2e3b194348758c7dbb3cc2aca006e43df07813ba1c52555978646b54832bd919

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

750cf31c42e3e3c1aeec6f37f0568fd8.exe
Size

184KB
MD5

750cf31c42e3e3c1aeec6f37f0568fd8
SHA1

8c840e92ec95d83d2d7f121b32e06a39ca044e5d
SHA256

2e3b194348758c7dbb3cc2aca006e43df07813ba1c52555978646b54832bd919
SHA512

baae885e6f15f30df5a18b6da8061b8aaf0031ac5fe6ef9b5bd5f64469d7f2706c986faf7f419d790a60aff0e5b95612a13efe3ce49b8bd39cfd933b75688fba
SSDEEP

3072:xEjFoc7AMAfROjxdyRa6zPbH1f6NgtI5dixFCPlj7lPdpFX:xEpoltfR2dua6z96AO7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-31072.exeUnicorn-26241.exeUnicorn-46640.exeUnicorn-17663.exeUnicorn-5965.exeUnicorn-29915.exeUnicorn-21036.exeUnicorn-9338.exeUnicorn-16952.exeUnicorn-57984.exeUnicorn-34034.exeUnicorn-12120.exeUnicorn-423.exeUnicorn-65405.exeUnicorn-32733.exeUnicorn-12312.exeUnicorn-21035.exeUnicorn-4699.exeUnicorn-19578.exeUnicorn-7880.exeUnicorn-3241.exeUnicorn-52442.exeUnicorn-20324.exeUnicorn-1186.exeUnicorn-54471.exeUnicorn-34605.exeUnicorn-42219.exeUnicorn-1933.exeUnicorn-17139.exeUnicorn-7683.exeUnicorn-29028.exeUnicorn-8607.exeUnicorn-46111.exeUnicorn-21606.exeUnicorn-49640.exeUnicorn-44980.exeUnicorn-28644.exeUnicorn-12862.exeUnicorn-33474.exeUnicorn-61508.exeUnicorn-61508.exeUnicorn-45172.exeUnicorn-33666.exeUnicorn-41834.exeUnicorn-61700.exeUnicorn-21628.exeUnicorn-55047.exeUnicorn-60989.exeUnicorn-4367.exeUnicorn-36485.exeUnicorn-37231.exeUnicorn-40761.exeUnicorn-12727.exeUnicorn-16257.exeUnicorn-32017.exeUnicorn-24595.exeUnicorn-24041.exeUnicorn-12748.exeUnicorn-25193.exeUnicorn-54829.exeUnicorn-989.exeUnicorn-27584.exeUnicorn-27584.exeUnicorn-59126.exe

pid	process
1468	Unicorn-31072.exe
3040	Unicorn-26241.exe
2848	Unicorn-46640.exe
2712	Unicorn-17663.exe
2740	Unicorn-5965.exe
2516	Unicorn-29915.exe
2500	Unicorn-21036.exe
2764	Unicorn-9338.exe
2968	Unicorn-16952.exe
2708	Unicorn-57984.exe
2824	Unicorn-34034.exe
1736	Unicorn-12120.exe
2780	Unicorn-423.exe
1716	Unicorn-65405.exe
2948	Unicorn-32733.exe
2284	Unicorn-12312.exe
1652	Unicorn-21035.exe
488	Unicorn-4699.exe
2452	Unicorn-19578.exe
2880	Unicorn-7880.exe
1976	Unicorn-3241.exe
1112	Unicorn-52442.exe
1688	Unicorn-20324.exe
1196	Unicorn-1186.exe
2908	Unicorn-54471.exe
2112	Unicorn-34605.exe
2116	Unicorn-42219.exe
3024	Unicorn-1933.exe
880	Unicorn-17139.exe
1948	Unicorn-7683.exe
2560	Unicorn-29028.exe
2608	Unicorn-8607.exe
2588	Unicorn-46111.exe
2696	Unicorn-21606.exe
2772	Unicorn-49640.exe
2676	Unicorn-44980.exe
2652	Unicorn-28644.exe
1076	Unicorn-12862.exe
1468	Unicorn-33474.exe
2524	Unicorn-61508.exe
2960	Unicorn-61508.exe
2544	Unicorn-45172.exe
2956	Unicorn-33666.exe
616	Unicorn-41834.exe
2368	Unicorn-61700.exe
2540	Unicorn-21628.exe
948	Unicorn-55047.exe
1664	Unicorn-60989.exe
1628	Unicorn-4367.exe
2852	Unicorn-36485.exe
1876	Unicorn-37231.exe
1124	Unicorn-40761.exe
2096	Unicorn-12727.exe
1332	Unicorn-16257.exe
2712	Unicorn-32017.exe
3044	Unicorn-24595.exe
2612	Unicorn-24041.exe
1684	Unicorn-12748.exe
560	Unicorn-25193.exe
1676	Unicorn-54829.exe
2020	Unicorn-989.exe
380	Unicorn-27584.exe
3068	Unicorn-27584.exe
2928	Unicorn-59126.exe

Loads dropped DLL 64 IoCs

Processes:

pid	process
2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe
2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe
1468	Unicorn-31072.exe
1468	Unicorn-31072.exe
2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe
2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe
3040	Unicorn-26241.exe
3040	Unicorn-26241.exe
1468	Unicorn-31072.exe
1468	Unicorn-31072.exe
2848	Unicorn-46640.exe
2848	Unicorn-46640.exe
2712	Unicorn-17663.exe
2712	Unicorn-17663.exe
3040	Unicorn-26241.exe
3040	Unicorn-26241.exe
2516	Unicorn-29915.exe
2516	Unicorn-29915.exe
2740	Unicorn-5965.exe
2848	Unicorn-46640.exe
2848	Unicorn-46640.exe
2740	Unicorn-5965.exe
2500	Unicorn-21036.exe
2500	Unicorn-21036.exe
2712	Unicorn-17663.exe
2712	Unicorn-17663.exe
2764	Unicorn-9338.exe
2764	Unicorn-9338.exe
2968	Unicorn-16952.exe
2968	Unicorn-16952.exe
2708	Unicorn-57984.exe
2708	Unicorn-57984.exe
2516	Unicorn-29915.exe
2516	Unicorn-29915.exe
2740	Unicorn-5965.exe
2740	Unicorn-5965.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
672	WerFault.exe
1736	Unicorn-12120.exe
1736	Unicorn-12120.exe
2500	Unicorn-21036.exe
2500	Unicorn-21036.exe
2780	Unicorn-423.exe
2780	Unicorn-423.exe
1716	Unicorn-65405.exe
1716	Unicorn-65405.exe
2764	Unicorn-9338.exe
2764	Unicorn-9338.exe
2948	Unicorn-32733.exe
2948	Unicorn-32733.exe
1652	Unicorn-21035.exe
2968	Unicorn-16952.exe
1652	Unicorn-21035.exe
2968	Unicorn-16952.exe
2284	Unicorn-12312.exe
2284	Unicorn-12312.exe
2708	Unicorn-57984.exe
2708	Unicorn-57984.exe
488	Unicorn-4699.exe
488	Unicorn-4699.exe
2880	Unicorn-7880.exe

Program crash 7 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
672	2824	WerFault.exe	Unicorn-34034.exe
1520	2956	WerFault.exe	Unicorn-33666.exe
2668	2616	WerFault.exe	Unicorn-22021.exe
1448	2620	WerFault.exe	Unicorn-21275.exe
1308	2060	WerFault.exe	Unicorn-21275.exe
2180	1748	WerFault.exe	Unicorn-6836.exe
2656	2840	WerFault.exe	Unicorn-6836.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

750cf31c42e3e3c1aeec6f37f0568fd8.exeUnicorn-31072.exeUnicorn-26241.exeUnicorn-46640.exeUnicorn-17663.exeUnicorn-29915.exeUnicorn-5965.exeUnicorn-21036.exeUnicorn-9338.exeUnicorn-16952.exeUnicorn-34034.exeUnicorn-57984.exeUnicorn-12120.exeUnicorn-423.exeUnicorn-65405.exeUnicorn-32733.exeUnicorn-21035.exeUnicorn-12312.exeUnicorn-4699.exeUnicorn-7880.exeUnicorn-19578.exeUnicorn-3241.exeUnicorn-20324.exeUnicorn-52442.exeUnicorn-34605.exeUnicorn-54471.exeUnicorn-1186.exeUnicorn-42219.exeUnicorn-1933.exeUnicorn-17139.exeUnicorn-7683.exeUnicorn-29028.exeUnicorn-8607.exeUnicorn-46111.exeUnicorn-49640.exeUnicorn-21606.exeUnicorn-44980.exeUnicorn-28644.exeUnicorn-12862.exeUnicorn-33474.exeUnicorn-61508.exeUnicorn-61508.exeUnicorn-33666.exeUnicorn-45172.exeUnicorn-41834.exeUnicorn-61700.exeUnicorn-21628.exeUnicorn-55047.exeUnicorn-60989.exeUnicorn-4367.exeUnicorn-36485.exeUnicorn-37231.exeUnicorn-12727.exeUnicorn-16257.exeUnicorn-24595.exeUnicorn-40761.exeUnicorn-32017.exeUnicorn-24041.exeUnicorn-25193.exeUnicorn-9193.exeUnicorn-989.exeUnicorn-58223.exeUnicorn-47450.exeUnicorn-59126.exe

pid	process
2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe
1468	Unicorn-31072.exe
3040	Unicorn-26241.exe
2848	Unicorn-46640.exe
2712	Unicorn-17663.exe
2516	Unicorn-29915.exe
2740	Unicorn-5965.exe
2500	Unicorn-21036.exe
2764	Unicorn-9338.exe
2968	Unicorn-16952.exe
2824	Unicorn-34034.exe
2708	Unicorn-57984.exe
1736	Unicorn-12120.exe
2780	Unicorn-423.exe
1716	Unicorn-65405.exe
2948	Unicorn-32733.exe
1652	Unicorn-21035.exe
2284	Unicorn-12312.exe
488	Unicorn-4699.exe
2880	Unicorn-7880.exe
2452	Unicorn-19578.exe
1976	Unicorn-3241.exe
1688	Unicorn-20324.exe
1112	Unicorn-52442.exe
2112	Unicorn-34605.exe
2908	Unicorn-54471.exe
1196	Unicorn-1186.exe
2116	Unicorn-42219.exe
3024	Unicorn-1933.exe
880	Unicorn-17139.exe
1948	Unicorn-7683.exe
2560	Unicorn-29028.exe
2608	Unicorn-8607.exe
2588	Unicorn-46111.exe
2772	Unicorn-49640.exe
2696	Unicorn-21606.exe
2676	Unicorn-44980.exe
2652	Unicorn-28644.exe
1076	Unicorn-12862.exe
1468	Unicorn-33474.exe
2524	Unicorn-61508.exe
2960	Unicorn-61508.exe
2956	Unicorn-33666.exe
2544	Unicorn-45172.exe
616	Unicorn-41834.exe
2368	Unicorn-61700.exe
2540	Unicorn-21628.exe
948	Unicorn-55047.exe
1664	Unicorn-60989.exe
1628	Unicorn-4367.exe
2852	Unicorn-36485.exe
1876	Unicorn-37231.exe
2096	Unicorn-12727.exe
1332	Unicorn-16257.exe
3044	Unicorn-24595.exe
1124	Unicorn-40761.exe
2712	Unicorn-32017.exe
2612	Unicorn-24041.exe
560	Unicorn-25193.exe
2504	Unicorn-9193.exe
2020	Unicorn-989.exe
2352	Unicorn-58223.exe
1472	Unicorn-47450.exe
2928	Unicorn-59126.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 2044 wrote to memory of 1468	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-31072.exe
PID 2044 wrote to memory of 1468	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-31072.exe
PID 2044 wrote to memory of 1468	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-31072.exe
PID 2044 wrote to memory of 1468	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-31072.exe
PID 1468 wrote to memory of 3040	1468	Unicorn-31072.exe	Unicorn-26241.exe
PID 1468 wrote to memory of 3040	1468	Unicorn-31072.exe	Unicorn-26241.exe
PID 1468 wrote to memory of 3040	1468	Unicorn-31072.exe	Unicorn-26241.exe
PID 1468 wrote to memory of 3040	1468	Unicorn-31072.exe	Unicorn-26241.exe
PID 2044 wrote to memory of 2848	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-46640.exe
PID 2044 wrote to memory of 2848	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-46640.exe
PID 2044 wrote to memory of 2848	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-46640.exe
PID 2044 wrote to memory of 2848	2044	750cf31c42e3e3c1aeec6f37f0568fd8.exe	Unicorn-46640.exe
PID 3040 wrote to memory of 2712	3040	Unicorn-26241.exe	Unicorn-17663.exe
PID 3040 wrote to memory of 2712	3040	Unicorn-26241.exe	Unicorn-17663.exe
PID 3040 wrote to memory of 2712	3040	Unicorn-26241.exe	Unicorn-17663.exe
PID 3040 wrote to memory of 2712	3040	Unicorn-26241.exe	Unicorn-17663.exe
PID 1468 wrote to memory of 2740	1468	Unicorn-31072.exe	Unicorn-5965.exe
PID 1468 wrote to memory of 2740	1468	Unicorn-31072.exe	Unicorn-5965.exe
PID 1468 wrote to memory of 2740	1468	Unicorn-31072.exe	Unicorn-5965.exe
PID 1468 wrote to memory of 2740	1468	Unicorn-31072.exe	Unicorn-5965.exe
PID 2848 wrote to memory of 2516	2848	Unicorn-46640.exe	Unicorn-29915.exe
PID 2848 wrote to memory of 2516	2848	Unicorn-46640.exe	Unicorn-29915.exe
PID 2848 wrote to memory of 2516	2848	Unicorn-46640.exe	Unicorn-29915.exe
PID 2848 wrote to memory of 2516	2848	Unicorn-46640.exe	Unicorn-29915.exe
PID 2712 wrote to memory of 2500	2712	Unicorn-17663.exe	Unicorn-21036.exe
PID 2712 wrote to memory of 2500	2712	Unicorn-17663.exe	Unicorn-21036.exe
PID 2712 wrote to memory of 2500	2712	Unicorn-17663.exe	Unicorn-21036.exe
PID 2712 wrote to memory of 2500	2712	Unicorn-17663.exe	Unicorn-21036.exe
PID 3040 wrote to memory of 2764	3040	Unicorn-26241.exe	Unicorn-9338.exe
PID 3040 wrote to memory of 2764	3040	Unicorn-26241.exe	Unicorn-9338.exe
PID 3040 wrote to memory of 2764	3040	Unicorn-26241.exe	Unicorn-9338.exe
PID 3040 wrote to memory of 2764	3040	Unicorn-26241.exe	Unicorn-9338.exe
PID 2516 wrote to memory of 2968	2516	Unicorn-29915.exe	Unicorn-16952.exe
PID 2516 wrote to memory of 2968	2516	Unicorn-29915.exe	Unicorn-16952.exe
PID 2516 wrote to memory of 2968	2516	Unicorn-29915.exe	Unicorn-16952.exe
PID 2516 wrote to memory of 2968	2516	Unicorn-29915.exe	Unicorn-16952.exe
PID 2848 wrote to memory of 2824	2848	Unicorn-46640.exe	Unicorn-34034.exe
PID 2848 wrote to memory of 2824	2848	Unicorn-46640.exe	Unicorn-34034.exe
PID 2848 wrote to memory of 2824	2848	Unicorn-46640.exe	Unicorn-34034.exe
PID 2848 wrote to memory of 2824	2848	Unicorn-46640.exe	Unicorn-34034.exe
PID 2740 wrote to memory of 2708	2740	Unicorn-5965.exe	Unicorn-57984.exe
PID 2740 wrote to memory of 2708	2740	Unicorn-5965.exe	Unicorn-57984.exe
PID 2740 wrote to memory of 2708	2740	Unicorn-5965.exe	Unicorn-57984.exe
PID 2740 wrote to memory of 2708	2740	Unicorn-5965.exe	Unicorn-57984.exe
PID 2500 wrote to memory of 1736	2500	Unicorn-21036.exe	Unicorn-12120.exe
PID 2500 wrote to memory of 1736	2500	Unicorn-21036.exe	Unicorn-12120.exe
PID 2500 wrote to memory of 1736	2500	Unicorn-21036.exe	Unicorn-12120.exe
PID 2500 wrote to memory of 1736	2500	Unicorn-21036.exe	Unicorn-12120.exe
PID 2712 wrote to memory of 2780	2712	Unicorn-17663.exe	Unicorn-423.exe
PID 2712 wrote to memory of 2780	2712	Unicorn-17663.exe	Unicorn-423.exe
PID 2712 wrote to memory of 2780	2712	Unicorn-17663.exe	Unicorn-423.exe
PID 2712 wrote to memory of 2780	2712	Unicorn-17663.exe	Unicorn-423.exe
PID 2764 wrote to memory of 1716	2764	Unicorn-9338.exe	Unicorn-65405.exe
PID 2764 wrote to memory of 1716	2764	Unicorn-9338.exe	Unicorn-65405.exe
PID 2764 wrote to memory of 1716	2764	Unicorn-9338.exe	Unicorn-65405.exe
PID 2764 wrote to memory of 1716	2764	Unicorn-9338.exe	Unicorn-65405.exe
PID 2968 wrote to memory of 2948	2968	Unicorn-16952.exe	Unicorn-32733.exe
PID 2968 wrote to memory of 2948	2968	Unicorn-16952.exe	Unicorn-32733.exe
PID 2968 wrote to memory of 2948	2968	Unicorn-16952.exe	Unicorn-32733.exe
PID 2968 wrote to memory of 2948	2968	Unicorn-16952.exe	Unicorn-32733.exe
PID 2708 wrote to memory of 2284	2708	Unicorn-57984.exe	Unicorn-12312.exe
PID 2708 wrote to memory of 2284	2708	Unicorn-57984.exe	Unicorn-12312.exe
PID 2708 wrote to memory of 2284	2708	Unicorn-57984.exe	Unicorn-12312.exe
PID 2708 wrote to memory of 2284	2708	Unicorn-57984.exe	Unicorn-12312.exe

C:\Users\Admin\AppData\Local\Temp\750cf31c42e3e3c1aeec6f37f0568fd8.exe
"C:\Users\Admin\AppData\Local\Temp\750cf31c42e3e3c1aeec6f37f0568fd8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19578.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36485.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58223.exe
10⤵
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
11⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
12⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58267.exe
13⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
10⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
11⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50787.exe
9⤵
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
10⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24041.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
9⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
10⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26831.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
9⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
10⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 372
10⤵
- Program crash
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40761.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43520.exe
9⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
10⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
9⤵
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 372
9⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46111.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
8⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
9⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44356.exe
10⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
7⤵
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 208
8⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33666.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21275.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40926.exe
8⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 372
8⤵
- Program crash
PID:1308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 380
7⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49640.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41503.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
9⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42219.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
9⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
10⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
7⤵
- Executes dropped EXE
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-7152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7152.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25747.exe
9⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26681.exe
10⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51932.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
10⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33474.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
7⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
9⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1933.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25193.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
8⤵
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
9⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33526.exe
10⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
6⤵
- Executes dropped EXE
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59126.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21040.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51512.exe
9⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
10⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
11⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
9⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
6⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
7⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
8⤵
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 380
8⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
6⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54330.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
9⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23505.exe
10⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
11⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27465.exe
12⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27584.exe
7⤵
- Executes dropped EXE
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12862.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
7⤵
- Executes dropped EXE
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25991.exe
8⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43344.exe
9⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18897.exe
10⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
11⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64568.exe
9⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1409.exe
6⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63011.exe
7⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35745.exe
9⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54471.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
7⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41834.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47450.exe
6⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61174.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61351.exe
8⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52877.exe
9⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
Filesize
182KB

MD5
cbb5fe1cba6886d72e4a669c3e2c3f33

SHA1
f88379c5d9365b1d68398f361941ebcecaf2c0e5

SHA256
c55453e929ea37342c5fbe171a41b1cc859bf1a6c93745dec5fab747ef3e5eac

SHA512
5984248516966a29d524024dbf499438b1ced5644c3f888779e7784eeefdc8b0716fcec8b28377dd4b284c37a83913bb851b192ccd9fdb644601bab2e1beee55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
Filesize
132KB

MD5
08a3a0b1d1cf445876b7be43d6491ee1

SHA1
8d6734a45a0501c5e252639d873c2564d518ca2a

SHA256
9905daa674f6da2bc9ddb3fc245dfad57d2a11b4d05b522477a31327d82b5bee

SHA512
31f291dce8082f561a3f80579e8a774849cac5f8e5cc1ba1f76f851736f70d8ba4cea29294705e282bc16a56db4732852ae1ca7308967a48aa440e6196bf5eb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29915.exe
Filesize
184KB

MD5
c2587104aa9bb8fb225e2c310df31a48

SHA1
d7ccb336abc84e65ebd4a175005fde1f28e81b78

SHA256
ea420b4d59f6c9164eef3660b63e658c6193b4054b54dc18b8577b8a264047cf

SHA512
18e082a6e8387bd571eaf7e4448741dcb34a6824d005aa8d7e8cbb4c2cecd4a13be29e192cefdb67fdd65c0c81ab92be51cdb0621eb5d4bdd3273ae9837f8a77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
Filesize
184KB

MD5
ad5872a0ed291a5d32fde92167d3c19a

SHA1
7871f3bb9c1ef687bac0ca6ecdef06f7f3344ece

SHA256
bf9d3e556b7d110c19c3ae47631a8c4c1eb73c7c8f68e5d9187144f7f2be828f

SHA512
a2889928ab66e6c8a9004be9b31cef1745c3f107b194347b9d3f332455d74084f831767d8e7aafc33c02022266f2f03fbb59f241faac546048394d1f966c956b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
Filesize
45KB

MD5
ea70f9934a3c289e75f06ed253918bb6

SHA1
b2998def5802da45498899b77ce93f3e22682ad8

SHA256
1b43bb026e8805f9b0183b21cfa2325addce6983bfc74857d87464389093b701

SHA512
36e2d5e2ad86849e55479c32c5c98c3385fe2f1afba4714abddccd6395d6d5cd867bed5a280a22478eb2a9a2d83fde2460934808434424ec3f75656995155608

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
Filesize
184KB

MD5
0e6be200fa3df12b1c54f4e3ab226974

SHA1
e2b0f8b850305655471a4ebe10c47fd62135db4e

SHA256
98723ca00a1154764012feaaa8925813a495726c7525cd25eee8fe12736ec81b

SHA512
bf2c927619eddc9a41a96d4c8ac44ea422cdbd7b67e14815e20e968b6222ece846cbe594a7c44671d25f9c663572ea5d46f4e4f7947f4b1fd93cd7ba9c53630f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-521.exe
Filesize
184KB

MD5
2e4c4f07da2e95d5ca4a134d3ed91f67

SHA1
178111ad9db3e985ef6cb1edf8eca0ff7493403e

SHA256
4618741d037f55d9e1fbea138b6cc54c488a6316db39bd57831a1645e80caf02

SHA512
382364addd12e914f8a2602b0e5aa7a47e4183017a6c082196426664c00e63590a1c96c1cab8625c1c1ed8a9a8b4d2b870cb93de85416eb4c66c85bf134042bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57984.exe
Filesize
184KB

MD5
f39d06d11508314c59c08395ddef0092

SHA1
0451f916878704c602f66336a1b0e4069db68ea6

SHA256
8a3fd4f13a1a5be5fe811117c1ab1acfcb530c94d4f2355a51de0b6f622e1f46

SHA512
1d00ba48bc217f5df77574c19bc29b9b558b7cab532d162f97b882a85610596a1252d35a8a501270330dc19e533a6951a0955a41468f64baebe58d4664fb7659

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
Filesize
184KB

MD5
891cf5cd0418ccde219904c6ba6347be

SHA1
7df5f2d9be2afafd13894aa6b549695dcd574042

SHA256
c9f7d86ded879d92c2fb9f9e907b25af5bbc568a39d1adb4695c94c5dc86a694

SHA512
47384b8114de68e3e7aa03f006d33442cc36b8ebc4da1ac587bfd06a1d5d2f6dd2ce6607bbb177ab5464a1517c2200ef83aee1bf6d456132f23874b9d8550625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65405.exe
Filesize
184KB

MD5
9aa707e2baf3b7231bda489c963a664d

SHA1
910e6eaa1fa5dc8d855b104ced49d6ae20640a55

SHA256
a92ff1c6e874d11e725cdbc2fcb0b99352c1e22cd29e12b67f60cf8b6bdc2b04

SHA512
dfb56549ec08bae88cf275f0bec43e9e464b449bb9fb298ef943bb3fe966b4038979cf6573f9b6189fe3cf2d4a54cac139322f0dc5442604540abbd5b89371c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9338.exe
Filesize
184KB

MD5
64f3b682bb18a614be9c6984e608081a

SHA1
b7299060ecb62f9942065f0bccf32b6729cf562f

SHA256
3c59afd68cf5314cf27302f77a82f52d0da5e36b79e0f6993ec45e77f1b0efe1

SHA512
ca14508f54082fe1286c53a59e7cb3e415ea0e34014183744060635876cbc70a7b8976cc3b5bdddf47965748377f7ef1de8abf55eaab60886a16dfa5364c9cba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12120.exe
Filesize
184KB

MD5
5734c2513b80a7533312069c10958656

SHA1
f7c9f9416558a039928ca86db4999648fed9d92a

SHA256
5ec873c18f5902aebb5f350d7b2e81efa8890949dc8f26442404e0de818575d7

SHA512
2adea1abc9358dfe1fe594b5ab18476557b8b20cce0a3474b69b4d0190746cab2b6c7153632f0ce0da9d8b1d32a0cb3695ed54808a1091805b31346a76cb68e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
Filesize
184KB

MD5
1997b9ac77dee481cbd5aa7fb3c6162f

SHA1
ee54eb151b54f0b3fdf7fc3ab08b5d807f850991

SHA256
27abdc46d112cf451fd03a490f5c7d6480cceb744c3fb58c01b67cec30d67ca4

SHA512
e0beeae178af787f71569c94f687cc39d95409851491b57707a8dba445a60e2dd9b7ea898c846ec5adeb682ea17a3916f5a924cc133c26abd5ba748b0f0034f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12312.exe
Filesize
123KB

MD5
cc6f0eedcecf71b7a4fe3b83e226c785

SHA1
0253609875ed4522c3e842fcedbe102142215030

SHA256
6d18340bc43b3d551446c176b7fbe3c511110eb9043b360dea0b0268760a5bd9

SHA512
ff2457e565511ea3a2e440f3aef865b9071bfb597407bdd297a3148714007f6b10ceb971a883bbd839452c2117d9f3ea9c9c383287fe3c1fcd5df0160e3e9291

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16952.exe
Filesize
184KB

MD5
95d5af114a69113dcdb79979a8aea76e

SHA1
be6803a0447adccca75125de7568cafafedc091a

SHA256
27fc94d8a9684ce0a0afe0a186f56d018bada988bab17ad204b76ded2dc54da8

SHA512
f88a3de0855d298832c730f7db14d469ae5d683c5f67330b8dba398cee9efa5d7a2fb88ccaeb7befd1c5a8ee765fa5bc1109071adf4c6fd920c0d0b7f540fad5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17663.exe
Filesize
184KB

MD5
34d5157a4641313c0efd7635c3b9d715

SHA1
449a4db12b4e3ada6ab0268e00be2a249cc28bb2

SHA256
8c48339876a60cda46412e55b1b2b35314925dd91856172c209bf1f402368e51

SHA512
b907fe3eb716f8da7c5547d930dde4d28da63172033d8cf746466af0603a906b44346c23b757adbc7c86faf6f4633bb1576e97a4ac1ee3d391193f57f378d775

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
Filesize
184KB

MD5
a092e254c67021c6d81e7076c0520263

SHA1
e6ff8357dd9189ea8cd4f643e0bf86e73c458ce0

SHA256
e8ce9f8268b600a1c7bebeafcff42077957d15c1deba0dfaecbe65f57facba7d

SHA512
bd0b4c3773bc5ef298504923484cb47e0f5f2dd4ddd5f18d3a6b148a048c4b1a9fcb49b4a6bb1a47fce7e6d2091f7e24f775e791d93049de894e6f03809a5521

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21035.exe
Filesize
135KB

MD5
61351c7178620be2e1e72b8c2ae3a2b3

SHA1
1d4626ee11e51ffa9335fc0dadbd17bde0769151

SHA256
bcd9bc35ffb5d4b6c2715424ae69c115d9e1ff5883b6bbac903c1d7c22d7a837

SHA512
9f7944baa3a78bccea17e1c21a6286f2fe88294d0b81e84e3773d315dbfb7fe8c519f641ac4e4cde062324da470fd34726c20ebf763eaa6fd2a6328e592ccdd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
Filesize
184KB

MD5
7567d2ed97f4e37337d57d470dd67a5c

SHA1
06dd446de05a91ebc88b372fa935de9b0ce11479

SHA256
21a580df65ec5baf979894e1f5538b50b6875990a9bc409301c3a98d196b2aa2

SHA512
da2d6e22f27ddbf96463cc686606098e68f4f18dd274421392fcc6405d1d39c401d17d4fdcc3f115e115522e9af526010bc868b6394e74a5d47ab4f3462f5a24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
Filesize
184KB

MD5
24415898ec90667b91ab4ff863122794

SHA1
163cd97c151ce2f14a48e399efb9c2d8936bc542

SHA256
8a6370186d66badaac0aeb2a1dd92e0122d4c74e46d77a6527ec9f7a2330af44

SHA512
3729d38e6229d24deaff6e0f6641bbf0450225d6350033f29dcdf15d899c183a6600edf3d3cc27502952739e820c38f624a4e767d1f849d6feab0ca81676160b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31072.exe
Filesize
184KB

MD5
f976bb3afad856a0ccff25dee0605fb3

SHA1
27ed88e8348dbc3da50b247e204eea3909f2b0b0

SHA256
2b177114bab9f856457f15d4f3faad2e49fb0c0e48f227d767dc6169706ac94d

SHA512
3fc9c5b47d19a5f59904ab1cf54e36c619ce03e987247e0a89704f53dbf2772978ce5a9d0c388050b87aaf7726b188bf8e0efe1801b3511dd3f0f16af3d2bf1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32733.exe
Filesize
184KB

MD5
df79427bed3d65ddd077a32dec4690ec

SHA1
f8c9e536ee056f678ce4017b9d7ba6ad2616c7fd

SHA256
53713a32470f40986a8d0ca762c370ff052d121b1a120d62ba78f301775c98fa

SHA512
d11ffcec22a7bc82a0b382c7341897fb2f8841580de2dd776dd02725c0e3aed562f79983703afec897062c9ae3b294abe4a25c0384a4d2f82951fb9d340aa476

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-423.exe
Filesize
184KB

MD5
98adab18b610c7ca0dfaa68c50a57d68

SHA1
22ef9e7a5ecb29d2c7fb86da42add5ce886f3ee6

SHA256
1113e8fafc870c3880848bd289f5afa045e2ee884f73f693cb3d5cb6882b2d4b

SHA512
ef432f2dfc58458f37470dbbdb91cfaba5aae0ae561d711fdbd9afaf3f7b647f3da0531243d0c99c5aee51e14794dd0b45165a609b9ba59209d50d4c619ddd12

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
Filesize
106KB

MD5
9fa94dbf872220a0e0ecbc5dc4a266f1

SHA1
d4b81525673a4888ddae25f3084d56f092de4c3b

SHA256
deae7bff16c9bec93cd1abfc4d235e9121c786dd835fb95c1868510be1e52366

SHA512
4eff3129364a0fe377c17e58fd0fa19bba3f52bb0ab9981c0e8ee39599b3113b96be3bbe5148c2c1aa46e6e113e67854d11e78b55710f71818cb04e945ef498a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
Filesize
55KB

MD5
305ec9f5f3150ac3cd2af435e198190f

SHA1
3b644e010ffed94994d82354a2c02552827b3bdb

SHA256
5cac77b812dafef02ea4fce08f9067fda071636fa217b294563e4467dc9fdefc

SHA512
19d8931b7f4fda6510549f578b26a35758f6555dd1dd97958c60e5debdd736cf7e9d2867f23af2de327aefb9070d06d2c82c736ebc5a6a76167bb504c28ebf46

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads