afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732

Analysis

max time kernel
36s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
16-04-2024 01:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
Size

184KB
MD5

ca16d124b4c6ff44b0c7dbad21af8d70
SHA1

090ff452e4f75a4e5fb8ca65083254b8f92224f3
SHA256

afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732
SHA512

aa1cd30f6996ad38bae0d176a07a69746aadb940e29543996ed73999912076448b8f908965aeaa62c2974474735eb4245a4c398f0c4158c50f5a036a1d8012db
SSDEEP

3072:xEy7wCoHJ8JddjX9Z0t8tQ0olvnqnviu1:xEkoQrjXc820olPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 46 IoCs

pid	Process
2224	Unicorn-64051.exe
2572	Unicorn-13743.exe
2620	Unicorn-33609.exe
2664	Unicorn-18831.exe
2636	Unicorn-24962.exe
2432	Unicorn-7172.exe
2412	Unicorn-52844.exe
1264	Unicorn-16673.exe
320	Unicorn-42474.exe
2336	Unicorn-27289.exe
2188	Unicorn-37726.exe
1568	Unicorn-45619.exe
1596	Unicorn-12270.exe
2708	Unicorn-9413.exe
2516	Unicorn-39843.exe
2728	Unicorn-64076.exe
1728	Unicorn-55834.exe
596	Unicorn-8378.exe
1124	Unicorn-35654.exe
796	Unicorn-59696.exe
1100	Unicorn-58658.exe
312	Unicorn-12986.exe
1940	Unicorn-12721.exe
1324	Unicorn-15400.exe
1284	Unicorn-29135.exe
1484	Unicorn-35266.exe
296	Unicorn-35266.exe
1296	Unicorn-35266.exe
920	Unicorn-13238.exe
772	Unicorn-25548.exe
1636	Unicorn-19369.exe
3004	Unicorn-45414.exe
1072	Unicorn-55434.exe
1672	Unicorn-2013.exe
2240	Unicorn-46364.exe
2384	Unicorn-55294.exe
1764	Unicorn-35428.exe
2508	Unicorn-6020.exe
2144	Unicorn-58767.exe
2544	Unicorn-33965.exe
2672	Unicorn-33965.exe
2560	Unicorn-53566.exe
2616	Unicorn-33965.exe
2420	Unicorn-23032.exe
2520	Unicorn-33965.exe
2748	Unicorn-3431.exe

Loads dropped DLL 64 IoCs

pid	Process
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2224	Unicorn-64051.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2224	Unicorn-64051.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2572	Unicorn-13743.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2572	Unicorn-13743.exe
2224	Unicorn-64051.exe
2620	Unicorn-33609.exe
2224	Unicorn-64051.exe
2620	Unicorn-33609.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2836	WerFault.exe
2664	Unicorn-18831.exe
2664	Unicorn-18831.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2572	Unicorn-13743.exe
2572	Unicorn-13743.exe
2636	Unicorn-24962.exe
2636	Unicorn-24962.exe
2412	Unicorn-52844.exe
2412	Unicorn-52844.exe
2224	Unicorn-64051.exe
2224	Unicorn-64051.exe
1264	Unicorn-16673.exe
1264	Unicorn-16673.exe
2664	Unicorn-18831.exe
2664	Unicorn-18831.exe
2336	Unicorn-27289.exe
2336	Unicorn-27289.exe
2572	Unicorn-13743.exe
2572	Unicorn-13743.exe
1568	Unicorn-45619.exe
1568	Unicorn-45619.exe
2412	Unicorn-52844.exe
2412	Unicorn-52844.exe
2188	Unicorn-37726.exe
2188	Unicorn-37726.exe
1596	Unicorn-12270.exe
2636	Unicorn-24962.exe
2636	Unicorn-24962.exe
1596	Unicorn-12270.exe
2224	Unicorn-64051.exe
2224	Unicorn-64051.exe
2336	Unicorn-27289.exe
2664	Unicorn-18831.exe
2336	Unicorn-27289.exe
2516	Unicorn-39843.exe
2708	Unicorn-9413.exe
2516	Unicorn-39843.exe
2728	Unicorn-64076.exe
2664	Unicorn-18831.exe
2708	Unicorn-9413.exe
2728	Unicorn-64076.exe
2188	Unicorn-37726.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2836	2432	WerFault.exe	34
2104	2544	WerFault.exe	68

Suspicious use of SetWindowsHookEx 25 IoCs

pid	Process
1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
2224	Unicorn-64051.exe
2572	Unicorn-13743.exe
2620	Unicorn-33609.exe
2664	Unicorn-18831.exe
2636	Unicorn-24962.exe
2432	Unicorn-7172.exe
2412	Unicorn-52844.exe
1264	Unicorn-16673.exe
320	Unicorn-42474.exe
2336	Unicorn-27289.exe
2188	Unicorn-37726.exe
1568	Unicorn-45619.exe
1596	Unicorn-12270.exe
2708	Unicorn-9413.exe
2516	Unicorn-39843.exe
2728	Unicorn-64076.exe
596	Unicorn-8378.exe
1124	Unicorn-35654.exe
1100	Unicorn-58658.exe
1940	Unicorn-12721.exe
312	Unicorn-12986.exe
796	Unicorn-59696.exe
920	Unicorn-13238.exe
1324	Unicorn-15400.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 2224	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	28
PID 1976 wrote to memory of 2224	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	28
PID 1976 wrote to memory of 2224	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	28
PID 1976 wrote to memory of 2224	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	28
PID 1976 wrote to memory of 2572	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	29
PID 1976 wrote to memory of 2572	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	29
PID 1976 wrote to memory of 2572	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	29
PID 1976 wrote to memory of 2572	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	29
PID 2224 wrote to memory of 2620	2224	Unicorn-64051.exe	30
PID 2224 wrote to memory of 2620	2224	Unicorn-64051.exe	30
PID 2224 wrote to memory of 2620	2224	Unicorn-64051.exe	30
PID 2224 wrote to memory of 2620	2224	Unicorn-64051.exe	30
PID 1976 wrote to memory of 2664	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	31
PID 1976 wrote to memory of 2664	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	31
PID 1976 wrote to memory of 2664	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	31
PID 1976 wrote to memory of 2664	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	31
PID 2572 wrote to memory of 2636	2572	Unicorn-13743.exe	32
PID 2572 wrote to memory of 2636	2572	Unicorn-13743.exe	32
PID 2572 wrote to memory of 2636	2572	Unicorn-13743.exe	32
PID 2572 wrote to memory of 2636	2572	Unicorn-13743.exe	32
PID 2224 wrote to memory of 2412	2224	Unicorn-64051.exe	33
PID 2224 wrote to memory of 2412	2224	Unicorn-64051.exe	33
PID 2224 wrote to memory of 2412	2224	Unicorn-64051.exe	33
PID 2224 wrote to memory of 2412	2224	Unicorn-64051.exe	33
PID 2620 wrote to memory of 2432	2620	Unicorn-33609.exe	34
PID 2620 wrote to memory of 2432	2620	Unicorn-33609.exe	34
PID 2620 wrote to memory of 2432	2620	Unicorn-33609.exe	34
PID 2620 wrote to memory of 2432	2620	Unicorn-33609.exe	34
PID 2432 wrote to memory of 2836	2432	Unicorn-7172.exe	35
PID 2432 wrote to memory of 2836	2432	Unicorn-7172.exe	35
PID 2432 wrote to memory of 2836	2432	Unicorn-7172.exe	35
PID 2432 wrote to memory of 2836	2432	Unicorn-7172.exe	35
PID 2664 wrote to memory of 1264	2664	Unicorn-18831.exe	36
PID 2664 wrote to memory of 1264	2664	Unicorn-18831.exe	36
PID 2664 wrote to memory of 1264	2664	Unicorn-18831.exe	36
PID 2664 wrote to memory of 1264	2664	Unicorn-18831.exe	36
PID 1976 wrote to memory of 320	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	37
PID 1976 wrote to memory of 320	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	37
PID 1976 wrote to memory of 320	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	37
PID 1976 wrote to memory of 320	1976	afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe	37
PID 2572 wrote to memory of 2336	2572	Unicorn-13743.exe	38
PID 2572 wrote to memory of 2336	2572	Unicorn-13743.exe	38
PID 2572 wrote to memory of 2336	2572	Unicorn-13743.exe	38
PID 2572 wrote to memory of 2336	2572	Unicorn-13743.exe	38
PID 2636 wrote to memory of 2188	2636	Unicorn-24962.exe	39
PID 2636 wrote to memory of 2188	2636	Unicorn-24962.exe	39
PID 2636 wrote to memory of 2188	2636	Unicorn-24962.exe	39
PID 2636 wrote to memory of 2188	2636	Unicorn-24962.exe	39
PID 2412 wrote to memory of 1568	2412	Unicorn-52844.exe	40
PID 2412 wrote to memory of 1568	2412	Unicorn-52844.exe	40
PID 2412 wrote to memory of 1568	2412	Unicorn-52844.exe	40
PID 2412 wrote to memory of 1568	2412	Unicorn-52844.exe	40
PID 2224 wrote to memory of 1596	2224	Unicorn-64051.exe	41
PID 2224 wrote to memory of 1596	2224	Unicorn-64051.exe	41
PID 2224 wrote to memory of 1596	2224	Unicorn-64051.exe	41
PID 2224 wrote to memory of 1596	2224	Unicorn-64051.exe	41
PID 1264 wrote to memory of 2708	1264	Unicorn-16673.exe	42
PID 1264 wrote to memory of 2708	1264	Unicorn-16673.exe	42
PID 1264 wrote to memory of 2708	1264	Unicorn-16673.exe	42
PID 1264 wrote to memory of 2708	1264	Unicorn-16673.exe	42
PID 2664 wrote to memory of 2516	2664	Unicorn-18831.exe	43
PID 2664 wrote to memory of 2516	2664	Unicorn-18831.exe	43
PID 2664 wrote to memory of 2516	2664	Unicorn-18831.exe	43
PID 2664 wrote to memory of 2516	2664	Unicorn-18831.exe	43

C:\Users\Admin\AppData\Local\Temp\afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe
"C:\Users\Admin\AppData\Local\Temp\afd452b9e65c9e9e2f371cf0dbd827fd46906e5fdc6d82de081bddb15c211732.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2432
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
      4⤵
      Executes dropped EXE
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
      4⤵
      PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
        5⤵
        
        PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        5⤵
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        5⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        5⤵
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
      4⤵
      PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29258.exe
      4⤵
      PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
      4⤵
      PID:1528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
      4⤵
      PID:1992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
      4⤵
      PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        6⤵
        Executes dropped EXE
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
        6⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33323.exe
        6⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        6⤵
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
        6⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22690.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62037.exe
        6⤵
        
        PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
        5⤵
        Executes dropped EXE
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
        5⤵
        
        PID:1448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
        5⤵
        
        PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        5⤵
        
        PID:3040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
        5⤵
        
        PID:888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
        5⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
        5⤵
        
        PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16602.exe
        5⤵
        
        PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
      4⤵
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28145.exe
        5⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35450.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2979.exe
        5⤵
        
        PID:2528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10345.exe
      4⤵
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
        5⤵
        
        PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
      4⤵
      PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
      4⤵
      PID:852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
      4⤵
      PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31903.exe
      4⤵
      PID:2028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      4⤵
      Executes dropped EXE
      PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21778.exe
        5⤵
        
        PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55051.exe
        5⤵
        
        PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-179.exe
        5⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
      4⤵
      PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
      4⤵
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63031.exe
      4⤵
      PID:2716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12721.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6020.exe
    3⤵
    - Executes dropped EXE
    PID:2508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
    3⤵
    PID:1632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
    3⤵
    PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42246.exe
    3⤵
    PID:2652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17090.exe
    3⤵
    PID:1244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
    3⤵
    PID:936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
        6⤵
        Executes dropped EXE
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        6⤵
        Executes dropped EXE
        
        PID:2544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
        7⤵
        Program crash
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        6⤵
        
        PID:2696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42666.exe
        6⤵
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
        6⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8091.exe
        6⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25548.exe
        5⤵
        Executes dropped EXE
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        5⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44974.exe
        6⤵
        
        PID:1436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
        6⤵
        
        PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31530.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42760.exe
        5⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28084.exe
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58658.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        5⤵
        Executes dropped EXE
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3431.exe
        5⤵
        Executes dropped EXE
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38958.exe
        6⤵
        
        PID:1824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30496.exe
        6⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        5⤵
        
        PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        5⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        5⤵
        
        PID:656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
        5⤵
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46916.exe
        5⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        5⤵
        
        PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
      4⤵
      Executes dropped EXE
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
      4⤵
      PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
      4⤵
      PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
      4⤵
      PID:1612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
      4⤵
      PID:1288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43580.exe
      4⤵
      PID:864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        5⤵
        Executes dropped EXE
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16636.exe
        5⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
        5⤵
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
        5⤵
        
        PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24980.exe
        5⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19710.exe
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15753.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34387.exe
        5⤵
        
        PID:2252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47850.exe
        5⤵
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59460.exe
      4⤵
      PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19310.exe
      4⤵
      PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
      4⤵
      PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4798.exe
      4⤵
      PID:1808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe
    3⤵
    - Executes dropped EXE
    PID:1728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58767.exe
    3⤵
    - Executes dropped EXE
    PID:2144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19086.exe
      4⤵
      PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
      4⤵
      PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
      4⤵
      PID:1248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-351.exe
    3⤵
    PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54672.exe
    3⤵
    PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
    3⤵
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50362.exe
      4⤵
      PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
    3⤵
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12890.exe
    3⤵
    PID:280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39371.exe
    3⤵
    PID:1936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        5⤵
        Executes dropped EXE
        
        PID:1296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
        5⤵
        Executes dropped EXE
        
        PID:2520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35939.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9430.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
        5⤵
        
        PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18671.exe
        5⤵
        
        PID:1004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
        5⤵
        
        PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
      4⤵
      Executes dropped EXE
      PID:1072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41678.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23329.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
      4⤵
      PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28627.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54691.exe
      4⤵
      PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
      4⤵
      PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
      4⤵
      PID:2816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
      4⤵
      Executes dropped EXE
      PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
      4⤵
      Executes dropped EXE
      PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
      4⤵
      PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
      4⤵
      PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
      4⤵
      PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56307.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
      4⤵
      PID:2076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29135.exe
    3⤵
    - Executes dropped EXE
    PID:1284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23032.exe
    3⤵
    - Executes dropped EXE
    PID:2420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58364.exe
    3⤵
    PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28222.exe
      4⤵
      PID:964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54698.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8844.exe
      4⤵
      PID:1960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34229.exe
    3⤵
    PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19821.exe
    3⤵
    PID:2784
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
    3⤵
    PID:1260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
    3⤵
    PID:844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14940.exe
    3⤵
    PID:1416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
  2⤵
  - Executes dropped EXE
  PID:2240
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
  2⤵
  PID:2156
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31054.exe
  2⤵
  PID:2952
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
  2⤵
  PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
  2⤵
  PID:2012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52595.exe
  2⤵
  PID:1168
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60988.exe
  2⤵
  PID:1536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-12556.exe
  2⤵
  PID:820

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe

Filesize
184KB

MD5
78ac48ac8ba18f126845da7709dc8ab2

SHA1
c411f40163ff48df73f54dd4d87c789fdb42d51e

SHA256
e0e44d1698bf5398ce7c05d2889c214ce3419ff96c076fd2f76ca44b5c28c1ad

SHA512
ed2b0eed1fac4b3b0d11ec8f4eee5c794cc09772b42a80a3f564050066644a30e2567f1a3e57ada70310a9fa708ef4f78df5bfdfb1c36878a04de75a07c8e199

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37726.exe

Filesize
184KB

MD5
6518209280a2482ee131ec49561d8ec0

SHA1
98adf957464ad7a99d4abe3be2a347cc90a115d8

SHA256
895d02d7fc880f19ad6866fec837a415126c5a2bae8f040e5a7a86a3a209879c

SHA512
7bf91a2cab5aa151bf9076e2a4b4a09bd2d54d29f25c202c25c4bc8613e01e8dccc3e99de90118dadbc7a2652f9538065557736ecf7bcb010c59c6d4236821b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe

Filesize
184KB

MD5
f35eb6214a4d7a1c66b6725304ff383d

SHA1
23985b5c509dcab7c1bc16b5900da2bc165b5fe7

SHA256
fb69fb6370a31aa217878e9d709c688138c669c78154805045e0f585996effaa

SHA512
42a9375e4a8b36bebacc1c74b7c32e318ee86eb20b8fe4911b9a9f73e4a5adbeb9aae0aa6548395768da45215040e62eb618c845ebb90ea61f0a3c160b1df978

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe

Filesize
184KB

MD5
2598d784b36c622dde2594e6814edc3a

SHA1
2ab9f3f142c2394266b04fdc945d6792b97ac33d

SHA256
c2a64b12783b3bc0e8af9354c72baf636981c3d4c6cbe04714d490d505276ece

SHA512
2cd828650da53cda982b967f858adc1e310bb68cae67329b03d1d3fc32c09cffee86d1123c972c0230c06a7f394ce549be5f3406c43007cce34502dc431dd35c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52844.exe

Filesize
184KB

MD5
be592c7475de0a8937b8ba6438bac459

SHA1
cd5b64f26ea65505205af11e2a3a6601a9858ceb

SHA256
65e8df7578569234e3fdb582e1b11a781ba31a1efc44c491634cf09eeb0c9d5e

SHA512
0882fd85a351047d1a4775a82db661088b8bc2a3c8176adfcc1b7f96fae2a37d62dac4dadfcc77dcdd2d4861f817d4873923eb7c7c7c24774682989c8dce4ae7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe

Filesize
184KB

MD5
20b34393574ed07c621b82de9b9c8bcf

SHA1
1727d67f1d25a84ce0f86407a52981ab013e7875

SHA256
0c8c597cac61415f19dc59ded483e59884a7ee6fa7a316cc6c226a8baaea7558

SHA512
bf4d95f81ceeb36b0460d019b4c7336d808000e9506be3a8e5e3248f638b25229723a190789ddb004480b2598dde21d5ae919d74d962948839745f2d477ab80b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe

Filesize
184KB

MD5
4019b76a161b635686285e19c3e9b815

SHA1
c4579239f4d000aa9fbb4b048440f5946b773d39

SHA256
54ffb004fa3a56d16304a82e2dfeec242e5d8864227e1998c2a2a5b4e28e0abc

SHA512
a16526bb72ceed05e8e119880cbd29c3e5ea77d8a62c714cf6dae91bbf45f2e9080ca605450fe425fe5a15e8d5deb78cbccc1aabcec92428cadb02a47dfc6d0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12270.exe

Filesize
184KB

MD5
91dd1512c4b2c7373001a7ccfb1b8997

SHA1
1fc2906be7ab9eca2b458850263838b02f169140

SHA256
67c1d2f608580977a0fc39b87b6b1300b67dd34f1fe74cce2f02bd15a21a522e

SHA512
2fdb82fe3d8a53090a015bc171ac235e449db59c2ecf52cddf276ba0e6fd4712bc077dffd191fe4c32736e20c41d4739f2755b7b0f80c3d4cf9f75e2197af9a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe

Filesize
184KB

MD5
f22b34e836eddefffa127e0a5f857085

SHA1
6a8982e61fe4cad0fe847589b00a139daa24ac82

SHA256
3816e952a5019ebb529dee63efc1947dd0804f17ecc0c737120973241b89c800

SHA512
3db9ca0c0c8dadecf183a2c7c9f62a1612a6d5684c035cbf3279babea443bcb3d007dea54ba281eebd34b8799d28e1efc32502855e731fca8beb85f0e2f1cf89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16673.exe

Filesize
184KB

MD5
67f67e014f19c98421fd0432115dd28f

SHA1
3cb7906f4f5db67de7a190d472cc1cafb57a5a68

SHA256
5af6de14afd31f1ffc0fe3f0d01e230ca9600742bc4f3798fde0edf47df220e5

SHA512
3d42c6df2039af5c3a088164808a25f5a74c6014e3f92cf4c9511d7a1fca2a7b194d521d1a37b5262f1bd58f25ae4c720b5e48f670314df1f2a83fddff67c02a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18831.exe

Filesize
184KB

MD5
9116f78145a5422d418272918d33bf2a

SHA1
8f29b55d0af88697924ada18e701ead47fd92dd5

SHA256
efb036feba51cf04f9336a8067541af9f107eed5cacd9064b356f03f7c733dbc

SHA512
e12006e7a2bc7f7a8b2df620adbd0cd1cf9c48cc07f7d6ba6cc8f6700a08f8fbe7071de93fae1743d1f17b4eb6e08644bb5f2a8b226bae91035ce91019383072

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24962.exe

Filesize
184KB

MD5
9c77985921c71ae973232cafd231c100

SHA1
c2438c8eb5d4a4ddf477571949f76757c518a0ed

SHA256
4837718076dc43e3396574b3c0331544279e6c378ab9a729e681f3aec4a3129d

SHA512
000b85cc614a8b3533e7f332fc4b22afb7fda82edbff43e800f27e9c24fd5ea77cbb237c68f47793edfd6f2103404f5f76ee3664e872ac1f0211a7a08b929224

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27289.exe

Filesize
184KB

MD5
5fb06d3f5df4b23da05ad7a2c1850a5c

SHA1
edc7e1e0c3617fc59eb6998fb12f47de199b2de3

SHA256
26afd0e0624da348be549fea15319a87510be09d0c637ac216da2966b5428c14

SHA512
73dbe4c661fce998f4043cfc5e2cb76509272da7a9cb1803915665488273b72f624a2e4f200cfb3b12b0f98283b970f9776702d41a0913e5aaff4d6aeb5ee910

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe

Filesize
184KB

MD5
43cfdada4dfd6ac663d73ca15e4ef99a

SHA1
f7d3ed19e9620183e3fa316523780c81d499c4dd

SHA256
d641b04cb83ed53ce5d7ec75209b16d1395a6bbefadb7b6c7f5f324afdea24d0

SHA512
f84f076b5f826dcd34cb74c0b743beb8a4df7433f1a76d17e7586d8ab42bd03f13b06a99d697f113fa335cd9e32ec885695ed7ecc33aa4f7d073c6633bc9c651

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42474.exe

Filesize
184KB

MD5
310273a2a20c83ac7a1dcdb7e68c74fb

SHA1
061318602e86ba3198da5382523515d2fd0ea102

SHA256
68f44d8af873f249d934a46eaa1c80b381eb1326c342e6674892bb621f179950

SHA512
e282566d55e22863352e7ea546f7a9415a8ef4ee56532a0dd2d14204f291b1b81fc2719e6e87046203e69b8ce47dba1e72244a28b32d1508cfe48b56f07c6d61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe

Filesize
184KB

MD5
df1871b761ab85c7bfbf0e65db95c2c8

SHA1
8d7371ddbc4381201079f6a2f2bb2d4761c3e19c

SHA256
15850564cecf204bf962ec9c2f793143f95b4d6f123b53159882f5792de0a1b8

SHA512
ec14932a299cef02c416e9703dc61f9e0301cb1124e94c464efe29cc1d5227dced8b4ca32b5dcd8e525330a675649b7d94b934450e40beba4f014af35fc2057b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55834.exe

Filesize
184KB

MD5
a5ff09be027aaa02a6a79ad67e4b95c3

SHA1
42b9656110819264a48f671dd57ed077af569374

SHA256
ab96e9697123b4ff9305d732ed332baba5e7ed1d3bbe898c9a9883ea936fe7d0

SHA512
66a4c922edab3fd8fbe0a4e6b54671f8df9e5972d8e6977608ba4d3f5977d4682a3afdabd54d2879e6827699c375d763c6c4a35f854b65e92097e8dc310687ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64051.exe

Filesize
184KB

MD5
eec3c77fd711ccb5e64e5cfbab082c75

SHA1
7ca68f06106d11e30c152f1c790c70014dc691f0

SHA256
e9d15db77926eabf17492d9f6116ad0f62d7a5cbd752ec521094b894c913c4d0

SHA512
02f4527c8deab05c5fc1d7673b11c21ae94feba7c756aa443ed36cf912e544ff548a188a6b3e780c9934c1614b95424d78375caa97d8f133d2423fc6867d02e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe

Filesize
184KB

MD5
8b1ab305af64f49fdde45789b2f7e46a

SHA1
505267b6b831f018e1a0e4ce15b7952853e6af0e

SHA256
ad017e6be5a6b06971fcb23868afd3648e648c6d297d4735dc9d201887601e5f

SHA512
655096562e53e2fb7885e7aeddc1f99740f7ed7e996c79acc7b03fc20b0a28ea8c10b5ccb694ae39dabba8f9709e00eb4b1f1e3b7ceb0888c02a5cc49215d7fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9413.exe

Filesize
184KB

MD5
499460d037e06a41ea7b22a3a07fefe6

SHA1
6d9960c89baa0209cac34fdf776b91e78203889c

SHA256
a5339223204b536fd2a3764e5e91931f9f38352868f84bfcc11a195d5eb56c5f

SHA512
701cdd837859d907233fbb476d643ae67e39b54d27a8be6055ab37a54ca130be2b542f147c02eb032f43dfd763d0bb83563d903bd7c17e95370b8233a1a5ab01

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads