82142094326d12a906b1adf1b89ed125a34fdc19431f750edccf57279cb2dc61

Analysis

max time kernel
124s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12/03/2024, 22:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c44a4f1548d88a6b2d4621874a4dd819.exe
Size

184KB
MD5

c44a4f1548d88a6b2d4621874a4dd819
SHA1

6777c83112c032ba7d5f95d7cdfc336fb3c5ad90
SHA256

82142094326d12a906b1adf1b89ed125a34fdc19431f750edccf57279cb2dc61
SHA512

ea4486c05562878261004aa2b7cb20049d4c8bbbc076e6e764e9834b1c956e695515401b81b66a2e3c9cfbaabc1700f086d742385c62076cf20fd118719eb0f5
SSDEEP

3072:GdzSocRlq4AV7ejlMzZ3JecFLe9aMR17/PnrxKGPY0ylP6pFJ:GdOoLZV7GMRJec8LoeylP6pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2560	Unicorn-55280.exe
2352	Unicorn-36588.exe
2536	Unicorn-39280.exe
2360	Unicorn-63868.exe
2344	Unicorn-65259.exe
2424	Unicorn-48923.exe
2664	Unicorn-3375.exe
2524	Unicorn-682.exe
2648	Unicorn-47937.exe
1716	Unicorn-30017.exe
1928	Unicorn-23241.exe
1364	Unicorn-7130.exe
1752	Unicorn-15298.exe
1280	Unicorn-35911.exe
1912	Unicorn-22481.exe
1000	Unicorn-18397.exe
1172	Unicorn-25195.exe
2720	Unicorn-54530.exe
1820	Unicorn-20596.exe
1804	Unicorn-57867.exe
592	Unicorn-47239.exe
532	Unicorn-36762.exe
1768	Unicorn-36762.exe
2752	Unicorn-16896.exe
1580	Unicorn-48391.exe
2252	Unicorn-34384.exe
2748	Unicorn-10072.exe
2504	Unicorn-51920.exe
1608	Unicorn-29938.exe
2464	Unicorn-5049.exe
2548	Unicorn-27224.exe
2476	Unicorn-19440.exe
2724	Unicorn-15163.exe
2584	Unicorn-46274.exe
2456	Unicorn-18624.exe
1724	Unicorn-65407.exe
1016	Unicorn-2584.exe
744	Unicorn-38272.exe
372	Unicorn-13575.exe
2152	Unicorn-5407.exe
1112	Unicorn-7353.exe
856	Unicorn-1899.exe
2204	Unicorn-12013.exe
1088	Unicorn-16830.exe
2128	Unicorn-877.exe
2032	Unicorn-7078.exe
1788	Unicorn-43856.exe
2100	Unicorn-39942.exe
1736	Unicorn-42272.exe
1908	Unicorn-25744.exe
2684	Unicorn-29466.exe
2640	Unicorn-64447.exe
2856	Unicorn-23990.exe
2528	Unicorn-52216.exe
1644	Unicorn-24614.exe
1616	Unicorn-50633.exe
2440	Unicorn-31604.exe
1428	Unicorn-34296.exe
2472	Unicorn-10799.exe
2784	Unicorn-48495.exe
1116	Unicorn-49834.exe
972	Unicorn-56440.exe
3040	Unicorn-45065.exe
2888	Unicorn-20369.exe

Loads dropped DLL 64 IoCs

pid	Process
2852	c44a4f1548d88a6b2d4621874a4dd819.exe
2852	c44a4f1548d88a6b2d4621874a4dd819.exe
2560	Unicorn-55280.exe
2560	Unicorn-55280.exe
2852	c44a4f1548d88a6b2d4621874a4dd819.exe
2852	c44a4f1548d88a6b2d4621874a4dd819.exe
2352	Unicorn-36588.exe
2560	Unicorn-55280.exe
2536	Unicorn-39280.exe
2352	Unicorn-36588.exe
2536	Unicorn-39280.exe
2560	Unicorn-55280.exe
2536	Unicorn-39280.exe
2360	Unicorn-63868.exe
2536	Unicorn-39280.exe
2424	Unicorn-48923.exe
2360	Unicorn-63868.exe
2424	Unicorn-48923.exe
2352	Unicorn-36588.exe
2344	Unicorn-65259.exe
2352	Unicorn-36588.exe
2344	Unicorn-65259.exe
2648	Unicorn-47937.exe
2648	Unicorn-47937.exe
2524	Unicorn-682.exe
2664	Unicorn-3375.exe
2664	Unicorn-3375.exe
2524	Unicorn-682.exe
1716	Unicorn-30017.exe
1928	Unicorn-23241.exe
1716	Unicorn-30017.exe
1928	Unicorn-23241.exe
1280	Unicorn-35911.exe
1280	Unicorn-35911.exe
2524	Unicorn-682.exe
2524	Unicorn-682.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
2648	Unicorn-47937.exe
2648	Unicorn-47937.exe
1752	Unicorn-15298.exe
1752	Unicorn-15298.exe
2664	Unicorn-3375.exe
2664	Unicorn-3375.exe
1084	WerFault.exe
1716	Unicorn-30017.exe
1912	Unicorn-22481.exe
1000	Unicorn-18397.exe
1000	Unicorn-18397.exe
1912	Unicorn-22481.exe
1716	Unicorn-30017.exe
1752	Unicorn-15298.exe
1280	Unicorn-35911.exe
592	Unicorn-47239.exe
2720	Unicorn-54530.exe
1820	Unicorn-20596.exe
1172	Unicorn-25195.exe
532	Unicorn-36762.exe
1912	Unicorn-22481.exe
1804	Unicorn-57867.exe
1000	Unicorn-18397.exe
1768	Unicorn-36762.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1084	1364	WerFault.exe	39
928	2252	WerFault.exe	64
400	1724	WerFault.exe	66
2940	1428	WerFault.exe	90

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2852	c44a4f1548d88a6b2d4621874a4dd819.exe
2560	Unicorn-55280.exe
2352	Unicorn-36588.exe
2536	Unicorn-39280.exe
2360	Unicorn-63868.exe
2344	Unicorn-65259.exe
2424	Unicorn-48923.exe
2664	Unicorn-3375.exe
2524	Unicorn-682.exe
2648	Unicorn-47937.exe
1928	Unicorn-23241.exe
1716	Unicorn-30017.exe
1364	Unicorn-7130.exe
1280	Unicorn-35911.exe
1752	Unicorn-15298.exe
1912	Unicorn-22481.exe
1000	Unicorn-18397.exe
1172	Unicorn-25195.exe
2720	Unicorn-54530.exe
1820	Unicorn-20596.exe
1804	Unicorn-57867.exe
592	Unicorn-47239.exe
532	Unicorn-36762.exe
1768	Unicorn-36762.exe
2752	Unicorn-16896.exe
2584	Unicorn-46274.exe
2252	Unicorn-34384.exe
1608	Unicorn-29938.exe
2548	Unicorn-27224.exe
2464	Unicorn-5049.exe
2476	Unicorn-19440.exe
2456	Unicorn-18624.exe
1580	Unicorn-48391.exe
2724	Unicorn-15163.exe
2504	Unicorn-51920.exe
1456	Unicorn-38957.exe
1724	Unicorn-65407.exe
1016	Unicorn-2584.exe
744	Unicorn-38272.exe
372	Unicorn-13575.exe
2152	Unicorn-5407.exe
1112	Unicorn-7353.exe
856	Unicorn-1899.exe
2204	Unicorn-12013.exe
2128	Unicorn-877.exe
1088	Unicorn-16830.exe
1788	Unicorn-43856.exe
1428	Unicorn-34296.exe
2684	Unicorn-29466.exe
1616	Unicorn-50633.exe
2084	Unicorn-10778.exe
1644	Unicorn-24614.exe
2032	Unicorn-7078.exe
2856	Unicorn-23990.exe
2100	Unicorn-39942.exe
2472	Unicorn-10799.exe
2528	Unicorn-52216.exe
1908	Unicorn-25744.exe
2440	Unicorn-31604.exe
1736	Unicorn-42272.exe
2640	Unicorn-64447.exe
2784	Unicorn-48495.exe
1116	Unicorn-49834.exe
972	Unicorn-56440.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2852 wrote to memory of 2560	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	27
PID 2852 wrote to memory of 2560	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	27
PID 2852 wrote to memory of 2560	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	27
PID 2852 wrote to memory of 2560	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	27
PID 2560 wrote to memory of 2352	2560	Unicorn-55280.exe	28
PID 2560 wrote to memory of 2352	2560	Unicorn-55280.exe	28
PID 2560 wrote to memory of 2352	2560	Unicorn-55280.exe	28
PID 2560 wrote to memory of 2352	2560	Unicorn-55280.exe	28
PID 2852 wrote to memory of 2536	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	29
PID 2852 wrote to memory of 2536	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	29
PID 2852 wrote to memory of 2536	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	29
PID 2852 wrote to memory of 2536	2852	c44a4f1548d88a6b2d4621874a4dd819.exe	29
PID 2352 wrote to memory of 2344	2352	Unicorn-36588.exe	30
PID 2352 wrote to memory of 2344	2352	Unicorn-36588.exe	30
PID 2352 wrote to memory of 2344	2352	Unicorn-36588.exe	30
PID 2352 wrote to memory of 2344	2352	Unicorn-36588.exe	30
PID 2536 wrote to memory of 2424	2536	Unicorn-39280.exe	32
PID 2536 wrote to memory of 2424	2536	Unicorn-39280.exe	32
PID 2536 wrote to memory of 2424	2536	Unicorn-39280.exe	32
PID 2536 wrote to memory of 2424	2536	Unicorn-39280.exe	32
PID 2560 wrote to memory of 2360	2560	Unicorn-55280.exe	31
PID 2560 wrote to memory of 2360	2560	Unicorn-55280.exe	31
PID 2560 wrote to memory of 2360	2560	Unicorn-55280.exe	31
PID 2560 wrote to memory of 2360	2560	Unicorn-55280.exe	31
PID 2536 wrote to memory of 2664	2536	Unicorn-39280.exe	33
PID 2536 wrote to memory of 2664	2536	Unicorn-39280.exe	33
PID 2536 wrote to memory of 2664	2536	Unicorn-39280.exe	33
PID 2536 wrote to memory of 2664	2536	Unicorn-39280.exe	33
PID 2360 wrote to memory of 2648	2360	Unicorn-63868.exe	34
PID 2360 wrote to memory of 2648	2360	Unicorn-63868.exe	34
PID 2360 wrote to memory of 2648	2360	Unicorn-63868.exe	34
PID 2360 wrote to memory of 2648	2360	Unicorn-63868.exe	34
PID 2424 wrote to memory of 2524	2424	Unicorn-48923.exe	35
PID 2424 wrote to memory of 2524	2424	Unicorn-48923.exe	35
PID 2424 wrote to memory of 2524	2424	Unicorn-48923.exe	35
PID 2424 wrote to memory of 2524	2424	Unicorn-48923.exe	35
PID 2352 wrote to memory of 1716	2352	Unicorn-36588.exe	36
PID 2352 wrote to memory of 1716	2352	Unicorn-36588.exe	36
PID 2352 wrote to memory of 1716	2352	Unicorn-36588.exe	36
PID 2352 wrote to memory of 1716	2352	Unicorn-36588.exe	36
PID 2344 wrote to memory of 1928	2344	Unicorn-65259.exe	37
PID 2344 wrote to memory of 1928	2344	Unicorn-65259.exe	37
PID 2344 wrote to memory of 1928	2344	Unicorn-65259.exe	37
PID 2344 wrote to memory of 1928	2344	Unicorn-65259.exe	37
PID 2648 wrote to memory of 1364	2648	Unicorn-47937.exe	39
PID 2648 wrote to memory of 1364	2648	Unicorn-47937.exe	39
PID 2648 wrote to memory of 1364	2648	Unicorn-47937.exe	39
PID 2648 wrote to memory of 1364	2648	Unicorn-47937.exe	39
PID 2664 wrote to memory of 1752	2664	Unicorn-3375.exe	41
PID 2664 wrote to memory of 1752	2664	Unicorn-3375.exe	41
PID 2664 wrote to memory of 1752	2664	Unicorn-3375.exe	41
PID 2664 wrote to memory of 1752	2664	Unicorn-3375.exe	41
PID 2524 wrote to memory of 1280	2524	Unicorn-682.exe	40
PID 2524 wrote to memory of 1280	2524	Unicorn-682.exe	40
PID 2524 wrote to memory of 1280	2524	Unicorn-682.exe	40
PID 2524 wrote to memory of 1280	2524	Unicorn-682.exe	40
PID 1716 wrote to memory of 1912	1716	Unicorn-30017.exe	43
PID 1716 wrote to memory of 1912	1716	Unicorn-30017.exe	43
PID 1716 wrote to memory of 1912	1716	Unicorn-30017.exe	43
PID 1716 wrote to memory of 1912	1716	Unicorn-30017.exe	43
PID 1928 wrote to memory of 1000	1928	Unicorn-23241.exe	44
PID 1928 wrote to memory of 1000	1928	Unicorn-23241.exe	44
PID 1928 wrote to memory of 1000	1928	Unicorn-23241.exe	44
PID 1928 wrote to memory of 1000	1928	Unicorn-23241.exe	44

C:\Users\Admin\AppData\Local\Temp\c44a4f1548d88a6b2d4621874a4dd819.exe
"C:\Users\Admin\AppData\Local\Temp\c44a4f1548d88a6b2d4621874a4dd819.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5049.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12013.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45065.exe
        11⤵
        Executes dropped EXE
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        13⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        14⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        15⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53384.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
        18⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35901.exe
        14⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        15⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        17⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
        18⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42651.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28361.exe
        13⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        14⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18683.exe
        15⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        16⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        13⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62834.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39757.exe
        16⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42272.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14530.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        11⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7691.exe
        15⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34384.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
        8⤵
        Program crash
        
        PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-877.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        14⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        15⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
        16⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63156.exe
        17⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
        18⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48495.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        10⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        14⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27209.exe
        15⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-395.exe
        16⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        12⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56529.exe
        15⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59263.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49336.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52429.exe
        11⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32871.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
        16⤵
        
        PID:2744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8500.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
        10⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
        13⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8075.exe
        14⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63347.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50768.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        12⤵
        
        PID:1452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16896.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20596.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        8⤵
        Program crash
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25744.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15163.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1899.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29466.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        10⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53337.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49357.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
        14⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        15⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60748.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23990.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17920.exe
        12⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        13⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        14⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64302.exe
        10⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47587.exe
        8⤵
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10799.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
        9⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15957.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23893.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20369.exe
        8⤵
        Executes dropped EXE
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        9⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        10⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54619.exe
        11⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        12⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
        13⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38802.exe
        14⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56051.exe
        9⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35050.exe
        10⤵
        
        PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38272.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16830.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30779.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60213.exe
        12⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28967.exe
        13⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
        14⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20089.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42751.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4790.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46586.exe
        13⤵
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        5⤵
        Executes dropped EXE
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24614.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46181.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        12⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18382.exe
        13⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37597.exe
        14⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
        15⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4816.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        11⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29072.exe
        13⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
        14⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-244.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43327.exe
        9⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11609.exe
        11⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56036.exe
        13⤵
        
        PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29938.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31604.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63731.exe
        8⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28169.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35517.exe
        11⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
        7⤵
        Program crash
        
        PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe

Filesize
184KB

MD5
dfea9344433f3512325d9e5e76b621d4

SHA1
343dfacf9d70ad555c524b206462ca7d2c034b0c

SHA256
2f846e7c048fdb80b7da9d118a21e1e27da31e80ba2adb87e6949f684fddb939

SHA512
0e6d3aa3425f9ac00edaae3de8dcee3d6366f55bdf5bfe85afeccf8ed7b4298c0988378a8a882ce9cafcc3b1c95e3c2d0400170298a4839846427ec3994e648d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39942.exe

Filesize
184KB

MD5
3320ef719c73ab639b1e2b6d2f2af3db

SHA1
212d1c08563ce9eaba7c3ec2e2292200c2141b6f

SHA256
d5d4ab26c32e67da8649a4db415cc74b8258c7a84645431210f142d374833557

SHA512
70fbe58c84e1c3aaa654e6760552d0d5bb58a79e8c5b13d7148161a743ae27767fa65e2f18789ca0d2b5ce65c65b29bf4ff1de3fd96e7a2d43193123a35bd8e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40165.exe

Filesize
184KB

MD5
52427feb389fed34f9331a4898ff9fbc

SHA1
fbf409c7d3e599f62f240f1dedb5eec7144342b0

SHA256
086d5c560bf88ea54735c96660c9b499dedec2bf8f02e54d1f6c02f356c111f7

SHA512
b30b848246b85cfb40f1942a1fd8d4f0b7fc9b9c764456af422dcb2a6d2413689713dd1fe97f9e58a9759c6c2fb4e8b93497d1448dea8ddacd87d70c369f7e5b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe

Filesize
184KB

MD5
e6686af166e58ff52c55f6060e735e2e

SHA1
f54dffad847ac8d29ed3e8b5e061b98f7278d37b

SHA256
68643d408e752db3504d9e80d725fca4b27132e01a4da70ff706ae68a6b3900c

SHA512
385811f9080a77a1eae372c9361d8280ce79699e1f3066e26650828da22af3c9aa9866fd6a4f522b316c715805aa9fb5ceb3bafe04f57f9ab9f9ffb89af5e031

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe

Filesize
184KB

MD5
da5b6c3c802c0a0cf5432c6a113d4b1c

SHA1
7baa10218fe7f3cdfdf589a022ba93ec2ec6bdf0

SHA256
c338b31aeda5deb490cb9a5dbb46f7be902c1e91aca9f637e94231e16ea99fcb

SHA512
2b3142225f6eec1db4a097a0e98804fee98ea661732c30b712662fbc84ae15e1e2b4b616bc797befdb923f1b85e01f1c22a716e91a8ee03ce158d5338b809e91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe

Filesize
184KB

MD5
a32a807e563e7da57138d470a4305787

SHA1
071657b3e1571da1b61f8b9b12c75fc7cf47a94f

SHA256
53313b595fc544156b9a6dd9aac867698416d71d40c70b60578bc7d22d42ae96

SHA512
ab27093d7d0beb1fb42efc944a5466783f674469d9ec15d66aca3b7daa0f4983ca1f2bbd4a37677ad778f0802f7edc01a26ce2f30a95b9ec90098e476d6775b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe

Filesize
184KB

MD5
dd89e95da896e9bceea63ab16853ea9c

SHA1
8249bc3c8290fb49bd5de8900991a43734598db3

SHA256
b70f7a68f8747bc53158fd4bcd99474547984c65eb8f38d6636113b6b40178c1

SHA512
da186cafe3884b2baf28bef1f7f5684fd16b89b2a5b375a33d87b8226574f166b4241a76099a03802c53593898fc75525ad44f6ab3388976be210367ceafb74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe

Filesize
184KB

MD5
0a261f0ad3ae74290b647bef48b2358a

SHA1
3f0ff10a3d332c0f949536442f2755906cd012b0

SHA256
789d4b3dfe3e4140184698ae5e69230564bfbcbe81bfe9e43e8b0c1af12c36ff

SHA512
c9e5f205df822aacf38408f67d37dfae4703e2cb7f79e853f1b2ff79a426f58b072b0f5fe7ff4671acf853dec700a2255e7381da7fdb5696ca96657a72396236

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7130.exe

Filesize
184KB

MD5
a67d1d727ba47c319ec6534e268c6d68

SHA1
da287a7808fb8e6d331d9faaab6ebbc2e031e922

SHA256
d6e8057b6983ae5fd8799019d82f2c3bb53247f2798df953bf343fc9b85d89d4

SHA512
49c89bf91be811ce08fac969b18aba903e697195df5be475ff146fa09bca97ff211bcca4f3a737453c9a43ddfa5269fedff1e8682d06cd7b1cbcce9a3722e4c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15298.exe

Filesize
184KB

MD5
37a5c6146afc2ab6c078e9c6d35f3e9b

SHA1
4ddaead5294d1d4e21ca46be59402b1d34be7e96

SHA256
7e138553b1d512614e77ab5c29a5fa692e888805cdbcb7dbf1dc1a51d7b088f2

SHA512
504fc92cfe0b495d52894a6915eda4557074a644cdf11a6e728489575ac6ac72ae88a70df27132170c481423c4b97c2abdbdcf80deba8b2380a170423d89dcd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe

Filesize
184KB

MD5
1738cba6f6325c0001ec755e927dec5d

SHA1
1c89b13f74fe4d89e2a43ff3dab1829f7c14cb04

SHA256
0f5a6ee09aec524aa03344648592367de2ab094778cba71248e243e37ca799f5

SHA512
d1e02cec1aae332b1af912bbcd1683d52dff4f3cff4836c036d5417a4c5f2bcb54477d2ce97c658fec76918b1b7fccdbc17a4427658a26ee2dc1faf4a9107c74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe

Filesize
184KB

MD5
64b3756da11386c470250341fdd39afc

SHA1
534fe4befe587aba25c845b593c9c0e787032729

SHA256
296fcf5fabda35f8fd7ed9e99fa71ae5504ae35be1c25d15a24e4708fb6fd215

SHA512
f0b9ecc6e36b0e453342bbd98577940d28d95c5339ee1bf5d22fec8f4a63b4f0523671bd07e2e3e45a2111a74f350fc4d5d1b75a6f270c767e0272474da753fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe

Filesize
184KB

MD5
de7288a9a89289936691617a5693082a

SHA1
7b929b9cb9ccd66d3eeb76a032b22417410bbd16

SHA256
e1a5f1d6b67622998c497ba0475f53c109f49d8c7e8eb20cb83a2e20ba561a18

SHA512
636231ad7c834b9fadb4361b3a7c959a42369671c1fbbdd667d304bda21a6aa04eb9928f2dd5d5aa37fb9f81ee946c7c8a1b23b33cafbf1e7e220ac385fe3c45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe

Filesize
184KB

MD5
980998a3d116e0f7c52db63a45b2b302

SHA1
cda0f46c045d405c12f2f2dce6b5035ffd32dcb3

SHA256
20264314808efbd62f02322fc6e3007a38e3286d626d5abcd63280addd432a29

SHA512
8838447920b382e8b040007df877df9f49171464a6478d629f8989e7b6d4117b77f1c537930521d87037dfaa38894262d73e49ee63cc7cd650249f23df57706f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe

Filesize
184KB

MD5
a8552240c241cc03eb6996c0bfa7df91

SHA1
e04330b5e6bc744543ceadda3c4736524d35e2c2

SHA256
b640710c55b83c5dc9b5e83fa645f4ac5b3cf8670692519fd06a6934e9fd114d

SHA512
12592b06ae0ed1044b22ab8ded458930201c260d095c556edbebc999b5cd49672aca42f7769ff078dbab3cffabf1babe5c0941a097773673b7e7c1986229d13a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35911.exe

Filesize
184KB

MD5
430a74651e30b5bfcf102a0a6c16c821

SHA1
d3fd85931a34f1adf242c48febe9b68f38b0f7a7

SHA256
a9b32203fae94c2301bb419ae64fb567f306d7d51fe9e35844d64b864c2a235f

SHA512
f331f3c51509e94d8eefa2186d8df3f6be9d01792c7752279ea329c69b4ed7dc44fcbe3b63b0b860ee0ff33fad9b58890fd965b3420a6275b2d0f25d086b9d09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe

Filesize
184KB

MD5
9420aa65b80bfa01d689889814f2eb1b

SHA1
c3f8c06f8a9986f67777809a236c9a2ae619c619

SHA256
eb4adb903af21cbf0eef731e65d6d17c4257e07beeb225d510cf84a1672ef41f

SHA512
86a1498de4af2f2fbab7273ce5a3c1525967bd67c2d785b7931252a75c3c9081888ef211521c5907bb0d9746283efdc4c0c5d93b13c3166782f41c86c609f929

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe

Filesize
184KB

MD5
6c658442735575bff623494979dfc236

SHA1
c48ab5106434e52a4ecec3a969cb7cf290220624

SHA256
8ec15e44a1fb69cf917abc1dd324f3948fb92d5b9f95da1ecd14659c589f6036

SHA512
1247fc7ba7b53a81be3a67421603eacbcca197b995e24976c8b410082b9d089ff316e868db4fdfb41869ba40d3c122a5d28acd1ba5146979f886a98a4168af8a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe

Filesize
184KB

MD5
f7dadf0307423717677f5b30638c19f9

SHA1
ac0984d0ab5627497ff897cfed78b3b5992d2437

SHA256
f3b312576b252af7c56dd0e4c3edac32020a55033388389589ac64ddd7df12cb

SHA512
a8d1e419e9e1e74d3d14a846fc576a310be980ff03f5c5e5af857189c2398846abbe86167a7b3a24e148de33b8bd9766bc907c71a127c788de3d17c6f04f3371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48923.exe

Filesize
184KB

MD5
d3cc76a9fdfb0c77a4ed6492025de8b0

SHA1
091b01ea31fc7b166648d67b228ea40db2b641d3

SHA256
b8711026a235c79c7955fe1d73faf303de6d00eafdd6d1345149711b6f062df6

SHA512
cee6829b16c2ae878cd9ef206c1a92064f219b643b02c9caa298a7c0f40d16fd0fc2950464e44651f041eb944fbe2af4bad3e9721c859e8462b72cd9cc8d503d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe

Filesize
184KB

MD5
fec4a848121d0ecfb0c0e9608661ab4b

SHA1
a36212b5f2a4be463b8e558059967a6530d5a8b8

SHA256
3803f24059f1aa7ed5572150e58a3b5ec7cab618a1db7c83c3d833db545d1b06

SHA512
6b3aa9ef87c43abd95fc2402b16c69991092826360f7d941f573ca766daeaac79dafb7fe098fcbba0258f9ac63b8910d4d3567623bac556ed9c2a21b14746ce6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55280.exe

Filesize
184KB

MD5
332b9237d6a48dfd7e3bec8f07ef7cc0

SHA1
6e10d050a3648a7de64a10dc163c125419276520

SHA256
b68a5c0802f6658068f24c59c1890840ca6f415fa3fb5c91b5d22049df5f81c9

SHA512
1091ad9f7c21cb990196e9d7cb05e65f82b04df61b31858ff1b39377a849a9d8b829fa1eba5aa82ebf48f781d25c82c116ad6270714d4a3b79065ea63a51d791

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe

Filesize
184KB

MD5
4f817a223371b34d9d9e87c7c65fdda3

SHA1
dbc091c5f253652596bd6632f08db0e9254ad5fb

SHA256
66724e3e7fb76990b6e81988498b3b1f9b545131172d6890b55830ca90c58e3c

SHA512
665500d9d33389ea014d9133fed2dccbf43ec11d716e09cf2b1c0edc723d7a905904d71143c75bda29c5b74812e8f78605ba91d36fb96b571c620a057278ca22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65259.exe

Filesize
184KB

MD5
6208afa16c26faa6eaba325ca4f655ca

SHA1
6686e14d5c7cf91fa1ac954048ae65c7cecc6c9c

SHA256
9b49ec32d6ffca2f4019ba7c4e5e5c704677ca705eee5299831d26726af88a8c

SHA512
e417ce4a3def921bc26eda9edeaf13aef59b475e7c14b8a29306c3aa8e8e24600c972c5eb939f1ed4b9cc84cec22d017b5f01cc1bceedc5677d8a90e706809cd

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads