4d61e7e78ef41a019723c71fe666231801f92335ae8e8380b6527690f018eef1

Analysis

max time kernel
31s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 10:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
Size

184KB
MD5

19f997ebc366112185c9e3b3f5479930
SHA1

7012cafd20053ea67f89ad6964108a0978854ca4
SHA256

4d61e7e78ef41a019723c71fe666231801f92335ae8e8380b6527690f018eef1
SHA512

4c607658211d47751de0728e69d5c8edbf1c01347bee3e5527e0aba26ceaff2a4267a0cd092e5bbdda5528cf99bbd3146401093f10055bdcd8487381541f5b45
SSDEEP

1536:UBS/6jZlu3zAotx18fYAlawSG29yvZc8wmddjwLW3Vzetmhl5hj5nizpvv:gda3zAoT2fYTjG4WeqwLWpsmhlnViF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2464	Unicorn-29733.exe
3008	Unicorn-39292.exe
2588	Unicorn-19426.exe
2420	Unicorn-3578.exe
2604	Unicorn-36997.exe
2416	Unicorn-56863.exe
2372	Unicorn-49416.exe
1220	Unicorn-3744.exe
776	Unicorn-7828.exe
1528	Unicorn-45332.exe
1472	Unicorn-65197.exe
2008	Unicorn-21280.exe
2824	Unicorn-58783.exe
2424	Unicorn-13111.exe
1564	Unicorn-46531.exe
1940	Unicorn-859.exe
580	Unicorn-42254.exe
588	Unicorn-62120.exe
800	Unicorn-14901.exe
1160	Unicorn-30683.exe
2600	Unicorn-30683.exe
1320	Unicorn-53194.exe
2284	Unicorn-60807.exe
1728	Unicorn-64891.exe
304	Unicorn-45026.exe
1892	Unicorn-44279.exe
2832	Unicorn-28497.exe
2332	Unicorn-48363.exe
2016	Unicorn-48363.exe
3040	Unicorn-16245.exe
2752	Unicorn-7413.exe
2756	Unicorn-49754.exe
2532	Unicorn-17636.exe
2584	Unicorn-17636.exe
2780	Unicorn-37502.exe
2256	Unicorn-20974.exe
2400	Unicorn-52769.exe
2608	Unicorn-52769.exe
1992	Unicorn-8207.exe
2748	Unicorn-49562.exe
2504	Unicorn-39.exe
2560	Unicorn-20782.exe
1132	Unicorn-916.exe
1624	Unicorn-7460.exe
1568	Unicorn-60745.exe
1644	Unicorn-60745.exe
1508	Unicorn-60745.exe
1480	Unicorn-44964.exe
1532	Unicorn-44964.exe
1708	Unicorn-21332.exe
2864	Unicorn-5550.exe
2884	Unicorn-29500.exe
1792	Unicorn-21140.exe
3000	Unicorn-5358.exe
900	Unicorn-62727.exe
968	Unicorn-62172.exe
764	Unicorn-57896.exe
240	Unicorn-29862.exe
1852	Unicorn-53620.exe
2288	Unicorn-45452.exe
1308	Unicorn-41368.exe
2672	Unicorn-33200.exe
1632	Unicorn-13334.exe
1972	Unicorn-20756.exe

Loads dropped DLL 64 IoCs

pid	Process
2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
2464	Unicorn-29733.exe
2464	Unicorn-29733.exe
2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
2588	Unicorn-19426.exe
2588	Unicorn-19426.exe
2464	Unicorn-29733.exe
2464	Unicorn-29733.exe
3008	Unicorn-39292.exe
3008	Unicorn-39292.exe
376	WerFault.exe
376	WerFault.exe
376	WerFault.exe
376	WerFault.exe
376	WerFault.exe
2420	Unicorn-3578.exe
2588	Unicorn-19426.exe
2420	Unicorn-3578.exe
2588	Unicorn-19426.exe
2604	Unicorn-36997.exe
2604	Unicorn-36997.exe
3008	Unicorn-39292.exe
3008	Unicorn-39292.exe
2416	Unicorn-56863.exe
2416	Unicorn-56863.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
1372	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
1372	WerFault.exe
2564	WerFault.exe
2564	WerFault.exe
1220	Unicorn-3744.exe
1220	Unicorn-3744.exe
2420	Unicorn-3578.exe
2420	Unicorn-3578.exe
776	Unicorn-7828.exe
776	Unicorn-7828.exe
2604	Unicorn-36997.exe
2372	Unicorn-49416.exe
2604	Unicorn-36997.exe
2372	Unicorn-49416.exe
2416	Unicorn-56863.exe
1528	Unicorn-45332.exe
2416	Unicorn-56863.exe
1528	Unicorn-45332.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
2728	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
664	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe

Program crash 64 IoCs

pid	pid_target	Process	procid_target
2960	2184	WerFault.exe	27
376	2464	WerFault.exe	28
1372	3008	WerFault.exe	29
2564	2588	WerFault.exe	30
2728	2420	WerFault.exe	32
664	2604	WerFault.exe	33
2964	2416	WerFault.exe	34
1964	1220	WerFault.exe	36
2324	776	WerFault.exe	38
1236	2372	WerFault.exe	37
1732	1472	WerFault.exe	40
1544	1528	WerFault.exe	39
1464	2824	WerFault.exe	44
2656	2008	WerFault.exe	43
2056	1564	WerFault.exe	46
2108	1940	WerFault.exe	47
720	2424	WerFault.exe	45
2876	580	WerFault.exe	48
2836	588	WerFault.exe	49
2176	800	WerFault.exe	53
2776	2600	WerFault.exe	54
3012	1160	WerFault.exe	55
1312	1320	WerFault.exe	56
3032	2284	WerFault.exe	57
2060	304	WerFault.exe	59
2192	1728	WerFault.exe	58
2396	2832	WerFault.exe	61
2148	2016	WerFault.exe	62
2896	3040	WerFault.exe	64
2252	1892	WerFault.exe	60
2196	2752	WerFault.exe	70
1756	2256	WerFault.exe	75
3004	2532	WerFault.exe	72
1124	2780	WerFault.exe	74
896	2756	WerFault.exe	71
3084	1508	WerFault.exe	85
3076	2504	WerFault.exe	80
2768	2560	WerFault.exe	82
3680	3000	WerFault.exe	100
3804	2592	WerFault.exe	111
3820	1456	WerFault.exe	118
3812	2448	WerFault.exe	115
3796	1992	WerFault.exe	78
3788	2200	WerFault.exe	121
3780	2276	WerFault.exe	120
3772	2608	WerFault.exe	77
3764	2440	WerFault.exe	114
3756	2672	WerFault.exe	108
3748	1132	WerFault.exe	81
3740	1308	WerFault.exe	107
3732	2288	WerFault.exe	106
3724	2400	WerFault.exe	76
3716	1480	WerFault.exe	88
3708	2584	WerFault.exe	73
3700	1852	WerFault.exe	105
3896	1972	WerFault.exe	110
3888	1224	WerFault.exe	113
3880	2748	WerFault.exe	79
3872	1044	WerFault.exe	119
3920	1708	WerFault.exe	91
3912	1344	WerFault.exe	127
3936	1568	WerFault.exe	84
3972	2068	WerFault.exe	134
3964	904	WerFault.exe	132

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
2464	Unicorn-29733.exe
2588	Unicorn-19426.exe
3008	Unicorn-39292.exe
2420	Unicorn-3578.exe
2604	Unicorn-36997.exe
2416	Unicorn-56863.exe
2372	Unicorn-49416.exe
776	Unicorn-7828.exe
1220	Unicorn-3744.exe
1528	Unicorn-45332.exe
1472	Unicorn-65197.exe
2008	Unicorn-21280.exe
2824	Unicorn-58783.exe
1940	Unicorn-859.exe
1564	Unicorn-46531.exe
2424	Unicorn-13111.exe
580	Unicorn-42254.exe
588	Unicorn-62120.exe
800	Unicorn-14901.exe
1160	Unicorn-30683.exe
2600	Unicorn-30683.exe
1320	Unicorn-53194.exe
2284	Unicorn-60807.exe
1728	Unicorn-64891.exe
304	Unicorn-45026.exe
2832	Unicorn-28497.exe
1892	Unicorn-44279.exe
2332	Unicorn-48363.exe
2016	Unicorn-48363.exe
3040	Unicorn-16245.exe
2752	Unicorn-7413.exe
2756	Unicorn-49754.exe
2532	Unicorn-17636.exe
2584	Unicorn-17636.exe
2780	Unicorn-37502.exe
2256	Unicorn-20974.exe
2400	Unicorn-52769.exe
2608	Unicorn-52769.exe
1992	Unicorn-8207.exe
2504	Unicorn-39.exe
2748	Unicorn-49562.exe
2560	Unicorn-20782.exe
1480	Unicorn-44964.exe
1532	Unicorn-44964.exe
1132	Unicorn-916.exe
1624	Unicorn-7460.exe
1644	Unicorn-60745.exe
1508	Unicorn-60745.exe
1568	Unicorn-60745.exe
1708	Unicorn-21332.exe
2864	Unicorn-5550.exe
2884	Unicorn-29500.exe
1792	Unicorn-21140.exe
3000	Unicorn-5358.exe
900	Unicorn-62727.exe
968	Unicorn-62172.exe
764	Unicorn-57896.exe
240	Unicorn-29862.exe
1852	Unicorn-53620.exe
2288	Unicorn-45452.exe
1308	Unicorn-41368.exe
2672	Unicorn-33200.exe
1632	Unicorn-13334.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 2464	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	28
PID 2184 wrote to memory of 2464	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	28
PID 2184 wrote to memory of 2464	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	28
PID 2184 wrote to memory of 2464	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	28
PID 2464 wrote to memory of 3008	2464	Unicorn-29733.exe	29
PID 2464 wrote to memory of 3008	2464	Unicorn-29733.exe	29
PID 2464 wrote to memory of 3008	2464	Unicorn-29733.exe	29
PID 2464 wrote to memory of 3008	2464	Unicorn-29733.exe	29
PID 2184 wrote to memory of 2588	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 2588	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 2588	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 2588	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	30
PID 2184 wrote to memory of 2960	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 2960	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 2960	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	31
PID 2184 wrote to memory of 2960	2184	19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe	31
PID 2588 wrote to memory of 2420	2588	Unicorn-19426.exe	32
PID 2588 wrote to memory of 2420	2588	Unicorn-19426.exe	32
PID 2588 wrote to memory of 2420	2588	Unicorn-19426.exe	32
PID 2588 wrote to memory of 2420	2588	Unicorn-19426.exe	32
PID 2464 wrote to memory of 2604	2464	Unicorn-29733.exe	33
PID 2464 wrote to memory of 2604	2464	Unicorn-29733.exe	33
PID 2464 wrote to memory of 2604	2464	Unicorn-29733.exe	33
PID 2464 wrote to memory of 2604	2464	Unicorn-29733.exe	33
PID 3008 wrote to memory of 2416	3008	Unicorn-39292.exe	34
PID 3008 wrote to memory of 2416	3008	Unicorn-39292.exe	34
PID 3008 wrote to memory of 2416	3008	Unicorn-39292.exe	34
PID 3008 wrote to memory of 2416	3008	Unicorn-39292.exe	34
PID 2464 wrote to memory of 376	2464	Unicorn-29733.exe	35
PID 2464 wrote to memory of 376	2464	Unicorn-29733.exe	35
PID 2464 wrote to memory of 376	2464	Unicorn-29733.exe	35
PID 2464 wrote to memory of 376	2464	Unicorn-29733.exe	35
PID 2420 wrote to memory of 1220	2420	Unicorn-3578.exe	36
PID 2420 wrote to memory of 1220	2420	Unicorn-3578.exe	36
PID 2420 wrote to memory of 1220	2420	Unicorn-3578.exe	36
PID 2420 wrote to memory of 1220	2420	Unicorn-3578.exe	36
PID 2588 wrote to memory of 2372	2588	Unicorn-19426.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-19426.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-19426.exe	37
PID 2588 wrote to memory of 2372	2588	Unicorn-19426.exe	37
PID 2604 wrote to memory of 776	2604	Unicorn-36997.exe	38
PID 2604 wrote to memory of 776	2604	Unicorn-36997.exe	38
PID 2604 wrote to memory of 776	2604	Unicorn-36997.exe	38
PID 2604 wrote to memory of 776	2604	Unicorn-36997.exe	38
PID 3008 wrote to memory of 1528	3008	Unicorn-39292.exe	39
PID 3008 wrote to memory of 1528	3008	Unicorn-39292.exe	39
PID 3008 wrote to memory of 1528	3008	Unicorn-39292.exe	39
PID 3008 wrote to memory of 1528	3008	Unicorn-39292.exe	39
PID 2416 wrote to memory of 1472	2416	Unicorn-56863.exe	40
PID 2416 wrote to memory of 1472	2416	Unicorn-56863.exe	40
PID 2416 wrote to memory of 1472	2416	Unicorn-56863.exe	40
PID 2416 wrote to memory of 1472	2416	Unicorn-56863.exe	40
PID 3008 wrote to memory of 1372	3008	Unicorn-39292.exe	42
PID 3008 wrote to memory of 1372	3008	Unicorn-39292.exe	42
PID 3008 wrote to memory of 1372	3008	Unicorn-39292.exe	42
PID 3008 wrote to memory of 1372	3008	Unicorn-39292.exe	42
PID 2588 wrote to memory of 2564	2588	Unicorn-19426.exe	41
PID 2588 wrote to memory of 2564	2588	Unicorn-19426.exe	41
PID 2588 wrote to memory of 2564	2588	Unicorn-19426.exe	41
PID 2588 wrote to memory of 2564	2588	Unicorn-19426.exe	41
PID 1220 wrote to memory of 2008	1220	Unicorn-3744.exe	43
PID 1220 wrote to memory of 2008	1220	Unicorn-3744.exe	43
PID 1220 wrote to memory of 2008	1220	Unicorn-3744.exe	43
PID 1220 wrote to memory of 2008	1220	Unicorn-3744.exe	43

C:\Users\Admin\AppData\Local\Temp\19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\19f997ebc366112185c9e3b3f5479930_NeikiAnalytics.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7413.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        10⤵
        
        PID:1376
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        10⤵
        Program crash
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        9⤵
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
        9⤵
        Program crash
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27397.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        9⤵
        
        PID:112
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
        8⤵
        Program crash
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        9⤵
        
        PID:3132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
        9⤵
        Program crash
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
        8⤵
        
        PID:3104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        8⤵
        
        PID:3948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        7⤵
        Program crash
        
        PID:2176
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
        6⤵
        Program crash
        
        PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        9⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        9⤵
        
        PID:4032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
        8⤵
        Program crash
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
        7⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        8⤵
        
        PID:2084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
        8⤵
        Program crash
        
        PID:3804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
        7⤵
        Program crash
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        8⤵
        
        PID:2412
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        8⤵
        Program crash
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59686.exe
        7⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
        8⤵
        
        PID:5032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
        7⤵
        Program crash
        
        PID:3716
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
        6⤵
        Program crash
        
        PID:2876
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48363.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20782.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61788.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        9⤵
        
        PID:2312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
        9⤵
        Program crash
        
        PID:3888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        8⤵
        Program crash
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        8⤵
        
        PID:628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        8⤵
        Program crash
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-916.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60646.exe
        7⤵
        
        PID:856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 220
        7⤵
        Program crash
        
        PID:3748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
        6⤵
        Program crash
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16245.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57512.exe
        7⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        8⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 216
        8⤵
        Program crash
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7361.exe
        7⤵
        
        PID:1680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
        7⤵
        Program crash
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        6⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        7⤵
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 216
        7⤵
        
        PID:2168
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        6⤵
        Program crash
        
        PID:2896
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
        5⤵
        Program crash
        
        PID:1544
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:1372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-335.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        8⤵
        
        PID:792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
        8⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37646.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
        8⤵
        Program crash
        
        PID:3872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
        7⤵
        Program crash
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
        7⤵
        Executes dropped EXE
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
        8⤵
        Program crash
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        7⤵
        
        PID:780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
        7⤵
        
        PID:4532
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
        6⤵
        Program crash
        
        PID:720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41368.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
        8⤵
        
        PID:1300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
        8⤵
        Program crash
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
        7⤵
        
        PID:648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
        7⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
        7⤵
        
        PID:3316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
        7⤵
        
        PID:3100
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
        6⤵
        Program crash
        
        PID:2396
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
        5⤵
        Program crash
        
        PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8503.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14974.exe
        8⤵
        
        PID:2204
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
        8⤵
        Program crash
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51409.exe
        7⤵
        
        PID:3024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
        7⤵
        Program crash
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
        7⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
        7⤵
        Program crash
        
        PID:3764
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
        6⤵
        Program crash
        
        PID:3032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45452.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42411.exe
        7⤵
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
        7⤵
        Program crash
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7553.exe
        6⤵
        
        PID:1420
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
        6⤵
        Program crash
        
        PID:3796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
        5⤵
        Program crash
        
        PID:2056
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:664
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29500.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34627.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        10⤵
        
        PID:3508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
        10⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        9⤵
        
        PID:3216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
        9⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63962.exe
        8⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        9⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
        9⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
        8⤵
        Program crash
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5358.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63215.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13921.exe
        9⤵
        
        PID:3844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        9⤵
        
        PID:4280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
        8⤵
        Program crash
        
        PID:3680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
        7⤵
        Program crash
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62172.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42603.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        9⤵
        
        PID:3248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
        9⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        8⤵
        
        PID:3184
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
        8⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        7⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
        7⤵
        Program crash
        
        PID:3708
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
        6⤵
        Program crash
        
        PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20974.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57896.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        9⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
        9⤵
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        8⤵
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
        8⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18653.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        8⤵
        
        PID:3280
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        8⤵
        
        PID:4000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        7⤵
        Program crash
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
        7⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        8⤵
        
        PID:3256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        7⤵
        
        PID:3208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
        7⤵
        
        PID:4080
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
        6⤵
        Program crash
        
        PID:1312
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
        5⤵
        Program crash
        
        PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21140.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47071.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        9⤵
        
        PID:3116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
        9⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        8⤵
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18845.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        8⤵
        
        PID:3272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
        8⤵
        
        PID:3984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
        7⤵
        Program crash
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55047.exe
        7⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        8⤵
        
        PID:3288
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61051.exe
        7⤵
        
        PID:3396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
        7⤵
        
        PID:3480
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        6⤵
        Program crash
        
        PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64154.exe
        6⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
        7⤵
        
        PID:3124
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
        7⤵
        Program crash
        
        PID:3964
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
        6⤵
        Program crash
        
        PID:3004
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
        5⤵
        Program crash
        
        PID:1464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-859.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49562.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45260.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
        8⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
        8⤵
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52333.exe
        7⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
        7⤵
        Program crash
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42494.exe
        7⤵
        
        PID:1168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
        7⤵
        Program crash
        
        PID:3788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
        6⤵
        Program crash
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43563.exe
        7⤵
        
        PID:1056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
        7⤵
        Program crash
        
        PID:3756
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
        6⤵
        Program crash
        
        PID:3076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
        5⤵
        Program crash
        
        PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45026.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55410.exe
        6⤵
        
        PID:1248
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
        6⤵
        Program crash
        
        PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
        5⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35887.exe
        6⤵
        
        PID:3224
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
        6⤵
        
        PID:4048
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
        5⤵
        Program crash
        
        PID:2060
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
      4⤵
      Program crash
      PID:1236
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2564
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
  2⤵
  - Program crash
  PID:2960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-3578.exe

Filesize
184KB

MD5
3f996e4c9621a7bf1ac5cbd549f122c7

SHA1
c210a7f4dc3913e93aedc91cba47e6ac4d5e8cce

SHA256
a866fa8bacd1ac55d500e43407af0fb91c0d137340269f044c89febad8ee1a29

SHA512
c3b67090391f06bb7bc5ba27bd0acfce118a7598633fdd287e350e0fe4d39cdff4bb7f3248580a08b12062b4c23659d4d935bee06522a97ff03832711998d821

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe

Filesize
184KB

MD5
0e050151c8e1f3cfff25dd27ad478e42

SHA1
8836c64bba1133a57c09a0f344a2bcc1b5f60f74

SHA256
d8c61da4ac3ad57e70b627b377c7c3870afb08ffceade4a223d2aaaad8ce24f5

SHA512
014a5e35e33014816803fa90568443ee4316ebe36cadaa9c7ec85157f7b9e8b01e269a65b5809f0891621f5af5de46845e1dab72274e75b0b073e7cfafdb8367

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45332.exe

Filesize
184KB

MD5
e8616ac151431b5ac48ec1164be14f0a

SHA1
6c0ad9ea641cd151d93f25aade7b07ef739c19f7

SHA256
bc3f2fa560d53799bfb956531ea840c04f5040a3b23f313c9ab0bc941a242d7a

SHA512
a2d947641d109bfc95a6bb9bc1c7445e7f053ec012ba822a91d96c439067f78670581fbd0ea843ec66fac7efd8471202b669b67b3565977526b1e1ae22ce17df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe

Filesize
184KB

MD5
4aef4fc8b5acedc3abf929d889711155

SHA1
e034816dbea3b6e2b7c41d8bf40da97175fdc6cc

SHA256
e1de62a0098bb93d2f6f74eea6f1d3f33530d75d99f66b60fda565c38d9a1e61

SHA512
23ca9259c8ce4817b5878a1be8d5aaf915c84d8b5bf6945be515db5bbec67a8c0db70db7db9e84f5ca534f8bf0ef8e6a825ee74d3b9a272cfb7c17563369ff38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe

Filesize
184KB

MD5
365f5f0bc9f39933f13fe991fd641429

SHA1
d6d92f08e8ee1afc741b86ea8a2f8357693757d7

SHA256
0506ccbfd6e0737c42486f032c812ab7e2a770908141dad4b3a1d54b7049caec

SHA512
6b93fb041eeb95b6708844129993c795d8719e1bed1a66073216430bb464f12463df95b7e9b18ea26624116a84b075865878edd3aa1492b68dc59028f5cba27f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe

Filesize
184KB

MD5
c9c3128ba16f3e36589f1c8f995da3dc

SHA1
1c8bd0d47ba5f52c448a1f16c0bbb98b209801d3

SHA256
ebefbf74443ab7bac5a5d9f2f86db96e0ac7710c9e91219788d458465e9017d6

SHA512
60f75ba6290883ee592585526b247b9922d8d01b30599efeac5f10f04bc7610be04c664bb5749da105ad55549501be5d8d71bb2a25d0775a5614a6fa00adee93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe

Filesize
184KB

MD5
3c9eefc212252e8429e6c50417541c47

SHA1
77cb945a56fad4cce24aad7a082d9356dce664b5

SHA256
9c9dcebc15c08df8c948628e1e7e8eebc1a22ecb7cc74da42405442de464395f

SHA512
65b8d34f1e56468a43f02b2c8ec0a18a02bebb4edb48ec06759ab52f964e3b7d3c6d7d52d1ac253d29f5059155a45ceadc17b165e2788e85032eee755ae17eaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19426.exe

Filesize
184KB

MD5
56959d3e07fbe1bf49ef25603319fe5d

SHA1
922844b3a2db770b84caaa985dfe9dc904bf98cd

SHA256
66d258e63412b5ba3f526fd6c5aaf4be209b42daa7ea52ff4872ebe623d46dcf

SHA512
0068f3edc4284e81be78e3ce1ccc05de8cc752ba1ca19f13bb5f3be789e2f96d65092d04f8ba754b0a80c5447a6afbdff2174d5e1f1cf9120881dd91d41e1507

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21280.exe

Filesize
184KB

MD5
570272157609310ebcd0e43eb573228d

SHA1
36447546ff8b3bcf8e9f7de92d2b53fd781fc6aa

SHA256
26752b273825e2368d71e00671ea761cecee0dd18a73e3cb0b963b78a88a74f6

SHA512
a1dd8c732403afbba5e33a942a75ed608b2dea5796d233c31d822e0e1fb17e20963624f73fc7fb29cb7a848e2bbac30d7655e1e2d8ff826f199a0cf2d24435f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe

Filesize
184KB

MD5
6399f1d8074de403322704f8844918c7

SHA1
5e8d402d3b582a3796a642e8654e7565afda6d01

SHA256
30a653e913871e3cbdc876e5187edf2029f0ea4d0ccc55de83902693eeef0673

SHA512
9c999f803802c782c3c72f4f748c22c98fdd048ac6151df0451f8a0df76fcc8fa6181f95b8adf692f84171a1959d96031e74b94020bbd82787966257d9168b2c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe

Filesize
184KB

MD5
1ec5f19c0bbd03244b4e65810faff7bd

SHA1
bb5f618fb464764537a2555c426b675a56fa942a

SHA256
62334782cfa1925062742b619df74f9062f093837ded7d58d6c15f3a51c5eae7

SHA512
56170d7f4cba5c4009e99d6e1eb740f4c767f2d13672a11637c8e6ca7a267205ec6ed019d243c2eb2bd5ad1b8fa993da4f42c3e6ce86bbc7ac6e9e17015d6ba2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39292.exe

Filesize
184KB

MD5
dc7135b88cf544340ce87c6ac88fe942

SHA1
132d8282af7a464b15888c3f06ca61973688f1db

SHA256
f7f603dffc987ab5a62fbbaf7499e56718815310cc28f90b1444dab586af97f7

SHA512
508a5e63965b50c00c859b606b48f5d75788d501e1b1a766145bb2e0e0a5ad26da19c93411be28438f1d2ca82673f81115169ab2d8ecfad8d01f21808d71cec4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49416.exe

Filesize
184KB

MD5
f06b5052eea104e8f1a210145d56fe0c

SHA1
5a162217fdf284105011caceecc5c22e71efc8b8

SHA256
39e0a31126fec696b1bc27237f9a27ec7da9cc8f617767558e5d1101a847897e

SHA512
fee4ce498b1fb11251c2d82750caccef1d62cc05f7ef000370615d1b03f97f786ac90e76cc95f9d084b667295d1e52a027c2c0099a93d4c79bea327b4c98c0ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56863.exe

Filesize
184KB

MD5
42de8a0da78da91464aed063f1c0cced

SHA1
f0e05a16d80ac0a672e650f653ddc4d11248d513

SHA256
021c3ef0f0b458f6c565b839b419c55985f4ad570a125ca1e57bbfddc424bac2

SHA512
39cc0c5b96eb4d23f40c0400b48e3b3fa49826e40e242774690946a657c4a58f0ce05fa2aa4197f16849027c739bfef8a2da10f8f27f7f64b17c422c8610be28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe

Filesize
184KB

MD5
3c957f26e445fe3094ca6d45055c079e

SHA1
f8bbeed8b501f07858643f3eae4617635792d104

SHA256
c2d0482b0f5384fbbd6a40cd74f329756ce9bc838bff441790f0aa499081fee5

SHA512
069dfde49de72eab811eba59030339e236b831c41954ee1496d719851452269889d852ebe7e02deacc2a9a4669cb6972eaad402cdbf4a99c1c2874a6b92218f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe

Filesize
184KB

MD5
a2e5c7dfb10cb84d0cc8acc280af9350

SHA1
ebdd42c9c5332b43204dfed2c561097dd876c3ee

SHA256
080e2930b9dbf9ee635f7a58b49c1b12097824eec3d8eb3557cde15869f04bbf

SHA512
cf5e7bc836c5e330aee427373f5e098b714a1318dd157a31c75ffd0f2eb747f57f7415cf1194718a9e2be102f3af244dbfeb7d9e67bcc59a0ff896c8a04a4707

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads