f20435ca226f0b79b67ec31ee00660a3613b2ff3e807c0013d2f3ee8c6595bab

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 02:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bdb76108be4b7b2de3f9abbac4de98c.exe
Size

184KB
MD5

5bdb76108be4b7b2de3f9abbac4de98c
SHA1

45e6cae393ca9f4c5c23a083c173c933b17d38a7
SHA256

f20435ca226f0b79b67ec31ee00660a3613b2ff3e807c0013d2f3ee8c6595bab
SHA512

c4c4f106ab0ca6bc3c7653349b22201e0d9c531326f06126e9de9bde757763a30b2fef096258a9dd399d95cbe04885dce8f9233ceed754c4278797ea42f93b13
SSDEEP

3072:YGFGoEMHXOA8keQ3wROq08deY8t6qHbhfDMx+Yd6GNlPvpFb:YG4oxD8k7wwq08itduNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2368	Unicorn-20596.exe
2672	Unicorn-1618.exe
2812	Unicorn-15001.exe
2660	Unicorn-27509.exe
2676	Unicorn-7285.exe
2592	Unicorn-42994.exe
240	Unicorn-55981.exe
1880	Unicorn-36883.exe
2860	Unicorn-52883.exe
2188	Unicorn-53651.exe
1668	Unicorn-53469.exe
1632	Unicorn-24529.exe
2304	Unicorn-60273.exe
596	Unicorn-30013.exe
476	Unicorn-32858.exe
580	Unicorn-15286.exe
2432	Unicorn-60958.exe
2296	Unicorn-61918.exe
1496	Unicorn-14300.exe
2476	Unicorn-48434.exe
1256	Unicorn-26456.exe
1152	Unicorn-7479.exe
2348	Unicorn-51039.exe
2200	Unicorn-21595.exe
2260	Unicorn-58626.exe
1016	Unicorn-11200.exe
2080	Unicorn-12954.exe
2908	Unicorn-42372.exe
1584	Unicorn-14272.exe
2276	Unicorn-59944.exe
2880	Unicorn-62212.exe
2760	Unicorn-51024.exe
2588	Unicorn-7635.exe
2728	Unicorn-40054.exe
2312	Unicorn-25529.exe
1844	Unicorn-30463.exe
2988	Unicorn-55560.exe
1672	Unicorn-21736.exe
1348	Unicorn-39307.exe
1612	Unicorn-9021.exe
2148	Unicorn-12633.exe
2752	Unicorn-17856.exe
1148	Unicorn-53181.exe
1276	Unicorn-32521.exe
1308	Unicorn-43747.exe
936	Unicorn-15153.exe
1572	Unicorn-36783.exe
2456	Unicorn-36783.exe
1660	Unicorn-13243.exe
2776	Unicorn-58293.exe
3012	Unicorn-39387.exe
2636	Unicorn-6871.exe
2012	Unicorn-17095.exe
2328	Unicorn-55626.exe
2400	Unicorn-62419.exe
2412	Unicorn-13109.exe
1692	Unicorn-2331.exe
2000	Unicorn-4801.exe
1044	Unicorn-64204.exe
2544	Unicorn-3265.exe
1048	Unicorn-11991.exe
1300	Unicorn-29740.exe
2360	Unicorn-14472.exe
2692	Unicorn-5204.exe

Loads dropped DLL 64 IoCs

pid	Process
1756	5bdb76108be4b7b2de3f9abbac4de98c.exe
1756	5bdb76108be4b7b2de3f9abbac4de98c.exe
2368	Unicorn-20596.exe
2368	Unicorn-20596.exe
1756	5bdb76108be4b7b2de3f9abbac4de98c.exe
1756	5bdb76108be4b7b2de3f9abbac4de98c.exe
2672	Unicorn-1618.exe
2672	Unicorn-1618.exe
2368	Unicorn-20596.exe
2368	Unicorn-20596.exe
2812	Unicorn-15001.exe
2812	Unicorn-15001.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
576	WerFault.exe
2660	Unicorn-27509.exe
2660	Unicorn-27509.exe
2672	Unicorn-1618.exe
2672	Unicorn-1618.exe
2676	Unicorn-7285.exe
2676	Unicorn-7285.exe
2592	Unicorn-42994.exe
2592	Unicorn-42994.exe
2812	Unicorn-15001.exe
2812	Unicorn-15001.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
1476	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
1880	Unicorn-36883.exe
1880	Unicorn-36883.exe
240	Unicorn-55981.exe
240	Unicorn-55981.exe
2660	Unicorn-27509.exe
2660	Unicorn-27509.exe
2860	Unicorn-52883.exe
2860	Unicorn-52883.exe
2188	Unicorn-53651.exe
2188	Unicorn-53651.exe
2676	Unicorn-7285.exe
2676	Unicorn-7285.exe
2592	Unicorn-42994.exe
2592	Unicorn-42994.exe
1668	Unicorn-53469.exe
1668	Unicorn-53469.exe
976	WerFault.exe
976	WerFault.exe
976	WerFault.exe
976	WerFault.exe
976	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
708	WerFault.exe
1632	Unicorn-24529.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2724	1756	WerFault.exe	27
576	2368	WerFault.exe	28
1476	2672	WerFault.exe	29
2464	2812	WerFault.exe	30
976	2660	WerFault.exe	32
708	2676	WerFault.exe	33
2768	1880	WerFault.exe	37
2212	240	WerFault.exe	36
3028	1668	WerFault.exe	40
2384	2860	WerFault.exe	38
2656	2304	WerFault.exe	44
1020	580	WerFault.exe	47
1616	1496	WerFault.exe	50
840	2592	WerFault.exe	34
2236	476	WerFault.exe	46
896	596	WerFault.exe	45
3040	1256	WerFault.exe	54
2856	1632	WerFault.exe	43
2192	2348	WerFault.exe	56
2324	2476	WerFault.exe	53
2340	2760	WerFault.exe	66
2420	2432	WerFault.exe	48
1428	2188	WerFault.exe	39
2568	1672	WerFault.exe	76
2216	1584	WerFault.exe	62
1372	1016	WerFault.exe	59
2436	2880	WerFault.exe	63
680	2260	WerFault.exe	58
3080	2908	WerFault.exe	61
3116	1844	WerFault.exe	72
3164	1152	WerFault.exe	55
3232	2200	WerFault.exe	57
3348	1612	WerFault.exe	80
3420	2752	WerFault.exe	82
3440	2728	WerFault.exe	69
3432	2588	WerFault.exe	67
3508	1148	WerFault.exe	84
3560	1572	WerFault.exe	93
3592	2312	WerFault.exe	71
3664	1276	WerFault.exe	86
3684	2988	WerFault.exe	75
3956	2776	WerFault.exe	96
3948	2080	WerFault.exe	60
3988	3012	WerFault.exe	97
3324	2636	WerFault.exe	98
3764	3308	WerFault.exe	126
3848	1300	WerFault.exe	114
3940	2328	WerFault.exe	102
3140	2400	WerFault.exe	103
4184	2692	WerFault.exe	120
4240	2000	WerFault.exe	110
4268	2412	WerFault.exe	104
4312	2276	WerFault.exe	64
4500	3820	WerFault.exe	139
4540	2544	WerFault.exe	112
4680	3704	WerFault.exe	136
4756	3852	WerFault.exe	142
4892	4036	WerFault.exe	146
4948	3788	WerFault.exe	138
5116	1308	WerFault.exe	87
2372	2360	WerFault.exe	115
4688	3328	WerFault.exe	154
4784	4380	WerFault.exe	164
4932	1348	WerFault.exe	77

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1756	5bdb76108be4b7b2de3f9abbac4de98c.exe
2368	Unicorn-20596.exe
2672	Unicorn-1618.exe
2812	Unicorn-15001.exe
2660	Unicorn-27509.exe
2676	Unicorn-7285.exe
2592	Unicorn-42994.exe
1880	Unicorn-36883.exe
240	Unicorn-55981.exe
2188	Unicorn-53651.exe
2860	Unicorn-52883.exe
1668	Unicorn-53469.exe
1632	Unicorn-24529.exe
2304	Unicorn-60273.exe
596	Unicorn-30013.exe
476	Unicorn-32858.exe
580	Unicorn-15286.exe
2432	Unicorn-60958.exe
1496	Unicorn-14300.exe
2296	Unicorn-61918.exe
2476	Unicorn-48434.exe
1256	Unicorn-26456.exe
1152	Unicorn-7479.exe
2348	Unicorn-51039.exe
2260	Unicorn-58626.exe
2200	Unicorn-21595.exe
1016	Unicorn-11200.exe
2880	Unicorn-62212.exe
2908	Unicorn-42372.exe
1584	Unicorn-14272.exe
2276	Unicorn-59944.exe
2080	Unicorn-12954.exe
2728	Unicorn-40054.exe
2760	Unicorn-51024.exe
2588	Unicorn-7635.exe
2312	Unicorn-25529.exe
1844	Unicorn-30463.exe
2988	Unicorn-55560.exe
1672	Unicorn-21736.exe
1348	Unicorn-39307.exe
1612	Unicorn-9021.exe
2148	Unicorn-12633.exe
2752	Unicorn-17856.exe
1148	Unicorn-53181.exe
1276	Unicorn-32521.exe
1308	Unicorn-43747.exe
1572	Unicorn-36783.exe
936	Unicorn-15153.exe
2456	Unicorn-36783.exe
1660	Unicorn-13243.exe
2776	Unicorn-58293.exe
2636	Unicorn-6871.exe
3012	Unicorn-39387.exe
2328	Unicorn-55626.exe
2012	Unicorn-17095.exe
2400	Unicorn-62419.exe
2412	Unicorn-13109.exe
1692	Unicorn-2331.exe
2000	Unicorn-4801.exe
2544	Unicorn-3265.exe
1044	Unicorn-64204.exe
1048	Unicorn-11991.exe
1300	Unicorn-29740.exe
2360	Unicorn-14472.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 2368	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	28
PID 1756 wrote to memory of 2368	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	28
PID 1756 wrote to memory of 2368	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	28
PID 1756 wrote to memory of 2368	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	28
PID 2368 wrote to memory of 2672	2368	Unicorn-20596.exe	29
PID 2368 wrote to memory of 2672	2368	Unicorn-20596.exe	29
PID 2368 wrote to memory of 2672	2368	Unicorn-20596.exe	29
PID 2368 wrote to memory of 2672	2368	Unicorn-20596.exe	29
PID 1756 wrote to memory of 2812	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	30
PID 1756 wrote to memory of 2812	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	30
PID 1756 wrote to memory of 2812	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	30
PID 1756 wrote to memory of 2812	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	30
PID 1756 wrote to memory of 2724	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	31
PID 1756 wrote to memory of 2724	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	31
PID 1756 wrote to memory of 2724	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	31
PID 1756 wrote to memory of 2724	1756	5bdb76108be4b7b2de3f9abbac4de98c.exe	31
PID 2672 wrote to memory of 2660	2672	Unicorn-1618.exe	32
PID 2672 wrote to memory of 2660	2672	Unicorn-1618.exe	32
PID 2672 wrote to memory of 2660	2672	Unicorn-1618.exe	32
PID 2672 wrote to memory of 2660	2672	Unicorn-1618.exe	32
PID 2368 wrote to memory of 2676	2368	Unicorn-20596.exe	33
PID 2368 wrote to memory of 2676	2368	Unicorn-20596.exe	33
PID 2368 wrote to memory of 2676	2368	Unicorn-20596.exe	33
PID 2368 wrote to memory of 2676	2368	Unicorn-20596.exe	33
PID 2812 wrote to memory of 2592	2812	Unicorn-15001.exe	34
PID 2812 wrote to memory of 2592	2812	Unicorn-15001.exe	34
PID 2812 wrote to memory of 2592	2812	Unicorn-15001.exe	34
PID 2812 wrote to memory of 2592	2812	Unicorn-15001.exe	34
PID 2368 wrote to memory of 576	2368	Unicorn-20596.exe	35
PID 2368 wrote to memory of 576	2368	Unicorn-20596.exe	35
PID 2368 wrote to memory of 576	2368	Unicorn-20596.exe	35
PID 2368 wrote to memory of 576	2368	Unicorn-20596.exe	35
PID 2660 wrote to memory of 240	2660	Unicorn-27509.exe	36
PID 2660 wrote to memory of 240	2660	Unicorn-27509.exe	36
PID 2660 wrote to memory of 240	2660	Unicorn-27509.exe	36
PID 2660 wrote to memory of 240	2660	Unicorn-27509.exe	36
PID 2672 wrote to memory of 1880	2672	Unicorn-1618.exe	37
PID 2672 wrote to memory of 1880	2672	Unicorn-1618.exe	37
PID 2672 wrote to memory of 1880	2672	Unicorn-1618.exe	37
PID 2672 wrote to memory of 1880	2672	Unicorn-1618.exe	37
PID 2676 wrote to memory of 2860	2676	Unicorn-7285.exe	38
PID 2676 wrote to memory of 2860	2676	Unicorn-7285.exe	38
PID 2676 wrote to memory of 2860	2676	Unicorn-7285.exe	38
PID 2676 wrote to memory of 2860	2676	Unicorn-7285.exe	38
PID 2592 wrote to memory of 2188	2592	Unicorn-42994.exe	39
PID 2592 wrote to memory of 2188	2592	Unicorn-42994.exe	39
PID 2592 wrote to memory of 2188	2592	Unicorn-42994.exe	39
PID 2592 wrote to memory of 2188	2592	Unicorn-42994.exe	39
PID 2812 wrote to memory of 1668	2812	Unicorn-15001.exe	40
PID 2812 wrote to memory of 1668	2812	Unicorn-15001.exe	40
PID 2812 wrote to memory of 1668	2812	Unicorn-15001.exe	40
PID 2812 wrote to memory of 1668	2812	Unicorn-15001.exe	40
PID 2672 wrote to memory of 1476	2672	Unicorn-1618.exe	41
PID 2672 wrote to memory of 1476	2672	Unicorn-1618.exe	41
PID 2672 wrote to memory of 1476	2672	Unicorn-1618.exe	41
PID 2672 wrote to memory of 1476	2672	Unicorn-1618.exe	41
PID 2812 wrote to memory of 2464	2812	Unicorn-15001.exe	42
PID 2812 wrote to memory of 2464	2812	Unicorn-15001.exe	42
PID 2812 wrote to memory of 2464	2812	Unicorn-15001.exe	42
PID 2812 wrote to memory of 2464	2812	Unicorn-15001.exe	42
PID 1880 wrote to memory of 1632	1880	Unicorn-36883.exe	43
PID 1880 wrote to memory of 1632	1880	Unicorn-36883.exe	43
PID 1880 wrote to memory of 1632	1880	Unicorn-36883.exe	43
PID 1880 wrote to memory of 1632	1880	Unicorn-36883.exe	43

C:\Users\Admin\AppData\Local\Temp\5bdb76108be4b7b2de3f9abbac4de98c.exe
"C:\Users\Admin\AppData\Local\Temp\5bdb76108be4b7b2de3f9abbac4de98c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7479.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        11⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
        12⤵
        
        PID:5168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 368
        12⤵
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 376
        11⤵
        Program crash
        
        PID:4240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 376
        10⤵
        Program crash
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        10⤵
        
        PID:4276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34622.exe
        11⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
        12⤵
        
        PID:2100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 376
        12⤵
        
        PID:3696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 376
        11⤵
        
        PID:5588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 376
        10⤵
        
        PID:4552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 376
        9⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14149.exe
        9⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
        10⤵
        
        PID:6120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 368
        10⤵
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 368
        9⤵
        
        PID:5416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 376
        8⤵
        Program crash
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
        9⤵
        
        PID:5060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39860.exe
        10⤵
        
        PID:3108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 376
        10⤵
        
        PID:6172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 376
        9⤵
        
        PID:5560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 376
        8⤵
        Program crash
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 376
        7⤵
        Program crash
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11991.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
        9⤵
        
        PID:4812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 376
        9⤵
        
        PID:5036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 376
        8⤵
        Program crash
        
        PID:3684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 376
        7⤵
        Program crash
        
        PID:2192
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 376
        6⤵
        Program crash
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43466.exe
        8⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        9⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        10⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11498.exe
        11⤵
        
        PID:3884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 376
        11⤵
        
        PID:6508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 376
        10⤵
        
        PID:5692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 368
        9⤵
        
        PID:5944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 368
        8⤵
        
        PID:5156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 376
        7⤵
        Program crash
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17856.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30858.exe
        8⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
        9⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27780.exe
        10⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 376
        10⤵
        
        PID:6312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 368
        9⤵
        Program crash
        
        PID:4892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 368
        8⤵
        Program crash
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 368
        7⤵
        Program crash
        
        PID:3420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 376
        6⤵
        Program crash
        
        PID:896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 368
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53181.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2331.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        10⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        11⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 372
        11⤵
        
        PID:6048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 376
        10⤵
        
        PID:5288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 376
        9⤵
        Program crash
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 368
        8⤵
        Program crash
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32521.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3265.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31886.exe
        9⤵
        
        PID:3712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57883.exe
        10⤵
        
        PID:5876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 376
        10⤵
        
        PID:6268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 380
        9⤵
        Program crash
        
        PID:4540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 376
        8⤵
        Program crash
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 376
        7⤵
        Program crash
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13109.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        8⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63952.exe
        9⤵
        
        PID:6016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 368
        9⤵
        
        PID:5300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 368
        8⤵
        Program crash
        
        PID:4268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 376
        7⤵
        Program crash
        
        PID:3432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 376
        6⤵
        Program crash
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26456.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62419.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28193.exe
        8⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
        10⤵
        
        PID:4100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 376
        10⤵
        
        PID:5236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 368
        9⤵
        Program crash
        
        PID:4948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 368
        8⤵
        Program crash
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 376
        7⤵
        Program crash
        
        PID:3440
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 376
        6⤵
        Program crash
        
        PID:3040
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 376
        5⤵
        Program crash
        
        PID:2768
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 380
      4⤵
      Loads dropped DLL
      Program crash
      PID:1476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
        9⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
        10⤵
        
        PID:6212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 376
        10⤵
        
        PID:6664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 376
        9⤵
        
        PID:5532
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 376
        8⤵
        Program crash
        
        PID:4932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 376
        7⤵
        Program crash
        
        PID:1372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17095.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27042.exe
        8⤵
        
        PID:4320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 376
        8⤵
        
        PID:5280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 368
        7⤵
        Program crash
        
        PID:3348
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 376
        6⤵
        Program crash
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29112.exe
        7⤵
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
        8⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
        9⤵
        
        PID:5880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 368
        9⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 376
        8⤵
        
        PID:6004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 368
        7⤵
        
        PID:5008
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 376
        6⤵
        Program crash
        
        PID:3080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 368
        5⤵
        Program crash
        
        PID:2384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60958.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        7⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        8⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        9⤵
        
        PID:5872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 376
        9⤵
        
        PID:6560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 376
        8⤵
        Program crash
        
        PID:4756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 376
        7⤵
        Program crash
        
        PID:3848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 368
        6⤵
        Program crash
        
        PID:3948
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 376
        5⤵
        Program crash
        
        PID:2420
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 368
      4⤵
      Loads dropped DLL
      Program crash
      PID:708
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 380
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:576
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15001.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15001.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62212.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56653.exe
        8⤵
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4239.exe
        9⤵
        
        PID:5052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 376
        9⤵
        
        PID:5196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 376
        8⤵
        Program crash
        
        PID:5116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 368
        7⤵
        Program crash
        
        PID:2436
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 376
        6⤵
        Program crash
        
        PID:1020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59944.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15836.exe
        6⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47736.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
        8⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1026.exe
        9⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\UnicorÏ-35058.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicorÏ-35058.exe
        10⤵
        
        PID:4880
        
        C:\Users\Admin\AppData\Local\Temp\UnicorÏ-51202.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicorÏ-51202.exe
        11⤵
        
        PID:6456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 376
        10⤵
        
        PID:5496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 380
        9⤵
        Program crash
        
        PID:4688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 380
        8⤵
        Program crash
        
        PID:4500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 368
        7⤵
        Program crash
        
        PID:3764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8327.exe
        6⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9758.exe
        7⤵
        
        PID:6072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 376
        7⤵
        
        PID:4148
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 376
        6⤵
        Program crash
        
        PID:4312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 376
        5⤵
        Program crash
        
        PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61918.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2296
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 376
      4⤵
      Program crash
      PID:840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12665.exe
        7⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54879.exe
        9⤵
        
        PID:3968
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 376
        9⤵
        
        PID:6416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 376
        8⤵
        Program crash
        
        PID:4680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 368
        7⤵
        Program crash
        
        PID:3324
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 376
        6⤵
        Program crash
        
        PID:3232
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 376
        5⤵
        Program crash
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14472.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62149.exe
        8⤵
        
        PID:4420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41903.exe
        9⤵
        
        PID:6584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 376
        8⤵
        Program crash
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 376
        7⤵
        Program crash
        
        PID:3956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 376
        6⤵
        Program crash
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
        6⤵
        Executes dropped EXE
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64174.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
        9⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-10784.exe
        
        C:\Users\Admin\AppData\Local\Temp\UnicËrn-10784.exe
        10⤵
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 376
        10⤵
        
        PID:6336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 368
        9⤵
        Program crash
        
        PID:4784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
        8⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17436.exe
        9⤵
        
        PID:5860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 368
        9⤵
        
        PID:5448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 376
        8⤵
        
        PID:4140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 368
        7⤵
        Program crash
        
        PID:4184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 376
        6⤵
        Program crash
        
        PID:3988
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 376
        5⤵
        Program crash
        
        PID:680
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 376
      4⤵
      Program crash
      PID:3028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 376
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2464
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 368
  2⤵
  - Program crash
  PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25014.exe

Filesize
184KB

MD5
317c5e1b1061f7e6a150dd5cb5f541d6

SHA1
c4134a28b3eb6fdccb5b5765a9f937ca01814d85

SHA256
13644c5eb34c2c448fb0c992323c72aef228c9dd51ce9728620c7ad3151a4151

SHA512
216751d76d76125e88aa87ab53dd14294e0054c3641574c4b726afd864f6c71ebc770f0a89cb6811cd961130fede693069e0e6ba993c364b3d8d7e6161285520

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42994.exe

Filesize
184KB

MD5
5682e734a962ee9933eff8b63066ece2

SHA1
a811d85d9f62374ec83208f4f2894db15c4042e4

SHA256
fcc89d48cccdb416a58ccee6c2803acc919cdc1b25f76b7df306d924fef77b5a

SHA512
f305a0ece0f30d13bbfb1cc0a7ab06c60b35a4b62b014eb43ebf04ca4087f3220b6752b77c44ff8e92d568cac4fe388a98829918213da05034b3a79fda4e3f1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe

Filesize
184KB

MD5
d1dfffeb0d8be74b1401418e525ac539

SHA1
4340c8b36e2faba3d1808c5e92653ebb4d6db417

SHA256
be8bbb14ab8a54fa8d8752adbd7eeaa654084b4425870993c49dccd55135efe8

SHA512
82448d8bf973f80d35605c861ccd4662a3bf9384c6244701efac6366e26a96a15abc7b355f2f61c1cbe4aef7abad4cecacef133e3d71747389adcacc468bf219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15001.exe

Filesize
184KB

MD5
5587b1844f94d5edf72da17180b6dcc7

SHA1
5ad986667f00b69ac8f6bbc7a394f52be9a01911

SHA256
6fdeaad8c71730ec618083d435d1f9f827e3e192b751eaf5391aef58c49cd679

SHA512
cb4c9a427093b2071b78cf4af91836d7d76a10e26da8191b925b5ea2ebe4b67af17450ab3dcb99e2cc4af9633d415c97499092e4067bc86af971ef73082f357c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe

Filesize
184KB

MD5
54911649c1d0025c7ddd6c9a2e651847

SHA1
5929fb776a2226f7fc56356325e8d323b6508779

SHA256
1d46c02344207f940ce8059f4bcef353e2c6d7402aea98334315d6e2a85ece38

SHA512
86cfc87acb25908af295c73458758437abb14ddb34480ea3acd7ed91b7910369e75a2654925da21496af9eb427f8a7101a2545c75527da3f4243b6fb3d87a69f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe

Filesize
184KB

MD5
aa6b892932503e256c5779bd0fe27148

SHA1
b8c82443c731acf4a3e0b0083052811ddb99ab57

SHA256
3fe3ea4202782a4779c3db4ce30dd7063f8807f1e44202d31fc7ef115de22d1c

SHA512
4977740f391c5705afd4e4975193b34d9592190f055bc5f821093c399d38e3b197e0f5cc8b6bf5baca950295ae97b77b672f6df04737f7abf5823afc38174c99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24529.exe

Filesize
184KB

MD5
6c7e5e1dda7acbb98316778564d93daa

SHA1
8f220f4054dc46ff259a6ba7936e4fb816c382b9

SHA256
f5a12e88596712ad081ab237e00aed091ec5c3e0143834fc7b5697f5f374c27c

SHA512
330e7dbd13ae7b49fdaf55995ac3dd12a8b9b35e1b1ff61c1b9d4bbfbd44b925d5175f08e5043f9b3c8457cdb92c712d799262a0eaad9787508e71ac282f7f50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27509.exe

Filesize
184KB

MD5
a19c4b6a7e7674fb24114ee47b4acccf

SHA1
e9078020c418bca9e17348df0e5434821a569f0e

SHA256
0bb624fcc1ae8a7bd67bcb5c319687969886eff060cf317dd47e1f7635ee9a06

SHA512
76ab3ebc25f3ea7f315bffd32ef0d40955712424ddfc9997061dba635cbe834dd808dcc0429a0be3b9c24a58db17bf703922bdf6a151b05e48b062a9e249e12a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30013.exe

Filesize
184KB

MD5
1e5ae77c608dd2786268a5f9b69e13f8

SHA1
5762d5a5cbe626d0f2fe45f524c415cb385d9c19

SHA256
102fdff016f5462779d96ea65960c2b63bbe0cd89e177642716340dd5c20f009

SHA512
4fa630941a3f28f06ca4996279aead9edfdad9b1185cbe6e2bec56c4f052643472b511e62d4dad9fbb2c5fbf6bf0ef30de47a16710860cfc877509b620e5e98a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe

Filesize
184KB

MD5
40c5e38767474799df6804f2c2e9b924

SHA1
a3aa3c2c45aa07d7ad1a0c12ce21066d767a2ccc

SHA256
3f22e77fc7226da350463b28b9a6127aae5315f346c6de8a3ef94b30e519217e

SHA512
a5554c2aaeae68977499d177cadb19876074c620a4a1e912b6893136bab539766f8deb1b976e1c291ab777592a89a2568676fe8407b7cb759677757f15d23735

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52883.exe

Filesize
184KB

MD5
fdc757ddbb6c8b8ae158848150048058

SHA1
fb6478f30523d45d0c103823ece4b3801366e6fc

SHA256
71d4d020b83b9428c14e9057b83abb65d2f2babdd94cdcc3a59967be7de5fd4e

SHA512
f518463e0a40c336151dacf759dfc3e81c86937edfd38eb0f44866bd8e865f4efc75e5e0e75af73fd41848834352e82ab685b6db3a2bf6179d89e029d8d045d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe

Filesize
184KB

MD5
f1479dcce3f290d511fb7eec524cdb29

SHA1
f5401ee1ffb0ca96cd105b275ef5b10c3fd0b902

SHA256
4243800cb837b7635d6f4180e7de239eef61038a84b1cff78ba4923358cb71a1

SHA512
f4c9da9c573390b159b1039a2426bd92c15033e4d56cbe7118a10cd4742fc6275ae7c1ceb42609ed49b9d008e719d588ae5a8bdc0bc11366dc302901a7d6ab06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53651.exe

Filesize
184KB

MD5
843e174d61c55653a72cbc2a3e6031a1

SHA1
d2c89f8d0e037ecf9aabb0ea919324adc962c9bc

SHA256
bd5b83383651242ec60b127181cc85ea774d6818072f3934addf89402d1384bc

SHA512
fc915cee53fc2f178d261b08212ce0c4da9da4978dca2248a1f3fdc2e95597ce6a6c1af58686688418e93998539d2f225cc80fbed5cebd9a41c84e7ebadc38e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe

Filesize
184KB

MD5
080c7caab7fa183318a023fc5753afe5

SHA1
36473b810b61c95685aacd2c36f03e63e762190d

SHA256
78b2bc6e9b368ce853684357f7499a0dfbe0a080d65c259f9c5bdb7bede5d233

SHA512
b51e17d407088e267be62ebb131076b0ffa8e646a82edf76abb1220b3c7133e92dd7cd6650c4d2e842e0a212d28a6641b839a768582ff838285dd1219517e111

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60273.exe

Filesize
184KB

MD5
4806b396fd32a5870940de42559f6ce8

SHA1
f9249f6408147e50e36fee24b967153323feacf5

SHA256
debd3c74f7d3cd724ede8827f88fe5288feca7cec16e54abbe1f4f326527836c

SHA512
f7da9e546bd922879fce4bd486644f4ad1d3e27e742f75beb3018350b01750379d9b83ed0249a68547b2d289d221e6b27a357d3eca448833ec3189954c880a7f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads