cc4414b45a884d8903d0b3ad63ade5b5216d414040f6cc524ce89d55056edca2

Analysis

max time kernel
145s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a76f8d35f63335eec34cd8c5afe27c83.exe
Size

184KB
MD5

a76f8d35f63335eec34cd8c5afe27c83
SHA1

6235da7f82ec628c4667eb500e0a33caee5b50c4
SHA256

cc4414b45a884d8903d0b3ad63ade5b5216d414040f6cc524ce89d55056edca2
SHA512

1faef6b52c9f7bef5e5064eafff635375847540e03502bb4bc43a2b93acc8c63443e41bc4ec5cafb694fde453b42b9fa8eaab05ff711f331bab43c1c0506b9c6
SSDEEP

3072:RSHMo3A16Uf00OQV13+cvJ01WXcMB6WFRnxOvPcZNlPvpFI:RSsofC00t1OcvJz1gkNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2432	Unicorn-56802.exe
2460	Unicorn-46019.exe
2564	Unicorn-29033.exe
2624	Unicorn-2464.exe
2664	Unicorn-46683.exe
2396	Unicorn-34753.exe
2952	Unicorn-23285.exe
332	Unicorn-22251.exe
1876	Unicorn-10129.exe
1864	Unicorn-42418.exe
2656	Unicorn-38888.exe
1080	Unicorn-39982.exe
824	Unicorn-19348.exe
1968	Unicorn-9037.exe
1092	Unicorn-4247.exe
816	Unicorn-7584.exe
2444	Unicorn-3863.exe
2052	Unicorn-39873.exe
664	Unicorn-58705.exe
2136	Unicorn-64237.exe
1560	Unicorn-43988.exe
1324	Unicorn-33293.exe
1540	Unicorn-21280.exe
1972	Unicorn-48970.exe
888	Unicorn-22323.exe
2256	Unicorn-5410.exe
1940	Unicorn-50698.exe
2312	Unicorn-36822.exe
2756	Unicorn-56723.exe
2716	Unicorn-22406.exe
2808	Unicorn-2540.exe
1588	Unicorn-1772.exe
1592	Unicorn-28239.exe
2712	Unicorn-60527.exe
2556	Unicorn-9058.exe
2576	Unicorn-62639.exe
2436	Unicorn-59110.exe
2464	Unicorn-45343.exe
2368	Unicorn-26712.exe
2776	Unicorn-62530.exe
2020	Unicorn-47756.exe
2452	Unicorn-51093.exe
3020	Unicorn-32920.exe
2684	Unicorn-65244.exe
1084	Unicorn-1975.exe
2032	Unicorn-19848.exe
1252	Unicorn-18971.exe
928	Unicorn-65301.exe
804	Unicorn-58078.exe
916	Unicorn-8685.exe
2872	Unicorn-22151.exe
2860	Unicorn-22151.exe
2144	Unicorn-6666.exe
1720	Unicorn-59588.exe
2252	Unicorn-9811.exe
1048	Unicorn-59863.exe
1780	Unicorn-26423.exe
1784	Unicorn-102.exe
1632	Unicorn-45774.exe
1660	Unicorn-32583.exe
1520	Unicorn-29904.exe
1504	Unicorn-16413.exe
2628	Unicorn-24467.exe
2500	Unicorn-57606.exe

Loads dropped DLL 64 IoCs

pid	Process
1664	a76f8d35f63335eec34cd8c5afe27c83.exe
1664	a76f8d35f63335eec34cd8c5afe27c83.exe
2432	Unicorn-56802.exe
2432	Unicorn-56802.exe
1664	a76f8d35f63335eec34cd8c5afe27c83.exe
1664	a76f8d35f63335eec34cd8c5afe27c83.exe
2460	Unicorn-46019.exe
2460	Unicorn-46019.exe
2432	Unicorn-56802.exe
2432	Unicorn-56802.exe
2564	Unicorn-29033.exe
2564	Unicorn-29033.exe
2624	Unicorn-2464.exe
2624	Unicorn-2464.exe
2460	Unicorn-46019.exe
2460	Unicorn-46019.exe
2664	Unicorn-46683.exe
2664	Unicorn-46683.exe
2396	Unicorn-34753.exe
2396	Unicorn-34753.exe
2564	Unicorn-29033.exe
2564	Unicorn-29033.exe
2952	Unicorn-23285.exe
2952	Unicorn-23285.exe
2624	Unicorn-2464.exe
2624	Unicorn-2464.exe
1876	Unicorn-10129.exe
1876	Unicorn-10129.exe
2664	Unicorn-46683.exe
2664	Unicorn-46683.exe
1864	Unicorn-42418.exe
1864	Unicorn-42418.exe
2396	Unicorn-34753.exe
2656	Unicorn-38888.exe
2396	Unicorn-34753.exe
2656	Unicorn-38888.exe
332	Unicorn-22251.exe
332	Unicorn-22251.exe
1080	Unicorn-39982.exe
1080	Unicorn-39982.exe
2952	Unicorn-23285.exe
2952	Unicorn-23285.exe
824	Unicorn-19348.exe
824	Unicorn-19348.exe
1968	Unicorn-9037.exe
1968	Unicorn-9037.exe
1876	Unicorn-10129.exe
1876	Unicorn-10129.exe
1092	Unicorn-4247.exe
1092	Unicorn-4247.exe
2052	Unicorn-39873.exe
2052	Unicorn-39873.exe
2656	Unicorn-38888.exe
2444	Unicorn-3863.exe
2656	Unicorn-38888.exe
2444	Unicorn-3863.exe
816	Unicorn-7584.exe
816	Unicorn-7584.exe
664	Unicorn-58705.exe
1864	Unicorn-42418.exe
664	Unicorn-58705.exe
1864	Unicorn-42418.exe
332	Unicorn-22251.exe
332	Unicorn-22251.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2380	1660	WerFault.exe	89

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1664	a76f8d35f63335eec34cd8c5afe27c83.exe
2432	Unicorn-56802.exe
2460	Unicorn-46019.exe
2564	Unicorn-29033.exe
2624	Unicorn-2464.exe
2664	Unicorn-46683.exe
2396	Unicorn-34753.exe
2952	Unicorn-23285.exe
1876	Unicorn-10129.exe
332	Unicorn-22251.exe
1864	Unicorn-42418.exe
2656	Unicorn-38888.exe
1080	Unicorn-39982.exe
824	Unicorn-19348.exe
1968	Unicorn-9037.exe
1092	Unicorn-4247.exe
816	Unicorn-7584.exe
2444	Unicorn-3863.exe
2052	Unicorn-39873.exe
664	Unicorn-58705.exe
2136	Unicorn-64237.exe
1560	Unicorn-43988.exe
1324	Unicorn-33293.exe
1540	Unicorn-21280.exe
888	Unicorn-22323.exe
1972	Unicorn-48970.exe
2256	Unicorn-5410.exe
1940	Unicorn-50698.exe
2756	Unicorn-56723.exe
2312	Unicorn-36822.exe
2808	Unicorn-2540.exe
2716	Unicorn-22406.exe
1588	Unicorn-1772.exe
2712	Unicorn-60527.exe
1592	Unicorn-28239.exe
2556	Unicorn-9058.exe
2576	Unicorn-62639.exe
2436	Unicorn-59110.exe
2464	Unicorn-45343.exe
2368	Unicorn-26712.exe
2776	Unicorn-62530.exe
2020	Unicorn-47756.exe
2452	Unicorn-51093.exe
3020	Unicorn-32920.exe
1084	Unicorn-1975.exe
2684	Unicorn-65244.exe
2032	Unicorn-19848.exe
1252	Unicorn-18971.exe
928	Unicorn-65301.exe
804	Unicorn-58078.exe
916	Unicorn-8685.exe
2872	Unicorn-22151.exe
2860	Unicorn-22151.exe
2252	Unicorn-9811.exe
2144	Unicorn-6666.exe
1720	Unicorn-59588.exe
1048	Unicorn-59863.exe
1780	Unicorn-26423.exe
1632	Unicorn-45774.exe
1784	Unicorn-102.exe
1660	Unicorn-32583.exe
1520	Unicorn-29904.exe
1504	Unicorn-16413.exe
2628	Unicorn-24467.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1664 wrote to memory of 2432	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	28
PID 1664 wrote to memory of 2432	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	28
PID 1664 wrote to memory of 2432	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	28
PID 1664 wrote to memory of 2432	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	28
PID 2432 wrote to memory of 2460	2432	Unicorn-56802.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-56802.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-56802.exe	29
PID 2432 wrote to memory of 2460	2432	Unicorn-56802.exe	29
PID 1664 wrote to memory of 2564	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	30
PID 1664 wrote to memory of 2564	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	30
PID 1664 wrote to memory of 2564	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	30
PID 1664 wrote to memory of 2564	1664	a76f8d35f63335eec34cd8c5afe27c83.exe	30
PID 2460 wrote to memory of 2624	2460	Unicorn-46019.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-46019.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-46019.exe	31
PID 2460 wrote to memory of 2624	2460	Unicorn-46019.exe	31
PID 2432 wrote to memory of 2664	2432	Unicorn-56802.exe	32
PID 2432 wrote to memory of 2664	2432	Unicorn-56802.exe	32
PID 2432 wrote to memory of 2664	2432	Unicorn-56802.exe	32
PID 2432 wrote to memory of 2664	2432	Unicorn-56802.exe	32
PID 2564 wrote to memory of 2396	2564	Unicorn-29033.exe	33
PID 2564 wrote to memory of 2396	2564	Unicorn-29033.exe	33
PID 2564 wrote to memory of 2396	2564	Unicorn-29033.exe	33
PID 2564 wrote to memory of 2396	2564	Unicorn-29033.exe	33
PID 2624 wrote to memory of 2952	2624	Unicorn-2464.exe	34
PID 2624 wrote to memory of 2952	2624	Unicorn-2464.exe	34
PID 2624 wrote to memory of 2952	2624	Unicorn-2464.exe	34
PID 2624 wrote to memory of 2952	2624	Unicorn-2464.exe	34
PID 2460 wrote to memory of 332	2460	Unicorn-46019.exe	35
PID 2460 wrote to memory of 332	2460	Unicorn-46019.exe	35
PID 2460 wrote to memory of 332	2460	Unicorn-46019.exe	35
PID 2460 wrote to memory of 332	2460	Unicorn-46019.exe	35
PID 2664 wrote to memory of 1876	2664	Unicorn-46683.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-46683.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-46683.exe	36
PID 2664 wrote to memory of 1876	2664	Unicorn-46683.exe	36
PID 2396 wrote to memory of 1864	2396	Unicorn-34753.exe	37
PID 2396 wrote to memory of 1864	2396	Unicorn-34753.exe	37
PID 2396 wrote to memory of 1864	2396	Unicorn-34753.exe	37
PID 2396 wrote to memory of 1864	2396	Unicorn-34753.exe	37
PID 2564 wrote to memory of 2656	2564	Unicorn-29033.exe	38
PID 2564 wrote to memory of 2656	2564	Unicorn-29033.exe	38
PID 2564 wrote to memory of 2656	2564	Unicorn-29033.exe	38
PID 2564 wrote to memory of 2656	2564	Unicorn-29033.exe	38
PID 2952 wrote to memory of 1080	2952	Unicorn-23285.exe	39
PID 2952 wrote to memory of 1080	2952	Unicorn-23285.exe	39
PID 2952 wrote to memory of 1080	2952	Unicorn-23285.exe	39
PID 2952 wrote to memory of 1080	2952	Unicorn-23285.exe	39
PID 2624 wrote to memory of 824	2624	Unicorn-2464.exe	40
PID 2624 wrote to memory of 824	2624	Unicorn-2464.exe	40
PID 2624 wrote to memory of 824	2624	Unicorn-2464.exe	40
PID 2624 wrote to memory of 824	2624	Unicorn-2464.exe	40
PID 1876 wrote to memory of 1968	1876	Unicorn-10129.exe	41
PID 1876 wrote to memory of 1968	1876	Unicorn-10129.exe	41
PID 1876 wrote to memory of 1968	1876	Unicorn-10129.exe	41
PID 1876 wrote to memory of 1968	1876	Unicorn-10129.exe	41
PID 2664 wrote to memory of 1092	2664	Unicorn-46683.exe	42
PID 2664 wrote to memory of 1092	2664	Unicorn-46683.exe	42
PID 2664 wrote to memory of 1092	2664	Unicorn-46683.exe	42
PID 2664 wrote to memory of 1092	2664	Unicorn-46683.exe	42
PID 1864 wrote to memory of 816	1864	Unicorn-42418.exe	43
PID 1864 wrote to memory of 816	1864	Unicorn-42418.exe	43
PID 1864 wrote to memory of 816	1864	Unicorn-42418.exe	43
PID 1864 wrote to memory of 816	1864	Unicorn-42418.exe	43

C:\Users\Admin\AppData\Local\Temp\a76f8d35f63335eec34cd8c5afe27c83.exe
"C:\Users\Admin\AppData\Local\Temp\a76f8d35f63335eec34cd8c5afe27c83.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1664
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26423.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24014.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1780.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39881.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
        10⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47173.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17437.exe
        11⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        12⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6666.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        10⤵
        
        PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24467.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe
        9⤵
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
        8⤵
        Program crash
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59321.exe
        7⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43913.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45735.exe
        9⤵
        
        PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33773.exe
        9⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30869.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26446.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32163.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53379.exe
        8⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        6⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33365.exe
        7⤵
        
        PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9939.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8277.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe
        11⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31191.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21091.exe
        10⤵
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21019.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        9⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48970.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        7⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
        8⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26207.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14899.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9579.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9808.exe
        9⤵
        
        PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62530.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
        9⤵
        
        PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
        7⤵
        
        PID:756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4765.exe
        8⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58246.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9450.exe
        9⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33562.exe
        7⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
        9⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18971.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62513.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44380.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23454.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
        8⤵
        
        PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36822.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8685.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1714.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2164.exe
        10⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        8⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22151.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
        6⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
        7⤵
        
        PID:1236
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
        7⤵
        Executes dropped EXE
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54382.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23592.exe
        8⤵
        
        PID:600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44097.exe
        7⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31703.exe
        8⤵
        
        PID:1308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50698.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        6⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63778.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        7⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10793.exe
        8⤵
        
        PID:2416

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe

Filesize
184KB

MD5
756f9f0f25f998df942690de4ff600c1

SHA1
3941c43f2807806b9187e4241ce32dbb97fe29d8

SHA256
dd1ce649af21c9abc1f28909ef41724115972335b17784f8968ef6e4a601d4d5

SHA512
a05e05a27cce70a8740f9600a612d29879a7fc07e5ca45be46300e6b3e64002a29079922ef1402dec1b3b7d6c6a2429e8dd17a8b22736bbc97c89e4382e58cba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe

Filesize
184KB

MD5
1be91caa11bafd86c7aa02a58e09fb42

SHA1
aab0d74edecaa919833e0c4dc51e95cf21c196de

SHA256
ad8b362352c1efd69c7b79f7397f958aa7885b3d1b4510dad06cd27367ea9a3e

SHA512
602e584c75425fe0479bc75eeba6870db32ee544ef2882ffcf8436b6f3637bcd84d1ca887f56409458b66a3ae3b3bd874f3de1c6c4b3d6b4e47a5f7be37818df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe

Filesize
119KB

MD5
83dff3a15d96ecfa866f8d9ee1260048

SHA1
146a1e232ae1037248f748233a863cdd4200c137

SHA256
2080d84a6197c954f3a9b6b91a60ed8d0f08c5b860c0b14a7e8aa0ecb8f79676

SHA512
224ec006f5c88534ad6e9eae9bd232dd6a3dba797739167f15fbfef5fe0952ce0462513cb25ed3a836aa939a9c516f2f494a727b6450f2c135a34575afa63751

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe

Filesize
184KB

MD5
1788cfcd08a00443cf54df9a19b61865

SHA1
cdc566644218bad84262f61529d4f702acb1082e

SHA256
74139b5a3eb9dce0c719b5db281e8b449f0cb2ee5006ca2c46a6d9798be752e0

SHA512
e7face3488372d71652ba42f2f73894939923dc7591395c977e2ad9a3acc3119bf86bb167a864a87827b73fff1a1b3e190e46a7f10cb7aa386bf28d79bcb40fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40951.exe

Filesize
184KB

MD5
7d4818b9ee41846740ca53ea9460bf2a

SHA1
7b9503681579081a4590eefda011eeb727e979ae

SHA256
faeb1c2c32a15f671ad5dd3ec7aab398cbcc4b5f305ccd03403c589fd9b9df09

SHA512
de02d661c23c3f9c39df10b0795dbf1d13fe799e06b01193b12e94699ea69d97fc09b1d82132199d6831411ec9673d6ef61c898e462fb42fc20cc92cc2854496

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe

Filesize
184KB

MD5
8b1b5dc1d3e7cf28dc49c3d53513e969

SHA1
e7167347fea9b2bb6bea044fa3a355c0c336129b

SHA256
32d4732829177f8a833b273354ef31a471603e90d8d95d5ab7c7f58da1f98741

SHA512
f44a2880200fbfed8b9418540da64eb8fad179e94607fcc45d21b59a431fd9854a8a98b8e54385babd3926b3514c11650970dc442b065beab1332726ab9740b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe

Filesize
171KB

MD5
4ac0952cf4dd109d5334819ea282ffb3

SHA1
2c9ccf33f895d862ef4ab64339147eb5d71e22d3

SHA256
aeaadff3ce2113a667116a13f40a44747e3bb409f8932c8453af5b26251fbd69

SHA512
c920a25fb80e1bc2fb014960fd52cbbdd983da6c92253101ecc6032815ed7d95659df65f16fd56b9ac4791fa6aa9193f3453d16652980e3bf0036c7c929c7e48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4247.exe

Filesize
184KB

MD5
34f620528bf3e05a287e2f27021a5fac

SHA1
b69102db2111ac659f24b17f9892b0a69af56415

SHA256
c054b82a5390de05937227b3b5766666531b7417f74b593addc66b5ed84ba633

SHA512
0ce470d49eae79e0d29e3e589ed9f8d7859366637ac9ce7cd631867b4e5ad9347475a2b36d855ec8f6a0ab94ded14bca03ae96d7fe68e02bdf79d9f080c812a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55995.exe

Filesize
184KB

MD5
a50e3c9147c3a504a8b2afa69ae178c4

SHA1
cfc12eefa21439b941d4a4eeb0617e9e81bbf025

SHA256
caac86c344104ff6587d12cbd4c2459ab525d2ec861121ce09755b6b448f426b

SHA512
06de7e54bfc036bffd9bf63f7b2cfeae76d6cd31743bb5a283b6fc1cbdafe93bd6d6ddd1bfe5023f128289493a782dd1dc949da922db6c18c8ded6ff633cd7e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6269.exe

Filesize
184KB

MD5
d528deb759f8da594798736207d4b34a

SHA1
fc6b65619820baeac3a7d38fb33e390c76ab17bb

SHA256
72f7c6ce285ec3a30c481fcb081f28fe31d02111316b78d34b6dcbd37d137004

SHA512
a9121413c977dd16952505f7c2316f8c7f3338143c5c4c9b856fed9d8eb169a4baeae1f3642405141957b4cd6eeef901f20fa322b069c782eea74f13895b7da0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9058.exe

Filesize
184KB

MD5
4180166dc8236895c9cdce244f6b9e63

SHA1
1fb14e1e22062055ef45521ecdf16a8fbe07d0b3

SHA256
282911409081f4bf70a701d22b043f2c4483b859e65e2047acd9d219bf966b99

SHA512
da04abeb0d44bf88f8bed26827f275586e7e1a8b6782aeb5560f39ac8158d1c0609a3016161b23c8b24a90d2bcb30350bbc5c4c2907322cf39c6cd4ad27f7aa3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe

Filesize
184KB

MD5
d63ea56b401f6bf5b024bad8828eb631

SHA1
d23c0f28d5c0fb49ea3b9248b022fce5a9633a4c

SHA256
372b9a75bf6099a263186457630fa051d2991ce30215f40c8ca7e77dcc40adc2

SHA512
1812dc1a732993333d2d9508416e70bbc5c8a9833c67f7cfbcb3438e4a707edd69de49c49d012af3d04fa4b2e51ec2427d5f628637ab6e73e8d4ffc553305f91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19348.exe

Filesize
184KB

MD5
27a6d34732c2c9abd115e05f8f06b083

SHA1
2171298c27d7b44bc4b987efb03d5ef57495ea7d

SHA256
b92e43a1392ca520d685373bf225418321729d4a658238af7ea63f465fdb4fa6

SHA512
0e0731e2aafaa67615ac455f3cade28d643a53838c6edb3d23324cf09e290133295a9298b1043c2859528f3d27ee6a9157e27e3ded8ab45ee1c13544f6054873

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe

Filesize
184KB

MD5
f8eb86c43fd27f634f5d96e0ba7eb348

SHA1
7e356e40601818fcb754bfe23c7d4cf61ebb48ab

SHA256
20acf1a27fc254a2a1e5c8c0e88a4a2e6cfeec940c9625b99d62f9d52a18b56a

SHA512
d67eef91b6ef4edc5e8476bd8e1f03d23a8648d6dd4d8a971aad9586404256df4ef7fc9fe37b4d24fc7128b438c385becf020c1c607123fce9027e3ffe029987

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23285.exe

Filesize
184KB

MD5
76a7f1bdf6449b0c587f9fe1f1eae0c3

SHA1
ea4f97ee207ee6af64c5e1f9244de5891415f6cb

SHA256
5e89ce00e7f1e73e8bb4f3ea7c3e4937d7c8f3e3d7436fa51df4bf418f82dd8b

SHA512
3d301c2ec166782a85f8bf69c6d9b4dd59850ea9cd6fbbccf67d2ca8ca177d5eb3f87c9b36e04eea8b9530c9e90d48e14a54619396fec4ac9f5fe7aa1dd97b6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe

Filesize
184KB

MD5
58e7edd3a14701619bbc78a37952edf9

SHA1
a5e980f911eeb4c20da006e1f1ff47b0b5adf1dd

SHA256
55b97dbb659f6f15c320c0a586c5a486bc5a99b36d6f9cf1dd27027f51f06468

SHA512
302d29ed64837a56a23f96fdecd0349039218fce1731e3a2025c834d535f490e7596f56cc6e0cab5f40a8e382e3ec3804679073559e401b4590e4cbe18c840eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe

Filesize
184KB

MD5
cb40415e0a3549d71845ab34b7215b9a

SHA1
7a0d66c2dddfad16fc9d25f3416adaff9fd7e804

SHA256
95c92cc53d710d930eff0f89e7275585703c839efc3c52935b7b649f42475fcc

SHA512
53cce5b559b18d1a198c23ad8801d49dbc33adf5c076e0e0d394dea2eef663ecca2723b046a3b5193838d6620aaab63f63aac1fb810a865d08c3d93f03b69472

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe

Filesize
85KB

MD5
6949bc87170c2409cddf92055985383e

SHA1
b2555e359146c3373bebe267f3a08d12e75d6c52

SHA256
c73fffaf48a206d733787ddcc62ccf90a82c06ae2a3b53c3004a5d2f30e88a8a

SHA512
544f113bfd4129e60877f8e8e609563d2a78589269c5832c695f9c02a9b2d9d98affe916b97381e3c557eace5075d9b8803f52f15ca0eee5c0ec86d109e363e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34753.exe

Filesize
184KB

MD5
ca27a0624ce962425b2cc2e821e35cdb

SHA1
3c46f49e4d31eca0d772bb956353a5d073c6b2d4

SHA256
8a271dd0fe9e2d827f4f5e1f85d88e6172060c843baca9b91e05c4b8c4f3b0da

SHA512
ec42589f0dc267cb8f6d15776e6bfd173b07d92dbea53e596f093888ac0a6e2c950e5c7c6dd0d8ac6373dfc1329a6a2d635d7ab9f38f6fac912a508f7c2bfdf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe

Filesize
184KB

MD5
60e84799f85b68b5f2bc29fabf810cce

SHA1
3b90312631c327a5793ed6216d4868bbb3ca0f7e

SHA256
c15526985357bf325f0bf3b468e75ebf6f57fda7176efd3a890de4ff9aac9157

SHA512
8b9d2e092d6475bf1acd941ff9404e55096320156ca642c70ca627d93c11b203c48f90cb7af655d3c5174cf19652ce5b6fab838a03338cf36f05c181ee78c8ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe

Filesize
83KB

MD5
ee477d108033070417810f853de0a935

SHA1
4f5583f9bd160e7f8a282b639dd8b1e5117e2b4f

SHA256
dcb71ba2de64a0bd87105b4ae09bfe55819aa1e3f021e95497ddb6c3acb59bb1

SHA512
e96b8a4248a81ce0b6f3e8abdc113ee2d0adc4abe377c8f81224be0c6ee4c502d4a8982b28cf6a04587b48bb3bc546517ee6bf1820b3536426b35392fbf4f1d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe

Filesize
109KB

MD5
5d498fcc380549e4136673f430cbec68

SHA1
063ffabe03d4e22583631ef787b25c86d362f648

SHA256
4eeaeb11476313d02facdc962ad8a741f32a374db155c9347c10a55227fbb88a

SHA512
f59f0f2bc93458d9d65478ec0491e70e386ad2d941ce07776f1b7aea1f0a2fac1fd49c5d8980789cfff26c4d7e0a797a5abd42e5966f7377bf2a15d1af0566e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39873.exe

Filesize
184KB

MD5
dd9ae91a6fd062ac5f0da20cdd8fb5ca

SHA1
1a4d39970faf3adb8e7e1bca5186732616b36091

SHA256
f9215056c774a222b4550a73820c5856bcf5f02e29a9ca5de12f258858c2c674

SHA512
7025d828c7e39642d8797f07d56260905cfd655ceacdb730ac5097e408bdd990ba45fb583fcfcfe23b8221a63ef061b3b901d7d3c72862493b6f14a771eec813

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe

Filesize
184KB

MD5
a4953591abb805a56e78fa3b9fc73070

SHA1
047393f1468f5a7f4983f3776fc83d60e5dd849d

SHA256
a8708e4fce81b625d2455ebb1a05bbca47fceeb16d035f134f722dbb20af8fd3

SHA512
5d75b3e2f40ba1309032b8aa255bc76549153d732ea71498c575f93e0101877808d8da49d9a3b77cc9ec6e8213c8c8e0b0d807ceb465c99cec754d2bbe453033

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe

Filesize
183KB

MD5
83bbc8d1ac3cdf4e2ab82ee4b266eddb

SHA1
14ae396f9463a7d06ae7c6864b1af7cfad256d28

SHA256
dc7e194735b336966280b1893c20b0d74e94f2518f900248d266e7a3319f608a

SHA512
8aeb495a9c1365430fa796dc6d148108ddb89e33e5dbce4128204105537ac96552d27354a69a0bd2d6874254d1150008440dd206292a17a09d517beced5a9061

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe

Filesize
184KB

MD5
b1829264b29492e4b1c294f7db7f3e92

SHA1
946326c56101f6f26b3093a70f936b8cae2f26c5

SHA256
8d4b412c2807fa8adb990bf54dc514679d4a3368076feb231837eaf19725cd06

SHA512
b54cca5d1848778f3f849eb32e1fca2b6ee70b503700e137583efc3b452aa6dd7002bbee9a64a59d02a2b4e657452a4b5ee9edc5a16405ea8a09d6ffe95247d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe

Filesize
184KB

MD5
611990c5ea4ccc83236e915962a3ee79

SHA1
96c5ca5cd70db7bcb677c22ac634eac5d72d4363

SHA256
a0ca4fe07da10f1b55ba2d7504d2861dcda7ff27149593b34cc7f3a91a7a2a5b

SHA512
619e174ba4baf529601ea409a821d60eb1c0288a331ae845ad520b0c93e96e7193b299d29f122a5ca22ae82a87cb2e32e893d3dd846122923ac1f2a775979a7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe

Filesize
184KB

MD5
303b706fdb52831c3ee6114342bf73c7

SHA1
36883d0ff9165a6feea401073d0fb60513529c16

SHA256
3ab752ac45b62f4abb44f680fb2a7adca9a8ec1895ac6b215780040df87d902e

SHA512
9c2f2f4875088f23c577d0ddc14b9ca345b9e98668d569bf333f334babaaca5acb53699bef2a3435cc203cd78b68b294b73e2674daf7baf646a106ea5015b14a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56802.exe

Filesize
184KB

MD5
0750c3c9eb9d08f89beb4a4a2593d542

SHA1
8e89e0ee2ccde74b6f9e455eccb66f1cf33abc7a

SHA256
48ecfd4ffe05b76081d31903109b3dd56341c9c57995eeed2e255e27f6e9500c

SHA512
25dc2147426fc5dff463ea3bbb9adf8381c65d9505616fbcc3d800243e0eeb39f8fddb4dd9397bf5c835cb73f2a7828c15138633b1e4edca4415617f6abea28b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe

Filesize
184KB

MD5
a11c8257924af0e882c7a9dfe740a5d4

SHA1
2564127e47d28eb028c7dfa980b159d72c297055

SHA256
83a667050523626b63017dec7a96874671a3eaaa54365ac88d4f73f8ca983e8e

SHA512
4f09f5778ec975c3e36ee2bca966b7bee70b02b48f00dc7505a67ab4d850c3cc36322c85d6c89c403d131877aea744af976408709a1a548999e1a6c1e0d1b1af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe

Filesize
184KB

MD5
7cf9b3f8991396524016a7de80761907

SHA1
f91432d2478779ca66c39f87cf7161fd16d4dd56

SHA256
2a828175d87a536b316dbd9c726a3e1be8784684d43c436e5a88122ca1afa67e

SHA512
7aab3a7095ebc382c2f9fe5fb94257b4b3cf1162c444d20373596dc20e020a555dc97518ec61dd3bad775bf5df38f9cea75735d052fe9c79b6a1ded72d1922b7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads