c43d9683a1b32145b3980dd572100fa393840f80eb233dae6ac11fa1e3c71f92

Analysis

max time kernel
73s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/02/2024, 05:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3056eee4aa400c3286f87efdba8b292.exe
Size

184KB
MD5

a3056eee4aa400c3286f87efdba8b292
SHA1

4330a3cd33cbd4c19219944b89f59db21af26321
SHA256

c43d9683a1b32145b3980dd572100fa393840f80eb233dae6ac11fa1e3c71f92
SHA512

6e23a343e8842c221cf5b90ac3c9046f03223f4beff400817e3f618ee721a489ce41832d683a4079baf2e92a320f67156645ef368975aaacd6de2924607df854
SSDEEP

3072:/a1VojAqN4wQnZja5B+8SKS/NZSMB6IJt+xV+fpelv1pFq:/a7oPNQnU5M8SKqP4/lv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2836	Unicorn-60324.exe
2984	Unicorn-22338.exe
2632	Unicorn-64994.exe
2648	Unicorn-9325.exe
2588	Unicorn-49289.exe
2436	Unicorn-45760.exe
2932	Unicorn-41116.exe
2380	Unicorn-61899.exe
2744	Unicorn-8059.exe
1872	Unicorn-31338.exe
824	Unicorn-34676.exe
524	Unicorn-60763.exe
2692	Unicorn-18505.exe
2024	Unicorn-63259.exe
1552	Unicorn-45771.exe
1444	Unicorn-4546.exe
572	Unicorn-50218.exe
1900	Unicorn-28361.exe
1808	Unicorn-45465.exe
2152	Unicorn-25599.exe
2336	Unicorn-27785.exe
1344	Unicorn-25132.exe
1924	Unicorn-58573.exe
1936	Unicorn-22990.exe
1932	Unicorn-19460.exe
924	Unicorn-22798.exe
2352	Unicorn-19268.exe
1688	Unicorn-39134.exe
1744	Unicorn-7971.exe
1576	Unicorn-45283.exe
2516	Unicorn-31516.exe
1212	Unicorn-19626.exe
2568	Unicorn-31324.exe
2848	Unicorn-15179.exe
2948	Unicorn-51189.exe
2596	Unicorn-46420.exe
2476	Unicorn-64188.exe
2464	Unicorn-58589.exe
2504	Unicorn-63228.exe
2928	Unicorn-42061.exe
2012	Unicorn-58781.exe
2812	Unicorn-6051.exe
2904	Unicorn-52725.exe
556	Unicorn-44557.exe
2492	Unicorn-58625.exe
2984	Unicorn-4266.exe
284	Unicorn-54043.exe
1156	Unicorn-25817.exe
1604	Unicorn-12927.exe
2064	Unicorn-36363.exe
1360	Unicorn-58791.exe
2268	Unicorn-13119.exe
1716	Unicorn-58791.exe
2992	Unicorn-2943.exe
1640	Unicorn-2751.exe
1952	Unicorn-26872.exe
2436	Unicorn-14982.exe
2160	Unicorn-56207.exe
2328	Unicorn-59736.exe
1812	Unicorn-34329.exe
1352	Unicorn-5911.exe
1824	Unicorn-34521.exe
2068	Unicorn-54344.exe
1692	Unicorn-17417.exe

Loads dropped DLL 64 IoCs

pid	Process
2940	a3056eee4aa400c3286f87efdba8b292.exe
2940	a3056eee4aa400c3286f87efdba8b292.exe
2836	Unicorn-60324.exe
2836	Unicorn-60324.exe
2940	a3056eee4aa400c3286f87efdba8b292.exe
2940	a3056eee4aa400c3286f87efdba8b292.exe
2632	Unicorn-64994.exe
2984	Unicorn-22338.exe
2984	Unicorn-22338.exe
2632	Unicorn-64994.exe
2836	Unicorn-60324.exe
2836	Unicorn-60324.exe
2588	Unicorn-49289.exe
2588	Unicorn-49289.exe
2632	Unicorn-64994.exe
2632	Unicorn-64994.exe
2648	Unicorn-9325.exe
2648	Unicorn-9325.exe
2984	Unicorn-22338.exe
2984	Unicorn-22338.exe
2436	Unicorn-45760.exe
2436	Unicorn-45760.exe
2932	Unicorn-41116.exe
2932	Unicorn-41116.exe
2588	Unicorn-49289.exe
2588	Unicorn-49289.exe
2380	Unicorn-61899.exe
2380	Unicorn-61899.exe
2744	Unicorn-8059.exe
2744	Unicorn-8059.exe
824	Unicorn-34676.exe
2648	Unicorn-9325.exe
824	Unicorn-34676.exe
2648	Unicorn-9325.exe
524	Unicorn-60763.exe
524	Unicorn-60763.exe
2692	Unicorn-18505.exe
2692	Unicorn-18505.exe
2932	Unicorn-41116.exe
2932	Unicorn-41116.exe
2024	Unicorn-63259.exe
2024	Unicorn-63259.exe
2380	Unicorn-61899.exe
2380	Unicorn-61899.exe
1872	Unicorn-31338.exe
1872	Unicorn-31338.exe
1552	Unicorn-45771.exe
1552	Unicorn-45771.exe
2744	Unicorn-8059.exe
2744	Unicorn-8059.exe
1444	Unicorn-4546.exe
1444	Unicorn-4546.exe
824	Unicorn-34676.exe
824	Unicorn-34676.exe
572	Unicorn-50218.exe
572	Unicorn-50218.exe
1900	Unicorn-28361.exe
1900	Unicorn-28361.exe
524	Unicorn-60763.exe
524	Unicorn-60763.exe
1808	Unicorn-45465.exe
1808	Unicorn-45465.exe
2692	Unicorn-18505.exe
2692	Unicorn-18505.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2828	2412	WerFault.exe	136
2228	2020	WerFault.exe	141

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2940	a3056eee4aa400c3286f87efdba8b292.exe
2836	Unicorn-60324.exe
2632	Unicorn-64994.exe
2984	Unicorn-22338.exe
2648	Unicorn-9325.exe
2588	Unicorn-49289.exe
2436	Unicorn-45760.exe
2932	Unicorn-41116.exe
2380	Unicorn-61899.exe
824	Unicorn-34676.exe
1872	Unicorn-31338.exe
2744	Unicorn-8059.exe
524	Unicorn-60763.exe
2692	Unicorn-18505.exe
2024	Unicorn-63259.exe
1552	Unicorn-45771.exe
572	Unicorn-50218.exe
1444	Unicorn-4546.exe
1900	Unicorn-28361.exe
1808	Unicorn-45465.exe
2152	Unicorn-25599.exe
2336	Unicorn-27785.exe
1924	Unicorn-58573.exe
1344	Unicorn-25132.exe
1936	Unicorn-22990.exe
924	Unicorn-22798.exe
1932	Unicorn-19460.exe
2352	Unicorn-19268.exe
1688	Unicorn-39134.exe
1744	Unicorn-7971.exe
2516	Unicorn-31516.exe
1576	Unicorn-45283.exe
1212	Unicorn-19626.exe
2568	Unicorn-31324.exe
2848	Unicorn-15179.exe
2948	Unicorn-51189.exe
2596	Unicorn-46420.exe
2476	Unicorn-64188.exe
2464	Unicorn-58589.exe
2504	Unicorn-63228.exe
2012	Unicorn-58781.exe
2812	Unicorn-6051.exe
2904	Unicorn-52725.exe
556	Unicorn-44557.exe
2492	Unicorn-58625.exe
2984	Unicorn-4266.exe
284	Unicorn-54043.exe
1716	Unicorn-58791.exe
1604	Unicorn-12927.exe
2064	Unicorn-36363.exe
1156	Unicorn-25817.exe
1360	Unicorn-58791.exe
2268	Unicorn-13119.exe
1640	Unicorn-2751.exe
2436	Unicorn-14982.exe
2992	Unicorn-2943.exe
1352	Unicorn-5911.exe
2328	Unicorn-59736.exe
1952	Unicorn-26872.exe
2160	Unicorn-56207.exe
1812	Unicorn-34329.exe
1824	Unicorn-34521.exe
2068	Unicorn-54344.exe
2304	Unicorn-19145.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2836	2940	a3056eee4aa400c3286f87efdba8b292.exe	28
PID 2940 wrote to memory of 2836	2940	a3056eee4aa400c3286f87efdba8b292.exe	28
PID 2940 wrote to memory of 2836	2940	a3056eee4aa400c3286f87efdba8b292.exe	28
PID 2940 wrote to memory of 2836	2940	a3056eee4aa400c3286f87efdba8b292.exe	28
PID 2836 wrote to memory of 2984	2836	Unicorn-60324.exe	29
PID 2836 wrote to memory of 2984	2836	Unicorn-60324.exe	29
PID 2836 wrote to memory of 2984	2836	Unicorn-60324.exe	29
PID 2836 wrote to memory of 2984	2836	Unicorn-60324.exe	29
PID 2940 wrote to memory of 2632	2940	a3056eee4aa400c3286f87efdba8b292.exe	30
PID 2940 wrote to memory of 2632	2940	a3056eee4aa400c3286f87efdba8b292.exe	30
PID 2940 wrote to memory of 2632	2940	a3056eee4aa400c3286f87efdba8b292.exe	30
PID 2940 wrote to memory of 2632	2940	a3056eee4aa400c3286f87efdba8b292.exe	30
PID 2984 wrote to memory of 2648	2984	Unicorn-22338.exe	31
PID 2984 wrote to memory of 2648	2984	Unicorn-22338.exe	31
PID 2984 wrote to memory of 2648	2984	Unicorn-22338.exe	31
PID 2984 wrote to memory of 2648	2984	Unicorn-22338.exe	31
PID 2632 wrote to memory of 2588	2632	Unicorn-64994.exe	32
PID 2632 wrote to memory of 2588	2632	Unicorn-64994.exe	32
PID 2632 wrote to memory of 2588	2632	Unicorn-64994.exe	32
PID 2632 wrote to memory of 2588	2632	Unicorn-64994.exe	32
PID 2836 wrote to memory of 2436	2836	Unicorn-60324.exe	33
PID 2836 wrote to memory of 2436	2836	Unicorn-60324.exe	33
PID 2836 wrote to memory of 2436	2836	Unicorn-60324.exe	33
PID 2836 wrote to memory of 2436	2836	Unicorn-60324.exe	33
PID 2588 wrote to memory of 2932	2588	Unicorn-49289.exe	34
PID 2588 wrote to memory of 2932	2588	Unicorn-49289.exe	34
PID 2588 wrote to memory of 2932	2588	Unicorn-49289.exe	34
PID 2588 wrote to memory of 2932	2588	Unicorn-49289.exe	34
PID 2632 wrote to memory of 2380	2632	Unicorn-64994.exe	35
PID 2632 wrote to memory of 2380	2632	Unicorn-64994.exe	35
PID 2632 wrote to memory of 2380	2632	Unicorn-64994.exe	35
PID 2632 wrote to memory of 2380	2632	Unicorn-64994.exe	35
PID 2648 wrote to memory of 2744	2648	Unicorn-9325.exe	36
PID 2648 wrote to memory of 2744	2648	Unicorn-9325.exe	36
PID 2648 wrote to memory of 2744	2648	Unicorn-9325.exe	36
PID 2648 wrote to memory of 2744	2648	Unicorn-9325.exe	36
PID 2984 wrote to memory of 1872	2984	Unicorn-22338.exe	38
PID 2984 wrote to memory of 1872	2984	Unicorn-22338.exe	38
PID 2984 wrote to memory of 1872	2984	Unicorn-22338.exe	38
PID 2984 wrote to memory of 1872	2984	Unicorn-22338.exe	38
PID 2436 wrote to memory of 824	2436	Unicorn-45760.exe	37
PID 2436 wrote to memory of 824	2436	Unicorn-45760.exe	37
PID 2436 wrote to memory of 824	2436	Unicorn-45760.exe	37
PID 2436 wrote to memory of 824	2436	Unicorn-45760.exe	37
PID 2932 wrote to memory of 524	2932	Unicorn-41116.exe	39
PID 2932 wrote to memory of 524	2932	Unicorn-41116.exe	39
PID 2932 wrote to memory of 524	2932	Unicorn-41116.exe	39
PID 2932 wrote to memory of 524	2932	Unicorn-41116.exe	39
PID 2588 wrote to memory of 2692	2588	Unicorn-49289.exe	40
PID 2588 wrote to memory of 2692	2588	Unicorn-49289.exe	40
PID 2588 wrote to memory of 2692	2588	Unicorn-49289.exe	40
PID 2588 wrote to memory of 2692	2588	Unicorn-49289.exe	40
PID 2380 wrote to memory of 2024	2380	Unicorn-61899.exe	41
PID 2380 wrote to memory of 2024	2380	Unicorn-61899.exe	41
PID 2380 wrote to memory of 2024	2380	Unicorn-61899.exe	41
PID 2380 wrote to memory of 2024	2380	Unicorn-61899.exe	41
PID 2744 wrote to memory of 1552	2744	Unicorn-8059.exe	42
PID 2744 wrote to memory of 1552	2744	Unicorn-8059.exe	42
PID 2744 wrote to memory of 1552	2744	Unicorn-8059.exe	42
PID 2744 wrote to memory of 1552	2744	Unicorn-8059.exe	42
PID 824 wrote to memory of 1444	824	Unicorn-34676.exe	43
PID 824 wrote to memory of 1444	824	Unicorn-34676.exe	43
PID 824 wrote to memory of 1444	824	Unicorn-34676.exe	43
PID 824 wrote to memory of 1444	824	Unicorn-34676.exe	43

C:\Users\Admin\AppData\Local\Temp\a3056eee4aa400c3286f87efdba8b292.exe
"C:\Users\Admin\AppData\Local\Temp\a3056eee4aa400c3286f87efdba8b292.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1630.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        10⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62718.exe
        10⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52725.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24869.exe
        9⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23118.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31312.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5911.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8859.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48198.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
        10⤵
        
        PID:2476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        8⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17417.exe
        7⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12609.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
        7⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        8⤵
        
        PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40956.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
        9⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23394.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        8⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37695.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18910.exe
        9⤵
        
        PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        8⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51786.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
        10⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12998.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
        11⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48136.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32444.exe
        7⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32321.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        9⤵
        
        PID:676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
        8⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27825.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
        7⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        8⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        6⤵
        Executes dropped EXE
        
        PID:2928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54043.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
        10⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59845.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30954.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
        10⤵
        
        PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25599.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31324.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9760.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1349.exe
        10⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58791.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
        7⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61265.exe
        8⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41219.exe
        9⤵
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45465.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31516.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7650.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        10⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40004.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39480.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        9⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31298.exe
        10⤵
        
        PID:1048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59954.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22952.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        10⤵
        
        PID:1164
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 380
        10⤵
        Program crash
        
        PID:2228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 376
        9⤵
        Program crash
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54757.exe
        7⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
        8⤵
        
        PID:792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27785.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46420.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63291.exe
        8⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8328.exe
        10⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63675.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56579.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
        9⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64188.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2751.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30043.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3076.exe
        8⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52905.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39658.exe
        10⤵
        
        PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
        7⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54716.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        10⤵
        
        PID:2664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50660.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60855.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-378.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36729.exe
        8⤵
        
        PID:1692

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe

Filesize
184KB

MD5
d79e5a011e43bd00daf71a877db4ab57

SHA1
ac9e2ea6b559d49cd85c634ac3bc82ca1ba32640

SHA256
63643e37ef784ce029ee8a62320182d529dcd5d82a840244e4f0915a2ce00c00

SHA512
5f052c61de13d5c67e6ea2bf5d94014f090c2de8a161e68c5d87c17af3100afa08ef91b229825f4a8cb8bce0938cc5e7ec4970847ab85fd14252b1734f0cdcd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33564.exe

Filesize
184KB

MD5
39d3859d9e0e07a1d2d694aa0a5d98c2

SHA1
dd6920cd0498f61c908001a9472b5d7f7c1693d8

SHA256
4a5ef1bf7dc7e73d45ff4c541448824e40b1e317ae9b0db789c6510fb0e2b829

SHA512
5c6655414d6f5b33d49b771902983d616c34f685adabbc393f96bc555f4bc801fbe321f7f31e75055c273505f4aff010d495923e218b2489d0ad8d6e8d529116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34676.exe

Filesize
184KB

MD5
d29b00029e0d7d9ee0a1a332fce0fc22

SHA1
09cb41fee6a6f474aec2e0189de4f5b286c4618d

SHA256
8058675c8f283989df9a2d6e769faf02d69c97eb0c9dd582650204b4ec3c09ad

SHA512
f2946a9ad443fb9cdb7084c8e2fb10ecf221727c717275cfd688f6429684d64656b04fe62cd9df4a35dc38483085489decd0078a480979412a46546e39e5ac79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe

Filesize
184KB

MD5
738de388daec77b183f77993be8d1f24

SHA1
c46e5308cb10cddc5ee06dc0f3fd54449489b2c0

SHA256
db8dae13e07e490139d78207eb3b4cd371f86b42aa46a10af01cac7c89dd7fac

SHA512
13be0417dfa6cbdc7eb92a3981454a491935f6154add46cc66b26a082d7361af9ebe44bb69a991438826958d7b2f21d490728ccfc8032c340b6a9d6e44b1a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45760.exe

Filesize
184KB

MD5
6e30105c6b4a60f02e5d29a4dae66d6a

SHA1
773d38eb978aae36e7b64cf9bd8e9106a9cdb50f

SHA256
b5b82f7889a247f637eee4fbe48cc1917741dab21ec49d69296620f5247a7ab5

SHA512
a42436d3dac6c549743a00a5d5afea7b93366724d4daaf72c9286087da72bdf665ce74f1340a72bdc0196975ca80a28a4e232bbaac55d666ebca61a3ce3fa02b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45771.exe

Filesize
184KB

MD5
ab14065b3b1133b26342e47adc330498

SHA1
252c28d9d8abfd1d829bdee359b7fd7804df4b51

SHA256
c36b35fcc512c406ec5d08e411b7e0539c33a48eca940edec25041a28c1d0f1e

SHA512
a1c0f7bed8ea15ce40f8e96a2213e79bbc86afe9c2d9fba835c93dc53ba6dbc8447eb70f4e734b0d06de0a5b3708d0a94252420720a757113f391ce174f07859

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe

Filesize
184KB

MD5
01a300eed8964630bb648a087b647b28

SHA1
baf6f29fb3384d555ea9168c2b9cf2f67c392002

SHA256
8f9b0c9bb9b8f0d873f99b69605f9425be834c506777de9aee2fb77f50328d67

SHA512
7f60019d9f74e9fabad2ac95795f8bf8fe268ae9d488f1f51b226d014c3795cc580653f453469e0cf775f87400602b9c49ab071e80feaadbba94b4e95a5769d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe

Filesize
184KB

MD5
0c561e4c96bdef5620f9f045a7d1a79c

SHA1
200f5f33077ac1ea762111b2ea57c67ef3d30c63

SHA256
3592b4cc8864ee434e87dfdf76de2a71cb3a79a48915c2656f3db725a757f5ff

SHA512
7fa4111ab0b9aad04924fec188c8b705daf7f9e5700c655a955f91239eb426b8217fbb5e7236576d4cdfa78893b54a7c79af30310c1d52d7a8212176891ef6a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9325.exe

Filesize
184KB

MD5
9103acb91c37d08c42fdb1999effeaa2

SHA1
1e701ae89b23209db40a65f825e1f78dd47def71

SHA256
9674d5c565645540eaebf5c7f98ce981717605f0d9aab62f976310ff8990bbb1

SHA512
3d82324706c95a7bc08cbadfe62c39acebb9bbcfb1275745e1bd3f7e5a874e64ca8b7c6389fe87e1d4f5ad11a594deb119321b36ee1d5ad5a73eed4fb82580a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe

Filesize
184KB

MD5
049ed59cc0e5522c728b31324430ea46

SHA1
19e86464aa8468f8012021f7c154160bb4a720e6

SHA256
47dcf0327a44d26df9dcfd7fb483405d8ca6ce0852f6fc0b31f7fb8ebb0c6a53

SHA512
5a7a5ae4f248fbedac104e1258b12250daef1232afccbe1ce851f07472e4f9205e0da10e8478f179b170a0a275351059be9f2fb8fb929a7ba511242f81d7f0b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31338.exe

Filesize
184KB

MD5
65f404860022c1a23c8d21d236f4993a

SHA1
9428b2364fb189e3f6e3eb292a8fc1e3280918f6

SHA256
65463c3ff3424c0cb56cfca3613f8b90e3dfbc8f2c58dfdd144933c75e89f233

SHA512
02d7e971689989dcd53148684d7c06cf74d1a41ce549709784f1449e49b700dc1e6defc54590f73d70ff0f462303367e209665fc32621e73944f9cd717112018

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe

Filesize
184KB

MD5
abe337d4732b8d94b2da77232af3fc67

SHA1
ebc20a9c80e141e698da6571ee810b99314f6bf4

SHA256
a9585116c8599f79a276b17af25a6dafecdbcac9892a7a210577d969ea4254f7

SHA512
fbfec8b825bb1fd399366dad45c92522f80bad1b5b9cb8ca8ebc215916c860b33479416e18374928759bf34803c644e6ed0c7a817db925c354bbcc308e94670e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50218.exe

Filesize
184KB

MD5
14f894508639a64288fbac6e9198fb48

SHA1
28dc4d905a3195fa3cf88e9a6cad6e72491c4d9b

SHA256
942b664bb59b1df77677aa5e8d03ada6e381c9ef9dbf717106a92c8e6c93ad6b

SHA512
6397e87f0b8d0a049092cb0221afa9ad3c17f396b482089f3d593a4e476326d99b2fe8791d19438a1e8b0091ef55554b9927e82c97c04fd415889e9a9299100f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe

Filesize
184KB

MD5
c0537687e3ec43db744961e0b280362c

SHA1
0674406b54af590221617c408a9a00a9f6b14e40

SHA256
d8c02a9761c64a149c50b892cfc23a6a9537905deb564ecd7d85d626deda521b

SHA512
7345509e7627077b0b2d11af526a29a8485c0d3d12f83377632c8988d84887dd510c71cd94fc1e12f1c745ebc84d7884a95c399f328ca7a3088d8a2b87285632

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe

Filesize
184KB

MD5
8812f8446acd98765ef14980b2f46f9d

SHA1
26a03e80ef16489652075d74fe0b6c367d5ab7e0

SHA256
0c6ef559acd1bbc70bc4d7b5f0612f8c602883327e5b9973f2797b046f8e0bb2

SHA512
a81beee024bfc2309895f89d1de0be05a94edfbc4003f9c76b78498012d94b842e6c7de581d0aca617edc800aa97efae206772e7187b5e110c0de7debf531364

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe

Filesize
184KB

MD5
6623320cf8b7888a279c10f78455a7b5

SHA1
1878da57fde43fde303133919b832fbd9b890b85

SHA256
e4a6518792466d9763d3345c3b0f4923668340064b91a4033433904b4e3763c7

SHA512
bd4312d6e687e4081c8d9a0981284332c803b82156978c14c7d608982fcc018b2f520d5b0ab00e36f8192ebf89959c477b12507b91d4096cd5706439715e7363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63259.exe

Filesize
184KB

MD5
b07b895af2aa86480100500d14ad337a

SHA1
cecafc70fa9a2ef7da69c8d80b115d40da780ac8

SHA256
58ff9c22a1c5ef830ba77a97b5a5c0c6e92edc85506ec06c5f54eed473122534

SHA512
d570cf20ffb05b329999a6a619882b0a292962ea3bcc8647fd1f29f2317f745c6ab6a70c4e998fa4a45c2a99f8f3234e483899058b12bc9b88a17c8c61014127

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64994.exe

Filesize
184KB

MD5
24a864f6dd614494437b5d6219050413

SHA1
3e21386ced483083771e429eb49c947391cfc5b9

SHA256
187d4b4debf8d93a2cccee5def811b3a4481e9bfdb3f3925047b5deb79cbf09e

SHA512
cf84fe35d90fe92d89328a3860f436d158a36d41c977984e1ea811686009fe35212117776b93b5ca338bd851355092678d23e4864a5bae581fe67d5321d9cdbc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe

Filesize
184KB

MD5
b3713478ec8a2787cd8b40828528090d

SHA1
e3f7fe588f27e43ada5e18af7974b3b099597461

SHA256
5e5e3e781ae518494b2b1e73250a866ec4b5825f64b67d7887f932dfa4879f6f

SHA512
db13e2641d9e35c8d2da1a2f39a7ceccfdf04e83344362efa5781d7ccc974cff135e0e01fcdab4b722568b836f2e9ce87091b01e8fedd605c27ab2ecac3d8b03

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads