686b4791d46cbc37cbc7a25ed9d0500d32fd5a8d490f52aafbc65fce1f18d4ca

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 01:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0a6ff092cc535479ee3fda60c5b31d28.exe
Size

184KB
MD5

0a6ff092cc535479ee3fda60c5b31d28
SHA1

9ca535633d586a7074ca958b41eb1bc78f74fb50
SHA256

686b4791d46cbc37cbc7a25ed9d0500d32fd5a8d490f52aafbc65fce1f18d4ca
SHA512

3a64e9371891f97475e5c313ff0fb9a7d3726fd8eec9f0c5704ef56b77dca4f29d5668c1bac1aef701a5d6c0c79813a96b4b7e8c1ee8b4bf9d594ef4faf0ad0a
SSDEEP

3072:F+DBomjH0WAeDYj7dB9mL8BbKZ96wn3iYiEx0IlppNlKvpFW:F+Foz7eDydfmL84ypANlKvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2840	Unicorn-32183.exe
2672	Unicorn-33766.exe
2804	Unicorn-30236.exe
2472	Unicorn-3288.exe
2732	Unicorn-12011.exe
2572	Unicorn-48213.exe
2192	Unicorn-19755.exe
548	Unicorn-9126.exe
2128	Unicorn-12847.exe
1712	Unicorn-39983.exe
2004	Unicorn-36453.exe
596	Unicorn-29542.exe
988	Unicorn-50517.exe
2748	Unicorn-24882.exe
1556	Unicorn-4269.exe
1540	Unicorn-62577.exe
1760	Unicorn-33242.exe
2384	Unicorn-377.exe
2956	Unicorn-54217.exe
1288	Unicorn-5696.exe
1916	Unicorn-10335.exe
1488	Unicorn-58789.exe
1272	Unicorn-58981.exe
1628	Unicorn-7403.exe
900	Unicorn-27269.exe
2152	Unicorn-15571.exe
1384	Unicorn-27461.exe
2076	Unicorn-6464.exe
2492	Unicorn-32099.exe
876	Unicorn-35629.exe
2508	Unicorn-2935.exe
1724	Unicorn-26885.exe
2720	Unicorn-44036.exe
2708	Unicorn-36422.exe
2836	Unicorn-27508.exe
2808	Unicorn-40912.exe
2588	Unicorn-56734.exe
3016	Unicorn-7170.exe
2840	Unicorn-63963.exe
2872	Unicorn-6786.exe
3004	Unicorn-28913.exe
2656	Unicorn-36527.exe
1672	Unicorn-4601.exe
1092	Unicorn-40803.exe
2476	Unicorn-60647.exe
2940	Unicorn-12385.exe
1060	Unicorn-24083.exe
612	Unicorn-32251.exe
1640	Unicorn-1285.exe
2480	Unicorn-1285.exe
2968	Unicorn-14025.exe
884	Unicorn-61306.exe
1612	Unicorn-26256.exe
1408	Unicorn-41440.exe
3064	Unicorn-25955.exe
2264	Unicorn-13257.exe
2412	Unicorn-12873.exe
2300	Unicorn-25209.exe
2092	Unicorn-24803.exe
2016	Unicorn-33712.exe
1924	Unicorn-9920.exe
2688	Unicorn-18336.exe
2796	Unicorn-18336.exe
2620	Unicorn-18336.exe

Loads dropped DLL 64 IoCs

pid	Process
2080	0a6ff092cc535479ee3fda60c5b31d28.exe
2080	0a6ff092cc535479ee3fda60c5b31d28.exe
2840	Unicorn-32183.exe
2840	Unicorn-32183.exe
2080	0a6ff092cc535479ee3fda60c5b31d28.exe
2080	0a6ff092cc535479ee3fda60c5b31d28.exe
2672	Unicorn-33766.exe
2672	Unicorn-33766.exe
2840	Unicorn-32183.exe
2840	Unicorn-32183.exe
2804	Unicorn-30236.exe
2804	Unicorn-30236.exe
2472	Unicorn-3288.exe
2672	Unicorn-33766.exe
2472	Unicorn-3288.exe
2672	Unicorn-33766.exe
2732	Unicorn-12011.exe
2732	Unicorn-12011.exe
2572	Unicorn-48213.exe
2572	Unicorn-48213.exe
2804	Unicorn-30236.exe
2804	Unicorn-30236.exe
2192	Unicorn-19755.exe
2192	Unicorn-19755.exe
2472	Unicorn-3288.exe
2472	Unicorn-3288.exe
548	Unicorn-9126.exe
548	Unicorn-9126.exe
2128	Unicorn-12847.exe
2128	Unicorn-12847.exe
2732	Unicorn-12011.exe
2732	Unicorn-12011.exe
1712	Unicorn-39983.exe
1712	Unicorn-39983.exe
2572	Unicorn-48213.exe
2572	Unicorn-48213.exe
2004	Unicorn-36453.exe
2004	Unicorn-36453.exe
596	Unicorn-29542.exe
596	Unicorn-29542.exe
2192	Unicorn-19755.exe
2192	Unicorn-19755.exe
988	Unicorn-50517.exe
988	Unicorn-50517.exe
2748	Unicorn-24882.exe
2748	Unicorn-24882.exe
548	Unicorn-9126.exe
548	Unicorn-9126.exe
1556	Unicorn-4269.exe
1556	Unicorn-4269.exe
2128	Unicorn-12847.exe
2128	Unicorn-12847.exe
1540	Unicorn-62577.exe
1540	Unicorn-62577.exe
1712	Unicorn-39983.exe
1712	Unicorn-39983.exe
2384	Unicorn-377.exe
2384	Unicorn-377.exe
1760	Unicorn-33242.exe
1760	Unicorn-33242.exe
2004	Unicorn-36453.exe
2004	Unicorn-36453.exe
2956	Unicorn-54217.exe
2956	Unicorn-54217.exe

Program crash 52 IoCs

pid	pid_target	Process	procid_target
1072	2508	WerFault.exe	58
672	1384	WerFault.exe	54
2376	2956	WerFault.exe	45
1208	2720	WerFault.exe	60
2564	2588	WerFault.exe	64
2400	2708	WerFault.exe	61
2660	3004	WerFault.exe	68
2364	2476	WerFault.exe	73
2568	2840	WerFault.exe	66
2448	2016	WerFault.exe	95
1900	2300	WerFault.exe	88
576	1052	WerFault.exe	106
1672	300	WerFault.exe	119
1272	552	WerFault.exe	123
2676	2340	WerFault.exe	133
2328	2368	WerFault.exe	151
2808	2836	WerFault.exe	146
2472	1808	WerFault.exe	154
3008	2684	WerFault.exe	157
2644	2620	WerFault.exe	147
2736	1308	WerFault.exe	149
2880	1880	WerFault.exe	160
2460	1180	WerFault.exe	163
392	1020	WerFault.exe	170
1788	2156	WerFault.exe	176
2680	2192	WerFault.exe	183
2096	800	WerFault.exe	181
1968	956	WerFault.exe	196
2896	1704	WerFault.exe	199
2732	692	WerFault.exe	205
2688	700	WerFault.exe	207
2592	380	WerFault.exe	213
2152	1692	WerFault.exe	204
1408	1236	WerFault.exe	206
2064	2992	WerFault.exe	212
1956	2512	WerFault.exe	203
1148	2012	WerFault.exe	215
2228	2904	WerFault.exe	222
2132	1584	WerFault.exe	243
3300	3664	WerFault.exe	273
3360	3708	WerFault.exe	334
1596	3928	WerFault.exe	331
1376	1192	WerFault.exe	343
3724	3580	WerFault.exe	310
3280	2488	WerFault.exe	342
3528	4044	WerFault.exe	340
1056	2500	WerFault.exe	308
3660	3324	WerFault.exe	330
3744	2972	WerFault.exe	344
3156	2008	WerFault.exe	358
3288	3420	WerFault.exe	348
1988	2272	WerFault.exe	355

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2080	0a6ff092cc535479ee3fda60c5b31d28.exe
2840	Unicorn-32183.exe
2672	Unicorn-33766.exe
2804	Unicorn-30236.exe
2472	Unicorn-3288.exe
2732	Unicorn-12011.exe
2572	Unicorn-48213.exe
2192	Unicorn-19755.exe
548	Unicorn-9126.exe
2128	Unicorn-12847.exe
1712	Unicorn-39983.exe
2004	Unicorn-36453.exe
596	Unicorn-29542.exe
988	Unicorn-50517.exe
2748	Unicorn-24882.exe
1556	Unicorn-4269.exe
1540	Unicorn-62577.exe
1760	Unicorn-33242.exe
2956	Unicorn-54217.exe
2384	Unicorn-377.exe
1288	Unicorn-5696.exe
1916	Unicorn-10335.exe
1488	Unicorn-58789.exe
1272	Unicorn-58981.exe
900	Unicorn-27269.exe
1628	Unicorn-7403.exe
2152	Unicorn-15571.exe
1384	Unicorn-27461.exe
2076	Unicorn-6464.exe
876	Unicorn-35629.exe
2508	Unicorn-2935.exe
1724	Unicorn-26885.exe
2492	Unicorn-32099.exe
2708	Unicorn-36422.exe
2720	Unicorn-44036.exe
2836	Unicorn-27508.exe
2808	Unicorn-40912.exe
2588	Unicorn-56734.exe
3016	Unicorn-7170.exe
2840	Unicorn-63963.exe
2872	Unicorn-6786.exe
3004	Unicorn-28913.exe
2656	Unicorn-36527.exe
1092	Unicorn-40803.exe
1672	Unicorn-4601.exe
2940	Unicorn-12385.exe
2476	Unicorn-60647.exe
1060	Unicorn-24083.exe
612	Unicorn-32251.exe
1640	Unicorn-1285.exe
2480	Unicorn-1285.exe
2264	Unicorn-13257.exe
2016	Unicorn-33712.exe
2968	Unicorn-14025.exe
884	Unicorn-61306.exe
3064	Unicorn-25955.exe
1612	Unicorn-26256.exe
2416	Unicorn-18336.exe
1924	Unicorn-9920.exe
2300	Unicorn-25209.exe
2620	Unicorn-18336.exe
2688	Unicorn-18336.exe
1408	Unicorn-41440.exe
2796	Unicorn-18336.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2080 wrote to memory of 2840	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	28
PID 2080 wrote to memory of 2840	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	28
PID 2080 wrote to memory of 2840	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	28
PID 2080 wrote to memory of 2840	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	28
PID 2840 wrote to memory of 2672	2840	Unicorn-32183.exe	29
PID 2840 wrote to memory of 2672	2840	Unicorn-32183.exe	29
PID 2840 wrote to memory of 2672	2840	Unicorn-32183.exe	29
PID 2840 wrote to memory of 2672	2840	Unicorn-32183.exe	29
PID 2080 wrote to memory of 2804	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	30
PID 2080 wrote to memory of 2804	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	30
PID 2080 wrote to memory of 2804	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	30
PID 2080 wrote to memory of 2804	2080	0a6ff092cc535479ee3fda60c5b31d28.exe	30
PID 2672 wrote to memory of 2472	2672	Unicorn-33766.exe	31
PID 2672 wrote to memory of 2472	2672	Unicorn-33766.exe	31
PID 2672 wrote to memory of 2472	2672	Unicorn-33766.exe	31
PID 2672 wrote to memory of 2472	2672	Unicorn-33766.exe	31
PID 2840 wrote to memory of 2732	2840	Unicorn-32183.exe	32
PID 2840 wrote to memory of 2732	2840	Unicorn-32183.exe	32
PID 2840 wrote to memory of 2732	2840	Unicorn-32183.exe	32
PID 2840 wrote to memory of 2732	2840	Unicorn-32183.exe	32
PID 2804 wrote to memory of 2572	2804	Unicorn-30236.exe	33
PID 2804 wrote to memory of 2572	2804	Unicorn-30236.exe	33
PID 2804 wrote to memory of 2572	2804	Unicorn-30236.exe	33
PID 2804 wrote to memory of 2572	2804	Unicorn-30236.exe	33
PID 2472 wrote to memory of 2192	2472	Unicorn-3288.exe	34
PID 2472 wrote to memory of 2192	2472	Unicorn-3288.exe	34
PID 2472 wrote to memory of 2192	2472	Unicorn-3288.exe	34
PID 2472 wrote to memory of 2192	2472	Unicorn-3288.exe	34
PID 2672 wrote to memory of 548	2672	Unicorn-33766.exe	35
PID 2672 wrote to memory of 548	2672	Unicorn-33766.exe	35
PID 2672 wrote to memory of 548	2672	Unicorn-33766.exe	35
PID 2672 wrote to memory of 548	2672	Unicorn-33766.exe	35
PID 2732 wrote to memory of 2128	2732	Unicorn-12011.exe	36
PID 2732 wrote to memory of 2128	2732	Unicorn-12011.exe	36
PID 2732 wrote to memory of 2128	2732	Unicorn-12011.exe	36
PID 2732 wrote to memory of 2128	2732	Unicorn-12011.exe	36
PID 2572 wrote to memory of 1712	2572	Unicorn-48213.exe	38
PID 2572 wrote to memory of 1712	2572	Unicorn-48213.exe	38
PID 2572 wrote to memory of 1712	2572	Unicorn-48213.exe	38
PID 2572 wrote to memory of 1712	2572	Unicorn-48213.exe	38
PID 2804 wrote to memory of 2004	2804	Unicorn-30236.exe	37
PID 2804 wrote to memory of 2004	2804	Unicorn-30236.exe	37
PID 2804 wrote to memory of 2004	2804	Unicorn-30236.exe	37
PID 2804 wrote to memory of 2004	2804	Unicorn-30236.exe	37
PID 2192 wrote to memory of 596	2192	Unicorn-19755.exe	39
PID 2192 wrote to memory of 596	2192	Unicorn-19755.exe	39
PID 2192 wrote to memory of 596	2192	Unicorn-19755.exe	39
PID 2192 wrote to memory of 596	2192	Unicorn-19755.exe	39
PID 2472 wrote to memory of 988	2472	Unicorn-3288.exe	40
PID 2472 wrote to memory of 988	2472	Unicorn-3288.exe	40
PID 2472 wrote to memory of 988	2472	Unicorn-3288.exe	40
PID 2472 wrote to memory of 988	2472	Unicorn-3288.exe	40
PID 548 wrote to memory of 2748	548	Unicorn-9126.exe	41
PID 548 wrote to memory of 2748	548	Unicorn-9126.exe	41
PID 548 wrote to memory of 2748	548	Unicorn-9126.exe	41
PID 548 wrote to memory of 2748	548	Unicorn-9126.exe	41
PID 2128 wrote to memory of 1556	2128	Unicorn-12847.exe	42
PID 2128 wrote to memory of 1556	2128	Unicorn-12847.exe	42
PID 2128 wrote to memory of 1556	2128	Unicorn-12847.exe	42
PID 2128 wrote to memory of 1556	2128	Unicorn-12847.exe	42
PID 2732 wrote to memory of 1540	2732	Unicorn-12011.exe	43
PID 2732 wrote to memory of 1540	2732	Unicorn-12011.exe	43
PID 2732 wrote to memory of 1540	2732	Unicorn-12011.exe	43
PID 2732 wrote to memory of 1540	2732	Unicorn-12011.exe	43

C:\Users\Admin\AppData\Local\Temp\0a6ff092cc535479ee3fda60c5b31d28.exe
"C:\Users\Admin\AppData\Local\Temp\0a6ff092cc535479ee3fda60c5b31d28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
        9⤵
        Program crash
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8216.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12627.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-889.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        14⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
        15⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        16⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57374.exe
        17⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42979.exe
        18⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
        19⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 220
        20⤵
        Program crash
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
        16⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
        17⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
        15⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
        16⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6165.exe
        17⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31729.exe
        18⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61948.exe
        14⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59696.exe
        15⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62034.exe
        16⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
        17⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        18⤵
        
        PID:3580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 224
        19⤵
        Program crash
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
        15⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        16⤵
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 224
        17⤵
        Program crash
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55689.exe
        10⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        11⤵
        
        PID:700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 224
        12⤵
        Program crash
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        8⤵
        Program crash
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12873.exe
        8⤵
        Executes dropped EXE
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8543.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30438.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9986.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43832.exe
        13⤵
        
        PID:380
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 244
        14⤵
        Program crash
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        10⤵
        
        PID:1020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
        11⤵
        Program crash
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        7⤵
        Executes dropped EXE
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61994.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20521.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54475.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42441.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
        12⤵
        
        PID:2904
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
        13⤵
        Program crash
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        9⤵
        
        PID:460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46442.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        11⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13536.exe
        13⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27743.exe
        14⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        15⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12574.exe
        16⤵
        
        PID:4044
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 224
        17⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        13⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10607.exe
        14⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21137.exe
        15⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2974.exe
        16⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43063.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59014.exe
        13⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
        14⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40888.exe
        15⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30530.exe
        16⤵
        
        PID:1192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 220
        17⤵
        Program crash
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
        15⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36524.exe
        16⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11008.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17096.exe
        11⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
        12⤵
        Program crash
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19015.exe
        11⤵
        
        PID:2156
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 220
        12⤵
        Program crash
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        10⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 224
        11⤵
        Program crash
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        8⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19421.exe
        12⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 224
        13⤵
        Program crash
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44371.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53894.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4517.exe
        14⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53692.exe
        15⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        17⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27479.exe
        18⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17085.exe
        19⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23912.exe
        15⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        16⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        17⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        18⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2306.exe
        14⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
        15⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60348.exe
        16⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        17⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15341.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17003.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63245.exe
        12⤵
        
        PID:2512
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 224
        13⤵
        Program crash
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35979.exe
        11⤵
        
        PID:692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 244
        12⤵
        Program crash
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38881.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe
        11⤵
        
        PID:1704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 224
        12⤵
        Program crash
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        7⤵
        Program crash
        
        PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        9⤵
        
        PID:1052
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 224
        10⤵
        Program crash
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
        7⤵
        Program crash
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7692.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63079.exe
        11⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27304.exe
        12⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 224
        13⤵
        Program crash
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25709.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
        10⤵
        
        PID:800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
        11⤵
        Program crash
        
        PID:2096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        7⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45601.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
        10⤵
        
        PID:1808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
        11⤵
        Program crash
        
        PID:2472
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 248
        10⤵
        Program crash
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45482.exe
        10⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36240.exe
        11⤵
        
        PID:2992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 224
        12⤵
        Program crash
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
        13⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33145.exe
        14⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
        15⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
        16⤵
        
        PID:2972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 224
        17⤵
        Program crash
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        12⤵
        
        PID:3316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
        13⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2839.exe
        14⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20894.exe
        15⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35207.exe
        9⤵
        
        PID:1880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
        10⤵
        Program crash
        
        PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32251.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33712.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
        9⤵
        Program crash
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2648.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        12⤵
        
        PID:1236
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 224
        13⤵
        Program crash
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42346.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43266.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31004.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
        13⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50101.exe
        14⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        15⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65008.exe
        16⤵
        
        PID:3708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 220
        17⤵
        Program crash
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
        14⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29912.exe
        15⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        16⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
        17⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        18⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47105.exe
        19⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3021.exe
        20⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11459.exe
        21⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        17⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23935.exe
        18⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30427.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1943.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25626.exe
        15⤵
        
        PID:3464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22170.exe
        16⤵
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 224
        17⤵
        Program crash
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41205.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
        13⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        14⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
        15⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15226.exe
        16⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        13⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
        14⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        15⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
        16⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64043.exe
        17⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15571.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63963.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
        7⤵
        Program crash
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 220
        6⤵
        Program crash
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1285.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8600.exe
        7⤵
        
        PID:300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
        8⤵
        Program crash
        
        PID:1672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35629.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60647.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
        8⤵
        Program crash
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41273.exe
        8⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11968.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9887.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
        11⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        12⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8061.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe
        14⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31526.exe
        15⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57509.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9398.exe
        17⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
        18⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24272.exe
        19⤵
        
        PID:2272
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 244
        20⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        16⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
        17⤵
        
        PID:2008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 188
        18⤵
        Program crash
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38787.exe
        13⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
        14⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55973.exe
        15⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21267.exe
        16⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
        17⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        18⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        19⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14805.exe
        15⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3472.exe
        16⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
        17⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34381.exe
        18⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17925.exe
        9⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36790.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
        12⤵
        
        PID:1584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 200
        13⤵
        Program crash
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32099.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50017.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12435.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38715.exe
        10⤵
        
        PID:1180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
        11⤵
        Program crash
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43545.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55845.exe
        10⤵
        
        PID:1692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 224
        11⤵
        Program crash
        
        PID:2152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26885.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42560.exe
        10⤵
        
        PID:1308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 244
        11⤵
        Program crash
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13649.exe
        9⤵
        
        PID:2368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 244
        10⤵
        Program crash
        
        PID:2328
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
        5⤵
        Program crash
        
        PID:2376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14025.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37490.exe
        8⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
        9⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49384.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30589.exe
        13⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26256.exe
        15⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59538.exe
        16⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        17⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25735.exe
        18⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56025.exe
        19⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32103.exe
        20⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
        18⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49523.exe
        19⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64152.exe
        20⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52885.exe
        15⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62792.exe
        16⤵
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        17⤵
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 224
        18⤵
        Program crash
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        14⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
        10⤵
        Program crash
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30822.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
        11⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
        12⤵
        Program crash
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45248.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        8⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62451.exe
        9⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38466.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40682.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
        13⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11071.exe
        14⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59507.exe
        15⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50431.exe
        16⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2756.exe
        17⤵
        
        PID:3420
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 220
        18⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40598.exe
        13⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57364.exe
        14⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19809.exe
        15⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29809.exe
        16⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2829.exe
        17⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30423.exe
        13⤵
        
        PID:3664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 244
        14⤵
        Program crash
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10105.exe
        8⤵
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 244
        9⤵
        Program crash
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
        7⤵
        Program crash
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2935.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2508
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
        5⤵
        Program crash
        
        PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe

Filesize
184KB

MD5
4ac55deb54721d264d3e5d2a0534c78e

SHA1
d85cfb4f94906056d83abe524d3a7038b7027dfe

SHA256
015ba9684b53d3029a75904cf23aa748ad697f5ab3e2309edb762d6143b8cd57

SHA512
5544e8fe68e234095c90552f92300c6cde76443b040a57864bbe30d3caa0e1b7ddba11c8497f16df47bd749c355c194cd41edaf63c0a39de2cbbca201907d317

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe

Filesize
184KB

MD5
4df883171d5247e2aa6aa8b4ca357045

SHA1
c0bdd7609994b191fc441347efee1b5ea18b61e4

SHA256
42aef375498ba4a29e8b00fada38e0c2fd6eaa6505db9d75074c9d42e745fb5e

SHA512
59306e6a6346ad251e2b6189661e1459bc981107d579f1fe1f6f847cff43c5a60e36b05390e6a4ff1cec74aa79c96a9dcacc0f0d1eadbd591c6f6ec539c66a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe

Filesize
184KB

MD5
70579a4347e34ce7908adb264ec7eb86

SHA1
2ca5933f68ae719b17847315cf9838c96cb6af40

SHA256
faf1ca09c2516187adb9461e063471a00d69821e174165a29e91dc19084e2d8f

SHA512
6f10d0f3a4af90287c145c3199c853c65e68e434043d0c252237c64324153282768d54030dbf8c8a126b864a54a5e2a872373e9f74ebb2aa69e30b4d24bb4d53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe

Filesize
139KB

MD5
c4ef2d806265e5f15a49a7d7fecbf2a6

SHA1
57df6c77aef70cba2b6d75f60665559dd22163a4

SHA256
17407ca3c4216789d1ed3046655abaf43bb28c8664e99e601f73c04176ea73ff

SHA512
72b568ed0c78dc4aea3fb62084dd97aec8efaa3ca95098da5bcb90fd686a79b54091a6e23a6639b925624e24cc61058b213b3b8cc7983c7509a970a1a2a8814a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe

Filesize
184KB

MD5
e0b3d70319f2efa75e182a4c311f9732

SHA1
2be8f41a8cc7980d59850632240ef3ddb52c3a58

SHA256
9b9a2a60d0e2455d9bf138c85cf5e9c1cb8812554d77e78e67eaf8ccb61c3ba1

SHA512
4277094e24c385865b994ac796675de9975462e9550585f2da719dfe702986b30409d083beb242ca604b4c85735f97fdfaa4c382f43689348310797038ddfdd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe

Filesize
184KB

MD5
805941c7028352e5918bc632a635c551

SHA1
eb51a5d6a1763b4ebb61926911dfcf1ba7aaf21a

SHA256
639e400c53d131b6db6d59601cf372d7fa7758b86124f08b2d12c080e2cc9b5c

SHA512
a32eb6e2675e0b45b7901ce992e2d7f5376faa4bfe1959f436d95419e8196ba05191c419a39ee6adc9c57919ed8f1312ad74de71e039067df8aa8ab2c32aab83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe

Filesize
184KB

MD5
2299bb0c3b88b77f1183b11dd7c256cf

SHA1
9689fdf6cc9b77de73bebdf94e66ecae0bd3e87d

SHA256
80cc9f105a9dd7652dec0b8462dd8fc35ac3e4d6138122cf299b901ef1a077fb

SHA512
6664c135b1302ee734aa5c023b049b58c65da16991bd6786ef0e780a2c53979989e70ea7d2eba1d86f6b4ccf98c6f83f5525e23a3a01d91e8d82fd38b2683f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe

Filesize
184KB

MD5
1e74563fd7617ea931b1d651147aaac8

SHA1
b96b37f50210a0e614afd7c1008845d58e6cc489

SHA256
7e5c40b14ffe5186688ba3a92e0a020bcfa5e4f21f7e4a371a85400071c8cee5

SHA512
97b9cbb8bff36843ad587562fe158722edebc63964bd7b4883df0947901c5ea560339a14596f1e0d10976fa08dfc3815dd8aabb4e1deee45483bf3b5a727248b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5696.exe

Filesize
184KB

MD5
efb7a67709705ae7e867fa3271d62c4f

SHA1
49cb477ae10461988ac5b178e92f5dbe023c4cef

SHA256
cf321b25327996d3538edb2ba29e4534887d43d5e0011c197d9ab02f7e6ce7e4

SHA512
73fad831bbfc34431d0ae0090a115fd277f3e5b8f5184c764009b8e51e45635580463d8ade711a80e3478ddd32b165b9273eb64d12ff82e5fda4ccbeb283a82d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5793.exe

Filesize
184KB

MD5
a73c268c37e71923099bc361ce1b8fa8

SHA1
08b088efa6eddc5ed271e9173b9d75b1f62a6cc3

SHA256
884aa68d5781c4d7b79b4179f2a5abf4eaa06e7eafc4be1192767ff673ba9c66

SHA512
0029821c71bb660a67b477fb56a545e779f6deae509b0cbdd4dfd2a9b543b669f17ae91fe4c929f89b1bdb6fcc6a071abbcddc254aaa8f74f90c92f91b68a833

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5944.exe

Filesize
184KB

MD5
798324a56fa309c59c3cf4329711f738

SHA1
bac294c20d5826d5165a2d4a47b685e573f96776

SHA256
e6c2e4f690cbc2774b8cef70bd403714f7bec6d0eb8798c3f6cce4843fa172a8

SHA512
4b05a12af555c5582adfdd409bc817665737481f5beba35ef8e7e7e9e8c33ed24c90706168d5c7483c8f4a039699f6f334e20af0c26b0b65e37dc78f05a7bdb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe

Filesize
184KB

MD5
dfd0ff76fc4f85c71ae3cbff281a6618

SHA1
9f54137cf66343ab9f746495226605379ffd7dce

SHA256
69fba7efe12600c64460f39202dcdb0fbd5131f140f50faaabc0bf2cd37b2ecc

SHA512
a64580c40443b773fca1bfd8bfa8a9cab353572f42d605dfad0ebdbaf2f06974c4a962a77776eba474f914c111f04b6e18491357d499be01e62d2267b2b6d16f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6464.exe

Filesize
184KB

MD5
cfe9e3b01c877800151b90f22142edb6

SHA1
fa4f2e9bddf0238cf2661ace878816a0feb9dbd9

SHA256
cfee4dfaa8c9ae090d5b1c61bb55c11b0ce2662f51c870f1b499749200d4fad8

SHA512
7bdc1ac49794e3d3a4f6cce5243293e228ff23705e2535d6ebe27469ca8ace69d7a59e2efc4c5c0037ec1d7b437507f0155593e5178cd56b29896d6b02f1b424

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6786.exe

Filesize
184KB

MD5
cd58b61d60f9e4867a748830a350a1d9

SHA1
e32a01020569b7b7fa7e2a0c6aedc3c8b899d3d1

SHA256
cc4272aed2571c1e420f893e522f62ef84a5aa2d83674015394db6ce52642a4f

SHA512
a603d2e969a1075ddae5d5d676fdee7d896106db133a3f0821aa914e77fe0a49528b97d8b09f70feac061bca123d399bbc04a9951b0339abddca1f576f0b3d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe

Filesize
176KB

MD5
44526f49b5e189af2e95cf4b5e064bad

SHA1
c3f73c66f6799638a59529819ccb9726950d46f1

SHA256
8bbbed0eb80cd2230f52454e16809b28d47dde697f74914f01708664892fabf2

SHA512
fb6f002fa5389194e4d4ec43884002b310a183fc7a6c43898254a07eac6f0e8b734706cc6ea85594d41b9750548683b3f9633c27be548b8f826810132be66b7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12011.exe

Filesize
184KB

MD5
33aa49308b7b8ea08861c0b92e9a6893

SHA1
f23c7a262ab98d7849b4223ee04ceb0cf6acc512

SHA256
a51c8984c8fb23745561fe8a1abe313a7e0e8ae087ae5b1eacacbbbc217e31ff

SHA512
da805e2402a30418fc4337448702b9ca69a6f9ff22c79a5bc12ee94aa8157e27241ec9acffb145a7dcdbfb49bf70e6c33be64b9b599570826e5164ea2b296cf1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe

Filesize
184KB

MD5
63829f6e79260ab86e0ae0902dc1d7e3

SHA1
fb1f27636d146da22ed8ebe7eddacb9116326924

SHA256
04506b416c7e908a638047a753d9302c2a19286cbe64e5bebef27ea2bfb3710a

SHA512
2c7c3b0205849da0d63c1cb1dda4fce0c72c82c28b8ed926e231fe98a5cda3fd05a311d5fe4472ce107d86f321b23472439f50837bc829248e6b7957109cf149

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24882.exe

Filesize
184KB

MD5
7470d1022bcc759a5cc3dddeb68631ce

SHA1
d5755c3a26439d496ae55138bd845a2a369c9fa0

SHA256
4823f20fbe744881c9f1ef5f0f2f0b810cffeca477957a6620afa765c3eceb34

SHA512
01a05d73ae460e42d12098bb98b86b5455d4f113a48465f500d95674f71af0ee1ed022691f720e126d9d963521d84c9b0221610e8adf42991a0031a716da1592

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe

Filesize
184KB

MD5
5b8e6a3c7569e5222a594deb57785a56

SHA1
82e292a24c82e5698164f2d5bd9795f2e60e03d6

SHA256
24ae9daa800d3befb6d5876a12e63e6ff7b383768ac5451e10abd76e7722b7fb

SHA512
bcb4112c967cda698e346e8e3618c1e99b551014e87d52c58abc5f3740b61a0dbad2733b9c773a84f15980bd290c70d8fc772e613268cc8ad5b39250d5764ddd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30236.exe

Filesize
184KB

MD5
9c86f24a4622fe655c6725ef10eb0e23

SHA1
e526c75dd47c62d4ac17396bdd7a80fa61c63933

SHA256
2ac3dd77fd9b86a6f665669babd22e246a2c874b06d7953b4931b0582de7dd87

SHA512
0f121c6372eba94b1eca4045e9ac53d412d7744b27370b20477b5b58ef71bb0902083b46388177032c891c92112187fd290f2a4f856bb688d66176933684bfb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe

Filesize
184KB

MD5
11799591abe7fa4e5cdea61d5713642b

SHA1
1f73b2297e69908829f1b7e23f7bbd56186cd22e

SHA256
2841ff47cab9f9f9f0a61fa36789e5850cb085a1e7925270d20dde7ba36c7a7f

SHA512
5dca8e486d4b2fbf1d378a07d1f8dc273c8d973d22e4b8412e54c977dd71e44a37e0d99957cf157955977f1dd0be9d2b10ca80245609923b6278f91e1bd9f8a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3288.exe

Filesize
184KB

MD5
2d0f81812569e59b3185fe2a4e77d3c6

SHA1
a00fc7c474b76bd2db0de9faf44dc0e50a40d821

SHA256
6c892c49899e7b7651202b73be4036adb140b1b0e6305de19e47ff8d682fb8dd

SHA512
b7b58ba46dcf284dedc1dd923b35a8f59da28b6fbc1a34c6f8c92845eacc6b1b25ec8f9aba9c6ef17f31e8393e6d4408641ba26381ec5635c42a8699684d742f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe

Filesize
133KB

MD5
dc8d50848eaf47db6fddbc9967a37dba

SHA1
3798f41e12ee0b7e78494c7f626f8478127e090d

SHA256
69af78173619117b74efff8421216d5eff820b6b96e0540f46cf8cb29d52252f

SHA512
ab61e4ab10643fc6cb35b2591c1c80161b0ff5e848a1337f1259e8333708b8f9d44951e6341d43a64228a8d6d380606df87905390b80236f8930c4daad9aa294

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe

Filesize
184KB

MD5
a151830e0d79e60e6dbbfdfc18e89235

SHA1
ffe6abed6bf3f30dd3746c681198b1d2255d5699

SHA256
669cde73194ca58041a8378f518f4d0eb9ab9343ed20bdf442c845c97412f497

SHA512
76de39fc7ca7f89cf9a138854ca6d2917b62075ffa952ebc0ffa4441540197298fd2e57d2ae76177014c0da13a1adbd7fb5f8c583ba4f01104e4d8ce4352ecf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe

Filesize
184KB

MD5
5e73bdcc05d836b96e2cef2f01d6e307

SHA1
c6feca85b5049894e2d234f1d3ad76ed728e1b67

SHA256
7d52ee47a92769afbfb1923c792798cbe9cef9777675f8042aef909c918b721e

SHA512
48d57d45eaa08b1fd74c4ecb2eac97fe2f22d05e35a1e82ec5998d8993517b06a52134738cab0a45839d03902edeea42904cdc2452af9563f498debfedc2d8a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe

Filesize
184KB

MD5
0122ff46e9d810329fa3f880c78bb6ab

SHA1
3c210e03c1c9b6201749fc455c4559dee684048c

SHA256
8e7107dabd181ce9bc48cab41f00495178d7b4ed5d1d967432e5ec84b3f2fea8

SHA512
c6a971d5a5a51a9f198cd381daf478aa7042a7f9f3ced7853001ab577238d1c49db6dd3cae964ca8662d16109569d14205c686a9b453cc61acf582be759a9d35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe

Filesize
93KB

MD5
34602aae59e5a65b3f794191fe985a09

SHA1
d60988ddc9f95abcc5f89fc231610a0eed280c49

SHA256
5986325fe1e17c631167d3289c581735812587da330205f18b16db800e8302ff

SHA512
b45f475a9452120e0f93c2247947a0951e0d0f9b5ac971416088714059e5a9d8dcf6fc4c35e2deec08967ebf47e6eed0ab59fdd1b478a06989db33c8c281ed08

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54217.exe

Filesize
184KB

MD5
07f120c508299e2e1e97fcffc68026ae

SHA1
f61cc442e706ae3d35f5ca9153feff0c15a33903

SHA256
68d939dc7ef317e367100bb8fe570e0c0efbd1f3630d83de2a5f3f5d88082005

SHA512
13281ef66656e92cfb6055e8aa9d0d57751b6f1271b5b78cd8abcd09726c7087329137d9154d1b968137c37f44c2ba6afca34d126e0eca57ac84442a82b2ce6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe

Filesize
184KB

MD5
e0f29fe0c39742859c6a13a09c88fd5d

SHA1
28f9feba7c917cc5c166b7a6d2c937a972f700b9

SHA256
b9bb62b47446c1d654275a144d2ce45baffccad15b6929ded05678f1cabf7f98

SHA512
cf910d73ace7cb7c547f449dedc5ba82c64854f8c42281b0b3e96479c01eea7b804eed57ecdc04edbee8b4d570731c2ad6b2409efe3b7d91d2b6c3d76159c178

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9126.exe

Filesize
184KB

MD5
2e4942ec6ba6e18613168ffd1ef040d6

SHA1
d8bbc205980b192e7dbdaaca15aea44b800b3798

SHA256
85fd834832be0f517e22e4dd9717d77eeaed4705d00522cdba98b127ae38156e

SHA512
c4bd3e6bf7acf0dbd88bf3b1a6478b4beab9bac8342580dc7c59454c2175525c217e9c059cdc7b3bebac50a6a10cb70078e3be96821862d26bf9b4db4d0c0ac0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads