d91ebc24d04c5977641ce8b23b6533122443e5a1ffba8206b74c38f4fc56b327

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12254e0f9bbbe6f3868f004943804a28.exe
Size

184KB
MD5

12254e0f9bbbe6f3868f004943804a28
SHA1

258f78b4a18630969df4a77466e8e954a8acc8ac
SHA256

d91ebc24d04c5977641ce8b23b6533122443e5a1ffba8206b74c38f4fc56b327
SHA512

13efcc65bf0d6287c32f25a1687a7dce910f845c3e15fe71f332b76692324d1e41b0bfad7eaf523b8a0c5e2f497987ae9169db631199d602f37197d19786a6a8
SSDEEP

3072:fIv5oc7fPgFLEjOdTAVozfbebP6oxDIIATxW24V+7lP7pFv:fIxoS4FLzd0VozcsEU7lP7pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1756	Unicorn-19110.exe
2204	Unicorn-62493.exe
2908	Unicorn-9955.exe
2780	Unicorn-38020.exe
2740	Unicorn-32098.exe
2720	Unicorn-18223.exe
2576	Unicorn-17870.exe
2996	Unicorn-63733.exe
1876	Unicorn-25078.exe
1976	Unicorn-18254.exe
2980	Unicorn-21548.exe
1704	Unicorn-36845.exe
1504	Unicorn-39149.exe
2620	Unicorn-45049.exe
2304	Unicorn-14836.exe
1052	Unicorn-60700.exe
2388	Unicorn-6585.exe
552	Unicorn-64359.exe
444	Unicorn-21058.exe
1532	Unicorn-18532.exe
1632	Unicorn-6066.exe
2416	Unicorn-45449.exe
108	Unicorn-33943.exe
1716	Unicorn-29305.exe
2988	Unicorn-34135.exe
1184	Unicorn-12200.exe
3060	Unicorn-61017.exe
2480	Unicorn-2709.exe
2080	Unicorn-37494.exe
1616	Unicorn-9268.exe
2276	Unicorn-53747.exe
2500	Unicorn-34073.exe
2128	Unicorn-37987.exe
2684	Unicorn-32123.exe
2592	Unicorn-5926.exe
2724	Unicorn-8687.exe
2072	Unicorn-13902.exe
2632	Unicorn-18501.exe
568	Unicorn-53804.exe
2868	Unicorn-15532.exe
2800	Unicorn-23736.exe
1360	Unicorn-13534.exe
1256	Unicorn-13534.exe
1148	Unicorn-25381.exe
1440	Unicorn-25381.exe
1648	Unicorn-37271.exe
1688	Unicorn-64079.exe
948	Unicorn-3290.exe
588	Unicorn-7011.exe
944	Unicorn-21340.exe
2936	Unicorn-26554.exe
2032	Unicorn-19647.exe
812	Unicorn-47681.exe
2036	Unicorn-47681.exe
2408	Unicorn-39513.exe
880	Unicorn-25590.exe
2116	Unicorn-29539.exe
1796	Unicorn-15174.exe
816	Unicorn-54173.exe
2804	Unicorn-48309.exe
2612	Unicorn-50530.exe
3020	Unicorn-9881.exe
1348	Unicorn-18242.exe
1516	Unicorn-18242.exe

Loads dropped DLL 64 IoCs

pid	Process
2508	12254e0f9bbbe6f3868f004943804a28.exe
2508	12254e0f9bbbe6f3868f004943804a28.exe
1756	Unicorn-19110.exe
1756	Unicorn-19110.exe
2508	12254e0f9bbbe6f3868f004943804a28.exe
2508	12254e0f9bbbe6f3868f004943804a28.exe
2204	Unicorn-62493.exe
2204	Unicorn-62493.exe
1756	Unicorn-19110.exe
2908	Unicorn-9955.exe
1756	Unicorn-19110.exe
2908	Unicorn-9955.exe
2780	Unicorn-38020.exe
2780	Unicorn-38020.exe
2204	Unicorn-62493.exe
2204	Unicorn-62493.exe
2720	Unicorn-18223.exe
2720	Unicorn-18223.exe
2740	Unicorn-32098.exe
2740	Unicorn-32098.exe
2908	Unicorn-9955.exe
2908	Unicorn-9955.exe
2996	Unicorn-63733.exe
2996	Unicorn-63733.exe
1976	Unicorn-18254.exe
1976	Unicorn-18254.exe
2720	Unicorn-18223.exe
2720	Unicorn-18223.exe
1876	Unicorn-25078.exe
1876	Unicorn-25078.exe
2740	Unicorn-32098.exe
2740	Unicorn-32098.exe
2980	Unicorn-21548.exe
2980	Unicorn-21548.exe
1704	Unicorn-36845.exe
1704	Unicorn-36845.exe
2996	Unicorn-63733.exe
2996	Unicorn-63733.exe
1504	Unicorn-39149.exe
1504	Unicorn-39149.exe
1976	Unicorn-18254.exe
1976	Unicorn-18254.exe
2388	Unicorn-6585.exe
2388	Unicorn-6585.exe
2980	Unicorn-21548.exe
2980	Unicorn-21548.exe
2304	Unicorn-14836.exe
2304	Unicorn-14836.exe
1876	Unicorn-25078.exe
1876	Unicorn-25078.exe
1052	Unicorn-60700.exe
1052	Unicorn-60700.exe
2620	Unicorn-45049.exe
2620	Unicorn-45049.exe
552	Unicorn-64359.exe
552	Unicorn-64359.exe
1704	Unicorn-36845.exe
1704	Unicorn-36845.exe
444	Unicorn-21058.exe
444	Unicorn-21058.exe
1532	Unicorn-18532.exe
1532	Unicorn-18532.exe
1504	Unicorn-39149.exe
1504	Unicorn-39149.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2468	2988	WerFault.exe	54
1028	2500	WerFault.exe	61
904	1688	WerFault.exe	78
2072	1972	WerFault.exe	123
2684	2628	WerFault.exe	187
3020	2372	WerFault.exe	235

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2508	12254e0f9bbbe6f3868f004943804a28.exe
1756	Unicorn-19110.exe
2204	Unicorn-62493.exe
2908	Unicorn-9955.exe
2780	Unicorn-38020.exe
2720	Unicorn-18223.exe
2740	Unicorn-32098.exe
2996	Unicorn-63733.exe
1976	Unicorn-18254.exe
1876	Unicorn-25078.exe
2980	Unicorn-21548.exe
1704	Unicorn-36845.exe
1504	Unicorn-39149.exe
2620	Unicorn-45049.exe
2388	Unicorn-6585.exe
2304	Unicorn-14836.exe
1052	Unicorn-60700.exe
552	Unicorn-64359.exe
444	Unicorn-21058.exe
1532	Unicorn-18532.exe
1632	Unicorn-6066.exe
2416	Unicorn-45449.exe
108	Unicorn-33943.exe
1716	Unicorn-29305.exe
1184	Unicorn-12200.exe
3060	Unicorn-61017.exe
2988	Unicorn-34135.exe
2480	Unicorn-2709.exe
2576	Unicorn-17870.exe
2080	Unicorn-37494.exe
1616	Unicorn-9268.exe
2276	Unicorn-53747.exe
2500	Unicorn-34073.exe
2128	Unicorn-37987.exe
2684	Unicorn-32123.exe
2592	Unicorn-5926.exe
2724	Unicorn-8687.exe
2072	Unicorn-13902.exe
2632	Unicorn-18501.exe
568	Unicorn-53804.exe
2868	Unicorn-15532.exe
2800	Unicorn-23736.exe
1256	Unicorn-13534.exe
1360	Unicorn-13534.exe
1148	Unicorn-25381.exe
1440	Unicorn-25381.exe
1648	Unicorn-37271.exe
1688	Unicorn-64079.exe
948	Unicorn-3290.exe
588	Unicorn-7011.exe
944	Unicorn-21340.exe
2936	Unicorn-26554.exe
2408	Unicorn-39513.exe
812	Unicorn-47681.exe
2036	Unicorn-47681.exe
2032	Unicorn-19647.exe
880	Unicorn-25590.exe
2116	Unicorn-29539.exe
1796	Unicorn-15174.exe
816	Unicorn-54173.exe
2804	Unicorn-48309.exe
2612	Unicorn-50530.exe
1348	Unicorn-18242.exe
3020	Unicorn-9881.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1756	2508	12254e0f9bbbe6f3868f004943804a28.exe	28
PID 2508 wrote to memory of 1756	2508	12254e0f9bbbe6f3868f004943804a28.exe	28
PID 2508 wrote to memory of 1756	2508	12254e0f9bbbe6f3868f004943804a28.exe	28
PID 2508 wrote to memory of 1756	2508	12254e0f9bbbe6f3868f004943804a28.exe	28
PID 1756 wrote to memory of 2204	1756	Unicorn-19110.exe	29
PID 1756 wrote to memory of 2204	1756	Unicorn-19110.exe	29
PID 1756 wrote to memory of 2204	1756	Unicorn-19110.exe	29
PID 1756 wrote to memory of 2204	1756	Unicorn-19110.exe	29
PID 2508 wrote to memory of 2908	2508	12254e0f9bbbe6f3868f004943804a28.exe	30
PID 2508 wrote to memory of 2908	2508	12254e0f9bbbe6f3868f004943804a28.exe	30
PID 2508 wrote to memory of 2908	2508	12254e0f9bbbe6f3868f004943804a28.exe	30
PID 2508 wrote to memory of 2908	2508	12254e0f9bbbe6f3868f004943804a28.exe	30
PID 2204 wrote to memory of 2780	2204	Unicorn-62493.exe	31
PID 2204 wrote to memory of 2780	2204	Unicorn-62493.exe	31
PID 2204 wrote to memory of 2780	2204	Unicorn-62493.exe	31
PID 2204 wrote to memory of 2780	2204	Unicorn-62493.exe	31
PID 1756 wrote to memory of 2740	1756	Unicorn-19110.exe	32
PID 1756 wrote to memory of 2740	1756	Unicorn-19110.exe	32
PID 1756 wrote to memory of 2740	1756	Unicorn-19110.exe	32
PID 1756 wrote to memory of 2740	1756	Unicorn-19110.exe	32
PID 2908 wrote to memory of 2720	2908	Unicorn-9955.exe	33
PID 2908 wrote to memory of 2720	2908	Unicorn-9955.exe	33
PID 2908 wrote to memory of 2720	2908	Unicorn-9955.exe	33
PID 2908 wrote to memory of 2720	2908	Unicorn-9955.exe	33
PID 2780 wrote to memory of 2576	2780	Unicorn-38020.exe	34
PID 2780 wrote to memory of 2576	2780	Unicorn-38020.exe	34
PID 2780 wrote to memory of 2576	2780	Unicorn-38020.exe	34
PID 2780 wrote to memory of 2576	2780	Unicorn-38020.exe	34
PID 2204 wrote to memory of 2996	2204	Unicorn-62493.exe	35
PID 2204 wrote to memory of 2996	2204	Unicorn-62493.exe	35
PID 2204 wrote to memory of 2996	2204	Unicorn-62493.exe	35
PID 2204 wrote to memory of 2996	2204	Unicorn-62493.exe	35
PID 2720 wrote to memory of 1976	2720	Unicorn-18223.exe	36
PID 2720 wrote to memory of 1976	2720	Unicorn-18223.exe	36
PID 2720 wrote to memory of 1976	2720	Unicorn-18223.exe	36
PID 2720 wrote to memory of 1976	2720	Unicorn-18223.exe	36
PID 2740 wrote to memory of 1876	2740	Unicorn-32098.exe	37
PID 2740 wrote to memory of 1876	2740	Unicorn-32098.exe	37
PID 2740 wrote to memory of 1876	2740	Unicorn-32098.exe	37
PID 2740 wrote to memory of 1876	2740	Unicorn-32098.exe	37
PID 2908 wrote to memory of 2980	2908	Unicorn-9955.exe	38
PID 2908 wrote to memory of 2980	2908	Unicorn-9955.exe	38
PID 2908 wrote to memory of 2980	2908	Unicorn-9955.exe	38
PID 2908 wrote to memory of 2980	2908	Unicorn-9955.exe	38
PID 2996 wrote to memory of 1704	2996	Unicorn-63733.exe	39
PID 2996 wrote to memory of 1704	2996	Unicorn-63733.exe	39
PID 2996 wrote to memory of 1704	2996	Unicorn-63733.exe	39
PID 2996 wrote to memory of 1704	2996	Unicorn-63733.exe	39
PID 1976 wrote to memory of 1504	1976	Unicorn-18254.exe	40
PID 1976 wrote to memory of 1504	1976	Unicorn-18254.exe	40
PID 1976 wrote to memory of 1504	1976	Unicorn-18254.exe	40
PID 1976 wrote to memory of 1504	1976	Unicorn-18254.exe	40
PID 2720 wrote to memory of 2620	2720	Unicorn-18223.exe	41
PID 2720 wrote to memory of 2620	2720	Unicorn-18223.exe	41
PID 2720 wrote to memory of 2620	2720	Unicorn-18223.exe	41
PID 2720 wrote to memory of 2620	2720	Unicorn-18223.exe	41
PID 1876 wrote to memory of 2304	1876	Unicorn-25078.exe	42
PID 1876 wrote to memory of 2304	1876	Unicorn-25078.exe	42
PID 1876 wrote to memory of 2304	1876	Unicorn-25078.exe	42
PID 1876 wrote to memory of 2304	1876	Unicorn-25078.exe	42
PID 2740 wrote to memory of 1052	2740	Unicorn-32098.exe	43
PID 2740 wrote to memory of 1052	2740	Unicorn-32098.exe	43
PID 2740 wrote to memory of 1052	2740	Unicorn-32098.exe	43
PID 2740 wrote to memory of 1052	2740	Unicorn-32098.exe	43

C:\Users\Admin\AppData\Local\Temp\12254e0f9bbbe6f3868f004943804a28.exe
"C:\Users\Admin\AppData\Local\Temp\12254e0f9bbbe6f3868f004943804a28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        9⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50710.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10072.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41601.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26713.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        14⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20315.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
        16⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49085.exe
        17⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25928.exe
        18⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62222.exe
        10⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31857.exe
        11⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5375.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54981.exe
        13⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56699.exe
        14⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
        15⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16381.exe
        16⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
        17⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        18⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        19⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        20⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        21⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4067.exe
        11⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64955.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8759.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54751.exe
        14⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56552.exe
        15⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
        16⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        17⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe
        18⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        19⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1083.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3569.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        12⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
        13⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20605.exe
        14⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
        15⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22256.exe
        17⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41576.exe
        18⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1973.exe
        19⤵
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41039.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5237.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4830.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        14⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
        15⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        16⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        17⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18118.exe
        18⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61298.exe
        8⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25972.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45308.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        13⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
        15⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
        16⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48810.exe
        17⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
        18⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21058.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28429.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        10⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
        12⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
        13⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        14⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58778.exe
        15⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56485.exe
        18⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        19⤵
        
        PID:404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2803.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1319.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        10⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
        12⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 244
        13⤵
        Program crash
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        9⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
        10⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18988.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35890.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
        13⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62587.exe
        14⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        16⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23922.exe
        17⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5250.exe
        18⤵
        
        PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
        12⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
        13⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        16⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        17⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
        18⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
        18⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
        19⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10564.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37259.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20591.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31375.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61528.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
        13⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47486.exe
        14⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38457.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33164.exe
        16⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
        17⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
        13⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        15⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
        16⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        17⤵
        
        PID:2092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
        6⤵
        Program crash
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60700.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20602.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48150.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37922.exe
        12⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23771.exe
        14⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        15⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
        16⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
        17⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44742.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59008.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58313.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        14⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15795.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50984.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        17⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        18⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        19⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
        20⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3905.exe
        14⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17046.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
        17⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        18⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        19⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        10⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21648.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24248.exe
        12⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
        13⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        14⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
        15⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21540.exe
        16⤵
        
        PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64389.exe
        8⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35130.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29240.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        12⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        13⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46516.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20580.exe
        16⤵
        
        PID:2440
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18532.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54173.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
        12⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1006.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        14⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50236.exe
        15⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37123.exe
        16⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        17⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
        18⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
        19⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
        20⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37313.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34184.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21754.exe
        11⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        12⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
        14⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        15⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        17⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        18⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34454.exe
        19⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
        17⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39773.exe
        18⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10393.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40301.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64128.exe
        13⤵
        
        PID:2372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 188
        14⤵
        Program crash
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
        7⤵
        Program crash
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6066.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15532.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12209.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15359.exe
        10⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39927.exe
        12⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        13⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25063.exe
        16⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7159.exe
        17⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        18⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        19⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
        20⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        21⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
        22⤵
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19647.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
        7⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44498.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61047.exe
        9⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
        10⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21007.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32032.exe
        12⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23449.exe
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        15⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51109.exe
        16⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24127.exe
        7⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57705.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59828.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1549.exe
        12⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
        14⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22863.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        16⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65006.exe
        17⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54791.exe
        18⤵
        
        PID:1832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 188
        8⤵
        Program crash
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3290.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        7⤵
        Executes dropped EXE
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10447.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        10⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4317.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
        12⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62234.exe
        13⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26874.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
        15⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2826.exe
        16⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38208.exe
        17⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45110.exe
        18⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        19⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54765.exe
        20⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40528.exe
        11⤵
        
        PID:620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7011.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65211.exe
        8⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27202.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15493.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        15⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        16⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
        17⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        18⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
        19⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58747.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21981.exe
        15⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
        16⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33603.exe
        17⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
        8⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
        9⤵
        Program crash
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33943.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18223.exe

Filesize
184KB

MD5
32e097f4a77c67bca2c63271a976e99a

SHA1
730ed956af56e76c360bcaedd59a4ac1f8979691

SHA256
b1d85d73e278b25b9dc9eb3f3e532af53584adff5f82ebcb8e8bf7662b9a72b4

SHA512
ec879bf647d404da1ba005ba7068924848e255256c04fd957e5ec39a201addb68f0ee29c7bff2d98790e6b91aadd25cd2bcca5ac27de21ccf0d970d9bd450c80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1825.exe

Filesize
184KB

MD5
ef1d5c79628c6db9a24bda7fef79bb00

SHA1
2a6aa4ba3ececad4e04c8d39c9f91fa9e9438b12

SHA256
7b06ce7d501626886c8e4002ee03528ce26c1c58a50156e9b2071e855175b2f6

SHA512
76a88e71625f0059fc09f6d44c69b263bbed947996d5b9660cad46cb950255116680df6390099c78f9334ab672cb70dd0c959878296a92778b7d488bc7d53312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18254.exe

Filesize
184KB

MD5
10a4044080d498a9cef803a9e431369e

SHA1
d7aea38a30c62d4711173517c2a6ebabece0d0a6

SHA256
96a8d15a4c8a528f5f2fc63a6a7a2a04dbec27bf900746d097aef508950d5e75

SHA512
2e5832ec3b06fbe839e17531c8e88629ca099a49da492bf7732d24850837192fcf10d1dd3f389ce55f1d8691128b87d9acad64fc84600db9d7ef79ef6c61cd05

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe

Filesize
184KB

MD5
38e61cfcbdc411eb2b26891fe267b7b1

SHA1
c45041403a078c51b2683e874056f7579d6d8eb4

SHA256
a9021c759db77aab67a0879bd66ddd034f4c0477fe234f75c167e9582456d86f

SHA512
77364dda0ad1661a1b03c2932c8cb73c6881222784020603fff902aee048766d79363033792bb24c69a8857802767cc54c3a3e891166b54e3d8f91767201b188

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe

Filesize
184KB

MD5
2e63c002f9b9a2f51bc127f29b296078

SHA1
56730129d21c9e0e873dbf762989402239cce49e

SHA256
b4fd8be9a37159f279ace1ffba6033de1224aedb11e8fc7851a0992bca207347

SHA512
0d763a97bfd51d23288004aae7391890158f4d4cd37e033f7f87d403b7f20cb2a14ad5d13e3574947dd5cfc6a9f8581dcd78c6c16ef637af629ec70e4e55bb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32098.exe

Filesize
184KB

MD5
828e86c2aae0b644693b812bfea423ea

SHA1
33af785d374bbf3255f19d8b26f37e2625412642

SHA256
230f6019e77ab4d839d9ba2cb09f3321278f704e9bb5f7cfd375bb8eab9cfea3

SHA512
d379ddb74d08d42ee1b147f89689b3eb793acb206505107d80ab214584b1479a1a000d7eb46f1e3370f21dd7ac2bd2748da8b3a796079a50b513d54892567b21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45049.exe

Filesize
184KB

MD5
d393bbc4dee72a8b504c98658638ed0a

SHA1
ff88af6845664dc3a4efb9722290041189443ef2

SHA256
02728786652df222427ba70c5cfffe7365c72a3fce2adfd36576ac207d36941a

SHA512
1e43defe6462f2fc0600d99505516f81e5d991782a3178b5d1772165a6524ec8013713a5cb8415cd4ae9d45c990a7e8d93de91bfc003d0b89573b077ff8fe1f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60700.exe

Filesize
184KB

MD5
ec3e22ed0460ae6962c65bd9287a8e01

SHA1
7b327bfbd0389affe3aba8b4adfbd0519f051bde

SHA256
51f3c1d59835a1a78674acdb389fc993b4b2fa784c7f48866989a12dacc32afd

SHA512
a1b088b32b5b80b35bfbbf3f3f1cf5826e4a04c329e6da4996f5b82d8ebdfad8eebaaea36e7e75832b24473dc990db6f67839d29cdf6e3e7e59c4c140a83c8cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe

Filesize
184KB

MD5
b06e8caf43f28136205de57d6de82602

SHA1
a7ac63596d5c4eae89d7b25691c30881f83fdc51

SHA256
2646a48df97f9ae9cff72f197735a649050d1f290b0d782997ab0f85f2a225b4

SHA512
b9b845cb8075129f4965dd8c5a5e10472eb91b4205941753771b564b60e82498b2a866bff10fe5f854e6201e5060aedecbf87b889d23894054c78a2d085569a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe

Filesize
184KB

MD5
f87f2ada1f35039c322e04a20e7bbc90

SHA1
65369d384f44c3ecfa83378129a0c1864b5dc692

SHA256
8068d89b8bd38435ca26e2b3a0bf02618a7d5723a769619cee5a36bc4efdd21e

SHA512
d61a8417a7fb513cec07125ed9f3121eca40a4dc08f543f71536e75b93fec303addff429351a68a626fb7e340dc25e616bb9d9592e15efd096e38d60a1c63883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63733.exe

Filesize
184KB

MD5
29dd32204eb3cb4767814b0e83e71565

SHA1
f1d7124daa73aabee3eb3eb35ac350b336e74ac0

SHA256
24eb011ffeddea215e4ce6fb62a985f82585bfe52f7a9e55bcbbfe4cf7994af5

SHA512
7caa4d0acf0fb41f8b76f8870364ca755eee041c49ef2478a1b1ff42224b9a78974f2af872232915dcf3d98ce048be2efc0dc9da83be693d6d4b13ff4e244d17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6585.exe

Filesize
184KB

MD5
4259a21c1c891a4c7d7a63f659692655

SHA1
ac38a6ac4ce3a8dbdabfe1b7d71ad6b7efd138fe

SHA256
2fa8b5888e5dd54999761414f945f397bfa62ad8c87a4cecda399baa5e8fc546

SHA512
5a69852f003c6a905cf1a0abbc5c34622b6edf7c14fbab1bfa3f21c2c719d53beb652f941bb81fd099c55e98c024d318744deecfc35bc38eddc2dfe65b9b9d7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9955.exe

Filesize
184KB

MD5
46c8f5a818da11812e91b126364989de

SHA1
08fae6a1f4896ac4e85fcad76fef1c699399cad0

SHA256
3224861b6b0bb7f25bf473244621416c650eb0a13c1b3039aa408e2c834e2e86

SHA512
17c6412603546288d51c38b96c1d628b94f3d05802038a43ef91e52663c1466960dccf46f8dc7b7fa2de6fa752abdfebcd2d48e1a6694a805928d1158b55678d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe

Filesize
184KB

MD5
6146fefc813008a082cd53324c052341

SHA1
3ffd40af1eea800b5c05c1b8a68445361a6c51a8

SHA256
8256d4ecaa5393a5552a66db61a024d54bcb453d77661f30a721e235de13e472

SHA512
437b355e96b4872babc5572679a6e10c38ee5fc2d41eb2ed6d5cc2ac0058de596b49a6616d21386799540134700d9e5cb86fcf51ff18b78eca64b176debdc085

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17870.exe

Filesize
184KB

MD5
4f2979945a8f2f069911fb6eef8519f4

SHA1
bb7e9ef531de7d5716e5601bad769812b907943e

SHA256
66cbbd8a72f205ca80d68e4039ce7f036435ac749e8afd161d0567881094b7ea

SHA512
b30f6c1d3aa96d7c8fbcde0958b3452aad460965cdb4bd90a921c42961e81009a53e74e0be1e6fd713dba21ae687c8ca103fd66fcd12882cd40e06a695a1d9cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe

Filesize
184KB

MD5
3e6856f213e8e016fef4d6e981c656d4

SHA1
fa7b0a1bc2ad72b87cf7310a9d70aeb635779781

SHA256
4dc52403fb1d46b291bad495d022406bd250157c8ffcd2b65d8c6e0c9157ec1e

SHA512
b905767b18f79ac9e8cd5ab3270c7025ca952a90e8d1cb736ec246736e1953469ba08b759c3d52cfd7d986d453b9c8435c8eb9aed94814d060312febe539d0ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe

Filesize
184KB

MD5
44a311730f8aca411a05355730618986

SHA1
841d11d01d8d6f9824f8c663c1f928a8fab5661f

SHA256
a98bc61cd91f9b6aab4a58a2143e0f7b97951a85c76c3ee7a47f6aefaeb5fb42

SHA512
e1d2fe9d21374925e3c098995b1783374ece0b3900a022c17c9c02ff55b32145e27ac833715c595a6a78422e2d508fee27a48908acae6eac5fd5394943640b20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe

Filesize
184KB

MD5
6bd097eebf28f8f4e407fbe249b8fcc2

SHA1
11e0e54f24b5f9bd08f0a268fb6aed0a5e4c3f60

SHA256
9f04b9310c4e812e0bead7c716a47af6cd410aebf0a69e85039567435ccd8780

SHA512
b0e8acadbec0723966efec3f4841bb55f9ed816b056d953ff30017ba3bf54fdc9b32abf11bcf7a79b191b93dcab28aa99f618f817cbd00ec551849f2918b58f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38020.exe

Filesize
184KB

MD5
b2e7e478ae0d3279ff44f2e169aebef8

SHA1
a6809dd519742dc80ab4b6c8277257d55911daa1

SHA256
f345a121c788072aa21e8d1ffe378a6004e66dfd060332adb0f8c08fa5a07ca2

SHA512
c47b4b1fa0f8fcfd008a59237a565d9237f5866cc9fc0110d0d15b8bcde23712dc0f640f83fa16e78ec4d4875051a7a9ab3fe703c9d2b8f33ef90539f13e4c6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39149.exe

Filesize
184KB

MD5
53dfcbdbbdd1b7683f7d4ec3f62f2bb8

SHA1
05661512dfe17467a4c0eaa0fb7f63cf94877dcf

SHA256
692fc9cd33b1a0d63c50ad3ef428a56f3081aefc2c349b6d6b15f9dc19725e96

SHA512
9a78e4ea7fbba4cc76c9b3f2e5a2c25fea01db209b2521639db741d11d0ae41f5b9ed7ed547074df45c18c6cfff6fb48b49b72e096a33a2156c5db85474ae04e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe

Filesize
184KB

MD5
05a0a55263b5ba9626f5ce7e888e0120

SHA1
e6f72b4cf3c8c7395b054b3ed470a0c457b22821

SHA256
787ea4c2559099cc2b2851ee3e83ed28ffde92f294c58266a9f2e20b1b8b0215

SHA512
c378c0748cd0a0f19727bbbe5899368b300c59f446859d9c2a340b58f3730579854a989ab378d90320b32fcf9864cf8e68ac6598eb1ae6ac2f039b7957a1e934

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64359.exe

Filesize
184KB

MD5
dd4a718fab324299ec1d7dab1f408125

SHA1
8a938b9ec56fa6eb5905b4f96e0e37b21e651909

SHA256
3a65db8b0b590c93495f4468ced20e90ab94369ba2fad9d27a7ef8595bd4bf20

SHA512
c48dd233486a8081d4597d322e510de93a7012e605a886816df523b1416ba69f71bd60f7f3b826fbbca336c6cf43363345ac786bde32e4e419e8e3c56ffb097b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads