f85814a522e770c7bb487eece4a5ba0e33d9787a45a5ba99c68d4423e8282c0f5f44b33bbdd6d45cbe2e3daf32aea8b33

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads