545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef

Analysis

max time kernel
38s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 21:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
Size

184KB
MD5

44457118993f5de1ad32d21b6234e772
SHA1

60e36253d0a81804b444cdb4078c11fb5580308c
SHA256

545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef
SHA512

201a8ab79e2da6a27d697b3303de8d94e775783823b79b2ed0551e4c31cad58fe4308d82e8472bc16e38eed03c90d66dd572456c40bbe6fd1f1759ef9820d3be
SSDEEP

3072:OPD6fxoxHF0BHer6WkPidNE7lvnqnviu2:OPUoEVerQiHE7lPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 48 IoCs

pid	Process
2216	Unicorn-64188.exe
1728	Unicorn-23793.exe
2672	Unicorn-43659.exe
2848	Unicorn-16187.exe
2468	Unicorn-61858.exe
2632	Unicorn-32614.exe
2504	Unicorn-8018.exe
2956	Unicorn-37266.exe
2780	Unicorn-8385.exe
2980	Unicorn-43872.exe
2920	Unicorn-24006.exe
1960	Unicorn-4977.exe
2004	Unicorn-27536.exe
1776	Unicorn-57997.exe
1720	Unicorn-42480.exe
1056	Unicorn-400.exe
1640	Unicorn-59450.exe
1032	Unicorn-24905.exe
2324	Unicorn-3093.exe
2440	Unicorn-51931.exe
2312	Unicorn-45801.exe
2880	Unicorn-5444.exe
3060	Unicorn-51116.exe
2012	Unicorn-43961.exe
2136	Unicorn-15842.exe
1812	Unicorn-33025.exe
2196	Unicorn-52891.exe
1988	Unicorn-21973.exe
1628	Unicorn-3560.exe
1668	Unicorn-28086.exe
2068	Unicorn-21012.exe
1664	Unicorn-42830.exe
2360	Unicorn-39316.exe
888	Unicorn-59527.exe
1708	Unicorn-36445.exe
1616	Unicorn-62725.exe
2544	Unicorn-22138.exe
2648	Unicorn-36720.exe
2060	Unicorn-25428.exe
2772	Unicorn-45029.exe
2080	Unicorn-19537.exe
2028	Unicorn-41739.exe
3024	Unicorn-5054.exe
2596	Unicorn-46647.exe
2476	Unicorn-30520.exe
2240	Unicorn-39164.exe
2512	Unicorn-59938.exe
2424	Unicorn-39082.exe

Loads dropped DLL 64 IoCs

pid	Process
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2216	Unicorn-64188.exe
2216	Unicorn-64188.exe
2216	Unicorn-64188.exe
2672	Unicorn-43659.exe
2672	Unicorn-43659.exe
2216	Unicorn-64188.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
1728	Unicorn-23793.exe
1728	Unicorn-23793.exe
2468	Unicorn-61858.exe
2468	Unicorn-61858.exe
2216	Unicorn-64188.exe
2216	Unicorn-64188.exe
2848	Unicorn-16187.exe
2672	Unicorn-43659.exe
2848	Unicorn-16187.exe
2672	Unicorn-43659.exe
2632	Unicorn-32614.exe
2632	Unicorn-32614.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2504	Unicorn-8018.exe
2504	Unicorn-8018.exe
1728	Unicorn-23793.exe
1728	Unicorn-23793.exe
2956	Unicorn-37266.exe
2956	Unicorn-37266.exe
2780	Unicorn-8385.exe
2780	Unicorn-8385.exe
2216	Unicorn-64188.exe
2216	Unicorn-64188.exe
2468	Unicorn-61858.exe
2468	Unicorn-61858.exe
2672	Unicorn-43659.exe
2920	Unicorn-24006.exe
2672	Unicorn-43659.exe
2920	Unicorn-24006.exe
2848	Unicorn-16187.exe
2848	Unicorn-16187.exe
2980	Unicorn-43872.exe
2980	Unicorn-43872.exe
2632	Unicorn-32614.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2632	Unicorn-32614.exe
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
1960	Unicorn-4977.exe
1728	Unicorn-23793.exe
1728	Unicorn-23793.exe
1960	Unicorn-4977.exe
1720	Unicorn-42480.exe
1720	Unicorn-42480.exe
2956	Unicorn-37266.exe
2956	Unicorn-37266.exe
1640	Unicorn-59450.exe
1640	Unicorn-59450.exe
1776	Unicorn-57997.exe
1776	Unicorn-57997.exe
2216	Unicorn-64188.exe
2216	Unicorn-64188.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1556	1056	WerFault.exe	43

Suspicious use of SetWindowsHookEx 28 IoCs

pid	Process
2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
2216	Unicorn-64188.exe
2672	Unicorn-43659.exe
1728	Unicorn-23793.exe
2468	Unicorn-61858.exe
2848	Unicorn-16187.exe
2632	Unicorn-32614.exe
2504	Unicorn-8018.exe
2956	Unicorn-37266.exe
2780	Unicorn-8385.exe
2920	Unicorn-24006.exe
2980	Unicorn-43872.exe
2004	Unicorn-27536.exe
1960	Unicorn-4977.exe
1776	Unicorn-57997.exe
1720	Unicorn-42480.exe
1056	Unicorn-400.exe
1640	Unicorn-59450.exe
1032	Unicorn-24905.exe
2324	Unicorn-3093.exe
2880	Unicorn-5444.exe
2136	Unicorn-15842.exe
2196	Unicorn-52891.exe
2012	Unicorn-43961.exe
1812	Unicorn-33025.exe
2312	Unicorn-45801.exe
1664	Unicorn-42830.exe
3060	Unicorn-51116.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2216	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	28
PID 2208 wrote to memory of 2216	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	28
PID 2208 wrote to memory of 2216	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	28
PID 2208 wrote to memory of 2216	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	28
PID 2208 wrote to memory of 1728	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	29
PID 2208 wrote to memory of 1728	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	29
PID 2208 wrote to memory of 1728	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	29
PID 2208 wrote to memory of 1728	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	29
PID 2216 wrote to memory of 2672	2216	Unicorn-64188.exe	30
PID 2216 wrote to memory of 2672	2216	Unicorn-64188.exe	30
PID 2216 wrote to memory of 2672	2216	Unicorn-64188.exe	30
PID 2216 wrote to memory of 2672	2216	Unicorn-64188.exe	30
PID 2672 wrote to memory of 2848	2672	Unicorn-43659.exe	32
PID 2672 wrote to memory of 2848	2672	Unicorn-43659.exe	32
PID 2672 wrote to memory of 2848	2672	Unicorn-43659.exe	32
PID 2672 wrote to memory of 2848	2672	Unicorn-43659.exe	32
PID 2216 wrote to memory of 2468	2216	Unicorn-64188.exe	31
PID 2216 wrote to memory of 2468	2216	Unicorn-64188.exe	31
PID 2216 wrote to memory of 2468	2216	Unicorn-64188.exe	31
PID 2216 wrote to memory of 2468	2216	Unicorn-64188.exe	31
PID 2208 wrote to memory of 2632	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	33
PID 2208 wrote to memory of 2632	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	33
PID 2208 wrote to memory of 2632	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	33
PID 2208 wrote to memory of 2632	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	33
PID 1728 wrote to memory of 2504	1728	Unicorn-23793.exe	34
PID 1728 wrote to memory of 2504	1728	Unicorn-23793.exe	34
PID 1728 wrote to memory of 2504	1728	Unicorn-23793.exe	34
PID 1728 wrote to memory of 2504	1728	Unicorn-23793.exe	34
PID 2468 wrote to memory of 2956	2468	Unicorn-61858.exe	35
PID 2468 wrote to memory of 2956	2468	Unicorn-61858.exe	35
PID 2468 wrote to memory of 2956	2468	Unicorn-61858.exe	35
PID 2468 wrote to memory of 2956	2468	Unicorn-61858.exe	35
PID 2216 wrote to memory of 2780	2216	Unicorn-64188.exe	36
PID 2216 wrote to memory of 2780	2216	Unicorn-64188.exe	36
PID 2216 wrote to memory of 2780	2216	Unicorn-64188.exe	36
PID 2216 wrote to memory of 2780	2216	Unicorn-64188.exe	36
PID 2848 wrote to memory of 2980	2848	Unicorn-16187.exe	37
PID 2848 wrote to memory of 2980	2848	Unicorn-16187.exe	37
PID 2848 wrote to memory of 2980	2848	Unicorn-16187.exe	37
PID 2848 wrote to memory of 2980	2848	Unicorn-16187.exe	37
PID 2672 wrote to memory of 2920	2672	Unicorn-43659.exe	38
PID 2672 wrote to memory of 2920	2672	Unicorn-43659.exe	38
PID 2672 wrote to memory of 2920	2672	Unicorn-43659.exe	38
PID 2672 wrote to memory of 2920	2672	Unicorn-43659.exe	38
PID 2632 wrote to memory of 1960	2632	Unicorn-32614.exe	39
PID 2632 wrote to memory of 1960	2632	Unicorn-32614.exe	39
PID 2632 wrote to memory of 1960	2632	Unicorn-32614.exe	39
PID 2632 wrote to memory of 1960	2632	Unicorn-32614.exe	39
PID 2208 wrote to memory of 1776	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	40
PID 2208 wrote to memory of 1776	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	40
PID 2208 wrote to memory of 1776	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	40
PID 2208 wrote to memory of 1776	2208	545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe	40
PID 2504 wrote to memory of 2004	2504	Unicorn-8018.exe	41
PID 2504 wrote to memory of 2004	2504	Unicorn-8018.exe	41
PID 2504 wrote to memory of 2004	2504	Unicorn-8018.exe	41
PID 2504 wrote to memory of 2004	2504	Unicorn-8018.exe	41
PID 1728 wrote to memory of 1720	1728	Unicorn-23793.exe	42
PID 1728 wrote to memory of 1720	1728	Unicorn-23793.exe	42
PID 1728 wrote to memory of 1720	1728	Unicorn-23793.exe	42
PID 1728 wrote to memory of 1720	1728	Unicorn-23793.exe	42
PID 2956 wrote to memory of 1056	2956	Unicorn-37266.exe	43
PID 2956 wrote to memory of 1056	2956	Unicorn-37266.exe	43
PID 2956 wrote to memory of 1056	2956	Unicorn-37266.exe	43
PID 2956 wrote to memory of 1056	2956	Unicorn-37266.exe	43

C:\Users\Admin\AppData\Local\Temp\545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe
"C:\Users\Admin\AppData\Local\Temp\545aaa6725eb1c253e3736db63fed9d1a3cda969076a0f6ffd15ebef6bf1bfef.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62725.exe
        7⤵
        Executes dropped EXE
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
        7⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48282.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
        7⤵
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39164.exe
        6⤵
        Executes dropped EXE
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        6⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19537.exe
        5⤵
        Executes dropped EXE
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22658.exe
        5⤵
        
        PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        5⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
        5⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13996.exe
        5⤵
        
        PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
        5⤵
        
        PID:3808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51931.exe
        5⤵
        Executes dropped EXE
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22138.exe
        5⤵
        Executes dropped EXE
        
        PID:2544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24768.exe
        5⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57930.exe
        5⤵
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        5⤵
        
        PID:1136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
        5⤵
        
        PID:544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
        5⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
        5⤵
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45801.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe
        5⤵
        
        PID:492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        5⤵
        
        PID:3852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
      4⤵
      Executes dropped EXE
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
      4⤵
      PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39719.exe
      4⤵
      PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26534.exe
      4⤵
      PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14012.exe
      4⤵
      PID:3112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61858.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61858.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-400.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1056
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
        6⤵
        Program crash
        
        PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3560.exe
        5⤵
        Executes dropped EXE
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
        6⤵
        
        PID:704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        6⤵
        
        PID:1044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9624.exe
        6⤵
        
        PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
        5⤵
        Executes dropped EXE
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44195.exe
        5⤵
        
        PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
        5⤵
        
        PID:2516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35543.exe
        5⤵
        
        PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5844.exe
        5⤵
        
        PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
        5⤵
        Executes dropped EXE
        
        PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44033.exe
        5⤵
        
        PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55599.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        5⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13983.exe
        5⤵
        
        PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        5⤵
        
        PID:3512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59527.exe
      4⤵
      Executes dropped EXE
      PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25507.exe
      4⤵
      PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
      4⤵
      PID:684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43332.exe
      4⤵
      PID:1740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64988.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
      4⤵
      PID:3564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
        5⤵
        
        PID:1520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10631.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17024.exe
        5⤵
        
        PID:696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
        5⤵
        
        PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
      4⤵
      Executes dropped EXE
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      4⤵
      PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50912.exe
      4⤵
      PID:3120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
      4⤵
      Executes dropped EXE
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
      4⤵
      Executes dropped EXE
      PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
      4⤵
      PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3637.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
      4⤵
      PID:1004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24209.exe
      4⤵
      PID:3904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42830.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11982.exe
    3⤵
    PID:2988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe
    3⤵
    PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19336.exe
    3⤵
    PID:1104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
    3⤵
    PID:3056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
    3⤵
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
    3⤵
    PID:3480
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
      4⤵
      Executes dropped EXE
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12512.exe
        5⤵
        
        PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54863.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3907.exe
        5⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        5⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33118.exe
        5⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60190.exe
        5⤵
        
        PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
        5⤵
        
        PID:3728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      4⤵
      PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8926.exe
      4⤵
      PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36361.exe
      4⤵
      PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
      4⤵
      PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14079.exe
      4⤵
      PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
      4⤵
      PID:3376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35667.exe
      4⤵
      PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42480.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
      4⤵
      Executes dropped EXE
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32408.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
      4⤵
      PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45029.exe
    3⤵
    - Executes dropped EXE
    PID:2772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
    3⤵
    PID:780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32729.exe
    3⤵
    PID:3000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23560.exe
    3⤵
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
    3⤵
    PID:2744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32882.exe
    3⤵
    PID:3404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12131.exe
    3⤵
    PID:3956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52891.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16359.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51467.exe
        5⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20451.exe
        5⤵
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        5⤵
        
        PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
      4⤵
      Executes dropped EXE
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53933.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60836.exe
      4⤵
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
      4⤵
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
      4⤵
      PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11179.exe
      4⤵
      PID:3672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58828.exe
      4⤵
      PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
      4⤵
      PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
      4⤵
      PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11752.exe
      4⤵
      PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
    3⤵
    - Executes dropped EXE
    PID:2424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
    3⤵
    PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34401.exe
    3⤵
    PID:2448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58085.exe
    3⤵
    PID:1828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28682.exe
    3⤵
    PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
    3⤵
    PID:3932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21012.exe
    3⤵
    - Executes dropped EXE
    PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29864.exe
    3⤵
    PID:2996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
    3⤵
    PID:1736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40337.exe
    3⤵
    PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
    3⤵
    PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31049.exe
    3⤵
    PID:1680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51360.exe
    3⤵
    PID:3572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
    3⤵
    - Executes dropped EXE
    PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64401.exe
    3⤵
    PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46995.exe
    3⤵
    PID:596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
    3⤵
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
    3⤵
    PID:2104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
    3⤵
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12289.exe
    3⤵
    PID:3800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
  2⤵
  - Executes dropped EXE
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57025.exe
    3⤵
    PID:576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
    3⤵
    PID:1020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
    3⤵
    PID:3472
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60215.exe
  2⤵
  PID:2316
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35254.exe
  2⤵
  PID:1992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
  2⤵
  PID:1764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56868.exe
  2⤵
  PID:2272
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
  2⤵
  PID:3204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25752.exe
  2⤵
  PID:3768

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe

Filesize
184KB

MD5
a52f7cc155cf29ca76538717cb106c54

SHA1
aaa0f0db05b9860f6886766fce18934ee5515348

SHA256
9160290f485eedca560c34934c282b827564ed651c32e74f4a3eed7587a177fa

SHA512
55f3973504479ac0380161a75f83ec1b964808bcb0b3c8858e88bcc880545170e184f689b516978411aae31db2ac266127b6baa0ebbe21e4d66f7b4fd720a677

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe

Filesize
184KB

MD5
f5b4869bc63f2e750cd2954c25e83918

SHA1
1afcbd325f4c6310b296dec6af3c6363e88592da

SHA256
c376fba79f715c31af477a901e16b272f582ba502efbe01e68ccb2fce6211265

SHA512
bdcb80f1801b58c7ade8e3d8fbbb8f1f92d878b155173090fc22de49be6c469a8b8aba38677e972756ea5ba69bec43d8fac54176d51565df10acc3bbd316c7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2168.exe

Filesize
184KB

MD5
3f9dba7e137870926904958f7064ec39

SHA1
cbf4c044ffe2af96e70f409ddb4acc456ad18c94

SHA256
47de38d6d86e711cad833b612b4f32a579406109366586a5dffd31a686211f47

SHA512
c65da8100599761b76f2018342075f9c0b04a01a2625fac9af55afe3af7132a5b48b1afedb0dda96fe80f128c2780928e978a926799b2a84ae5a8110d7037c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe

Filesize
184KB

MD5
dd6fccd1a21cd6f0ff02fdc14a33aa38

SHA1
5f1c8a7bb63503eed0c935685260a1fb74e2649b

SHA256
e576d695fce4e58f5cfbb68806935d3f2f86c1da57a61997ab8fd9676d85750d

SHA512
2b316516dded027ec4268538ef93c7d8b94c6d1c323d7c5e6ed792d59a86228fbc742e819756104ba4c641e8af9d40cfbd056fd13cb0cda8b53c68b8ae4b976e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe

Filesize
184KB

MD5
c6b36891671ce2e99d058159b93b01ff

SHA1
e924fd432f36608a02fe73f326856e90f6422e7f

SHA256
49eeb65b8d7adf5d13bcbe7269553d10dc39276ee99db74c300d067ca906ded6

SHA512
f67d78e9ce93122147370387c679f568cb38348810be310b5a37991cb26090696eff55e68650c6d91df6da91008d27839f68eb4bd8f23a2236f8948bf8fb7045

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27536.exe

Filesize
184KB

MD5
55c655a085446ff695faec4be3c15c14

SHA1
e5bf5fa15fc54a2ab0c1f31f4d900879701aa454

SHA256
11339c47ddc2ea149295a901de5c04daf48ecb72340a18ceb26a00086ffdfbbe

SHA512
f478d63cb2cd561a3b04025d9a90608fe96e4aff447c13835cfe9f697741a61401cf9bd3f74df28417d4a10cf6b039e0f0d474e7c694a636fa3c9a8cb5d4c3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37787.exe

Filesize
184KB

MD5
456bf56d72747ad046a9e9308133a19c

SHA1
94bb818e66d84ff708feabeda3ad38738b177cf4

SHA256
7509d2f51bab7215e249f452961bb4534febf9ff6189510200f7c05419da7d2e

SHA512
9613a5f3e1f429c5e3fb973e56c1e13da84919fae7cb27d44620acba945ae859abe37f44bf5dabb66e34442f93aa880aa0b8ca669edffc45007a599577c761d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42480.exe

Filesize
184KB

MD5
5cae85fc0e1210ea0448f0a9c27eebef

SHA1
60c11f4cb94153bc19af6d0270c8402cf2593451

SHA256
1738608aed0d2d0d469907dafce9d3310927990bff86fbe6fdcb2d0aa7d42848

SHA512
7a4b8b0be945da4bdcca23220651fccae2586cdd2247ae422df3422ee4a1da2c905dd48755a0ae4c270e1276e8f0f4005a22a233776ea92c75f15cd39074dd81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43659.exe

Filesize
184KB

MD5
db2a9e580f348fefc454dc063f7f1f64

SHA1
1f36e9f59aad494b24fd2b39ed6afb7879ae4dd2

SHA256
b6fe2b2170ddf1b9b322910304d894664372b57fbbcd5b79e74008aee3c569d4

SHA512
44ab6ee9b63533771cfbceb7d00b117625a30f1b485faf57568dd1790a3fe8db93a2870b5f720d31f4ce5b4a76efcf0e87579de59b4e36c063b54eb48dbe56e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5444.exe

Filesize
184KB

MD5
6d11c410acf95ee6ceeb09e2dbddbb85

SHA1
6add2fd56621b51bcc3bcb7c1e61b7b75f529b58

SHA256
8cecdc8ee80dbe2a829a2733b102cdd5560c75136dadc85e5eeb0cb858330f87

SHA512
d0ec1b28c4b7c0fcc1d6e9bf247a3d356d152007290ed8d9659abea5818753cd63b1713922d4363738ef03c82ebbf1dd7d0eff47e14930f068f0dc9595142cf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe

Filesize
184KB

MD5
02c096b65c67bc36ba0efc14ba275483

SHA1
905811b38b181facc2d39b93e10221837020a5f1

SHA256
49e1801d3019a78c058c17d5dd0fea1202f89e7dfd044391e0ab8147157702f8

SHA512
28c8d6f551d6a151d21678ea1e54de9fa3dd530e81658aab0df97c3d1820eb34d41001b04d6c2a0896c8e2e7ad22f21f05409da6a76c9b1b1614c484866ed409

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe

Filesize
184KB

MD5
705fc2978cbabf19bd7c923e71bce4fc

SHA1
e16ca49a2d1298bc3d43a201f77ef997eaa2bcc0

SHA256
0a76888391ed66b4815e61e84185439026730ef73460384511db8bd0ae96e819

SHA512
b623dd15ab465d584e2592da2cb6a248eb89668400fcafafe949a91deec3749414cce3940f6f2fe0231e8f0345bdefcfc3391754a1e62f92c1c3407fb4950544

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe

Filesize
184KB

MD5
b44e6bd984a8c498f0dde21b13f026a9

SHA1
0f2e4fb02f6f313dc584eb2ff3f25e0225be56ae

SHA256
94082541f05ff95f4744bf6890410786d8c8a55f3b2b12f90fa5fb17034076c3

SHA512
f0eece88728446a334de68b01ef2b70e79009178e11f36957fd45795d9ea30295eb93072593302ba62ccc69c78b02e60e58d39809b2fdfef73fdfed09ed076e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe

Filesize
184KB

MD5
b709698fdeb06b9e33a0ddac4469381a

SHA1
b6cf3eb72f3520f71e060cfcd970066970656f71

SHA256
b4ba3d9127c7afdedc12de80295403fc586422aca124cd0fa06475ca907ca991

SHA512
5bf85b35556dfd48953ca6abd6401a86b10c2382a14d4fb5130b69e67cd3d8c5f476b0083134ba74364cebcd2162a743206c80fe38f4db79bce8c4b3e830cf42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe

Filesize
184KB

MD5
ddbbd53c846fd61782b00eb3c8b949a5

SHA1
256c62a93434e2810a72a7971b6655ca0bf018b8

SHA256
63f64431519e402f966ac4059454119629f50a74219d9e9ca1dc341c225a64d8

SHA512
8821707b3d9bb33ff556cbe41e0e5c2bec415c6e745f4796f681a38413178147071e410b00558c8125db689be0c886a2c12739eb0263c4c119be5bbc49bd22db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-400.exe

Filesize
184KB

MD5
0c447f8b0e8b39866e5b6abd5675cd31

SHA1
2440ca595ac2bed4d8cb028af817c622e4127f01

SHA256
6b8cd0ca0c6b20c40bb6b6c09efb8573bf2002630704f38c5263a010b0507ce9

SHA512
5290f351ed14107056107357624435ab2b77b83fa737c3b1b9a6d48bbd1e4fffa98d4b96b6e6bfa68a5e14adf92c33f90d7ae9d76ec22889d671ee20354f3a48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe

Filesize
184KB

MD5
53787077e50f9676aefc1029affde0bf

SHA1
c4671d3c30583b10329ffb708484094c1e671583

SHA256
0dc141aa5239c736e2913b24cabc5483f56d4f3bf4af4194af5c1c69a6d83410

SHA512
8fdd7becb0381e5235c0d050350559ea2dc60829b1eb7b40197e9687adba13f8a9dcbd0bfc96fec6917883af500ea5b262729942990675e052d68e26cce8e7ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4977.exe

Filesize
184KB

MD5
827d81acc469889d041697ba53bbfcd6

SHA1
ad9823c00cc228948b778581427d34d3f14b5d94

SHA256
62b776b237651289fc2a165f7722218f3054237f136c9b54ebeb9edb99a18095

SHA512
1faab683bc349cb767765a6df429aed026727066fd9cf6fd85cfe6dbee5399f3cecdc1dc363a632f5b9d12d96b6009a23ba694de4c419165f7b60ed193aae5ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59450.exe

Filesize
184KB

MD5
a69ab03f6c1d68f75c8ae4cbdee72424

SHA1
9ee7b343d55aedf2c1699269a4be3b040838caf9

SHA256
2666c530864c98bd362736c49e1f19f8f445ef149876606123679ab0eb943d7e

SHA512
2bd812a1598b02e715757753baa7710794880b24704469b0f7836b988c533c2a6ba2785ded4af67ad5e4a3adab304e812b5270d2900ad3033b3822022158dadb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61858.exe

Filesize
184KB

MD5
c104ac6bac798c50ca7dd2a000bf1094

SHA1
c222c043192c078061a7176bb26a4f059c233657

SHA256
cdf525f047d82b1b60cfec2494a53444e1e646e9208009c020b5ec0f6d8f0c97

SHA512
91f42e09de9e3e49d77f53def9c388c3a1b9ee91a97d6b7ffaaddee7a7fffd12db698552223badc7f47777c78515c4d512d99d5939eca7a6d0d95de1bbee7599

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe

Filesize
184KB

MD5
24bb5763675c4751b5f0150c67410267

SHA1
889b63e0011a38822a3b364d294987db8620d412

SHA256
b57aa20a252e862aa167b8b82b46f2bd99f94497bdf38b9a6b8c248466fa333a

SHA512
9e6f20dd1b5e0a0eefbabe63b35b564e390d09ca1f40e5205ad866b4adb2b8d9ebc4e6a72503c42899af685ccec73f581498ade40fae7fe116f134fc00025075

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8018.exe

Filesize
184KB

MD5
bed2e9b5f6a69d071dd72655276ac57c

SHA1
21c34f1c496c2fc61036b3932bdea004b7e2d1f2

SHA256
b346a41935c644613fe15ae6041ca32df73947293e0bad80bd757be581e08282

SHA512
d75eb427dae47ddd17c1eebcdad716273ead9d93fc57e63414fea8beb4f1ba408f49caca5e4cac829d90f4c12214d4d607273d0ca16d9dacbd05d89267249da9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8385.exe

Filesize
184KB

MD5
28f22763ca4d1d3bd454ac2335cbb92a

SHA1
9f984db3ec9990a074c964cf6fbe2a4725040b82

SHA256
f2b9657f12fdd05a3f45e0372cf642a2b6ac3567c74ca239308670dc6ce0012d

SHA512
cfdc461c8b2bf15c726b540b35f0d20d991e0cc51c42358aad9413fe4128b157f46db86c7dd73b427d3a2b70a2cba25813f379eb0451e37a5bac12fab9e8f448

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads