b2a0740d884b88d908e643af95adbbc4dd79062c56e72467287e314af3dd3bbb

Analysis

max time kernel
76s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 16:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

df9829806ca47602c9d2f20d7b8b98e6.exe
Size

184KB
MD5

df9829806ca47602c9d2f20d7b8b98e6
SHA1

b86ec9e2fe802c6193e6b257e35fc675e324f51b
SHA256

b2a0740d884b88d908e643af95adbbc4dd79062c56e72467287e314af3dd3bbb
SHA512

616f4f8549906c14c573b6eedd56de2a25b0c24132f248a9b0187fe6b3166fb9e619b755ad7cdb3083ff32cf3ce9ef2f0bb3b4800f5bdc10b03409ec27a05d45
SSDEEP

3072:Am1Nom8a0DA8oO0/dTWKF8FbKZe60OwiciKExXMPHANlPvpFw:Am3oZ88o/dqKF8UPz1NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2216	Unicorn-61826.exe
960	Unicorn-62677.exe
2548	Unicorn-59148.exe
2604	Unicorn-23818.exe
2516	Unicorn-38531.exe
2652	Unicorn-39600.exe
2360	Unicorn-4125.exe
2848	Unicorn-60918.exe
1020	Unicorn-20.exe
552	Unicorn-19886.exe
2344	Unicorn-28800.exe
1556	Unicorn-45817.exe
2256	Unicorn-58816.exe
2620	Unicorn-21505.exe
2036	Unicorn-34202.exe
956	Unicorn-42885.exe
2864	Unicorn-10212.exe
2076	Unicorn-13398.exe
2100	Unicorn-5251.exe
1168	Unicorn-58391.exe
688	Unicorn-1769.exe
1348	Unicorn-34079.exe
2128	Unicorn-63627.exe
2032	Unicorn-59714.exe
912	Unicorn-55267.exe
968	Unicorn-27447.exe
2924	Unicorn-27447.exe
2164	Unicorn-7773.exe
1340	Unicorn-36553.exe
2132	Unicorn-10726.exe
888	Unicorn-10726.exe
884	Unicorn-3305.exe
1732	Unicorn-64862.exe
2312	Unicorn-19938.exe
2228	Unicorn-20684.exe
2952	Unicorn-7109.exe
2544	Unicorn-36636.exe
2616	Unicorn-19554.exe
2400	Unicorn-21260.exe
2260	Unicorn-41126.exe
2840	Unicorn-53077.exe
2852	Unicorn-65329.exe
1164	Unicorn-539.exe
1496	Unicorn-16513.exe
964	Unicorn-45656.exe
1380	Unicorn-3684.exe
2920	Unicorn-57929.exe
1104	Unicorn-45869.exe
1816	Unicorn-15636.exe
940	Unicorn-11502.exe
2828	Unicorn-16547.exe
476	Unicorn-4102.exe
268	Unicorn-49774.exe
2780	Unicorn-33843.exe
720	Unicorn-56100.exe
1580	Unicorn-56100.exe
1064	Unicorn-31596.exe
2268	Unicorn-23044.exe
2012	Unicorn-23044.exe
2812	Unicorn-45877.exe
1932	Unicorn-22333.exe
2568	Unicorn-49598.exe
2388	Unicorn-29348.exe
2500	Unicorn-53298.exe

Loads dropped DLL 64 IoCs

pid	Process
1704	df9829806ca47602c9d2f20d7b8b98e6.exe
1704	df9829806ca47602c9d2f20d7b8b98e6.exe
2216	Unicorn-61826.exe
2216	Unicorn-61826.exe
1704	df9829806ca47602c9d2f20d7b8b98e6.exe
1704	df9829806ca47602c9d2f20d7b8b98e6.exe
2548	Unicorn-59148.exe
2548	Unicorn-59148.exe
2216	Unicorn-61826.exe
2216	Unicorn-61826.exe
960	Unicorn-62677.exe
960	Unicorn-62677.exe
2604	Unicorn-23818.exe
2604	Unicorn-23818.exe
2516	Unicorn-38531.exe
2516	Unicorn-38531.exe
2548	Unicorn-59148.exe
2652	Unicorn-39600.exe
2652	Unicorn-39600.exe
2548	Unicorn-59148.exe
960	Unicorn-62677.exe
960	Unicorn-62677.exe
2360	Unicorn-4125.exe
2360	Unicorn-4125.exe
2604	Unicorn-23818.exe
2604	Unicorn-23818.exe
2848	Unicorn-60918.exe
2848	Unicorn-60918.exe
2516	Unicorn-38531.exe
2516	Unicorn-38531.exe
1020	Unicorn-20.exe
1020	Unicorn-20.exe
552	Unicorn-19886.exe
552	Unicorn-19886.exe
2344	Unicorn-28800.exe
2652	Unicorn-39600.exe
2344	Unicorn-28800.exe
2652	Unicorn-39600.exe
1556	Unicorn-45817.exe
2360	Unicorn-4125.exe
1556	Unicorn-45817.exe
2360	Unicorn-4125.exe
2256	Unicorn-58816.exe
2256	Unicorn-58816.exe
2620	Unicorn-21505.exe
2620	Unicorn-21505.exe
2848	Unicorn-60918.exe
2848	Unicorn-60918.exe
2036	Unicorn-34202.exe
2036	Unicorn-34202.exe
2100	Unicorn-5251.exe
956	Unicorn-42885.exe
956	Unicorn-42885.exe
2100	Unicorn-5251.exe
2344	Unicorn-28800.exe
2344	Unicorn-28800.exe
1020	Unicorn-20.exe
1020	Unicorn-20.exe
2864	Unicorn-10212.exe
2864	Unicorn-10212.exe
2076	Unicorn-13398.exe
2076	Unicorn-13398.exe
552	Unicorn-19886.exe
552	Unicorn-19886.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2660	1824	WerFault.exe	150
2300	1100	WerFault.exe	151
1236	2704	WerFault.exe	162

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1704	df9829806ca47602c9d2f20d7b8b98e6.exe
2216	Unicorn-61826.exe
960	Unicorn-62677.exe
2548	Unicorn-59148.exe
2604	Unicorn-23818.exe
2652	Unicorn-39600.exe
2516	Unicorn-38531.exe
2360	Unicorn-4125.exe
2848	Unicorn-60918.exe
1020	Unicorn-20.exe
552	Unicorn-19886.exe
2344	Unicorn-28800.exe
1556	Unicorn-45817.exe
2256	Unicorn-58816.exe
2620	Unicorn-21505.exe
2036	Unicorn-34202.exe
956	Unicorn-42885.exe
2100	Unicorn-5251.exe
2864	Unicorn-10212.exe
2076	Unicorn-13398.exe
1168	Unicorn-58391.exe
688	Unicorn-1769.exe
1348	Unicorn-34079.exe
2128	Unicorn-63627.exe
2032	Unicorn-59714.exe
2924	Unicorn-27447.exe
912	Unicorn-55267.exe
968	Unicorn-27447.exe
2164	Unicorn-7773.exe
1340	Unicorn-36553.exe
888	Unicorn-10726.exe
2132	Unicorn-10726.exe
884	Unicorn-3305.exe
1732	Unicorn-64862.exe
2312	Unicorn-19938.exe
2228	Unicorn-20684.exe
2952	Unicorn-7109.exe
2544	Unicorn-36636.exe
2616	Unicorn-19554.exe
2400	Unicorn-21260.exe
2260	Unicorn-41126.exe
2852	Unicorn-65329.exe
2840	Unicorn-53077.exe
1496	Unicorn-16513.exe
1164	Unicorn-539.exe
964	Unicorn-45656.exe
1380	Unicorn-3684.exe
1104	Unicorn-45869.exe
2920	Unicorn-57929.exe
1816	Unicorn-15636.exe
940	Unicorn-11502.exe
2828	Unicorn-16547.exe
268	Unicorn-49774.exe
2780	Unicorn-33843.exe
720	Unicorn-56100.exe
2012	Unicorn-23044.exe
1064	Unicorn-31596.exe
1580	Unicorn-56100.exe
2268	Unicorn-23044.exe
2812	Unicorn-45877.exe
1932	Unicorn-22333.exe
2568	Unicorn-49598.exe
2500	Unicorn-53298.exe
2388	Unicorn-29348.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2216	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	28
PID 1704 wrote to memory of 2216	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	28
PID 1704 wrote to memory of 2216	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	28
PID 1704 wrote to memory of 2216	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	28
PID 2216 wrote to memory of 960	2216	Unicorn-61826.exe	29
PID 2216 wrote to memory of 960	2216	Unicorn-61826.exe	29
PID 2216 wrote to memory of 960	2216	Unicorn-61826.exe	29
PID 2216 wrote to memory of 960	2216	Unicorn-61826.exe	29
PID 1704 wrote to memory of 2548	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	30
PID 1704 wrote to memory of 2548	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	30
PID 1704 wrote to memory of 2548	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	30
PID 1704 wrote to memory of 2548	1704	df9829806ca47602c9d2f20d7b8b98e6.exe	30
PID 2548 wrote to memory of 2516	2548	Unicorn-59148.exe	31
PID 2548 wrote to memory of 2516	2548	Unicorn-59148.exe	31
PID 2548 wrote to memory of 2516	2548	Unicorn-59148.exe	31
PID 2548 wrote to memory of 2516	2548	Unicorn-59148.exe	31
PID 2216 wrote to memory of 2604	2216	Unicorn-61826.exe	32
PID 2216 wrote to memory of 2604	2216	Unicorn-61826.exe	32
PID 2216 wrote to memory of 2604	2216	Unicorn-61826.exe	32
PID 2216 wrote to memory of 2604	2216	Unicorn-61826.exe	32
PID 960 wrote to memory of 2652	960	Unicorn-62677.exe	33
PID 960 wrote to memory of 2652	960	Unicorn-62677.exe	33
PID 960 wrote to memory of 2652	960	Unicorn-62677.exe	33
PID 960 wrote to memory of 2652	960	Unicorn-62677.exe	33
PID 2604 wrote to memory of 2360	2604	Unicorn-23818.exe	34
PID 2604 wrote to memory of 2360	2604	Unicorn-23818.exe	34
PID 2604 wrote to memory of 2360	2604	Unicorn-23818.exe	34
PID 2604 wrote to memory of 2360	2604	Unicorn-23818.exe	34
PID 2516 wrote to memory of 2848	2516	Unicorn-38531.exe	35
PID 2516 wrote to memory of 2848	2516	Unicorn-38531.exe	35
PID 2516 wrote to memory of 2848	2516	Unicorn-38531.exe	35
PID 2516 wrote to memory of 2848	2516	Unicorn-38531.exe	35
PID 2652 wrote to memory of 552	2652	Unicorn-39600.exe	37
PID 2652 wrote to memory of 552	2652	Unicorn-39600.exe	37
PID 2652 wrote to memory of 552	2652	Unicorn-39600.exe	37
PID 2652 wrote to memory of 552	2652	Unicorn-39600.exe	37
PID 2548 wrote to memory of 1020	2548	Unicorn-59148.exe	36
PID 2548 wrote to memory of 1020	2548	Unicorn-59148.exe	36
PID 2548 wrote to memory of 1020	2548	Unicorn-59148.exe	36
PID 2548 wrote to memory of 1020	2548	Unicorn-59148.exe	36
PID 960 wrote to memory of 2344	960	Unicorn-62677.exe	38
PID 960 wrote to memory of 2344	960	Unicorn-62677.exe	38
PID 960 wrote to memory of 2344	960	Unicorn-62677.exe	38
PID 960 wrote to memory of 2344	960	Unicorn-62677.exe	38
PID 2360 wrote to memory of 1556	2360	Unicorn-4125.exe	39
PID 2360 wrote to memory of 1556	2360	Unicorn-4125.exe	39
PID 2360 wrote to memory of 1556	2360	Unicorn-4125.exe	39
PID 2360 wrote to memory of 1556	2360	Unicorn-4125.exe	39
PID 2604 wrote to memory of 2256	2604	Unicorn-23818.exe	40
PID 2604 wrote to memory of 2256	2604	Unicorn-23818.exe	40
PID 2604 wrote to memory of 2256	2604	Unicorn-23818.exe	40
PID 2604 wrote to memory of 2256	2604	Unicorn-23818.exe	40
PID 2848 wrote to memory of 2620	2848	Unicorn-60918.exe	41
PID 2848 wrote to memory of 2620	2848	Unicorn-60918.exe	41
PID 2848 wrote to memory of 2620	2848	Unicorn-60918.exe	41
PID 2848 wrote to memory of 2620	2848	Unicorn-60918.exe	41
PID 2516 wrote to memory of 2036	2516	Unicorn-38531.exe	42
PID 2516 wrote to memory of 2036	2516	Unicorn-38531.exe	42
PID 2516 wrote to memory of 2036	2516	Unicorn-38531.exe	42
PID 2516 wrote to memory of 2036	2516	Unicorn-38531.exe	42
PID 1020 wrote to memory of 956	1020	Unicorn-20.exe	43
PID 1020 wrote to memory of 956	1020	Unicorn-20.exe	43
PID 1020 wrote to memory of 956	1020	Unicorn-20.exe	43
PID 1020 wrote to memory of 956	1020	Unicorn-20.exe	43

C:\Users\Admin\AppData\Local\Temp\df9829806ca47602c9d2f20d7b8b98e6.exe
"C:\Users\Admin\AppData\Local\Temp\df9829806ca47602c9d2f20d7b8b98e6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15636.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19531.exe
        9⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
        10⤵
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10651.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2499.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
        10⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44798.exe
        8⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        9⤵
        
        PID:1100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 188
        10⤵
        Program crash
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65329.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15639.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
        10⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
        11⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
        10⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
        8⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        9⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27357.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45416.exe
        11⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7773.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16513.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32359.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        8⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5286.exe
        10⤵
        
        PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16215.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39998.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30564.exe
        12⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
        11⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22941.exe
        12⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45774.exe
        11⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        11⤵
        Program crash
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45877.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28509.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60792.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        12⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21824.exe
        11⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3002.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13604.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64689.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29272.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
        10⤵
        
        PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34079.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7109.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53298.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
        10⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
        9⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
        11⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
        7⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64258.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45732.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
        10⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        11⤵
        
        PID:2436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63627.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19554.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13064.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1378.exe
        12⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54466.exe
        13⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        9⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43506.exe
        10⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
        11⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41690.exe
        12⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33843.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        10⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4102.exe
        7⤵
        Executes dropped EXE
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        7⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6625.exe
        10⤵
        
        PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57929.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28078.exe
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25717.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62852.exe
        10⤵
        
        PID:824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27447.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22333.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
        10⤵
        
        PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7143.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13443.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51861.exe
        9⤵
        
        PID:1824
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 188
        10⤵
        Program crash
        
        PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36553.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3684.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15503.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
        7⤵
        
        PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe

Filesize
184KB

MD5
8a58c23631153c974f551c28b7f257fd

SHA1
5db718f8229978b97c61d53b2ffa6c866716d463

SHA256
664aeb1cce3f983308545ba47689f11926780a5bca5e00bb04e7abef8ccee182

SHA512
224faacb2c2da00a61b5b705bf7c08fb63363d5acb89684d73f3d3b6424ccfdeef500a5ea2521f082859033ca50026a0bcc10c7884fc1ca4a6ab7c39be228ea0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe

Filesize
184KB

MD5
2fcaf3512074d72b3a71163fcbe8e572

SHA1
a65f24da7f00810904ee20fddba3dc7d171128a6

SHA256
bc97d00f9568c73ff06914d628192cc20a4f814842be22c4c3550f30c776e7c1

SHA512
c0e9c778ec66538001940244607781e68a82deb2d89a8321e2073ed7df7a49c5c87bbb0a2575d3613a1d7fdb5fa61ede3ea6f8dc179381d79b5dbba6b533cc1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe

Filesize
184KB

MD5
4c2573e87ed06099f83871bb43742468

SHA1
9cb535273dbeb5a547f464f233a8b574ccb755c9

SHA256
1e6e38f79e6a1e722a2c7f8710c80e24f596a1d340ebafce8bbf7ba0e92aa613

SHA512
c46da3aa314dc8c17b1355c21868ab2e2b700dffbc51ea6be42b264be372b18419374b550034fcd86b17c9d313a34b578301be9a6be658a563b0848fb31a5fce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe

Filesize
184KB

MD5
8d756c3308db6e3ca1a9f3bd59ce6430

SHA1
45b8b2386d5289757a83b973ea18624c831d0103

SHA256
dcc00cecb50c2fdb67e919c434a80b7aefe06f6496933fb5580242a8ebbe2d6b

SHA512
8edfa11ae6f0b1736b045857cac118e698b5286e9f1b22516d6da1df13a4107dfc49fa7abafe28606d13d4394a2b291b7aa65e15e83f443afc5a32c8ad1387a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10212.exe

Filesize
184KB

MD5
97d840f1d309db921ae29df6b673e404

SHA1
e56355130e60b85c1a1de37d51e40f19ff9c3e4c

SHA256
51ac2ff5f189e04a7d6a3c39822daf2b14e99ae6766967bb5921e3b012db1289

SHA512
eea8fada4e6ada2b8a47b793ecac9d6f8c4f6d8cf4a44a4b780fa193368944d0efcb6d5638da93c863fd65e0b7f953c93a519c2b70d4483679c0b813af2bb7ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe

Filesize
184KB

MD5
9e0785719b5cb4a73561cba638f25cfd

SHA1
826ac4304550d60b149e5d11043c8bad3dd8afbf

SHA256
5f23fea52501fc1cb8e8835f7599c30040bf6edb8a89d2963c443a1b9ad034ed

SHA512
cd629473b65ea3bdce1adb235c1c48fdfb72cc3b9fc1fa244be80cd4e0a644672a404a1fd25a8a54c0e1b22b55e3eaece2eca3b40c4465f293bf95cc52880d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe

Filesize
184KB

MD5
60e41ec4c549341381d6860b3fbd74a5

SHA1
7aee3581b7954a8fd3d5078ecf3e7bc561c4d13f

SHA256
7113d2f34c4d0343429719db9c36e424e31ee024b75ac21759e64282362d2fee

SHA512
59939a33f407cef7e8f6555fcd7b923c274005240e8e29050e803643d447398d075023b6c6a1b005e8016679d14a385eea73d457ce5fc83b14ebb366d7962c73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20.exe

Filesize
184KB

MD5
1001a316b665bc8ca1e02de30d975773

SHA1
a71e31939272d25d36ebe39da6320b87980080c9

SHA256
3d9adade16fc93916aa5c24e61723da2795cb7c35ae725af3cb643825b1468ef

SHA512
20454ea5482b0e2e90243fa714b131270d79bf365b5f3f33c547d7e19df2698aae9098e920bd00272f8b4c81b56ad0f7f97d5e5f4302286f8bd51bd0fb640884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21505.exe

Filesize
184KB

MD5
ae925de2d7d89630953f83ec04411d74

SHA1
eab49cfc443b1bda519840158d9bf991d9e80b32

SHA256
cd9925597abbdcd0358e484d93f64ea54dc9df4f10a99e5883fffdad7e648f83

SHA512
169c281919606803d4e2962f2a64eba3ccdd26e7f1446d76d70e8836cf28e4ce25f66f7f40168dfed1d411485f9680b677246920c4db182300650858edf3eff4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe

Filesize
184KB

MD5
58c8f43d983caaf382810838a27e1f9f

SHA1
28edfb5af4acc959fe414ebbbd5978b778f2fb75

SHA256
3dd89b65879bffe847fd43a58a10820c398f586d5d5d47f2effc606302a35f24

SHA512
23e13cfabd5c73118dec9a7bd7003bca6988eed74cd4f441ae6fa31f3a246848c1321dcd91c3564f8b8391e2dbec752cd729b4ef77328a87b7253500d93b54e0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34202.exe

Filesize
184KB

MD5
15690bf852e43778bdada0538e660544

SHA1
151a6ffbac5615f91a743b03ca73655ec015ef5b

SHA256
b3f35539d951418545a40e6f8a16447de6e8c7c4ff70d418beef80dbeecfdbec

SHA512
edf9b49276f5254037ffc43676a35fd53313a263fc05eaa29d0ac7bb4fe25e601bf9525f7e0a8202f35281476aff285c5b1f35e9bfba38d7db9b61e3f6426054

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe

Filesize
184KB

MD5
ff73141640ad5e2e39fe00daf8e7096e

SHA1
4f914c09b94e681e67f005a66d9f67511f5a4812

SHA256
f8b7efd65009da7f7d1347a73d379e818caf7fe2e444579d79cf3e80a493194c

SHA512
e850bd80f46608b553d3532f0e6e6c0b5d9938c25bc463241b26ee53f0725a42b264fb087c6c16f35f04017363262d46bd7633de6b3f5bd42e1c7e296029ccf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe

Filesize
184KB

MD5
8e538c2bf01abcee717fcd16d06c7781

SHA1
cffa5dcb498b254778de6c6671e08b28475f6937

SHA256
307131c70abfae499c40c0a56422041acc46196a708c1270a4cbe005c78488d6

SHA512
22d24b1868ae5fc9e78fd3c054eff45c3741d19792e58dcaf079916d2e55f9ff0f4bbb2bcdd36b94a50320007f4da7c98787a314d2a7e1212abc8c69d004f89a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe

Filesize
184KB

MD5
afc16318aab8aea27ef958628db309b7

SHA1
de9f15a237d691b7c9da80e65dc19316eada8e9a

SHA256
34284b588bbca688ca32803e96c98c998451f07d5c10e62872cc4d7c0714853b

SHA512
96eaa65f4ef7937f65160ea90e22ba164865e311a959f7706c931d52d0edb6516d5d665fa92cd8441a4cdfa4544e6397ca0fc330ade108ad5d0db911d4838297

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe

Filesize
184KB

MD5
609e5e6c247f29b527074f4e59aa1fb0

SHA1
47b75e553c6d1181d39b82cd68953400ada4e820

SHA256
d0d0c81a449b8ceec9a73d6c5839eab5a47ef654a2b04d18c924547543d49dc8

SHA512
b952ee938e34e94ed7c5b485f0b89a8bcc0196cc23b352ab9eb67eca49a1a9e25166eb92c03764489bd271ebb520df5f3a6767ec113da74fea994d0bf2d66d7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45817.exe

Filesize
184KB

MD5
179f6877564b3dfd2da9fd4f42368e21

SHA1
47dd49fd195c80d105d986dca32e258e4e386c63

SHA256
ee5d8c81c8bdee8091c9b65b0489444febc6f0123f4a03fc2b258238f7b8b4ad

SHA512
380b5a4bc60ed850b9805fecd7aeb505b9d1f73ca4976669360bd3828f592fa6b86b06784ad63b4a01a993014f9cf5aa1669844170fe0f62ac39c6ce455b4969

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5251.exe

Filesize
184KB

MD5
c5ca7e86ef447146143e2178c8605153

SHA1
d1a4309fb122f76d3761a5dfd30cb076816929bf

SHA256
1b4bb938b977b6f6c3f41a883e0e842cc5470b96c2c459047e3ab7011d233116

SHA512
d90a4c1766c2fa8f4a7ae3f76cd90af57abe5e4e058e117e7e67a65110c4e1f7bfc2b8c5ece5f27e68c6a6a1e16d91f320c165c733a170c93f8d8e6676573716

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59148.exe

Filesize
184KB

MD5
d3bafe385c355fd912dc761912d843b0

SHA1
03790081daab25aabde2dda5b6b213eb5143ce67

SHA256
d339995f0310fbde4b1e66ac20eee4436be9174fb666f672b6da1576fcf8aa07

SHA512
240e006be2ef9751f07dc9f48a65416ddfe2dd3b7228159a466518ed3d314a852e5025689713904350f89788cccd6e1fde54972d71c892982f8dbafdb7470cda

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60918.exe

Filesize
184KB

MD5
96246563cb3642140d9fca3632ccf6ee

SHA1
b19ad7076f2b788216353337d83ba8a38783ab7b

SHA256
070ffdb7f7e4e39c4ab9f8a98fa20c3ac2708756aff20419117ac0d0776f467a

SHA512
04a38020e8f3269002d698f59c4d46002332e96a120567a4f3fe9529a8015b18495e63da9b0401338181f7dfafb76ea68c3dbb75351dc081ec16b5d4c6bfb97e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe

Filesize
184KB

MD5
1793579fb7b5994e93cbd9e3d7785926

SHA1
a412475ae2d4d33681d55dafb207213c54bee522

SHA256
940e1b183dd877aacfc7e26902efa27f9caccb8896ffe0b5ae303ab326a2884e

SHA512
8ec52e76dc3dbd795e53c63296e8c7d344b00503b8c8e31239a5b28bc015b170a69164ec0b15b2d4261c9c34bb9684b1b87b6be8266915bda368ca2a06b55a77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62677.exe

Filesize
184KB

MD5
b6bedacb40b0e836d831de01f3a43f98

SHA1
b8d62e1405a2f984e84db1e876f47b38fa5ca614

SHA256
a88a2190eacfc385b4f729e5aaa6822050b7820090b1c7b7220d1f2a32aab00b

SHA512
cf2d78b8e6ed28349c4b633196c8d397f7b849a6e98f816c9df1951f28554dea8532451fd53f7146e0f95dad36741c9e9d95b12b33678d9cc16fd1e1171113a2

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads