2ced6795a21bdbb504524a7f1b8ee2e8a97946c5370a3bf772c3f00ce5ec40fd

Analysis

max time kernel
125s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

010ee620b4b6270d3fa9ce238cf2ab2b.exe
Size

184KB
MD5

010ee620b4b6270d3fa9ce238cf2ab2b
SHA1

0bf1f444a7b26241f50353bcf6b9a4192634c2e5
SHA256

2ced6795a21bdbb504524a7f1b8ee2e8a97946c5370a3bf772c3f00ce5ec40fd
SHA512

8c3d1508bfdba6e831b5b3a8f26e1c92665c1288ac61bb4a51cd8fb32b68c79f404f4cbeeb503466e1bddb74ab9e1d18cd7392c69cb4c5eda6be17c36775c755
SSDEEP

3072:JUDkomq80mwTaOjdqq9DX7kLsT+JwsIIbXxVGoY0xlv1pFy:JUYo9jTa6qWDX7tVwtxlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2920	Unicorn-59506.exe
3028	Unicorn-10471.exe
2584	Unicorn-43891.exe
2748	Unicorn-20031.exe
2692	Unicorn-4249.exe
2740	Unicorn-15370.exe
2968	Unicorn-32942.exe
2016	Unicorn-461.exe
1988	Unicorn-46133.exe
1416	Unicorn-45552.exe
1996	Unicorn-17710.exe
2568	Unicorn-22117.exe
1108	Unicorn-21794.exe
1580	Unicorn-45744.exe
1092	Unicorn-30607.exe
1020	Unicorn-7062.exe
604	Unicorn-64026.exe
2248	Unicorn-60347.exe
852	Unicorn-64986.exe
1196	Unicorn-44758.exe
2444	Unicorn-7254.exe
1964	Unicorn-60539.exe
624	Unicorn-53969.exe
2216	Unicorn-8297.exe
2128	Unicorn-33740.exe
768	Unicorn-788.exe
2148	Unicorn-10435.exe
896	Unicorn-33486.exe
2324	Unicorn-54120.exe
1984	Unicorn-62267.exe
1444	Unicorn-62480.exe
964	Unicorn-52122.exe
1260	Unicorn-37242.exe
2492	Unicorn-27019.exe
1756	Unicorn-59691.exe
952	Unicorn-23127.exe
2548	Unicorn-43547.exe
2184	Unicorn-59883.exe
2368	Unicorn-35379.exe
1636	Unicorn-10298.exe
1544	Unicorn-46728.exe
2500	Unicorn-10526.exe
1956	Unicorn-13863.exe
2900	Unicorn-27054.exe
576	Unicorn-39306.exe
1244	Unicorn-50428.exe
1664	Unicorn-6250.exe
1060	Unicorn-17948.exe
2140	Unicorn-51175.exe
1632	Unicorn-50620.exe
1688	Unicorn-30754.exe
680	Unicorn-3090.exe
2312	Unicorn-27040.exe
2316	Unicorn-56375.exe
2196	Unicorn-6619.exe
1552	Unicorn-23510.exe
3020	Unicorn-47460.exe
1744	Unicorn-15534.exe
2620	Unicorn-50065.exe
1536	Unicorn-58788.exe
1996	Unicorn-25561.exe
3012	Unicorn-62317.exe
604	Unicorn-38005.exe
2536	Unicorn-58980.exe

Loads dropped DLL 64 IoCs

pid	Process
2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe
2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe
2920	Unicorn-59506.exe
2920	Unicorn-59506.exe
2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe
2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe
3028	Unicorn-10471.exe
3028	Unicorn-10471.exe
2920	Unicorn-59506.exe
2920	Unicorn-59506.exe
2584	Unicorn-43891.exe
2584	Unicorn-43891.exe
2692	Unicorn-4249.exe
2692	Unicorn-4249.exe
2740	Unicorn-15370.exe
2740	Unicorn-15370.exe
2584	Unicorn-43891.exe
2584	Unicorn-43891.exe
2968	Unicorn-32942.exe
2968	Unicorn-32942.exe
2692	Unicorn-4249.exe
2692	Unicorn-4249.exe
2016	Unicorn-461.exe
2016	Unicorn-461.exe
2740	Unicorn-15370.exe
2740	Unicorn-15370.exe
1988	Unicorn-46133.exe
1988	Unicorn-46133.exe
1416	Unicorn-45552.exe
1416	Unicorn-45552.exe
2968	Unicorn-32942.exe
2968	Unicorn-32942.exe
1996	Unicorn-17710.exe
1996	Unicorn-17710.exe
2568	Unicorn-22117.exe
2568	Unicorn-22117.exe
2016	Unicorn-461.exe
1580	Unicorn-45744.exe
1580	Unicorn-45744.exe
2016	Unicorn-461.exe
1988	Unicorn-46133.exe
1988	Unicorn-46133.exe
1108	Unicorn-21794.exe
1108	Unicorn-21794.exe
1416	Unicorn-45552.exe
1416	Unicorn-45552.exe
1020	Unicorn-7062.exe
1020	Unicorn-7062.exe
1996	Unicorn-17710.exe
1996	Unicorn-17710.exe
1964	Unicorn-60539.exe
1108	Unicorn-21794.exe
1108	Unicorn-21794.exe
1964	Unicorn-60539.exe
1092	Unicorn-30607.exe
604	Unicorn-64026.exe
1092	Unicorn-30607.exe
604	Unicorn-64026.exe
1196	Unicorn-44758.exe
1196	Unicorn-44758.exe
2444	Unicorn-7254.exe
2444	Unicorn-7254.exe
852	Unicorn-64986.exe
852	Unicorn-64986.exe

Program crash 30 IoCs

pid	pid_target	Process	procid_target
2156	2016	WerFault.exe	35
2512	2568	WerFault.exe	39
2172	852	WerFault.exe	49
1068	964	WerFault.exe	60
2848	2248	WerFault.exe	45
2616	1260	WerFault.exe	63
2996	576	WerFault.exe	76
2384	2500	WerFault.exe	73
1820	1536	WerFault.exe	95
1796	1544	WerFault.exe	72
1840	1996	WerFault.exe	94
2852	3012	WerFault.exe	96
1456	1480	WerFault.exe	101
3020	2844	WerFault.exe	132
1128	2004	WerFault.exe	154
2020	2656	WerFault.exe	126
2484	1088	WerFault.exe	123
1540	2240	WerFault.exe	155
2620	2012	WerFault.exe	130
1688	2560	WerFault.exe	218
2760	1712	WerFault.exe	190
2764	1100	WerFault.exe	202
3928	1760	WerFault.exe	242
4072	3040	WerFault.exe	222
4064	2324	WerFault.exe	255
3424	2820	WerFault.exe	277
1884	3648	WerFault.exe	313
1748	3428	WerFault.exe	312
3320	1924	WerFault.exe	191
1964	448	WerFault.exe	278

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe
2920	Unicorn-59506.exe
3028	Unicorn-10471.exe
2584	Unicorn-43891.exe
2748	Unicorn-20031.exe
2692	Unicorn-4249.exe
2740	Unicorn-15370.exe
2968	Unicorn-32942.exe
2016	Unicorn-461.exe
1988	Unicorn-46133.exe
1416	Unicorn-45552.exe
1996	Unicorn-17710.exe
2568	Unicorn-22117.exe
1580	Unicorn-45744.exe
1108	Unicorn-21794.exe
1092	Unicorn-30607.exe
604	Unicorn-64026.exe
1020	Unicorn-7062.exe
2444	Unicorn-7254.exe
1964	Unicorn-60539.exe
852	Unicorn-64986.exe
1196	Unicorn-44758.exe
2148	Unicorn-10435.exe
1984	Unicorn-62267.exe
2128	Unicorn-33740.exe
624	Unicorn-53969.exe
2216	Unicorn-8297.exe
896	Unicorn-33486.exe
768	Unicorn-788.exe
1444	Unicorn-62480.exe
2248	Unicorn-60347.exe
964	Unicorn-52122.exe
1260	Unicorn-37242.exe
2492	Unicorn-27019.exe
952	Unicorn-23127.exe
2548	Unicorn-43547.exe
2184	Unicorn-59883.exe
1756	Unicorn-59691.exe
1636	Unicorn-10298.exe
2368	Unicorn-35379.exe
2992	Unicorn-50407.exe
1544	Unicorn-46728.exe
2500	Unicorn-10526.exe
1956	Unicorn-13863.exe
2900	Unicorn-27054.exe
576	Unicorn-39306.exe
1244	Unicorn-50428.exe
1664	Unicorn-6250.exe
1060	Unicorn-17948.exe
1688	Unicorn-30754.exe
2140	Unicorn-51175.exe
1632	Unicorn-50620.exe
1552	Unicorn-23510.exe
2316	Unicorn-56375.exe
2312	Unicorn-27040.exe
2196	Unicorn-6619.exe
680	Unicorn-3090.exe
3020	Unicorn-47460.exe
1744	Unicorn-15534.exe
2620	Unicorn-50065.exe
1996	Unicorn-25561.exe
1536	Unicorn-58788.exe
3012	Unicorn-62317.exe
604	Unicorn-38005.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2920	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	28
PID 2040 wrote to memory of 2920	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	28
PID 2040 wrote to memory of 2920	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	28
PID 2040 wrote to memory of 2920	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	28
PID 2920 wrote to memory of 3028	2920	Unicorn-59506.exe	29
PID 2920 wrote to memory of 3028	2920	Unicorn-59506.exe	29
PID 2920 wrote to memory of 3028	2920	Unicorn-59506.exe	29
PID 2920 wrote to memory of 3028	2920	Unicorn-59506.exe	29
PID 2040 wrote to memory of 2584	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	30
PID 2040 wrote to memory of 2584	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	30
PID 2040 wrote to memory of 2584	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	30
PID 2040 wrote to memory of 2584	2040	010ee620b4b6270d3fa9ce238cf2ab2b.exe	30
PID 3028 wrote to memory of 2748	3028	Unicorn-10471.exe	31
PID 3028 wrote to memory of 2748	3028	Unicorn-10471.exe	31
PID 3028 wrote to memory of 2748	3028	Unicorn-10471.exe	31
PID 3028 wrote to memory of 2748	3028	Unicorn-10471.exe	31
PID 2920 wrote to memory of 2692	2920	Unicorn-59506.exe	32
PID 2920 wrote to memory of 2692	2920	Unicorn-59506.exe	32
PID 2920 wrote to memory of 2692	2920	Unicorn-59506.exe	32
PID 2920 wrote to memory of 2692	2920	Unicorn-59506.exe	32
PID 2584 wrote to memory of 2740	2584	Unicorn-43891.exe	33
PID 2584 wrote to memory of 2740	2584	Unicorn-43891.exe	33
PID 2584 wrote to memory of 2740	2584	Unicorn-43891.exe	33
PID 2584 wrote to memory of 2740	2584	Unicorn-43891.exe	33
PID 2692 wrote to memory of 2968	2692	Unicorn-4249.exe	34
PID 2692 wrote to memory of 2968	2692	Unicorn-4249.exe	34
PID 2692 wrote to memory of 2968	2692	Unicorn-4249.exe	34
PID 2692 wrote to memory of 2968	2692	Unicorn-4249.exe	34
PID 2740 wrote to memory of 2016	2740	Unicorn-15370.exe	35
PID 2740 wrote to memory of 2016	2740	Unicorn-15370.exe	35
PID 2740 wrote to memory of 2016	2740	Unicorn-15370.exe	35
PID 2740 wrote to memory of 2016	2740	Unicorn-15370.exe	35
PID 2584 wrote to memory of 1988	2584	Unicorn-43891.exe	36
PID 2584 wrote to memory of 1988	2584	Unicorn-43891.exe	36
PID 2584 wrote to memory of 1988	2584	Unicorn-43891.exe	36
PID 2584 wrote to memory of 1988	2584	Unicorn-43891.exe	36
PID 2968 wrote to memory of 1416	2968	Unicorn-32942.exe	37
PID 2968 wrote to memory of 1416	2968	Unicorn-32942.exe	37
PID 2968 wrote to memory of 1416	2968	Unicorn-32942.exe	37
PID 2968 wrote to memory of 1416	2968	Unicorn-32942.exe	37
PID 2692 wrote to memory of 1996	2692	Unicorn-4249.exe	38
PID 2692 wrote to memory of 1996	2692	Unicorn-4249.exe	38
PID 2692 wrote to memory of 1996	2692	Unicorn-4249.exe	38
PID 2692 wrote to memory of 1996	2692	Unicorn-4249.exe	38
PID 2016 wrote to memory of 2568	2016	Unicorn-461.exe	39
PID 2016 wrote to memory of 2568	2016	Unicorn-461.exe	39
PID 2016 wrote to memory of 2568	2016	Unicorn-461.exe	39
PID 2016 wrote to memory of 2568	2016	Unicorn-461.exe	39
PID 2740 wrote to memory of 1108	2740	Unicorn-15370.exe	40
PID 2740 wrote to memory of 1108	2740	Unicorn-15370.exe	40
PID 2740 wrote to memory of 1108	2740	Unicorn-15370.exe	40
PID 2740 wrote to memory of 1108	2740	Unicorn-15370.exe	40
PID 1988 wrote to memory of 1580	1988	Unicorn-46133.exe	41
PID 1988 wrote to memory of 1580	1988	Unicorn-46133.exe	41
PID 1988 wrote to memory of 1580	1988	Unicorn-46133.exe	41
PID 1988 wrote to memory of 1580	1988	Unicorn-46133.exe	41
PID 1416 wrote to memory of 1092	1416	Unicorn-45552.exe	42
PID 1416 wrote to memory of 1092	1416	Unicorn-45552.exe	42
PID 1416 wrote to memory of 1092	1416	Unicorn-45552.exe	42
PID 1416 wrote to memory of 1092	1416	Unicorn-45552.exe	42
PID 2968 wrote to memory of 604	2968	Unicorn-32942.exe	44
PID 2968 wrote to memory of 604	2968	Unicorn-32942.exe	44
PID 2968 wrote to memory of 604	2968	Unicorn-32942.exe	44
PID 2968 wrote to memory of 604	2968	Unicorn-32942.exe	44

C:\Users\Admin\AppData\Local\Temp\010ee620b4b6270d3fa9ce238cf2ab2b.exe
"C:\Users\Admin\AppData\Local\Temp\010ee620b4b6270d3fa9ce238cf2ab2b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13863.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54123.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28976.exe
        9⤵
        
        PID:2560
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
        10⤵
        Program crash
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        8⤵
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
        6⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65400.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        9⤵
        
        PID:1676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58980.exe
        5⤵
        Executes dropped EXE
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
        6⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
        7⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32344.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
        10⤵
        
        PID:3100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35379.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
        12⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        13⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24129.exe
        10⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        11⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26340.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        14⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        15⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
        14⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        15⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        14⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50662.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12110.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        13⤵
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 240
        14⤵
        Program crash
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        11⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        12⤵
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 220
        13⤵
        Program crash
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        11⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61975.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
        12⤵
        
        PID:3560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23127.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50620.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51710.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16620.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21519.exe
        11⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
        13⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
        14⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
        15⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        11⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27684.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3090.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48778.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
        11⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        12⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29234.exe
        8⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34134.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48649.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        12⤵
        
        PID:3884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        9⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14626.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
        11⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        12⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        13⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36758.exe
        14⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        12⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54746.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        11⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57943.exe
        12⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        13⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
        14⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58420.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        10⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        11⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56375.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
        10⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        11⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1337.exe
        12⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        12⤵
        
        PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8297.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17948.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65301.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32420.exe
        8⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1093.exe
        11⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51175.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26879.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24626.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61802.exe
        12⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        13⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53246.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        10⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33740.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10298.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52286.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5353.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40512.exe
        11⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        9⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30253.exe
        10⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50423.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4398.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-906.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47149.exe
        10⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        12⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        13⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56293.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        11⤵
        
        PID:1732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45597.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63454.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49721.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
        13⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55450.exe
        12⤵
        
        PID:4016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
        11⤵
        Program crash
        
        PID:2760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
        10⤵
        Program crash
        
        PID:1128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 216
        9⤵
        Program crash
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28260.exe
        11⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        12⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        13⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        14⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37553.exe
        11⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28397.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45305.exe
        13⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
        9⤵
        Program crash
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
        8⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
        7⤵
        Program crash
        
        PID:2848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
        6⤵
        Program crash
        
        PID:2512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
        12⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
        13⤵
        
        PID:2444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
        13⤵
        Program crash
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
        12⤵
        Program crash
        
        PID:2764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
        11⤵
        Program crash
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
        10⤵
        Program crash
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12774.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
        11⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        12⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        13⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
        14⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1088.exe
        11⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
        12⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        13⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13952.exe
        11⤵
        
        PID:2712
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
        9⤵
        Program crash
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58788.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
        9⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49567.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17866.exe
        12⤵
        
        PID:976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
        12⤵
        Program crash
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        12⤵
        
        PID:3972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
        12⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
        11⤵
        Program crash
        
        PID:4072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
        10⤵
        Program crash
        
        PID:2484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
        9⤵
        Program crash
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
        8⤵
        Program crash
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57889.exe
        12⤵
        
        PID:3908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
        10⤵
        Program crash
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
        9⤵
        Program crash
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26169.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        12⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33469.exe
        11⤵
        
        PID:3168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
        8⤵
        Program crash
        
        PID:2384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
        7⤵
        Program crash
        
        PID:1068
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
        6⤵
        Program crash
        
        PID:2172
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
        5⤵
        Program crash
        
        PID:2156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-788.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
        9⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        11⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
        12⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
        8⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39131.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        8⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43978.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
        10⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        12⤵
        
        PID:3900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
        12⤵
        Program crash
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50428.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59359.exe
        9⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
        10⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        11⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        12⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        13⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1061.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
        11⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37471.exe
        10⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20746.exe
        11⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
        12⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
        13⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
        9⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48446.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35468.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59546.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54378.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49246.exe
        12⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        13⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
        7⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        9⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62125.exe
        7⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        8⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53231.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1034.exe
        10⤵
        
        PID:1084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
        10⤵
        Program crash
        
        PID:3320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
        9⤵
        Program crash
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
        8⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11309.exe
        9⤵
        
        PID:3960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7254.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
        6⤵
        Executes dropped EXE
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
        10⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        11⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
        8⤵
        
        PID:1220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44758.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27054.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62509.exe
        7⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30771.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
        9⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53288.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15260.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
        12⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24122.exe
        9⤵
        
        PID:3656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe

Filesize
184KB

MD5
27d7cc15ba99d31079c21d794ed9d345

SHA1
4fcac03e85d5c1b300fe0ae8ce75ba80b1472f7e

SHA256
0dbcc76d3871900bd2c09b8a35f2715e924093839556fda92b5c7dca85755606

SHA512
31a230f793ec73c20e3b2911f8cad4f8fdddbdaa6454f03910ec73b6f7ccef42ab7450b6e4c687ade120080db2173afda92cdfb4df70d6d811d3a76d94ea6653

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe

Filesize
184KB

MD5
cab89f920bba8f417485ff43e502421e

SHA1
9d439c0aa442150b60d4198be856f0b219e3157a

SHA256
efde01fc30e9bf2c0b97fae941195de967d452786d152de6d902126e00b876b0

SHA512
12931976420cca6f9334a7030a440d71d32ce8fa60c77715aa23ed9b3fde34ee0ae4db60f780eb7ee0bc5b979debdc1ccedb8ea84c7f4a412f3e66036bc8ba9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe

Filesize
184KB

MD5
334211b8e30fe783a6c19a373e706b9d

SHA1
3052667975ae595af5eb5d97d831ed2de3b3402f

SHA256
b45c0559a1abe772275a8bf669d59cf0a3626d5fdd629d242f57025fcd9713b0

SHA512
5e27f58a16fb4b34f43862c08cdf9bbb647326e005e3cf6719743f8969d7d26349fa78bb75023df008dc7cf7e4a719e6edead4779751578466b13d031f1658da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45552.exe

Filesize
184KB

MD5
57bc6818d2fb84a319d574fbceddb29e

SHA1
e54c2a4a2fa2d7eac49048974d9e4538716ad093

SHA256
3c1320b5ef559420b48dd62f2fdc551f27dad22a8adf9f8b7903703bf98b648e

SHA512
98cd37bd38850363af133efa443a1645e9649575a214568a99be9c3793697df45d6628db166f2c88613f6180d8c4ce617e26e2af54662aef104a822ac48f7a5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe

Filesize
184KB

MD5
6f73245f877225964b6c26ddb67e2a65

SHA1
6353f9dbf2251f20d8052d7a6f2d0c64e9807cfe

SHA256
2631818e9e00ab5a0818fda226ac25dedfb1308632ce98c15f89b67694308ce4

SHA512
c8cb0127e25d7b62497506a657a1ca3b1491703b7f161d97cde8ac7d120ee20a172885b32286be1b8ea3960935c349ffd4a73c20e34e600f6e4cf207878a73bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe

Filesize
184KB

MD5
8b17ac8d07f6b04e776873b541daa8e4

SHA1
10ec36971edd3e1989c1355f752078b5696d5e7f

SHA256
f8df1e4c94dd6fabc377e6d86a4b1b0cc62392dc707fd4bd949d2f662736f68e

SHA512
0e89dc10a4cb95dea6dda51e58108e3c40632c4b7fb0ad368d17f4e7348d76e18fbe77d3cffc032f25607ee3c1cdf3213fd36291c84c8b7271b3469ff39c70dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6443.exe

Filesize
184KB

MD5
a3c14cb6a56e447ea0790ee5aec97be5

SHA1
4cd6901f82950e16a462d46adabbc442b918e391

SHA256
c22cdd872a6db8c6598476dfa5e7f103e2252f6123da82d92eb60947bdb90be3

SHA512
1455876e97f09884e7044ae3782999c7b1d8bbba5c59003109024c0244f8dc10ea9e9193d282b61ef8f61f62cbce0c17a18b14bc50ed5e270606c8d066d44bf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6619.exe

Filesize
184KB

MD5
2568cd6bb643c09c30f69dcf2636e441

SHA1
94f8f73286511358ccd1360f3f7ada05ff876d17

SHA256
15c03622b6f593bd8406bee3ffadddc2c25ff1db8bc45bfaf0d5d867e70c6506

SHA512
c4c1701facddb0c26f38768e59eb98b96fc724d9fc3666d3a9f837d38923c84d2f9d62efb41eab92276dbcd0e354209b9da9fc9799b9ffa063cec1c47c7fde95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe

Filesize
184KB

MD5
624b2372cdeb9239cc3f9cc55d7c7a3d

SHA1
4588ed9512cc50d7ab411d348fe7ae761ceed87c

SHA256
21f22e3a4af996401ff115fd64346ad98586e97aa5aa9a3593b0f872b67bee30

SHA512
1abe03193120249492c0f2967bf4e9e7effef2a8dbbfe2fcf8b68e577e278e4cf719f8b10cbafbf4cbbc7dde1a3254550b8a7afddfb5fc86c439ace78606adff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe

Filesize
184KB

MD5
32853b33360d6ceba6d05e1ec1b57e35

SHA1
0579ecab8e8d086523b940dbb8f39a2d49fc3c91

SHA256
0776a11da5ab2891b72c32082b932e819210f60850de3213244fc0bbfa39de36

SHA512
8838f7600a3f641fec3af1bad41c512214bb42754bbbe3117208118259d27293fe801bcf22a6cc71c1c77f5dafdda2e1c6374176799f62920ca7e5966b418320

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe

Filesize
184KB

MD5
f8b6b878de1b77e8f5d1e9e1444de21e

SHA1
f82edfcd1250d4862b23aca769fa137546db3ec9

SHA256
ced73f390b0c3f85fdd331915498f8bd3be1882a66acf93ddc282b9d43e25801

SHA512
fed745def0dbce73d28495ca5e084dfec6d0bfa342bc74a5ab7bb9f867921eef877be00b0d5be4472bbd645cccaf87446e55e1e02ffe991153788399a767a663

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21794.exe

Filesize
184KB

MD5
c398f60df1a04d0e2214e3699e1cd8e4

SHA1
ab332bc786f4d5e2b67fd5ee11d0704ce4988491

SHA256
12c20a3c97d99f3af5444c737449f5cfba184e24cae94d153851d83812f8227a

SHA512
f926fbe72ef811b46541917779bc7d8b5a3232ded9a1d7eb21002ed21591a1142518d69b2af542b219967606620712bd2da244cc2d7e883bb2b7e4c91e421495

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22117.exe

Filesize
184KB

MD5
2a9e35db6de6c59a4a3be3a0bbcfbaad

SHA1
9ab07bc24a55e9b4992dac52e0ffa1b80f9c1c1f

SHA256
8079622c87e14e0e0752f2d77b5ce936518e755443aae02b9f03c2616ad188df

SHA512
48cd24ec70a1982b7e769b5d7c7335b741785dbc2d4a408d843eec341cfd4cf59aa9223ebe39a587c017a24f86669fd43169b84e90f916d259b4ff226ca25f00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30607.exe

Filesize
184KB

MD5
5fbd6cde1905561434da3c91250a7ac2

SHA1
954f9f3e27fec642519b796ea93bf95589b755fd

SHA256
e97d669480260e6728739cb339ffbc8a3e02b91ba09b63f11450cce243929982

SHA512
2bd859fd007ca20ab6c86ddc148ec84200d062a40a18cbeb383f8a5654967a361425e17b9367a6a515ee6b70a573538bb810452203f26bbb2c5ffc83e75641ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32942.exe

Filesize
184KB

MD5
6081e885164a41014b47742d9389ebe0

SHA1
a4191fd830019a4ee281750403689d0d3d139f1f

SHA256
53f8530a17f625cf2e2092f7c3d5a8ccbd3f7515681d98c15b259b288636ac2a

SHA512
dad931a2e82b714c461a5fe1db7f91eccbacd5554696872dc84ff2a28b9171b5f6bbc3ec63c6b47332d82ca130012a2ef0279de8efc0f02f22ca228b784d3b46

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4249.exe

Filesize
184KB

MD5
6d4ee5a8a74dd120dfc6e1f0f60520f8

SHA1
e0eedd21c4abaa3d3f446a665e400907c86f2fa7

SHA256
6a814fd4310bd548a9be3c7f5083c641f4ead7af45c9b486563b36891b013b2b

SHA512
2b24ce2bb1fb1e35dc15476cee9eff67ab21c1035b2b5ba994de7682a08435db2a93d3a75190d366843ff5cb9d3fb50392b4f96a981417d131da8220639abe82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43891.exe

Filesize
184KB

MD5
1baee5eb245767cc5711ff3334d8917a

SHA1
85b051bd7a2cab7755ba35ff2da45c99a1918095

SHA256
dc1ce82cb1cc88e4e2271c496da75f8e9093f8ecff87a97da372f85b4f0a8078

SHA512
ba5e7b5f4abb3e0a5e9eb3e29604eda282c490f07586e50ca41f17a68523eed857c30c5ade524c8c520621b9077e84e06d3c705a477f601a2f83ff279f0d76ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe

Filesize
184KB

MD5
848d73d47a55c255e82cf392121216fd

SHA1
0e0a3736d487a576dd318e379e34f68731f9dac1

SHA256
202a866bdd2927577995403ca4ed57658a5af4ca7f1157ca0035ee7540085f5a

SHA512
47e4c55eaa7c607180b91d4a9aa0166d192e08756c925823263946d50992e2437ea6e8c4118590c31c6f40200b90eef07015f811be87acd2491a16280bdcca3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe

Filesize
184KB

MD5
cb2e46f1798df1b9f45df75c6c495e1e

SHA1
cd2553f3037462628baaf06f1bc6f78ffd5d637c

SHA256
05962f4d6f3035898a164c1248ce0c08110733e1320e46d90bafc916d5e2a0be

SHA512
c6274784a9c4c192aba1d951eb79238dc5453591c1e9055a61294a0e7e890f91815783cf86c49d360f0bbda4ebf51c0ea3dc546832faa46ad1af1c03e0f2ac40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe

Filesize
184KB

MD5
92e515f8d330a3713546eafa1e5211ef

SHA1
c943dbb384c9650409ccd82fb283ad2e302428fe

SHA256
b70f33e4e89983682af42ddbd9c34fcd630286fe6bbc67702412453e59a86f2f

SHA512
e60c61fe0312c39f7a756752068356eef2903ff4c385e50ccad5cfa6a24a2950efe147d168f2e4f75c8d8b1c966cefaa093fbe237c9e350d6e22dde95b41414e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe

Filesize
184KB

MD5
af4c520fddffc54025324c510c5467b0

SHA1
3e5b1d148b124455a6e9911b7b79fd7e418fc8a6

SHA256
deb17c775dee683c45c1b21ba2eb9896025c18e491690fa3ca84d2a6b631fc7c

SHA512
184f9385f5af4ed92bc0ebf4c731dcddbe43019f52bbb21f1688a7b9364cf1c425506a3720609d4fab36550619868f48d6d8beaa0aa0433a521a0f4264fb0438

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7062.exe

Filesize
184KB

MD5
b8b75c1731e2173723fe496e0a19a5e2

SHA1
0a6fa799bda8e87887b19f057155dc9324755801

SHA256
da151b7c995f4f63e0f986056f6dac80f941ba6a7d25a190b75e3b93aa01785a

SHA512
aea0ede475d9eed5d8b74b6606159e405a67b03056f7db81a838e394b6e5c470ca5df9224c425c071a688bd718b0eb4dd91526f9d7cceca25b1b4bd432fb39ce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads