e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b

Analysis

max time kernel
163s
max time network
128s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 01:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
Size

192KB
MD5

c96b2c5d00196ec871c8b08fe61e2455
SHA1

1d64eebcda690658dc00a88fd0ce8d0598764218
SHA256

e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b
SHA512

3014b5b4d9179fa0b8d83f60d1661eabd829e7cde1e9ad95a83d746b0cbb27fb58a017b694dadca913e374ef53f95ad013017b98c2dc2ad8ad285b38ecb48bee
SSDEEP

3072:uFcaonFCOniKDYgJdXXD68z99ZN67vLiGi0xsMPHzNwPvpFK:uFZodiKDzdHD68i2nWNwPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2780	Unicorn-27318.exe
2452	Unicorn-40283.exe
2464	Unicorn-53426.exe
576	Unicorn-33440.exe
1424	Unicorn-46019.exe
2760	Unicorn-26729.exe
1220	Unicorn-59584.exe
1408	Unicorn-31510.exe
1704	Unicorn-46969.exe
2408	Unicorn-15256.exe
1684	Unicorn-60928.exe
2320	Unicorn-24082.exe
1072	Unicorn-17170.exe
812	Unicorn-17476.exe
2360	Unicorn-41185.exe
2236	Unicorn-14673.exe
2328	Unicorn-52540.exe
2152	Unicorn-14865.exe
1536	Unicorn-41761.exe
2076	Unicorn-48971.exe
2912	Unicorn-15950.exe
1640	Unicorn-1223.exe
2088	Unicorn-23481.exe
2296	Unicorn-47609.exe
1884	Unicorn-13244.exe
1184	Unicorn-33110.exe
108	Unicorn-629.exe
1708	Unicorn-45087.exe
2868	Unicorn-15871.exe
2568	Unicorn-59934.exe
2944	Unicorn-32638.exe
524	Unicorn-7588.exe
472	Unicorn-20324.exe
776	Unicorn-51460.exe
1556	Unicorn-58652.exe
2756	Unicorn-9114.exe
2516	Unicorn-54786.exe
540	Unicorn-42965.exe
2624	Unicorn-32170.exe
2776	Unicorn-3546.exe
2672	Unicorn-22767.exe
2708	Unicorn-32379.exe
2748	Unicorn-46146.exe
2600	Unicorn-33723.exe
2700	Unicorn-44610.exe
2792	Unicorn-56784.exe
1628	Unicorn-40672.exe
2104	Unicorn-43447.exe
2136	Unicorn-46318.exe
1664	Unicorn-30292.exe
1168	Unicorn-7083.exe
2896	Unicorn-13793.exe
1096	Unicorn-36927.exe
2904	Unicorn-62169.exe
1980	Unicorn-39999.exe
2972	Unicorn-59865.exe
1408	Unicorn-51993.exe
1648	Unicorn-36918.exe
2476	Unicorn-21023.exe
1440	Unicorn-16327.exe
628	Unicorn-34711.exe
2444	Unicorn-34711.exe
1236	Unicorn-64754.exe
2116	Unicorn-35216.exe

Loads dropped DLL 64 IoCs

pid	Process
2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
2780	Unicorn-27318.exe
2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
2780	Unicorn-27318.exe
2452	Unicorn-40283.exe
2452	Unicorn-40283.exe
2464	Unicorn-53426.exe
2464	Unicorn-53426.exe
2780	Unicorn-27318.exe
2780	Unicorn-27318.exe
1424	Unicorn-46019.exe
2464	Unicorn-53426.exe
2464	Unicorn-53426.exe
1424	Unicorn-46019.exe
576	Unicorn-33440.exe
576	Unicorn-33440.exe
2452	Unicorn-40283.exe
2760	Unicorn-26729.exe
2760	Unicorn-26729.exe
2452	Unicorn-40283.exe
1408	Unicorn-31510.exe
1220	Unicorn-59584.exe
1220	Unicorn-59584.exe
1684	Unicorn-60928.exe
1408	Unicorn-31510.exe
576	Unicorn-33440.exe
576	Unicorn-33440.exe
1704	Unicorn-46969.exe
1704	Unicorn-46969.exe
1684	Unicorn-60928.exe
1424	Unicorn-46019.exe
1424	Unicorn-46019.exe
2408	Unicorn-15256.exe
2408	Unicorn-15256.exe
2760	Unicorn-26729.exe
2760	Unicorn-26729.exe
1072	Unicorn-17170.exe
1072	Unicorn-17170.exe
1704	Unicorn-46969.exe
1704	Unicorn-46969.exe
2360	Unicorn-41185.exe
2360	Unicorn-41185.exe
2320	Unicorn-24082.exe
2320	Unicorn-24082.exe
2152	Unicorn-14865.exe
2152	Unicorn-14865.exe
2408	Unicorn-15256.exe
812	Unicorn-17476.exe
2408	Unicorn-15256.exe
812	Unicorn-17476.exe
1536	Unicorn-41761.exe
1536	Unicorn-41761.exe
2328	Unicorn-52540.exe
2328	Unicorn-52540.exe
2236	Unicorn-14673.exe
2236	Unicorn-14673.exe
2076	Unicorn-48971.exe
2912	Unicorn-15950.exe
2076	Unicorn-48971.exe
2912	Unicorn-15950.exe
1072	Unicorn-17170.exe
2088	Unicorn-23481.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2472	2624	WerFault.exe	65
2496	2796	WerFault.exe	118
1956	1708	WerFault.exe	129
1664	1120	WerFault.exe	143
868	2412	WerFault.exe	193
1980	2748	WerFault.exe	179

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
2780	Unicorn-27318.exe
2452	Unicorn-40283.exe
2464	Unicorn-53426.exe
1424	Unicorn-46019.exe
2760	Unicorn-26729.exe
576	Unicorn-33440.exe
1408	Unicorn-31510.exe
1220	Unicorn-59584.exe
2408	Unicorn-15256.exe
1704	Unicorn-46969.exe
1684	Unicorn-60928.exe
1072	Unicorn-17170.exe
812	Unicorn-17476.exe
2320	Unicorn-24082.exe
2360	Unicorn-41185.exe
2328	Unicorn-52540.exe
2152	Unicorn-14865.exe
2236	Unicorn-14673.exe
1536	Unicorn-41761.exe
2076	Unicorn-48971.exe
2912	Unicorn-15950.exe
1640	Unicorn-1223.exe
2088	Unicorn-23481.exe
2296	Unicorn-47609.exe
1884	Unicorn-13244.exe
1184	Unicorn-33110.exe
108	Unicorn-629.exe
1708	Unicorn-45087.exe
2868	Unicorn-15871.exe
2568	Unicorn-59934.exe
2944	Unicorn-32638.exe
472	Unicorn-20324.exe
524	Unicorn-7588.exe
1556	Unicorn-58652.exe
2748	Unicorn-46146.exe
540	Unicorn-42965.exe
2708	Unicorn-32379.exe
2776	Unicorn-3546.exe
2672	Unicorn-22767.exe
2756	Unicorn-9114.exe
776	Unicorn-51460.exe
2516	Unicorn-54786.exe
2624	Unicorn-32170.exe
2600	Unicorn-33723.exe
2792	Unicorn-56784.exe
2700	Unicorn-44610.exe
1628	Unicorn-40672.exe
2104	Unicorn-43447.exe
2136	Unicorn-46318.exe
1664	Unicorn-30292.exe
2896	Unicorn-13793.exe
1168	Unicorn-7083.exe
1096	Unicorn-36927.exe
2904	Unicorn-62169.exe
2972	Unicorn-59865.exe
1408	Unicorn-51993.exe
1648	Unicorn-36918.exe
2476	Unicorn-21023.exe
1236	Unicorn-64754.exe
2464	Unicorn-33618.exe
1440	Unicorn-16327.exe
2444	Unicorn-34711.exe
2116	Unicorn-35216.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2780	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	29
PID 2224 wrote to memory of 2780	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	29
PID 2224 wrote to memory of 2780	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	29
PID 2224 wrote to memory of 2780	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	29
PID 2224 wrote to memory of 2452	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	30
PID 2224 wrote to memory of 2452	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	30
PID 2224 wrote to memory of 2452	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	30
PID 2224 wrote to memory of 2452	2224	e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe	30
PID 2780 wrote to memory of 2464	2780	Unicorn-27318.exe	31
PID 2780 wrote to memory of 2464	2780	Unicorn-27318.exe	31
PID 2780 wrote to memory of 2464	2780	Unicorn-27318.exe	31
PID 2780 wrote to memory of 2464	2780	Unicorn-27318.exe	31
PID 2452 wrote to memory of 576	2452	Unicorn-40283.exe	32
PID 2452 wrote to memory of 576	2452	Unicorn-40283.exe	32
PID 2452 wrote to memory of 576	2452	Unicorn-40283.exe	32
PID 2452 wrote to memory of 576	2452	Unicorn-40283.exe	32
PID 2464 wrote to memory of 1424	2464	Unicorn-53426.exe	33
PID 2464 wrote to memory of 1424	2464	Unicorn-53426.exe	33
PID 2464 wrote to memory of 1424	2464	Unicorn-53426.exe	33
PID 2464 wrote to memory of 1424	2464	Unicorn-53426.exe	33
PID 2780 wrote to memory of 2760	2780	Unicorn-27318.exe	34
PID 2780 wrote to memory of 2760	2780	Unicorn-27318.exe	34
PID 2780 wrote to memory of 2760	2780	Unicorn-27318.exe	34
PID 2780 wrote to memory of 2760	2780	Unicorn-27318.exe	34
PID 2464 wrote to memory of 1220	2464	Unicorn-53426.exe	36
PID 2464 wrote to memory of 1220	2464	Unicorn-53426.exe	36
PID 2464 wrote to memory of 1220	2464	Unicorn-53426.exe	36
PID 2464 wrote to memory of 1220	2464	Unicorn-53426.exe	36
PID 1424 wrote to memory of 1408	1424	Unicorn-46019.exe	35
PID 1424 wrote to memory of 1408	1424	Unicorn-46019.exe	35
PID 1424 wrote to memory of 1408	1424	Unicorn-46019.exe	35
PID 1424 wrote to memory of 1408	1424	Unicorn-46019.exe	35
PID 576 wrote to memory of 1704	576	Unicorn-33440.exe	37
PID 576 wrote to memory of 1704	576	Unicorn-33440.exe	37
PID 576 wrote to memory of 1704	576	Unicorn-33440.exe	37
PID 576 wrote to memory of 1704	576	Unicorn-33440.exe	37
PID 2760 wrote to memory of 2408	2760	Unicorn-26729.exe	39
PID 2760 wrote to memory of 2408	2760	Unicorn-26729.exe	39
PID 2760 wrote to memory of 2408	2760	Unicorn-26729.exe	39
PID 2760 wrote to memory of 2408	2760	Unicorn-26729.exe	39
PID 2452 wrote to memory of 1684	2452	Unicorn-40283.exe	38
PID 2452 wrote to memory of 1684	2452	Unicorn-40283.exe	38
PID 2452 wrote to memory of 1684	2452	Unicorn-40283.exe	38
PID 2452 wrote to memory of 1684	2452	Unicorn-40283.exe	38
PID 1220 wrote to memory of 812	1220	Unicorn-59584.exe	41
PID 1220 wrote to memory of 812	1220	Unicorn-59584.exe	41
PID 1220 wrote to memory of 812	1220	Unicorn-59584.exe	41
PID 1220 wrote to memory of 812	1220	Unicorn-59584.exe	41
PID 1408 wrote to memory of 2320	1408	Unicorn-31510.exe	40
PID 1408 wrote to memory of 2320	1408	Unicorn-31510.exe	40
PID 1408 wrote to memory of 2320	1408	Unicorn-31510.exe	40
PID 1408 wrote to memory of 2320	1408	Unicorn-31510.exe	40
PID 576 wrote to memory of 2360	576	Unicorn-33440.exe	43
PID 576 wrote to memory of 2360	576	Unicorn-33440.exe	43
PID 576 wrote to memory of 2360	576	Unicorn-33440.exe	43
PID 576 wrote to memory of 2360	576	Unicorn-33440.exe	43
PID 1704 wrote to memory of 1072	1704	Unicorn-46969.exe	44
PID 1704 wrote to memory of 1072	1704	Unicorn-46969.exe	44
PID 1704 wrote to memory of 1072	1704	Unicorn-46969.exe	44
PID 1704 wrote to memory of 1072	1704	Unicorn-46969.exe	44
PID 1684 wrote to memory of 2236	1684	Unicorn-60928.exe	42
PID 1684 wrote to memory of 2236	1684	Unicorn-60928.exe	42
PID 1684 wrote to memory of 2236	1684	Unicorn-60928.exe	42
PID 1684 wrote to memory of 2236	1684	Unicorn-60928.exe	42

C:\Users\Admin\AppData\Local\Temp\e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe
"C:\Users\Admin\AppData\Local\Temp\e027d752fa4c9cbc34f67d8688519dc12b6516a28201f164b1c496578df3193b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53426.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13793.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        11⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11365.exe
        13⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36927.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        9⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        10⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10616.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        14⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6606.exe
        15⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40772.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
        17⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7637.exe
        18⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9621.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
        8⤵
        Program crash
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3546.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58069.exe
        9⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57365.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        11⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30367.exe
        8⤵
        
        PID:2796
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
        9⤵
        Program crash
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31905.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
        10⤵
        
        PID:2748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 220
        11⤵
        Program crash
        
        PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36130.exe
        11⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        9⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52227.exe
        10⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44610.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        7⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46179.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11173.exe
        9⤵
        
        PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
        10⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        11⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
        12⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        13⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31224.exe
        12⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        13⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48303.exe
        14⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
        15⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43054.exe
        16⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        17⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16356.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        10⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60493.exe
        12⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40302.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52343.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27878.exe
        15⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62028.exe
        16⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
        17⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39999.exe
        7⤵
        Executes dropped EXE
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        8⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        10⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12381.exe
        8⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62759.exe
        9⤵
        
        PID:1708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 200
        10⤵
        Program crash
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13244.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41761.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59865.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34711.exe
        7⤵
        Executes dropped EXE
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1079.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49692.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6789.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33903.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58869.exe
        10⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43721.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
        13⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8164.exe
        14⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40793.exe
        10⤵
        
        PID:2860
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33618.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37080.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
        12⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43447.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64754.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4867.exe
        9⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64627.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        10⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
        11⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57836.exe
        13⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4650.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10300.exe
        15⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15345.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        14⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        15⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
        16⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        17⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        14⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
        15⤵
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
        7⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3331.exe
        8⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        9⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16212.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28972.exe
        14⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25235.exe
        15⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17649.exe
        12⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26195.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49426.exe
        15⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21688.exe
        14⤵
        
        PID:1884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32638.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44534.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        10⤵
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
        11⤵
        Program crash
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59472.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        11⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8413.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        9⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64338.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55252.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20399.exe
        13⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
        15⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
        14⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28692.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4363.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
        13⤵
        
        PID:1416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35216.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3165.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51114.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41369.exe
        11⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 244
        12⤵
        Program crash
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58652.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        6⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21481.exe
        8⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5771.exe
        9⤵
        
        PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32379.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36918.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2422.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-626.exe
        9⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        12⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47727.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19150.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16995.exe
        15⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32340.exe
        13⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34130.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        15⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38569.exe
        16⤵
        
        PID:2972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
        6⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43410.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
        10⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15246.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3465.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47773.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
        15⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38991.exe
        16⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19677.exe
        13⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38559.exe
        14⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61278.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-507.exe
        8⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53086.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47509.exe
        10⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47380.exe
        11⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe
        12⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        13⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59879.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31122.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8250.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        13⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51025.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52879.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        12⤵
        
        PID:1932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26729.exe

Filesize
192KB

MD5
5a935995dece7d698a72f65be5c5042b

SHA1
2fca9220318ab94a6c91377b4c6fa3a7b603c29b

SHA256
4db94bfef4bb83662c16a184f9e01bafc1c7b46ccc897c12836995c8f339b8fb

SHA512
bc229b7c574720905e36dc8dc7184153a352881c36e8a17fed9c0c6fbcbd0024fb66caf7bd085d067d3ed469fce68e88ae51290dc426ed3f9b4b398d736e6431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3594.exe

Filesize
192KB

MD5
d2fc3b7a2d166bcd8a51beaa9c663a0f

SHA1
52aed9f4eac4da0505d740ba7b88281b32dfde23

SHA256
0756826123f1c26e78496aca822c19483b96a5b844dbec4c9c3f1207b996211e

SHA512
447e850b7e7934b4f9d129b5472b0f00c9ede3e661307114cc913aa19be810eda8765eec02d86848f78023821be063d92bbefa6d03248c068d3a1bdd62c9ca11

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37944.exe

Filesize
192KB

MD5
773f9198e089cf77bdcbaf8b3c5b92c3

SHA1
7f9d74669cd284938ca868f2831f2d7f595e65a1

SHA256
f698a1d257f3a325a326c4d692e65cc73a9eeb63fae86beaba8e95ca42b7eccc

SHA512
e0ad01275c9257077f3e8ba6aa8f66f8b9388d132078651f1c62894023ec60d0c0216b3d0d180c7170f6c687404f5620c43b47397cad112fbf7ea311499ef36e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe

Filesize
192KB

MD5
f8ba52b9b4d636c500daa48ec6fc2ded

SHA1
a18196ff6365d6786127a40c488961cd35bb55f3

SHA256
6e53d09a72bc312ea3fa54817a9d29bb68a016b441a768696388ad24af1e380a

SHA512
ed9fa3ceb0d635682f1909a50c7d6a7cc0c5cc08568bcb9cab4811066f61cfa73c3607ede65cff38806008fb144b6a37f405500a8aa604224eefedd171dccf29

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe

Filesize
192KB

MD5
8bab919929547dce6a0af9be8c5f76de

SHA1
a65841dec09221920d08dd25fad49ee9a3b19138

SHA256
d2b839a3c3475be6e41891f3a7e14b8db5789f861e3c47c58dec4678320398c4

SHA512
ccadfb85df7c437cdd20670da973f4a3f82dbc4adcef9fff71016306d8bffdc82b3be23d0f8192b5e2ba71991596dd028cb9bb4c25ca3b49745b50092b3d8003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe

Filesize
192KB

MD5
da080d2dd2191ec0509dc44a214a4327

SHA1
d1449fa94dfe5aa81a0e2abde2cad8077bc20d91

SHA256
dc71acccfc09b75127bbca32bb330e2e43779515dcfbacf0d498936a4422b8b9

SHA512
d20352e975252df018497356b082650d9634d79fb584fa398e65379edc38f23129f6b924c9f0bf9525fb019d165991d48dccbf754b2b3c5ed79e78edd685bc82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14673.exe

Filesize
192KB

MD5
106ebd569a7cc72281f5cebd63a1b7b3

SHA1
1da2a38511618eca1e76a50992c1380fb6b62127

SHA256
3930169612af7ea5e54d162c284eec570b3c7462bc7bf41f7468e6f78684ff31

SHA512
b2b7a96ec0cbbdb51a385d964792d46960896ddb809dd9f5bb4d28d73c7351f053e411e6bc134aa17fcbe9423bafab56884438db98482614b17a6bd6df022371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14865.exe

Filesize
192KB

MD5
9e8170f5ac485aa3b00435b9474eb55a

SHA1
aca2aaa88a55b95ac85ccc99460bf64dcb6eac51

SHA256
bc077b12d99764e3a81d80a72c02cb8323453c74922b72223fbf502435f302b7

SHA512
69050cbc70b4b161e63998387ef1021e2d2b7b757241586417d57c8754cd85b51c4d9c8168bf55ecfb903cb94829dd336bef0bdb585b6aed75df6374ad94797f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe

Filesize
192KB

MD5
97bb9540216fa46be7732565eb9e9e65

SHA1
beee7ed1061e10d9c1e56347b962839b2d7365e9

SHA256
f78a1f837695fc4c05254ad7c56799ab9c78b39b522f66ee232416fdc0c56810

SHA512
23862c838caddcb3bee525337d3f0f92666ca1616e127d6a2c9cce4fbd0acc0b0ac38000b4166438a425a51728076c50c3cdaa5303c0df7368bb9e74f4438a6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe

Filesize
192KB

MD5
00001f9d570b8f4f2b13cfae8c0e6470

SHA1
2add5a2c55d3244ae8450ee503f632b3d851502d

SHA256
8d8f5391ab77b1559a0270dc98d30a4c6577a5dd92de56c6943230487f26f35d

SHA512
35b1c9b24c4f46ac157b7654353b957c1d17499136929d8a5f3d4e4f99d218981c4d205573bc108eac0763bb044c3610876f98d1954e28a3eb2dde0712029dcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17476.exe

Filesize
192KB

MD5
f41f1c1b9eddf66ce19e53af4f0ee3b3

SHA1
d0d852041829af845de28a4f224dc3f54ae671d5

SHA256
c529fb8835c21e8cc771be3af4e9639fd397b200083c95cad97b49d58b1ce0d5

SHA512
7ef01aaff9f16d89159aa5e00de17b14de89e20dbfaddf0113d4208f58c0ef377138a77858a0bbee86f147a01ee9e3d34657c91c97f62039b1da7cbd2ba0f584

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24082.exe

Filesize
192KB

MD5
b3dd52115b9be52a20fb35132f80f863

SHA1
44f85cbc5cfa42a6d4520ac0b31dae3392d56ea0

SHA256
13ea6c6caebde4d8d83eb88ecf2434851cc3d48b484673a1d7dad52ef7ac3294

SHA512
0a893952bd6bd7e398b0d2fd67d23fc392e67d608b7a6173db9f086646962f7b8738c8e6cc94159c0ceb0af290892cfdea9b372ad7b9c0e3b10ac9a6f83c0ad5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27318.exe

Filesize
192KB

MD5
cb2d132470b838f1682bdd4849399694

SHA1
d9f5e2e2b69a57f78a0d1b2610c605979f25d583

SHA256
f6237c576f77d78ca6326f621fab4fe86e350901b0e4a28930c151c59b4bf439

SHA512
ff4ccc5d1c5b158f1c532620c3b0bb9b753ed7b131365f1cf9b0dcd8151db54e62802d0808a30a3c367c18461ac6dd01f4de6fdc1fad15de194a71a3f55e3353

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31510.exe

Filesize
192KB

MD5
b1f7c0f85bc2f80cef74c448acbbf492

SHA1
d207f5b2be10e30209591d641b9645eb289b2394

SHA256
413f7b1495a94fca666a4b90bf7cb26223682438638be6f373a0ea29650ddd17

SHA512
3cc44026445618bcabdad9d8facce5758083d3ff6b6375d6b33cb9ef28956b60575c17d1fd9da8bbe9b6853f3ef8972af77ac38b346c34280d5b69eb59768cab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33440.exe

Filesize
192KB

MD5
cc3818e7907b9132ae1478775d98c580

SHA1
1647b019ae46af6e2e310d9c9dc269e73372659a

SHA256
087a0ad4f2139492c2a83a743e2856714102faf0fe2d7c1c5bc1cf152725896a

SHA512
dbb345ffb9785ee85bd4c037a988c40d6483c3e00e591137cbe86bf589ba7f5f0e778ec3a79441e07f41e3d967e97b77170f7b086f14049ab3d71358bf536eea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe

Filesize
192KB

MD5
ad9872c4fffc569dd9753c975e4f236d

SHA1
a38f5b94f293c187c9ba956cc81e2d9b9e13f1a8

SHA256
a2ab68c4c3ab7466c632c289fd882c32f69a03bc13ec1fba8d70e14bc81722c5

SHA512
224d170bffb717b84701033b275db0f05d13e61599844935293fe5117e6185c79355c9d559e9d519954f27aa7a884e79a04912f40a42360fea5b18bc3172974d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe

Filesize
192KB

MD5
2a2ad966837f20e59f3305504d877a1b

SHA1
9a2407d75a2295187677eb4a32e8551e8e7c120f

SHA256
790f366737084d62686d4c798dbccf3b616180773d195249a00f8b4f6976e5e1

SHA512
eb28f371838722b46d746576cda5ec052aac4ae1f13af9268287ad08229c41c6357909da9f3503233b87cbf51a7a1d3f5226578c21aa21c4de7617fa899f9804

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46969.exe

Filesize
192KB

MD5
0e12e6d855d7ea96c7a7722b99737d80

SHA1
1c8c85c5ede1671ab957b9e513cca73cd460eb64

SHA256
8a3dddd01eb16fb8bbc4d20984e760a6662427072e878bb63069f80bf5770e32

SHA512
c093eaf2e57072ab1f29077bcb1e0fe545d0364d3fb5cfe918c98f3f840dfe1cdccd41074e16f508725b4eaba6c85d5e6fef70bf774b8f2a7a8dea5a604b470d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe

Filesize
192KB

MD5
d2f326b4ae2428df50781a345489dfb3

SHA1
6f0208ddc561ee39ea882044814de201b1598202

SHA256
25790d9d0b9086589f2d54de945f5e2d407c7d14e280af3735d30a0ff1b62323

SHA512
0f5c117003e6d81b2e6913ca02d726b5f723a38676713e4e129548a8285dacc3389ab3477ef5c5ee56629cbbc0ea83036345aecfe46af3058bdd4a3ec90c4191

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53426.exe

Filesize
192KB

MD5
20267d940d988a8506f4d4e50d100329

SHA1
78f4ee491c95097085d1815765a228c89e7256ae

SHA256
03b331870daad22fc6b0be3a22c447debac179ea711b08549a0be4834fa6b6c4

SHA512
a6ecf1ac05c91066c75b19cd61ddb5deb93fde55644ed7ff00031c6c56f7363f0fff2efccc1440a571ea0a3f9271bb5c36e59dd81596952e9b72c4fa996f9682

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe

Filesize
192KB

MD5
6a0fca7d818f72b5893033d96644bf07

SHA1
98c4d7fae6925483d8b6135b842dcc1f26114c86

SHA256
1a6bbebf88c3d8377b6b0818b80d52d001870fe59838be90b73d3dd8de82e978

SHA512
258eee689d96093e7fb4224219a87cf1975981bef6cdd2a7356f9f09438afb06f2c58ac0c0a80062dab990c770bc2c096267d2282e30cf9ae22affb74eccd755

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60928.exe

Filesize
192KB

MD5
04da4cf2d5d0068c435b8e7779b8ab9a

SHA1
213e3b4bd384aaf24e795a0e2b11b638e063917c

SHA256
d57475c4b398b3603843bd698ae632605700325ffcc0069345ff4675b7b4a885

SHA512
733dc4c2eefc1f4a00cab254d04f4ae70e91b58d44280c09c78195a3328fa6db786f48cc15955ae7ba8d67a46b31d342975a4e803ffc23ca5f38776dae8a2f31

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads