8bebfc8fe3d8350b6dccad45bcf44c74f3c01765ac7a7bae00501c555e2d79a6

Analysis

max time kernel
72s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-02-2024 23:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa77fc24b8754d9acb03ba672a830e69.exe
Size

184KB
MD5

aa77fc24b8754d9acb03ba672a830e69
SHA1

b35e2b2ecf6ae7d6ba1dee16a7e250541bae4cdd
SHA256

8bebfc8fe3d8350b6dccad45bcf44c74f3c01765ac7a7bae00501c555e2d79a6
SHA512

f5e33a1ded2870cd0bc80d5697dbee55d61c7e9fec5762d4403622df893141ecd3ab12fd988b0140bf58a2e78d772019333dfed7fe5f9c8948175d44fa84088f
SSDEEP

3072:kuRroT0xcOAEAmj3Mh2Oc8AMEXYM1xXldk7xKDP7VylPvpFv:kuhoxDEAIMYOc8i1BlylPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1580	Unicorn-49278.exe
2212	Unicorn-58598.exe
2520	Unicorn-3922.exe
2716	Unicorn-58489.exe
2472	Unicorn-46792.exe
2516	Unicorn-50404.exe
2956	Unicorn-42790.exe
2736	Unicorn-58572.exe
2128	Unicorn-2511.exe
2748	Unicorn-18848.exe
2776	Unicorn-41960.exe
2056	Unicorn-33321.exe
1976	Unicorn-52350.exe
2316	Unicorn-30367.exe
2020	Unicorn-54317.exe
480	Unicorn-23591.exe
1532	Unicorn-20659.exe
1588	Unicorn-62246.exe
1172	Unicorn-48370.exe
1720	Unicorn-60622.exe
1936	Unicorn-3061.exe
1804	Unicorn-26174.exe
548	Unicorn-23482.exe
868	Unicorn-42510.exe
2140	Unicorn-52023.exe
1932	Unicorn-52023.exe
676	Unicorn-6351.exe
576	Unicorn-6351.exe
2728	Unicorn-6351.exe
800	Unicorn-54545.exe
2508	Unicorn-64535.exe
2416	Unicorn-46009.exe
2280	Unicorn-49600.exe
2960	Unicorn-23726.exe
2592	Unicorn-48936.exe
1220	Unicorn-23638.exe
2080	Unicorn-24214.exe
2072	Unicorn-3409.exe
604	Unicorn-30052.exe
1416	Unicorn-53165.exe
1328	Unicorn-50472.exe
1424	Unicorn-50472.exe
568	Unicorn-24022.exe
1748	Unicorn-27805.exe
1292	Unicorn-34581.exe
1716	Unicorn-28381.exe
320	Unicorn-16683.exe
700	Unicorn-21967.exe
3028	Unicorn-61608.exe
3032	Unicorn-53269.exe
2176	Unicorn-60046.exe
1752	Unicorn-30711.exe
2668	Unicorn-8344.exe
2244	Unicorn-16513.exe
2980	Unicorn-62184.exe
2872	Unicorn-47239.exe
2436	Unicorn-17067.exe
2740	Unicorn-55770.exe
2680	Unicorn-63767.exe
2464	Unicorn-16766.exe
784	Unicorn-23311.exe
2056	Unicorn-51022.exe
2816	Unicorn-39132.exe
1256	Unicorn-1629.exe

Loads dropped DLL 64 IoCs

pid	Process
2168	aa77fc24b8754d9acb03ba672a830e69.exe
2168	aa77fc24b8754d9acb03ba672a830e69.exe
1580	Unicorn-49278.exe
1580	Unicorn-49278.exe
2168	aa77fc24b8754d9acb03ba672a830e69.exe
2168	aa77fc24b8754d9acb03ba672a830e69.exe
2212	Unicorn-58598.exe
2212	Unicorn-58598.exe
1580	Unicorn-49278.exe
1580	Unicorn-49278.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2716	Unicorn-58489.exe
2716	Unicorn-58489.exe
2212	Unicorn-58598.exe
2212	Unicorn-58598.exe
2472	Unicorn-46792.exe
2472	Unicorn-46792.exe
2956	Unicorn-42790.exe
2956	Unicorn-42790.exe
2736	Unicorn-58572.exe
2736	Unicorn-58572.exe
2472	Unicorn-46792.exe
2472	Unicorn-46792.exe
2128	Unicorn-2511.exe
2128	Unicorn-2511.exe
2956	Unicorn-42790.exe
2956	Unicorn-42790.exe
2748	Unicorn-18848.exe
2748	Unicorn-18848.exe
2736	Unicorn-58572.exe
2736	Unicorn-58572.exe
2776	Unicorn-41960.exe
2776	Unicorn-41960.exe
2056	Unicorn-33321.exe
2056	Unicorn-33321.exe
2128	Unicorn-2511.exe
2128	Unicorn-2511.exe
2316	Unicorn-30367.exe
2316	Unicorn-30367.exe
1976	Unicorn-52350.exe
1976	Unicorn-52350.exe
480	Unicorn-23591.exe
480	Unicorn-23591.exe
2776	Unicorn-41960.exe
2776	Unicorn-41960.exe
2020	Unicorn-54317.exe
2020	Unicorn-54317.exe
2748	Unicorn-18848.exe
2748	Unicorn-18848.exe
2316	Unicorn-30367.exe
2056	Unicorn-33321.exe
1532	Unicorn-20659.exe
1172	Unicorn-48370.exe
2316	Unicorn-30367.exe
1720	Unicorn-60622.exe
2056	Unicorn-33321.exe
1532	Unicorn-20659.exe
1172	Unicorn-48370.exe
1720	Unicorn-60622.exe
1976	Unicorn-52350.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2448	2520	WerFault.exe	30
2184	1588	WerFault.exe	46
1920	548	WerFault.exe	51
2424	2508	WerFault.exe	60
2088	2592	WerFault.exe	68
2316	2680	WerFault.exe	93
592	1572	WerFault.exe	111
3552	1548	WerFault.exe	132

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2168	aa77fc24b8754d9acb03ba672a830e69.exe
1580	Unicorn-49278.exe
2520	Unicorn-3922.exe
2212	Unicorn-58598.exe
2716	Unicorn-58489.exe
2472	Unicorn-46792.exe
2516	Unicorn-50404.exe
2956	Unicorn-42790.exe
2736	Unicorn-58572.exe
2128	Unicorn-2511.exe
2748	Unicorn-18848.exe
2776	Unicorn-41960.exe
2056	Unicorn-33321.exe
2316	Unicorn-30367.exe
480	Unicorn-23591.exe
1976	Unicorn-52350.exe
2020	Unicorn-54317.exe
1532	Unicorn-20659.exe
1588	Unicorn-62246.exe
1172	Unicorn-48370.exe
1720	Unicorn-60622.exe
1936	Unicorn-3061.exe
548	Unicorn-23482.exe
800	Unicorn-54545.exe
576	Unicorn-6351.exe
2508	Unicorn-64535.exe
1932	Unicorn-52023.exe
2960	Unicorn-23726.exe
868	Unicorn-42510.exe
2140	Unicorn-52023.exe
676	Unicorn-6351.exe
2416	Unicorn-46009.exe
2728	Unicorn-6351.exe
2280	Unicorn-49600.exe
2592	Unicorn-48936.exe
1220	Unicorn-23638.exe
2080	Unicorn-24214.exe
2072	Unicorn-3409.exe
1416	Unicorn-53165.exe
604	Unicorn-30052.exe
1424	Unicorn-50472.exe
1328	Unicorn-50472.exe
568	Unicorn-24022.exe
1748	Unicorn-27805.exe
1292	Unicorn-34581.exe
1716	Unicorn-28381.exe
320	Unicorn-16683.exe
700	Unicorn-21967.exe
3028	Unicorn-61608.exe
3032	Unicorn-53269.exe
2176	Unicorn-60046.exe
2668	Unicorn-8344.exe
2436	Unicorn-17067.exe
2980	Unicorn-62184.exe
1752	Unicorn-30711.exe
2872	Unicorn-47239.exe
2244	Unicorn-16513.exe
2740	Unicorn-55770.exe
2680	Unicorn-63767.exe
2464	Unicorn-16766.exe
784	Unicorn-23311.exe
2056	Unicorn-51022.exe
2816	Unicorn-39132.exe
3044	Unicorn-26326.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 1580	2168	aa77fc24b8754d9acb03ba672a830e69.exe	28
PID 2168 wrote to memory of 1580	2168	aa77fc24b8754d9acb03ba672a830e69.exe	28
PID 2168 wrote to memory of 1580	2168	aa77fc24b8754d9acb03ba672a830e69.exe	28
PID 2168 wrote to memory of 1580	2168	aa77fc24b8754d9acb03ba672a830e69.exe	28
PID 1580 wrote to memory of 2212	1580	Unicorn-49278.exe	29
PID 1580 wrote to memory of 2212	1580	Unicorn-49278.exe	29
PID 1580 wrote to memory of 2212	1580	Unicorn-49278.exe	29
PID 1580 wrote to memory of 2212	1580	Unicorn-49278.exe	29
PID 2168 wrote to memory of 2520	2168	aa77fc24b8754d9acb03ba672a830e69.exe	30
PID 2168 wrote to memory of 2520	2168	aa77fc24b8754d9acb03ba672a830e69.exe	30
PID 2168 wrote to memory of 2520	2168	aa77fc24b8754d9acb03ba672a830e69.exe	30
PID 2168 wrote to memory of 2520	2168	aa77fc24b8754d9acb03ba672a830e69.exe	30
PID 2212 wrote to memory of 2716	2212	Unicorn-58598.exe	32
PID 2212 wrote to memory of 2716	2212	Unicorn-58598.exe	32
PID 2212 wrote to memory of 2716	2212	Unicorn-58598.exe	32
PID 2212 wrote to memory of 2716	2212	Unicorn-58598.exe	32
PID 2520 wrote to memory of 2448	2520	Unicorn-3922.exe	31
PID 2520 wrote to memory of 2448	2520	Unicorn-3922.exe	31
PID 2520 wrote to memory of 2448	2520	Unicorn-3922.exe	31
PID 2520 wrote to memory of 2448	2520	Unicorn-3922.exe	31
PID 1580 wrote to memory of 2472	1580	Unicorn-49278.exe	33
PID 1580 wrote to memory of 2472	1580	Unicorn-49278.exe	33
PID 1580 wrote to memory of 2472	1580	Unicorn-49278.exe	33
PID 1580 wrote to memory of 2472	1580	Unicorn-49278.exe	33
PID 2716 wrote to memory of 2516	2716	Unicorn-58489.exe	34
PID 2716 wrote to memory of 2516	2716	Unicorn-58489.exe	34
PID 2716 wrote to memory of 2516	2716	Unicorn-58489.exe	34
PID 2716 wrote to memory of 2516	2716	Unicorn-58489.exe	34
PID 2212 wrote to memory of 2956	2212	Unicorn-58598.exe	35
PID 2212 wrote to memory of 2956	2212	Unicorn-58598.exe	35
PID 2212 wrote to memory of 2956	2212	Unicorn-58598.exe	35
PID 2212 wrote to memory of 2956	2212	Unicorn-58598.exe	35
PID 2472 wrote to memory of 2736	2472	Unicorn-46792.exe	36
PID 2472 wrote to memory of 2736	2472	Unicorn-46792.exe	36
PID 2472 wrote to memory of 2736	2472	Unicorn-46792.exe	36
PID 2472 wrote to memory of 2736	2472	Unicorn-46792.exe	36
PID 2956 wrote to memory of 2128	2956	Unicorn-42790.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-42790.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-42790.exe	37
PID 2956 wrote to memory of 2128	2956	Unicorn-42790.exe	37
PID 2736 wrote to memory of 2748	2736	Unicorn-58572.exe	38
PID 2736 wrote to memory of 2748	2736	Unicorn-58572.exe	38
PID 2736 wrote to memory of 2748	2736	Unicorn-58572.exe	38
PID 2736 wrote to memory of 2748	2736	Unicorn-58572.exe	38
PID 2472 wrote to memory of 2776	2472	Unicorn-46792.exe	39
PID 2472 wrote to memory of 2776	2472	Unicorn-46792.exe	39
PID 2472 wrote to memory of 2776	2472	Unicorn-46792.exe	39
PID 2472 wrote to memory of 2776	2472	Unicorn-46792.exe	39
PID 2128 wrote to memory of 2056	2128	Unicorn-2511.exe	40
PID 2128 wrote to memory of 2056	2128	Unicorn-2511.exe	40
PID 2128 wrote to memory of 2056	2128	Unicorn-2511.exe	40
PID 2128 wrote to memory of 2056	2128	Unicorn-2511.exe	40
PID 2956 wrote to memory of 1976	2956	Unicorn-42790.exe	41
PID 2956 wrote to memory of 1976	2956	Unicorn-42790.exe	41
PID 2956 wrote to memory of 1976	2956	Unicorn-42790.exe	41
PID 2956 wrote to memory of 1976	2956	Unicorn-42790.exe	41
PID 2748 wrote to memory of 2020	2748	Unicorn-18848.exe	43
PID 2748 wrote to memory of 2020	2748	Unicorn-18848.exe	43
PID 2748 wrote to memory of 2020	2748	Unicorn-18848.exe	43
PID 2748 wrote to memory of 2020	2748	Unicorn-18848.exe	43
PID 2736 wrote to memory of 2316	2736	Unicorn-58572.exe	42
PID 2736 wrote to memory of 2316	2736	Unicorn-58572.exe	42
PID 2736 wrote to memory of 2316	2736	Unicorn-58572.exe	42
PID 2736 wrote to memory of 2316	2736	Unicorn-58572.exe	42

C:\Users\Admin\AppData\Local\Temp\aa77fc24b8754d9acb03ba672a830e69.exe
"C:\Users\Admin\AppData\Local\Temp\aa77fc24b8754d9acb03ba672a830e69.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27805.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 188
        9⤵
        Program crash
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38913.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4029.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48487.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        9⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
        8⤵
        
        PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53269.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        13⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        12⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3287.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
        10⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60046.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28882.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48936.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
        10⤵
        Program crash
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53165.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15259.exe
        12⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34999.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63884.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39531.exe
        12⤵
        
        PID:3380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 380
        12⤵
        Program crash
        
        PID:3552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 372
        11⤵
        Program crash
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
        7⤵
        Program crash
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60622.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24022.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
        9⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        10⤵
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3409.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21967.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26326.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        9⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63116.exe
        10⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62706.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12114.exe
        10⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61608.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50830.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48726.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26179.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18938.exe
        9⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41409.exe
        10⤵
        
        PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 212
        8⤵
        Program crash
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24214.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51022.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
        11⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39132.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22577.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1629.exe
        8⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48918.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27765.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37028.exe
        8⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        9⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6351.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38804.exe
        12⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32541.exe
        13⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
        11⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20797.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36753.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55770.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        11⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30052.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8344.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42037.exe
        9⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47631.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51336.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
        9⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62184.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43464.exe
        9⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        10⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48762.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        8⤵
        
        PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 200
        8⤵
        Program crash
        
        PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
        5⤵
        Executes dropped EXE
        
        PID:1804
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2520
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18848.exe

Filesize
184KB

MD5
13d8a1076bf751eba0e9d15744875e29

SHA1
18b17769895a1408af9559ca5beac9f3949ede19

SHA256
4cc042fa5718121b20fa44a50273314966e054673ac937281a7a57df0b5e0a82

SHA512
c5891910d92355c62d86aa89363615b1a53af8bb9547e59cc2f601b830bda0b21a2efae429943be91807eed8ffb841a3e056ffca12729d8fa0a93c19c0d59700

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23591.exe

Filesize
184KB

MD5
c9e6762ad331d0a1c2235bec87de4559

SHA1
7e7efad0f09b57c70f34edf74a05a76092370e98

SHA256
f42cd85ead9e599fe3d39f1e34d156431afb1281ee8260da1c1412f5e44def1f

SHA512
9125539a4ff09f7ac47fe5ff9a78064967996bad6b2f7284d4b57942d5a6b2ef1937153c73a64b790040e520edc635b54a480ebf71c73416f667141f342227eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2511.exe

Filesize
184KB

MD5
a90684f770d706968d8fd2718bca0931

SHA1
df0674d4c94d2ee77eb5a733a5f8248fc7a445bd

SHA256
30a03069aa1eb3e05f87a4c8650be9b961f53c218a93217edf6961fabc32fade

SHA512
d3dcf46364146f9c0c4ff08fa428215f644d50d6d5375ad667b5b6fa7b93921a239b138dab9dab517931366c66725995edfeb38453de3a0d33d136e584b91b66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe

Filesize
184KB

MD5
764958a80f1f6c8a5621167a114bb611

SHA1
784aaf9962d18dc72a776e2d8a5ba2b9cc1314fb

SHA256
171455ffafde908931cafb2d39ac0fe9ff78bea653acafcbf4254475253b50cc

SHA512
df97f3aeda8e788d10cb7676e6819ae3ab291107ae68ff5608823861e57ffede34b2a4f5fd4bce3cf0c33e612f769b7cd5be79015418a0706fb2ba96b4ff7d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41960.exe

Filesize
184KB

MD5
1ef1dd0d402a0caa9d15be8a1cfcd20a

SHA1
986f1654399f02dd0e9e84357a80b95c8b03ef83

SHA256
cd4c0f69daf99aef1379a52109fda11295a920ddbfcc85865341bc5fdebd7082

SHA512
8881b53865d4b5b9c67573ad1c23ab6f457437fc3751573ce06995104c3098a930ac556ec91bd0c84717cf3e44c1d1263882faf5f05eead3a84b7ae8b1e0e7ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42790.exe

Filesize
184KB

MD5
519af5e9ca35f04419ca7760124fc3a1

SHA1
36ac4b37b410d26975582a80820b69f58e89adc6

SHA256
eb1aa4921371dc176391c000d2afa458a2ac7eb85b23fbe213be49ea548c5eb5

SHA512
2d02d6de401af14677ae9dc01bece64251fb83c99e7dc7911dfab703efae7a7199f633ab2c77c534962d82079209251651c09c35b63907c2d013e61078763e24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46009.exe

Filesize
184KB

MD5
baad12c82f1c3528f7ae34c9343b3d68

SHA1
64bff72bd231315c333aa9eaa2c9f1e5db48a0ed

SHA256
415c28b972d6d054ed3e52b40cad3f2965db5bb6cc27413669602d4a5c26b6e2

SHA512
83a35a96776ba69dea09f6b97e2781deb92e53f193814b8d8fc3acf1d1e64b5207af1ae9aba8b8452b28b9a5dd752aba50365780f8994aeaa1f8736248b27cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe

Filesize
184KB

MD5
d416fbefd562a21422f5f5bce1e3f844

SHA1
935ed60e658b104b0d2720341d336462cb1d2bdf

SHA256
02cda3ad1b4916dfd0263533d8e37d84b568522d9f403145c7d71153c0abf093

SHA512
5bf276bd6cf1c68caf55c98b692bf37f8430f58d9a645c71865368dcd3a08609ae5da2b1db6b639fc10f9db0a5794c5fc5c08677fc6a0109f43fc12601976059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5472.exe

Filesize
184KB

MD5
a6e10467beb49a6d360252f0b0a14e10

SHA1
398de5acec1b52c0061241e9311ad63cf8cfb450

SHA256
f730f014965f8197a8ebbf05bbd937760a042dc217710fb565f60c4f2e44ce76

SHA512
f6963d150fc056804907de5d22f4f7c1251e79d8dbc7a4a75d248e998ff674de4a584fd98302771c215bf01b0f8c98f7c37ba800a9c0a1b9c25fbd80c3d01835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe

Filesize
184KB

MD5
1a0838908a5c62360ac4984652c95a43

SHA1
94667002757b8e24dc164074451c7155b2207ad5

SHA256
577c11c9dc17b4c21fa69d0c2ef1df59c9c6f7e4a4b58372389d3a48ea1cdac9

SHA512
15021b92971e4dcb2e334f25385fb915eefc9d3a6d4c0833fd8db0dc53852fe77608f3d323a6c74d0e1e7e0f787f81874c142c4ea3295808b304662b9f814e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe

Filesize
184KB

MD5
7834b28c2c77362f52d42828c5fb0467

SHA1
547afb219e8dffbc0620154aebca05e31e2f3f5a

SHA256
2cc740bb7decd4a74511dcf23d6d9087cb889c09d01df1fa39cc15258214feb7

SHA512
70915213f1d680bfa005a6360d4866c4a3bcde9f0e6949e7e694bc0c642fe7583e15a6482e4cba9b21c92d965781afa1be347f347bda1d5d3387d499e3c16992

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe

Filesize
184KB

MD5
cf21b2552f18fe84564fbc80b6d51af6

SHA1
e276ec34657d9cbe660c1b082e519337879d4472

SHA256
ab9a5aaada3007de6a56c33ae753a08d3cc4909d0c02f6ddeade9d9dd071072b

SHA512
f3165b431654d2f1ec456dee26208c5cd401db583f94bd5c53598f3e9a6a64b77dd1c7cdf7ddfafa8b14658fac4729cdea45b8e1e510745ff276cbda0f5cdf02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33321.exe

Filesize
184KB

MD5
aac74efd5c4b48e73833f7671e46d075

SHA1
0e07b27bbeddbb7bbef5601b03072c38b3e52ebf

SHA256
b77e1efaaa7174e37f986f7822fdf28169bc49f0320805b0c50f82f4a3fda4f3

SHA512
3f545cd114bea717bff69e738a3090426faed24979b6233dcad26df4e39829bd79aa85a6fbf4ccdfd3d51c7f8d2a2cbf1b3715eaffdfcb85e9874975319d2bac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe

Filesize
64KB

MD5
6049cf3ba89793902bc9bdaeb5dde329

SHA1
85ef838a21806d6d910b211c946b798979fbe461

SHA256
99b7001f18631c5437b9501715be493e902f3b9dbe26a424dcda4d5547a212ff

SHA512
db140c26c4ce55d7227c707488755d0b8eb0cb8a99a1f91c8e415d7318b804777b591d8cc63209082af7ed633b0be05ce9d1cec58c8c224f6e53bd3b4c66363b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3922.exe

Filesize
184KB

MD5
d2ff9d3c0642f5236537beea05d87356

SHA1
a2fbed3430ad2793e584bcc360700033258e847d

SHA256
e8ce9df6c94256d851c6b1e53995b9ca5d06b2530432911d093eda0701eb82a7

SHA512
dbf54911fd2848de7065584bd2834300bbcecb7a0af4ebdafe160095ac06ef338fbc1ce24fe367eadba78de53cc992e36911a8e028d8e9018e717d04424f576e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46792.exe

Filesize
184KB

MD5
7ea2e4779d82f348a327d85cee4bfefc

SHA1
02b9d990b9a7c900d31ca9842ace72ebd082370d

SHA256
4934aee14eed859f8a455c0a404191fe256f1ae93959382bfded7203faaa45cc

SHA512
081d8ccf1dc29071ce0a0d2959f3829b22c63aa6200c4d95e20d14f556b7aefdc8aa64ba0598b8b048855babd4e88828c08e8fb9d5af744614d55a64c282885e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe

Filesize
184KB

MD5
ed00367f49e3b864b906663c33b94d46

SHA1
6a448c9749dd450efcb0d7f57cbc8fc7ad353568

SHA256
6e5e2e8b5be9eccdb8901ab0d02c562c9bca2ac9d6c94ebbe492a10e6d2a2b1b

SHA512
2588d7d0a439e72e400d042f7b5a00a34f864c8ad9bca712fbf469690e923f5186126087027ad7cffad35203a5b70e4c251ef0e6ea5aba51c1c60259f5c62124

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50404.exe

Filesize
184KB

MD5
5d69949baa50e3346c871b903adbe4f5

SHA1
53c4654accd6b1e79996092ce44e66db1e05b4d1

SHA256
3f57613a6b612b0ce7a0ec08dc1d0f7e29b34f204cb69a55b98ddd6e5ae13b14

SHA512
9d97665945d6e8b1bf43d5113ad88093ddf10a529c994237113020dfcb9aa42a6487f29ee874e07feccc1909ace8c84e0387096292854866414b9f6a6419cbf2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52350.exe

Filesize
184KB

MD5
f4d7367f413ded219ccb12775954c3ff

SHA1
741a5c136a1d5fdc4fa37dfefd99a12c84f9f0e8

SHA256
920d3ecbf04ff5d807cd1b32707953a8d719665250136e3c7dc14462638047d3

SHA512
384403c7978b503204a68e9dbd1a2fa876590cd04e3f86c906e12ee6c32a59bace2bba6f348c045085860fcb21786040d68e2f5d313aaaa3143ed5e1d04c6c7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54317.exe

Filesize
184KB

MD5
b3f065ac327f5b5cfb820cd24998cf3a

SHA1
112bf388f0ffd126e6a9184b86701fa50b09dcb5

SHA256
b2d240375382b7d3df17aacb21db05f7189e578b1b1435967ef9d15d1de6f7b6

SHA512
45fa260b2782a158ad73672bc5caefa6e0b28225d1d31842963ed233fa0cecb7c08affcbb9011ec4e8f97d16c446471107e875731ac622481a9b8c0d74f51f1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58572.exe

Filesize
184KB

MD5
63d6fec06f299cc3acbf14ee1dd37630

SHA1
e81eb933eb7f60bb26b6fac155663dba3b7c3eff

SHA256
35d1d4a44935fb648963572a1cee53050386657ec9423832d7d05694f90c6851

SHA512
84db8c78a5e84bbf188dc5112b426ddc7e76671c17c40322132e1c5a69c2331a06e4336ecc4d92a44c4dc4016b9baadc463355feeb327bb056c1b1369874199f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe

Filesize
2KB

MD5
953e42387ff2ea61ef804910c9569496

SHA1
ea350362079fd98884c05f5f84d545116a449733

SHA256
4c90b8c0d6ce3f26c26d0972504c51d2f229bcda2705abb0e0eda27480bb2062

SHA512
460c42be2e738cb44812945c982e6a32fc2f28c217240f47d5d7f9afee9da5e090d4de2f9a8eac11d3b2eed9e2183c5c4676b7670e0bbfa79778efca6c276711

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe

Filesize
121KB

MD5
ae3532215687d2271c3512ea28680e29

SHA1
f229f492a46a9b041e6349eee16cde9fb5b38a39

SHA256
3249b250d2a6653ca93d03407657df100fc123f375cad2d3c3561decf406be3f

SHA512
ffea3c0502dd8e9efe39041ffa160dfa07c2426dcc54c9c8c692f646a9faf21c8763629445d7767e623cfc859632965e535c6948865352217186cb3720a7f29f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads