042e64ce9abfaabaeb47d3b26a5be4bb1ca9f29798cee28d731cd2204bbe8e79

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

295ec9377225c5dda6c4c27a7bca42f2.exe
Size

184KB
MD5

295ec9377225c5dda6c4c27a7bca42f2
SHA1

b927a72d025b7a11fc58bfeb657d7201e0f0842e
SHA256

042e64ce9abfaabaeb47d3b26a5be4bb1ca9f29798cee28d731cd2204bbe8e79
SHA512

dd5ddbd3da405e981fa19f7cfe03f9d6c3baf706ff250de57cd8c0da0f4dba14ed8cf62c7f515302b9b91c40d2d2dc9cd31b6a59e46fa0da2b1b13fc88da20ac
SSDEEP

3072:pnD2oz/PuJA0urjJdP60w8F5F5d6xgfhKcUx8xIz0NlPvpFL:pn6oqm0u5di0w8pJVpNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2128	Unicorn-55824.exe
3004	Unicorn-18295.exe
2800	Unicorn-15149.exe
2732	Unicorn-1605.exe
2588	Unicorn-63997.exe
2268	Unicorn-49654.exe
388	Unicorn-52664.exe
2388	Unicorn-49135.exe
3056	Unicorn-11247.exe
772	Unicorn-24246.exe
752	Unicorn-28928.exe
1792	Unicorn-23869.exe
816	Unicorn-58653.exe
2308	Unicorn-33957.exe
1300	Unicorn-24061.exe
1360	Unicorn-30592.exe
1764	Unicorn-23815.exe
1580	Unicorn-40343.exe
2456	Unicorn-40343.exe
2844	Unicorn-53249.exe
2488	Unicorn-53249.exe
1724	Unicorn-12216.exe
2700	Unicorn-34260.exe
2768	Unicorn-45273.exe
1220	Unicorn-820.exe
2340	Unicorn-41852.exe
2772	Unicorn-53088.exe
2960	Unicorn-15542.exe
2972	Unicorn-28501.exe
1008	Unicorn-33592.exe
1644	Unicorn-26493.exe
852	Unicorn-26493.exe
2476	Unicorn-13835.exe
2120	Unicorn-38723.exe
3016	Unicorn-38723.exe
2452	Unicorn-58781.exe
2240	Unicorn-34085.exe
1668	Unicorn-39103.exe
2468	Unicorn-3285.exe
2708	Unicorn-33047.exe
2724	Unicorn-33623.exe
2576	Unicorn-36917.exe
524	Unicorn-24495.exe
572	Unicorn-25756.exe
320	Unicorn-23364.exe
1912	Unicorn-60291.exe
2920	Unicorn-45024.exe
1632	Unicorn-20711.exe
2668	Unicorn-17609.exe
2460	Unicorn-17609.exe
2888	Unicorn-14847.exe
2124	Unicorn-1848.exe
984	Unicorn-51049.exe
2068	Unicorn-25201.exe
2652	Unicorn-5527.exe
2628	Unicorn-45102.exe
472	Unicorn-7748.exe
1376	Unicorn-46747.exe
1584	Unicorn-27862.exe
1512	Unicorn-64064.exe
3296	Unicorn-30135.exe
3336	Unicorn-41833.exe
3308	Unicorn-57925.exe
3324	Unicorn-64422.exe

Loads dropped DLL 64 IoCs

pid	Process
2548	295ec9377225c5dda6c4c27a7bca42f2.exe
2548	295ec9377225c5dda6c4c27a7bca42f2.exe
2128	Unicorn-55824.exe
2128	Unicorn-55824.exe
2548	295ec9377225c5dda6c4c27a7bca42f2.exe
2548	295ec9377225c5dda6c4c27a7bca42f2.exe
3004	Unicorn-18295.exe
3004	Unicorn-18295.exe
2128	Unicorn-55824.exe
2128	Unicorn-55824.exe
2800	Unicorn-15149.exe
2800	Unicorn-15149.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2908	WerFault.exe
2800	Unicorn-15149.exe
2800	Unicorn-15149.exe
3004	Unicorn-18295.exe
2268	Unicorn-49654.exe
3004	Unicorn-18295.exe
2268	Unicorn-49654.exe
2588	Unicorn-63997.exe
2588	Unicorn-63997.exe
2732	Unicorn-1605.exe
2732	Unicorn-1605.exe
2908	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
608	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
1528	WerFault.exe
1528	WerFault.exe
608	WerFault.exe
608	WerFault.exe
1628	WerFault.exe
1628	WerFault.exe
608	WerFault.exe
2024	WerFault.exe
2024	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2796	2548	WerFault.exe	27
2908	2128	WerFault.exe	28
608	2268	WerFault.exe	32
2024	2588	WerFault.exe	33
1528	2732	WerFault.exe	34
1628	2800	WerFault.exe	30
1184	2388	WerFault.exe	44
1560	3004	WerFault.exe	29
888	388	WerFault.exe	37
552	752	WerFault.exe	43
1712	3056	WerFault.exe	36
2612	1792	WerFault.exe	45
2536	816	WerFault.exe	48
2744	1300	WerFault.exe	50
1160	2308	WerFault.exe	49
1916	1360	WerFault.exe	54
1804	1580	WerFault.exe	58
484	1764	WerFault.exe	56
2812	2456	WerFault.exe	59
2820	1724	WerFault.exe	62
2976	2488	WerFault.exe	60
1200	2700	WerFault.exe	63
540	2844	WerFault.exe	61
1192	2772	WerFault.exe	71
2696	1644	WerFault.exe	75
3076	2452	WerFault.exe	80
3492	852	WerFault.exe	76
3484	2768	WerFault.exe	64
3476	1220	WerFault.exe	67
3468	1008	WerFault.exe	74
3432	1668	WerFault.exe	84
3424	2960	WerFault.exe	72
3532	2972	WerFault.exe	73
3524	3016	WerFault.exe	79
3516	2476	WerFault.exe	77
3556	2240	WerFault.exe	81
3548	2120	WerFault.exe	78
3540	2340	WerFault.exe	66
3600	1912	WerFault.exe	94
3780	1376	WerFault.exe	108
3788	2668	WerFault.exe	97
4060	2628	WerFault.exe	105
4092	2708	WerFault.exe	87
3392	572	WerFault.exe	92
3412	2724	WerFault.exe	89
3668	2068	WerFault.exe	102
3712	2920	WerFault.exe	95
3808	2576	WerFault.exe	90
3888	1584	WerFault.exe	111
4176	1512	WerFault.exe	110
4168	320	WerFault.exe	93
4228	2124	WerFault.exe	100
4260	2652	WerFault.exe	103
4332	1632	WerFault.exe	96
4376	984	WerFault.exe	101
4624	2888	WerFault.exe	99
4632	472	WerFault.exe	106
4648	2460	WerFault.exe	98
4640	524	WerFault.exe	91
4796	3324	WerFault.exe	117
4484	3448	WerFault.exe	144
4500	3920	WerFault.exe	150
4528	3648	WerFault.exe	147
4568	2468	WerFault.exe	86

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2548	295ec9377225c5dda6c4c27a7bca42f2.exe
2128	Unicorn-55824.exe
3004	Unicorn-18295.exe
2800	Unicorn-15149.exe
2732	Unicorn-1605.exe
2588	Unicorn-63997.exe
2268	Unicorn-49654.exe
2388	Unicorn-49135.exe
388	Unicorn-52664.exe
752	Unicorn-28928.exe
3056	Unicorn-11247.exe
1792	Unicorn-23869.exe
1300	Unicorn-24061.exe
816	Unicorn-58653.exe
2308	Unicorn-33957.exe
1360	Unicorn-30592.exe
1764	Unicorn-23815.exe
1580	Unicorn-40343.exe
2456	Unicorn-40343.exe
2488	Unicorn-53249.exe
1724	Unicorn-12216.exe
2768	Unicorn-45273.exe
2700	Unicorn-34260.exe
2844	Unicorn-53249.exe
1220	Unicorn-820.exe
2340	Unicorn-41852.exe
2772	Unicorn-53088.exe
2960	Unicorn-15542.exe
1008	Unicorn-33592.exe
2972	Unicorn-28501.exe
852	Unicorn-26493.exe
1644	Unicorn-26493.exe
2452	Unicorn-58781.exe
2120	Unicorn-38723.exe
2476	Unicorn-13835.exe
3016	Unicorn-38723.exe
2240	Unicorn-34085.exe
1668	Unicorn-39103.exe
2468	Unicorn-3285.exe
2724	Unicorn-33623.exe
2708	Unicorn-33047.exe
2576	Unicorn-36917.exe
524	Unicorn-24495.exe
572	Unicorn-25756.exe
320	Unicorn-23364.exe
1912	Unicorn-60291.exe
2920	Unicorn-45024.exe
2124	Unicorn-1848.exe
1632	Unicorn-20711.exe
2668	Unicorn-17609.exe
984	Unicorn-51049.exe
2888	Unicorn-14847.exe
2460	Unicorn-17609.exe
2068	Unicorn-25201.exe
2652	Unicorn-5527.exe
2628	Unicorn-45102.exe
472	Unicorn-7748.exe
1376	Unicorn-46747.exe
1584	Unicorn-27862.exe
1512	Unicorn-64064.exe
3308	Unicorn-57925.exe
3296	Unicorn-30135.exe
3316	Unicorn-42466.exe
3336	Unicorn-41833.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2548 wrote to memory of 2128	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	28
PID 2548 wrote to memory of 2128	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	28
PID 2548 wrote to memory of 2128	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	28
PID 2548 wrote to memory of 2128	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	28
PID 2128 wrote to memory of 3004	2128	Unicorn-55824.exe	29
PID 2128 wrote to memory of 3004	2128	Unicorn-55824.exe	29
PID 2128 wrote to memory of 3004	2128	Unicorn-55824.exe	29
PID 2128 wrote to memory of 3004	2128	Unicorn-55824.exe	29
PID 2548 wrote to memory of 2800	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	30
PID 2548 wrote to memory of 2800	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	30
PID 2548 wrote to memory of 2800	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	30
PID 2548 wrote to memory of 2800	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	30
PID 2548 wrote to memory of 2796	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	31
PID 2548 wrote to memory of 2796	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	31
PID 2548 wrote to memory of 2796	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	31
PID 2548 wrote to memory of 2796	2548	295ec9377225c5dda6c4c27a7bca42f2.exe	31
PID 3004 wrote to memory of 2732	3004	Unicorn-18295.exe	34
PID 3004 wrote to memory of 2732	3004	Unicorn-18295.exe	34
PID 3004 wrote to memory of 2732	3004	Unicorn-18295.exe	34
PID 3004 wrote to memory of 2732	3004	Unicorn-18295.exe	34
PID 2128 wrote to memory of 2588	2128	Unicorn-55824.exe	33
PID 2128 wrote to memory of 2588	2128	Unicorn-55824.exe	33
PID 2128 wrote to memory of 2588	2128	Unicorn-55824.exe	33
PID 2128 wrote to memory of 2588	2128	Unicorn-55824.exe	33
PID 2800 wrote to memory of 2268	2800	Unicorn-15149.exe	32
PID 2800 wrote to memory of 2268	2800	Unicorn-15149.exe	32
PID 2800 wrote to memory of 2268	2800	Unicorn-15149.exe	32
PID 2800 wrote to memory of 2268	2800	Unicorn-15149.exe	32
PID 2128 wrote to memory of 2908	2128	Unicorn-55824.exe	35
PID 2128 wrote to memory of 2908	2128	Unicorn-55824.exe	35
PID 2128 wrote to memory of 2908	2128	Unicorn-55824.exe	35
PID 2128 wrote to memory of 2908	2128	Unicorn-55824.exe	35
PID 2800 wrote to memory of 2388	2800	Unicorn-15149.exe	44
PID 2800 wrote to memory of 2388	2800	Unicorn-15149.exe	44
PID 2800 wrote to memory of 2388	2800	Unicorn-15149.exe	44
PID 2800 wrote to memory of 2388	2800	Unicorn-15149.exe	44
PID 3004 wrote to memory of 772	3004	Unicorn-18295.exe	38
PID 3004 wrote to memory of 772	3004	Unicorn-18295.exe	38
PID 3004 wrote to memory of 772	3004	Unicorn-18295.exe	38
PID 3004 wrote to memory of 772	3004	Unicorn-18295.exe	38
PID 2268 wrote to memory of 388	2268	Unicorn-49654.exe	37
PID 2268 wrote to memory of 388	2268	Unicorn-49654.exe	37
PID 2268 wrote to memory of 388	2268	Unicorn-49654.exe	37
PID 2268 wrote to memory of 388	2268	Unicorn-49654.exe	37
PID 2588 wrote to memory of 3056	2588	Unicorn-63997.exe	36
PID 2588 wrote to memory of 3056	2588	Unicorn-63997.exe	36
PID 2588 wrote to memory of 3056	2588	Unicorn-63997.exe	36
PID 2588 wrote to memory of 3056	2588	Unicorn-63997.exe	36
PID 2732 wrote to memory of 752	2732	Unicorn-1605.exe	43
PID 2732 wrote to memory of 752	2732	Unicorn-1605.exe	43
PID 2732 wrote to memory of 752	2732	Unicorn-1605.exe	43
PID 2732 wrote to memory of 752	2732	Unicorn-1605.exe	43
PID 2800 wrote to memory of 1628	2800	Unicorn-15149.exe	42
PID 2800 wrote to memory of 1628	2800	Unicorn-15149.exe	42
PID 2800 wrote to memory of 1628	2800	Unicorn-15149.exe	42
PID 2800 wrote to memory of 1628	2800	Unicorn-15149.exe	42
PID 2732 wrote to memory of 1528	2732	Unicorn-1605.exe	41
PID 2732 wrote to memory of 1528	2732	Unicorn-1605.exe	41
PID 2732 wrote to memory of 1528	2732	Unicorn-1605.exe	41
PID 2732 wrote to memory of 1528	2732	Unicorn-1605.exe	41
PID 2268 wrote to memory of 608	2268	Unicorn-49654.exe	39
PID 2268 wrote to memory of 608	2268	Unicorn-49654.exe	39
PID 2268 wrote to memory of 608	2268	Unicorn-49654.exe	39
PID 2268 wrote to memory of 608	2268	Unicorn-49654.exe	39

C:\Users\Admin\AppData\Local\Temp\295ec9377225c5dda6c4c27a7bca42f2.exe
"C:\Users\Admin\AppData\Local\Temp\295ec9377225c5dda6c4c27a7bca42f2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18295.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18295.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 376
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33623.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46747.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 376
        12⤵
        Program crash
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30135.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
        12⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        13⤵
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59790.exe
        14⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 376
        15⤵
        
        PID:6600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 380
        14⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 384
        13⤵
        
        PID:6080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 380
        12⤵
        
        PID:4660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 368
        11⤵
        Program crash
        
        PID:3412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25497.exe
        11⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39496.exe
        12⤵
        
        PID:4436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 376
        13⤵
        
        PID:4940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 380
        12⤵
        Program crash
        
        PID:4484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 376
        11⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 372
        10⤵
        Program crash
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64422.exe
        10⤵
        Executes dropped EXE
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        11⤵
        
        PID:3176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 376
        12⤵
        
        PID:4740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 372
        11⤵
        Program crash
        
        PID:4796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 368
        10⤵
        Program crash
        
        PID:3808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 376
        9⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12801.exe
        11⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        12⤵
        
        PID:6024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 368
        13⤵
        
        PID:6632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 380
        12⤵
        
        PID:6132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 376
        11⤵
        
        PID:5472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 380
        10⤵
        Program crash
        
        PID:4648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 380
        9⤵
        Program crash
        
        PID:3548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 376
        8⤵
        Program crash
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34085.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51049.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        10⤵
        
        PID:2864
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 380
        11⤵
        
        PID:4696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 376
        10⤵
        Program crash
        
        PID:4376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 380
        9⤵
        Program crash
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5527.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        9⤵
        
        PID:3852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 376
        10⤵
        
        PID:4828
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 376
        9⤵
        Program crash
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 380
        8⤵
        Program crash
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 368
        7⤵
        Program crash
        
        PID:2744
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 368
        6⤵
        Program crash
        
        PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
      4⤵
      Executes dropped EXE
      PID:772
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 376
      4⤵
      Program crash
      PID:1560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33957.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40343.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25756.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43756.exe
        11⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38650.exe
        12⤵
        
        PID:4960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        13⤵
        
        PID:5992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 368
        14⤵
        
        PID:6684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 380
        13⤵
        
        PID:5140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 376
        12⤵
        
        PID:5480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 380
        11⤵
        
        PID:4684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 376
        10⤵
        Program crash
        
        PID:3392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 376
        9⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 368
        9⤵
        Program crash
        
        PID:3600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 376
        8⤵
        Program crash
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25201.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
        10⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-575.exe
        11⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        12⤵
        
        PID:5952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        13⤵
        
        PID:6984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
        14⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 368
        13⤵
        
        PID:7080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 380
        12⤵
        
        PID:4832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 376
        11⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
        10⤵
        
        PID:4920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        11⤵
        
        PID:5752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 376
        12⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 372
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 376
        10⤵
        
        PID:5232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 376
        9⤵
        Program crash
        
        PID:3668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 380
        8⤵
        Program crash
        
        PID:3516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 368
        7⤵
        Program crash
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33592.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        9⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37498.exe
        10⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38721.exe
        11⤵
        
        PID:5516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 368
        12⤵
        
        PID:6624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 376
        11⤵
        
        PID:6108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 376
        10⤵
        
        PID:5176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 524 -s 380
        9⤵
        Program crash
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 380
        8⤵
        Program crash
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20711.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
        8⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 380
        9⤵
        Program crash
        
        PID:4528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 368
        8⤵
        Program crash
        
        PID:4332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 368
        7⤵
        Program crash
        
        PID:1200
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 368
        6⤵
        Program crash
        
        PID:1160
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 368
        5⤵
        Program crash
        
        PID:1712
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:2024
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 368
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23364.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        10⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 376
        11⤵
        
        PID:4856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 368
        10⤵
        Program crash
        
        PID:4168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 380
        9⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45024.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17737.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3097.exe
        11⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        12⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        13⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35358.exe
        14⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 376
        13⤵
        
        PID:7108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 380
        12⤵
        
        PID:5264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 368
        11⤵
        
        PID:5256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe
        10⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        11⤵
        
        PID:6000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 372
        12⤵
        
        PID:6428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 372
        11⤵
        
        PID:6420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 376
        10⤵
        
        PID:5380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 368
        9⤵
        Program crash
        
        PID:3712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 380
        8⤵
        Program crash
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38723.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1848.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19903.exe
        9⤵
        
        PID:3920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 380
        10⤵
        Program crash
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 376
        9⤵
        Program crash
        
        PID:4228
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 380
        8⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 368
        7⤵
        Program crash
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17609.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 376
        9⤵
        Program crash
        
        PID:3788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 380
        8⤵
        Program crash
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        8⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54903.exe
        9⤵
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        10⤵
        
        PID:5984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 384
        11⤵
        
        PID:6888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 380
        10⤵
        
        PID:6480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 376
        9⤵
        
        PID:5576
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 376
        8⤵
        Program crash
        
        PID:4624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 380
        7⤵
        Program crash
        
        PID:3540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 376
        6⤵
        Program crash
        
        PID:2536
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 376
        5⤵
        Program crash
        
        PID:888
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:608
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:1628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53249.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53088.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39103.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 376
        10⤵
        Program crash
        
        PID:4060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 380
        9⤵
        Program crash
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7748.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17983.exe
        9⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
        10⤵
        
        PID:5068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
        11⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
        12⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        13⤵
        
        PID:6620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 368
        12⤵
        
        PID:7144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 380
        11⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 376
        10⤵
        
        PID:5668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 380
        9⤵
        Program crash
        
        PID:4632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 380
        8⤵
        Program crash
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64064.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50001.exe
        9⤵
        
        PID:2656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 380
        10⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 376
        9⤵
        Program crash
        
        PID:4176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
        9⤵
        
        PID:5076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
        10⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14383.exe
        11⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
        12⤵
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 364
        11⤵
        
        PID:6780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 380
        10⤵
        
        PID:6124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 376
        9⤵
        
        PID:5320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 376
        8⤵
        Program crash
        
        PID:4568
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 376
        7⤵
        Program crash
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33047.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 376
        8⤵
        Program crash
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 380
        7⤵
        Program crash
        
        PID:3424
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 368
        6⤵
        Program crash
        
        PID:1916
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 376
        5⤵
        Program crash
        
        PID:2612
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 376
      4⤵
      Program crash
      PID:1184
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 368
  2⤵
  - Program crash
  PID:2796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe

Filesize
92KB

MD5
87f335dba1f3fedb485e3562f62cc9ab

SHA1
a2f98501ced060ae430250e9bc99583fafecc687

SHA256
f6a3efd70e43bf4a3c4226fe5fb4f97171858775f188f3706b82c2c5d6459789

SHA512
be6859d7492426ffa27d5da25931531423c72bf4079e5e7b4768527a24a000c19dd5f241bb573fac02d001aaabeebcac759cc4bee00efe43ace96ac4427864cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe

Filesize
184KB

MD5
f6d76dc1ea464d006d398851d71cb57e

SHA1
4e2e974d5f2a02d6ea2ab7c00ddb37a9cb591a24

SHA256
d9c669af9e51216df1c84634430893d864933adb1c84d146476975a96d000c32

SHA512
d3b79cb1c59bfdaf2d7c0285b675b152dffb6c499d189f963cce27b5cb4886fcecdfa070527c45683a238173dd2214b4ad8bbf9ccc2a0ca9d9aa10a79bc7ecfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18295.exe

Filesize
184KB

MD5
4fa4cce88000b7710b9860704e2df275

SHA1
cad8e955bf0370f824a710ae25015680f40b6555

SHA256
72b97fc03b0eae9e03823b04f2b83c085c552b974df7b0db50d07711936929e4

SHA512
0ca0059dd2673fe6fa9eaca0cdac74852490df04149493e59aff032e7ca82eca9b1bca9f34b21fcfa2005b7ea88b6e04b079f3f658705a572786ab59774d57da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe

Filesize
92KB

MD5
fdeb317f4c3f1e1bea6e7904667be1a1

SHA1
860d2426dea301499283adf6901ca478b3579282

SHA256
58b2cf5265a42973761fb47312dce3b76c2d7c70b6764acb1e213f08b8e09bf9

SHA512
6d626cd5239fdf570b5832fcf19501270854d14469b2d20d3448a1ba50a8fc881395ff9a456b265ba9c86ec96d030377076d19cfba87a875fcb2fc419c964348

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40792.exe

Filesize
184KB

MD5
7e482a31c42b3ebbf52eb082389cbd26

SHA1
b9c06b53394267cc40c51e407ac2569561f043c9

SHA256
985ff8f462cade8418332c4790472813ba615303ff2232015ff6af64ebeb9199

SHA512
c130de1d8cc59d090016de559d34234f7d3333ec8290367a697d6227dfbca0960869ff01473bcc6ede9c824f4bab5c08961b3b8e57068d64285379c2a8ebf778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe

Filesize
92KB

MD5
675d67517ed547079e3ddabccaafe3e3

SHA1
a6bba014f146b3fd410267e3c4171ea474197784

SHA256
582e2cdc94de73fb0e7c7266047f42431a6c37a507f6bfeb2af1e64f911dca98

SHA512
71316b67f234bc1363f35fdc9ff32940c6791716d2f0eb2d314ffc568b94aea7aa791903488afb15cde1ee7fb5b78dfe983e0969fed9f9fb0a0285b96daedc7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe

Filesize
184KB

MD5
d60a07da7296816a70fb482d040947bf

SHA1
aed2b8e2bbac2ea4b1b48a4d71569b05856b48f4

SHA256
df74c80d66efbe941d7bc37582200069e24f51fa12bb00fe4e5cff5fb45d68b0

SHA512
4bd15004aca90a5133e91f276d7ba0713bb2f8a8375b1384419da97347a5e0d32bace2e93fe2c088520d7ce76d8752a9d074607361dbf4fbfd737890980a765f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe

Filesize
66KB

MD5
3a5bd5a0936939bda5044a823133bdbc

SHA1
5b171e5a3b3de4559a8d1df2b114fabe06b4ad38

SHA256
208852efce88a9b72eb61b3fcf44a5bc744fbbeeffa55adc242fb8b4624f6a97

SHA512
d220c6e765c8849365ad8507ff8231797ac6ff9dbb5fb9f3fa1ae6c5b034ebde9ef14e313dbabdd500323e7a095176c04c1b67af5483fe856b1d76fb7c3bc6b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe

Filesize
184KB

MD5
5c8dd65c31fa09f0b1a261b7abee2ef1

SHA1
d9c611ceb5ca233642f49b11eb2a81a30970d067

SHA256
22467262d8aa29ccf3727fe3b0743f972a8258aca80a5f0f2a3e0d4457aa6aa2

SHA512
6d441e3a0b27b6ad8ba81f23ed0b729c545901727bf19aee2a17df88206282a599261c2a765a33998fe7effa595ca547af5a19c623072f221484f7de72a938c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe

Filesize
184KB

MD5
149f2a4a9111a67a3ba40a0d899b3591

SHA1
cc203563a443831f26253af001bd712c7a0a6553

SHA256
62714e6d060fc4c4198ecb7d5400b25133ed64c689eb5665dcf36bd095607cc2

SHA512
0d5b6a92fc24576bfa62d408afc660c6f5eb950e282bb4aa63bb157665e467c06bf8004ba160d7977b76a01878cfad31e7cc0457cfca6b4b6b02c59b7607b4b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe

Filesize
184KB

MD5
cdd2c53e8c47a0a922763681b07289c2

SHA1
7a23fb1c598701b7650535fe20ee720e12a47568

SHA256
52580ad084e84dccb1e82e98d3d6d85a62f79e2f00724222dc694f6b2cd86ba2

SHA512
ba9072d3782a1d3910fe07fc2134fa97bb87cd9eae8a6ac639a6d616eef75598f19b811c66320922713f511f3024d9b998b552c65e766c88370fad7be4fc47b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63997.exe

Filesize
184KB

MD5
3a78151ca049aa823031c2c6d5072e66

SHA1
3824bd530da2f3c8c154f8d1d559c4d683c6e89c

SHA256
a72953c7aa2d38ca05119a67ebd6788a07bacdb9731c8dcd7bf170aa8123ff6c

SHA512
c0e250324b5c6d04557cc783faac4da8277e3d749784f98adb6395d1f21f684fd3d65f0dc77d75a82dab075acfde020902f2b5fa5ce3b94b807e3d0de81caac1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe

Filesize
184KB

MD5
32f9b9e82cf5cb59f2d41fe9b75967dc

SHA1
60c17b09671d9c356c627b0bfb28c1a38f8300f9

SHA256
20b1c2e8dea160f170de45b257490019b77f9e47ae3658c8b482632467b5cc7c

SHA512
1c68e1469a7df27cea455e9650ba6e3498b5c28e4fb9ca1f9a107120bbb9c02009835b9fe4636ad62d870b2d158b6c0b3cc852332910cfa9f16b037c18fb345b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe

Filesize
184KB

MD5
f0ad9cbaa4ef435e99b998a7b491d2b2

SHA1
fd277e9be2bdc8c8d14d345101830ddf3c0950c7

SHA256
6a9c1fb0f5e59e091840805820e9d42fd679e311c9805b2d0e9ffc8aebb4e202

SHA512
0f097f12a86b8a19c23291e5d04e1a9a486ed6252ca74be15e1c9d6a4cea2bbd716c5d642560131710bc438496b519bb41ccefe585f3d7ca0f6bacc9aed1a89f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe

Filesize
184KB

MD5
f56486b8978a58eef738a644241cd349

SHA1
1aa817817b610295b22c6e89201184a5912392bb

SHA256
6b222973278b5228a767d29aef9f68d042532e3e4329366dee08e09d0ce9ca11

SHA512
08c8d5aceeee8f30249bb5b19bd4fba285f7f6e3e502827cea8220245a705e91a3d455d24e43e3a853e5c17e6a77dc6b9e9b0cdcfa48979d38b0f8925b4b6271

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe

Filesize
103KB

MD5
3e538c7c7d104efb63f8ef1ac3f6077e

SHA1
dd4681c91d2f4af3e0bfaa5b8c29bb69b3eb2f65

SHA256
d44a1fe607ec062500871b929c96297dd2ea038aa76190b3ec5f209fe2855c18

SHA512
684966ab387eb072b8d9ce81f394d4b4f6dd59ea04239561bd9c779a21972c828c06558d233cb46edb586918f92e3801b843264b84c8792b0d1fb6065977a139

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe

Filesize
184KB

MD5
905cee48d0abd63a42f6ab333c9891a7

SHA1
1280889acf7ece95c27cab8ab4dc060352e2d51f

SHA256
06e0d4fd01180ddf8a30fff241815c8d5435dd1c517124591ce5ec91aab19f4a

SHA512
01f087947e32efa0df3cd019b34d497efc1e72045cc293731ecdacc61ddd92500aea09520ba2e8425207a0eb8bb7d60186cdc675db73cf485320cba2c948d264

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe

Filesize
184KB

MD5
4fa17054eccaaaffe5558db109413151

SHA1
00e7cfa6554b6a97403b5e18432984c78c9e423f

SHA256
7f04946744fe8f0faa8bcd8582a6793ed3474d66025d06bba57523d42ab52ddd

SHA512
47812be736579ca9d3bcb656524bb8df1fa3369e137f1167494e5cc4492ab1d4f3be686912d2d767ac18e68a217f7e1016ae5062a0975cc6040a40ca4588f017

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads