1c6e5ed2422a228808e14e2879dc93fe2dc4076723790b3fed00e1e57cef80af

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/02/2024, 04:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
Size

184KB
MD5

9ab6da0d16bcd9ecf04c3e9e98267bdc
SHA1

dfa22e8bcd844190a885354cabf6259eae4e1be7
SHA256

1c6e5ed2422a228808e14e2879dc93fe2dc4076723790b3fed00e1e57cef80af
SHA512

1b02793a7dbb3aeb89bc3bc7c3825e34627c8c61d7b8d722457b34d7831cb4daa97c0cec73b87f327984bf479b71d8d469ce1216a1d30ca09ea5b7181c333556
SSDEEP

3072:v0CYomu+Nsr3tOjRo3yK6J+LQrTMC2ZPZxxvLFvg9lvvpFB:v0poyW3tGoiK6J3Kl69lvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1824	Unicorn-49181.exe
772	Unicorn-54529.exe
2092	Unicorn-51000.exe
2648	Unicorn-26434.exe
2336	Unicorn-58530.exe
2700	Unicorn-7061.exe
2516	Unicorn-64851.exe
3024	Unicorn-61514.exe
1396	Unicorn-31795.exe
1632	Unicorn-65536.exe
2444	Unicorn-45671.exe
2180	Unicorn-18801.exe
1988	Unicorn-63595.exe
1652	Unicorn-34753.exe
2156	Unicorn-50705.exe
2320	Unicorn-31031.exe
1268	Unicorn-57441.exe
1168	Unicorn-54104.exe
696	Unicorn-24769.exe
2008	Unicorn-43186.exe
2060	Unicorn-10513.exe
1552	Unicorn-39848.exe
764	Unicorn-22936.exe
1324	Unicorn-25506.exe
1076	Unicorn-41301.exe
240	Unicorn-41301.exe
2332	Unicorn-61167.exe
2976	Unicorn-61167.exe
2160	Unicorn-22686.exe
1344	Unicorn-2820.exe
2364	Unicorn-22686.exe
2380	Unicorn-2820.exe
1732	Unicorn-54766.exe
1776	Unicorn-9094.exe
3060	Unicorn-44082.exe
940	Unicorn-3642.exe
2788	Unicorn-3642.exe
2804	Unicorn-20280.exe
772	Unicorn-36507.exe
2892	Unicorn-41598.exe
3044	Unicorn-6759.exe
1504	Unicorn-17980.exe
1496	Unicorn-17980.exe
2336	Unicorn-55051.exe
2004	Unicorn-58601.exe
1232	Unicorn-4657.exe
1768	Unicorn-25408.exe
2128	Unicorn-64982.exe
2704	Unicorn-31215.exe
2832	Unicorn-55138.exe
2272	Unicorn-42523.exe
2020	Unicorn-57873.exe
2980	Unicorn-63768.exe
2360	Unicorn-47432.exe
2588	Unicorn-27505.exe
3000	Unicorn-10592.exe
2180	Unicorn-59793.exe
2736	Unicorn-59409.exe
2920	Unicorn-23207.exe
2828	Unicorn-26737.exe
944	Unicorn-18974.exe
2516	Unicorn-11853.exe
2592	Unicorn-32845.exe
2656	Unicorn-16186.exe

Loads dropped DLL 64 IoCs

pid	Process
2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
1824	Unicorn-49181.exe
1824	Unicorn-49181.exe
2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
2092	Unicorn-51000.exe
2092	Unicorn-51000.exe
772	Unicorn-54529.exe
772	Unicorn-54529.exe
1824	Unicorn-49181.exe
1824	Unicorn-49181.exe
2648	Unicorn-26434.exe
2648	Unicorn-26434.exe
2092	Unicorn-51000.exe
2092	Unicorn-51000.exe
2336	Unicorn-58530.exe
2336	Unicorn-58530.exe
2700	Unicorn-7061.exe
772	Unicorn-54529.exe
2700	Unicorn-7061.exe
772	Unicorn-54529.exe
2516	Unicorn-64851.exe
2516	Unicorn-64851.exe
2648	Unicorn-26434.exe
2648	Unicorn-26434.exe
3024	Unicorn-61514.exe
3024	Unicorn-61514.exe
1396	Unicorn-31795.exe
1396	Unicorn-31795.exe
2336	Unicorn-58530.exe
2336	Unicorn-58530.exe
2444	Unicorn-45671.exe
2444	Unicorn-45671.exe
1632	Unicorn-65536.exe
1632	Unicorn-65536.exe
2700	Unicorn-7061.exe
2700	Unicorn-7061.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
2180	Unicorn-18801.exe
2180	Unicorn-18801.exe
1652	Unicorn-34753.exe
1652	Unicorn-34753.exe
3024	Unicorn-61514.exe
3024	Unicorn-61514.exe
2516	Unicorn-64851.exe
2516	Unicorn-64851.exe
2320	Unicorn-31031.exe
2320	Unicorn-31031.exe
1396	Unicorn-31795.exe
2444	Unicorn-45671.exe
1396	Unicorn-31795.exe
2444	Unicorn-45671.exe
1268	Unicorn-57441.exe
2156	Unicorn-50705.exe
2156	Unicorn-50705.exe
1268	Unicorn-57441.exe
2216	WerFault.exe
2216	WerFault.exe
2216	WerFault.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1804	1632	WerFault.exe	38
2216	696	WerFault.exe	43
1608	240	WerFault.exe	53
2824	1076	WerFault.exe	54

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
1824	Unicorn-49181.exe
2092	Unicorn-51000.exe
772	Unicorn-54529.exe
2648	Unicorn-26434.exe
2336	Unicorn-58530.exe
2700	Unicorn-7061.exe
2516	Unicorn-64851.exe
3024	Unicorn-61514.exe
1396	Unicorn-31795.exe
2444	Unicorn-45671.exe
1632	Unicorn-65536.exe
1988	Unicorn-63595.exe
2180	Unicorn-18801.exe
1652	Unicorn-34753.exe
2156	Unicorn-50705.exe
2320	Unicorn-31031.exe
1268	Unicorn-57441.exe
696	Unicorn-24769.exe
1168	Unicorn-54104.exe
2008	Unicorn-43186.exe
2060	Unicorn-10513.exe
764	Unicorn-22936.exe
240	Unicorn-41301.exe
1324	Unicorn-25506.exe
2976	Unicorn-61167.exe
2364	Unicorn-22686.exe
2380	Unicorn-2820.exe
1732	Unicorn-54766.exe
1076	Unicorn-41301.exe
3060	Unicorn-44082.exe
2332	Unicorn-61167.exe
2160	Unicorn-22686.exe
1344	Unicorn-2820.exe
1776	Unicorn-9094.exe
940	Unicorn-3642.exe
2804	Unicorn-20280.exe
2892	Unicorn-41598.exe
2788	Unicorn-3642.exe
1504	Unicorn-17980.exe
3044	Unicorn-6759.exe
2336	Unicorn-55051.exe
772	Unicorn-36507.exe
1232	Unicorn-4657.exe
1496	Unicorn-17980.exe
2004	Unicorn-58601.exe
1768	Unicorn-25408.exe
2128	Unicorn-64982.exe
2704	Unicorn-31215.exe
2832	Unicorn-55138.exe
2272	Unicorn-42523.exe
2020	Unicorn-57873.exe
2980	Unicorn-63768.exe
2360	Unicorn-47432.exe
2920	Unicorn-23207.exe
2180	Unicorn-59793.exe
3000	Unicorn-10592.exe
2736	Unicorn-59409.exe
2828	Unicorn-26737.exe
2588	Unicorn-27505.exe
944	Unicorn-18974.exe
2516	Unicorn-11853.exe
2592	Unicorn-32845.exe
2656	Unicorn-16186.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2392 wrote to memory of 1824	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	28
PID 2392 wrote to memory of 1824	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	28
PID 2392 wrote to memory of 1824	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	28
PID 2392 wrote to memory of 1824	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	28
PID 1824 wrote to memory of 772	1824	Unicorn-49181.exe	29
PID 1824 wrote to memory of 772	1824	Unicorn-49181.exe	29
PID 1824 wrote to memory of 772	1824	Unicorn-49181.exe	29
PID 1824 wrote to memory of 772	1824	Unicorn-49181.exe	29
PID 2392 wrote to memory of 2092	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	30
PID 2392 wrote to memory of 2092	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	30
PID 2392 wrote to memory of 2092	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	30
PID 2392 wrote to memory of 2092	2392	9ab6da0d16bcd9ecf04c3e9e98267bdc.exe	30
PID 2092 wrote to memory of 2648	2092	Unicorn-51000.exe	31
PID 2092 wrote to memory of 2648	2092	Unicorn-51000.exe	31
PID 2092 wrote to memory of 2648	2092	Unicorn-51000.exe	31
PID 2092 wrote to memory of 2648	2092	Unicorn-51000.exe	31
PID 772 wrote to memory of 2336	772	Unicorn-54529.exe	32
PID 772 wrote to memory of 2336	772	Unicorn-54529.exe	32
PID 772 wrote to memory of 2336	772	Unicorn-54529.exe	32
PID 772 wrote to memory of 2336	772	Unicorn-54529.exe	32
PID 1824 wrote to memory of 2700	1824	Unicorn-49181.exe	33
PID 1824 wrote to memory of 2700	1824	Unicorn-49181.exe	33
PID 1824 wrote to memory of 2700	1824	Unicorn-49181.exe	33
PID 1824 wrote to memory of 2700	1824	Unicorn-49181.exe	33
PID 2648 wrote to memory of 2516	2648	Unicorn-26434.exe	34
PID 2648 wrote to memory of 2516	2648	Unicorn-26434.exe	34
PID 2648 wrote to memory of 2516	2648	Unicorn-26434.exe	34
PID 2648 wrote to memory of 2516	2648	Unicorn-26434.exe	34
PID 2092 wrote to memory of 3024	2092	Unicorn-51000.exe	35
PID 2092 wrote to memory of 3024	2092	Unicorn-51000.exe	35
PID 2092 wrote to memory of 3024	2092	Unicorn-51000.exe	35
PID 2092 wrote to memory of 3024	2092	Unicorn-51000.exe	35
PID 2336 wrote to memory of 1396	2336	Unicorn-58530.exe	36
PID 2336 wrote to memory of 1396	2336	Unicorn-58530.exe	36
PID 2336 wrote to memory of 1396	2336	Unicorn-58530.exe	36
PID 2336 wrote to memory of 1396	2336	Unicorn-58530.exe	36
PID 2700 wrote to memory of 1632	2700	Unicorn-7061.exe	38
PID 2700 wrote to memory of 1632	2700	Unicorn-7061.exe	38
PID 2700 wrote to memory of 1632	2700	Unicorn-7061.exe	38
PID 2700 wrote to memory of 1632	2700	Unicorn-7061.exe	38
PID 772 wrote to memory of 2444	772	Unicorn-54529.exe	37
PID 772 wrote to memory of 2444	772	Unicorn-54529.exe	37
PID 772 wrote to memory of 2444	772	Unicorn-54529.exe	37
PID 772 wrote to memory of 2444	772	Unicorn-54529.exe	37
PID 2516 wrote to memory of 2180	2516	Unicorn-64851.exe	39
PID 2516 wrote to memory of 2180	2516	Unicorn-64851.exe	39
PID 2516 wrote to memory of 2180	2516	Unicorn-64851.exe	39
PID 2516 wrote to memory of 2180	2516	Unicorn-64851.exe	39
PID 2648 wrote to memory of 1988	2648	Unicorn-26434.exe	40
PID 2648 wrote to memory of 1988	2648	Unicorn-26434.exe	40
PID 2648 wrote to memory of 1988	2648	Unicorn-26434.exe	40
PID 2648 wrote to memory of 1988	2648	Unicorn-26434.exe	40
PID 3024 wrote to memory of 1652	3024	Unicorn-61514.exe	41
PID 3024 wrote to memory of 1652	3024	Unicorn-61514.exe	41
PID 3024 wrote to memory of 1652	3024	Unicorn-61514.exe	41
PID 3024 wrote to memory of 1652	3024	Unicorn-61514.exe	41
PID 1396 wrote to memory of 2156	1396	Unicorn-31795.exe	42
PID 1396 wrote to memory of 2156	1396	Unicorn-31795.exe	42
PID 1396 wrote to memory of 2156	1396	Unicorn-31795.exe	42
PID 1396 wrote to memory of 2156	1396	Unicorn-31795.exe	42
PID 2336 wrote to memory of 2320	2336	Unicorn-58530.exe	46
PID 2336 wrote to memory of 2320	2336	Unicorn-58530.exe	46
PID 2336 wrote to memory of 2320	2336	Unicorn-58530.exe	46
PID 2336 wrote to memory of 2320	2336	Unicorn-58530.exe	46

C:\Users\Admin\AppData\Local\Temp\9ab6da0d16bcd9ecf04c3e9e98267bdc.exe
"C:\Users\Admin\AppData\Local\Temp\9ab6da0d16bcd9ecf04c3e9e98267bdc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25408.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10592.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
        10⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36217.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44016.exe
        10⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 200
        7⤵
        Program crash
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8252.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
        12⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        10⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27514.exe
        11⤵
        
        PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47432.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24179.exe
        12⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        13⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        13⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
        14⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5121.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36793.exe
        11⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
        12⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        13⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 200
        6⤵
        Program crash
        
        PID:1608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2216
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54104.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17980.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27505.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41667.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13455.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        8⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49273.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46045.exe
        9⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
        10⤵
        
        PID:1528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2092
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43186.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        9⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12111.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30610.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37893.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
        9⤵
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22018.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45962.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53657.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        7⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7633.exe
        9⤵
        
        PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40850.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43689.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64504.exe
        12⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        8⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20311.exe
        8⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25480.exe
        9⤵
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36564.exe
        7⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20550.exe
        8⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30149.exe
        7⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31998.exe
        8⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-533.exe
        6⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
        7⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8930.exe
        8⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        7⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31256.exe
        8⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
        6⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        7⤵
        
        PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3642.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64982.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59793.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24790.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39179.exe
        11⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11369.exe
        12⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25890.exe
        13⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7456.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23207.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25715.exe
        10⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44929.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        12⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        13⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60949.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31759.exe
        11⤵
        
        PID:3036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55138.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18974.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11599.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4467.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57079.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        10⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11853.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59840.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15854.exe
        10⤵
        
        PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
      4⤵
      Executes dropped EXE
      PID:1552

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26434.exe

Filesize
184KB

MD5
e79a676f8b89c606c9af5e2a97414cd1

SHA1
3e988a973b8854e2a140c0bc61e34c5841370d67

SHA256
cb203bf14483b03b3b2aa1f55684c41cca0d22a49163680ef26ed7d94d0fc587

SHA512
1e8fb822f326e1ca6695b997169ae568c6b0abd6444097260123d485914fe599fae93b342a4e39651f2ccd47741dc840a12152ec598969fa6506337c7d71f02f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe

Filesize
184KB

MD5
efb23a76a53478df6e6381a340252440

SHA1
341c60b6a6cf56eaba67414e49c889deb5cd7f1f

SHA256
cba068ddbf8423edf4c06ec1484243272a7da7f333b550a4b87945d2349751c0

SHA512
43740af2fcef599ff5332f7cedffa6b2e1c2c2656e383d9d5b2b7dc81f03e8aa8db5c2f7c9d3d5b80ddb8add31a53a2e405912e46230e616bc39741c39cbaf2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe

Filesize
184KB

MD5
cb880e6da9c9fd4ba3f09af96af489ed

SHA1
5963e30442d8c22378eff59fd51c2bcfe93d9737

SHA256
875f5b1de2b125bc64ce639495eb04cda2acbd2dd9561339ac01d1d3208060e3

SHA512
58d121aafb81b6a0e2fff075eef7175dfa70d31f8707b850effe55c50c0bcce880b6606e3c7da1de57287c133d8bd198f6e07cd1b84c2baf84c6d5ab077f7ab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe

Filesize
128KB

MD5
6fbd3ecc99bf4bd8d6151bfd4b393543

SHA1
0d4adcf847d140c42fbeedf91415ba6ba1b3cefc

SHA256
96ed8351170c80acb89b78a6dd3862f7c284ee989d6252c7dfc6e2500f2a4d2c

SHA512
9b530a8bacc6e2cdaff5724bf201a02e5c375b5a8c9e71e24eb25d1d7cb411aca2ab4c411372746974e763ef1cca0e8aac9775e548dddd8a136ba04f1a8fcf12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57441.exe

Filesize
184KB

MD5
7c06c92e4f6b4651e46c649f5cd237f1

SHA1
4f54595dc69674ba2d7f01783a3ae9444eccda23

SHA256
5d94313d80f9f0e44dafbe75917e8848aecb79230562f0b49e4a98c029463fb3

SHA512
9366b09b5d57305138bdb3ff733abb67cb17b349c8efaae63ee86faf1cd06ec5cf9da9721f5c78274502b0a450dfd4d0ca75ef943c7dfca951392c56a11181ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63595.exe

Filesize
184KB

MD5
9e8a2a19d97425784297d23de4a91498

SHA1
fe6772943ad7af9355bebeeff970dd320e162bcc

SHA256
5f3aca691e9b6670676216574daf3ed550b5d5306314f1f84daee8b2e653920e

SHA512
5f6cbc7779d6b7c6cd8cea552acafdad52f270fb84150035c74584c7fcb472f30434704175940e75d4a92921f28ff12142769e3a4448508e06e0f610871cde21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
bea9966915423d7f15862f0eec189c9d

SHA1
d7d1cce935b72000b001f1dcbcd7b9f37d54e6a1

SHA256
9be8d5217cc4ddfb3988913c5cd4c1098027ca597b9ee429989692ddeafb3925

SHA512
874826218c605f4775b322dfde23e1ffc9c53e17a29d89a24de5c6366a0d6cde58f357ff3ffc12299d9157b0dd00bff6b84eb438a511a98eb108a57829b2d5ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18801.exe

Filesize
184KB

MD5
b77cc1513c8157e1d2e471e75034b653

SHA1
fa8461754ffca02cf1199758f68881dec47cf5df

SHA256
59bcd92ae114d957389b4da807132356435c9e4081024e19a363ab82c3c8e1e8

SHA512
9b8560fbd2de49095e7f34a53b2e5b3bd166563d18439ec18ecdf40258e88c0a2e6ca612ec58e5338d7282991abec08908d2b4ce4355ec4db1974a97635b3b87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24769.exe

Filesize
184KB

MD5
4d3c9f32d09ab7aacf2b0cd675e7caa0

SHA1
9edb8a158b9a06bc2c2094ae58fd198d32a1276d

SHA256
b98435c8812a304209ba732d125a6e69588ff8561bef717935b84f5ebc780c39

SHA512
9a8ac99fbe6af83e7bee41d0fa2364e0247fb36c0f92ceff27c1156e03680e05ada22451f829a76af30f7641684a8b76793dcd9a7e3c150d5d85a6d37fdde082

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe

Filesize
184KB

MD5
35423021141c11ba3ec1697768d07bb6

SHA1
bc829bb11e573e3e2455b5f81db221745d23a49a

SHA256
3a5e24c6e0bbea829dd1ea678d69f5b8469d497916d40293ab19b2c5f1130396

SHA512
231e1bf1b9ad6b0148f2145ef7bdc8e22dabd252754803c8364ef320fbfc0dcc433877ddb244d52d6ebbc6ae3cd9f1358901ba56cc6ce3277b5798b7c7a132b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe

Filesize
184KB

MD5
8bf7916b1100c2df80bfa7e941454229

SHA1
01ce44a8525660a82099d89a65e127378e5514fd

SHA256
b6bc7e2f6f7a065be71ec7df8abd9ac37a6f25cc047f2a378c4a15c6869f2e43

SHA512
3ca72edcf893891d4e9cbfe1fe016d1b1dbf41b214b1afc702cb5716a21011206906ed7e7d98b4516f3171b5960000dcc216f4736ab9a76004934d243917b55f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45671.exe

Filesize
184KB

MD5
795b0078e83a7e1de1b00386e9f55dc7

SHA1
bc44eb7ca3790d861bc8202e314da64068566c81

SHA256
eb7fe1e4f36d3ed0e6e00517f34fc82016fe430cdfe0ef1a9707de6a074af95b

SHA512
2f176b12ee4c6fe2d30c174bf409b9dcb525a6c007428700da8f1e8c351f64add599d2217f905839b2e569c38735ade72f8ebb091969dff2357ed892b54c4c21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49181.exe

Filesize
184KB

MD5
c0539097574f7fb88a347a87e3ff4895

SHA1
86ee9fdc0bda21a663ebbb3a0d20f79aa0629e0d

SHA256
aea5995339c68f17b60d0589a9a0688f0f7c3e38fb2b9bb0b1dd4b03953c0b19

SHA512
cc8129788fa2c50103281d85232eafe1ce95f7a49da69a9e516e96229967dc103c22759d02c069c683015c22af5ecd0a2c361cd02956225d263c05ba4534c742

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50705.exe

Filesize
184KB

MD5
9b96157b6ea9f1369dd10ab60e6af452

SHA1
76b78f23748d8fd1365300af7ec7daac74ceb210

SHA256
16c63b3b0e0c3e26d2b8a71bfc4d4f7a3beff9b222846068f2cfea973a2bf5db

SHA512
1fa4e8c79c63c64bdb554a1f4b6ea95496640b2e5cd390362761bea06e3cc31df3cf392d1566e45d75ca99e8cf45f1e69633d4a2727d4df6d740a145653672b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51000.exe

Filesize
184KB

MD5
c847c2460157c5ea6630143598bcaa9a

SHA1
7a9603409c0c347669a829706e8b4b89567af528

SHA256
94beee12550a0a3432c1ce49c491c789632154440df49df9d9daac0ef9142b86

SHA512
6a4d311d3ca25d67903ab0ab74c0fa07f7aea3f263f902aea9af38b76b2d54552eadbe50248a1bd143b7d172f15d1a0dda3eb6039536cd2b1352452219fa7b1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54529.exe

Filesize
184KB

MD5
977a2bd1ba21de53e8e7eeb1171fc59b

SHA1
c892d11060545e3e6a5df2040b8a47138b9dad65

SHA256
f595276d76de4b11b0d11535f0dee53293150b25c6ac17f55c0b918861444dfe

SHA512
d60217bbede97aa1f44ecea4226d982ab7fb2b754e73357c8cc0aedefd99e8c1423beeab89fc34a1bb7ea763eeb1cda791e4d097eed44cc2c1c62350a28d31bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe

Filesize
184KB

MD5
a2feb8598ad6046db1d5c64f8f4d592a

SHA1
99e4a974dbe49dc6e68089e7658f25bcfdffbb62

SHA256
644b3b8d1fab767a9d4de4fa97db9cd7c84668cce484836e5fc8e8d7be5b1baa

SHA512
d38461d6bb19a0e1b486efa5b11f5b53a09469270aa7ada474922094132269071e974f34e8752e2178ea5d717c9610b3291af8f30b9bb9047e56855b7086e813

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61514.exe

Filesize
184KB

MD5
69a27c7f4a696aab8fb060ba7589ff25

SHA1
1dc9a5723359f872a044af05f9e51eb90eb7a323

SHA256
73c179e27d578b538c24bc06766d2e8121a0864069d69b1e4e2e5568c9422fcf

SHA512
84e5bfe6dc15898f5cc3a026c0c87476f6315df292dee22b882be5b8c61c15d90968dca3e6980fbe0a657c028179df8e8334833107b13969f180fe2d5718168f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe

Filesize
184KB

MD5
2ec616c7d5ff471f157dd1dca0b274ca

SHA1
2952d01eebd9f9782b6ff43c88288fb0d879acfb

SHA256
2f7a0557442e57284a7876cbea1dd7ec51fecdb33e4736dd7fd98e12d9a84d45

SHA512
1aa460cfb08b0be7301ed094129524c020d90eaa81dab0ceac95d64a5d79edc34e81bb7e3c5cc3daf10a5c1a401dc93f89abc9b44ccd7d302d3e321a8493350e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65536.exe

Filesize
184KB

MD5
b31fa9a2fd87255bb7a9f0c3f0a6a650

SHA1
a83df1411699c271e3ad176a36467d6cafa9ddd6

SHA256
437c749bd04546c3ddf149f84891a16033bfd9bfaae6f2a3b0cc07d3cc342b2c

SHA512
2974cdb397c32f9b00a83a323b724f75adf52afc5b3884f73f4f6c35586700867e837a59728c2baf576f93783928827110d28a1cd84dd3f9b2320cb08a38319a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7061.exe

Filesize
184KB

MD5
ee02b9960b5641e6ca3b0f06eec9d546

SHA1
2c759e5cd19d266bdc47c647c29078da761dc20b

SHA256
18ee986843d8189aaa2eff0ffb5e77b8c2a60f2fd96de679558f57d5bf3549b8

SHA512
97a8f1d97f9aca63325e3df5220e0541a7116ad7e6b8d606dc8b8f3ade85cc477967568c5b8fd0862cbdffcddc8a1f2db5e83af883ac9062c97e5704ce682480

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads