73a9e63498ef74ff4bcc2baab0b2b57ad5a31929606f8856e13fbdddbf32fad7

Analysis

max time kernel
135s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

169a15fc4cd15da66470768cfdb49dd3.exe
Size

184KB
MD5

169a15fc4cd15da66470768cfdb49dd3
SHA1

64e555706b8f51fb86a2a96665d8bc1cd3767d29
SHA256

73a9e63498ef74ff4bcc2baab0b2b57ad5a31929606f8856e13fbdddbf32fad7
SHA512

1e5dae90e0a06152bb7a2d9c9ba3439431cb9c1c41760d09ebd9cf752525c6934edc163396cbd23b840df201707b69628ef106f01ad935b3c0b808456f1dc2ba
SSDEEP

3072:xuRroT0xcOAEAmjUMhnOc8AMUXjMTxXldk7xKDP7VylPvpFv:xuhoxDEAXMhOc8F1BlylPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1524	Unicorn-22925.exe
2656	Unicorn-7906.exe
2896	Unicorn-45410.exe
2400	Unicorn-46604.exe
2708	Unicorn-38436.exe
2600	Unicorn-2234.exe
2624	Unicorn-53314.exe
2172	Unicorn-25280.exe
2988	Unicorn-12089.exe
2920	Unicorn-44954.exe
1440	Unicorn-15851.exe
1304	Unicorn-25899.exe
2964	Unicorn-38897.exe
1764	Unicorn-42427.exe
1688	Unicorn-3506.exe
2056	Unicorn-32841.exe
2060	Unicorn-36371.exe
3060	Unicorn-32649.exe
336	Unicorn-11482.exe
964	Unicorn-2987.exe
2408	Unicorn-49728.exe
1600	Unicorn-58348.exe
1540	Unicorn-42697.exe
1876	Unicorn-25868.exe
1936	Unicorn-47528.exe
2248	Unicorn-30698.exe
920	Unicorn-58732.exe
1680	Unicorn-9339.exe
2016	Unicorn-30506.exe
2348	Unicorn-32884.exe
2196	Unicorn-54051.exe
3048	Unicorn-16832.exe
2192	Unicorn-36698.exe
2208	Unicorn-36698.exe
868	Unicorn-48353.exe
2884	Unicorn-8387.exe
2604	Unicorn-40728.exe
2668	Unicorn-2631.exe
2068	Unicorn-43908.exe
1000	Unicorn-3342.exe
1868	Unicorn-18304.exe
576	Unicorn-1967.exe
1364	Unicorn-17344.exe
2440	Unicorn-31454.exe
912	Unicorn-41267.exe
1576	Unicorn-22710.exe
1932	Unicorn-55574.exe
892	Unicorn-39430.exe
2144	Unicorn-23094.exe
2184	Unicorn-55958.exe
2796	Unicorn-41734.exe
2784	Unicorn-20799.exe
2696	Unicorn-40089.exe
2380	Unicorn-25481.exe
2820	Unicorn-8376.exe
1696	Unicorn-23836.exe
1672	Unicorn-3970.exe
1328	Unicorn-28282.exe
2684	Unicorn-9995.exe
1820	Unicorn-14826.exe
2584	Unicorn-9803.exe
2168	Unicorn-42668.exe
540	Unicorn-46347.exe
2072	Unicorn-41708.exe

Loads dropped DLL 64 IoCs

pid	Process
2536	169a15fc4cd15da66470768cfdb49dd3.exe
2536	169a15fc4cd15da66470768cfdb49dd3.exe
1524	Unicorn-22925.exe
2536	169a15fc4cd15da66470768cfdb49dd3.exe
1524	Unicorn-22925.exe
2536	169a15fc4cd15da66470768cfdb49dd3.exe
2896	Unicorn-45410.exe
2896	Unicorn-45410.exe
2656	Unicorn-7906.exe
2656	Unicorn-7906.exe
1524	Unicorn-22925.exe
1524	Unicorn-22925.exe
2400	Unicorn-46604.exe
2896	Unicorn-45410.exe
2400	Unicorn-46604.exe
2896	Unicorn-45410.exe
2708	Unicorn-38436.exe
2708	Unicorn-38436.exe
2600	Unicorn-2234.exe
2600	Unicorn-2234.exe
2656	Unicorn-7906.exe
2656	Unicorn-7906.exe
2624	Unicorn-53314.exe
2624	Unicorn-53314.exe
2400	Unicorn-46604.exe
2400	Unicorn-46604.exe
2172	Unicorn-25280.exe
2172	Unicorn-25280.exe
2920	Unicorn-44954.exe
2920	Unicorn-44954.exe
2600	Unicorn-2234.exe
2600	Unicorn-2234.exe
1440	Unicorn-15851.exe
1440	Unicorn-15851.exe
2708	Unicorn-38436.exe
2708	Unicorn-38436.exe
2988	Unicorn-12089.exe
2988	Unicorn-12089.exe
1304	Unicorn-25899.exe
1304	Unicorn-25899.exe
2624	Unicorn-53314.exe
2624	Unicorn-53314.exe
2964	Unicorn-38897.exe
2964	Unicorn-38897.exe
1764	Unicorn-42427.exe
1764	Unicorn-42427.exe
1688	Unicorn-3506.exe
1688	Unicorn-3506.exe
2172	Unicorn-25280.exe
2172	Unicorn-25280.exe
3060	Unicorn-32649.exe
2920	Unicorn-44954.exe
3060	Unicorn-32649.exe
2920	Unicorn-44954.exe
336	Unicorn-11482.exe
336	Unicorn-11482.exe
2988	Unicorn-12089.exe
2988	Unicorn-12089.exe
2060	Unicorn-36371.exe
2060	Unicorn-36371.exe
1440	Unicorn-15851.exe
1440	Unicorn-15851.exe
1928	WerFault.exe
1928	WerFault.exe

Program crash 22 IoCs

pid	pid_target	Process	procid_target
1928	2056	WerFault.exe	43
2384	1540	WerFault.exe	50
356	1088	WerFault.exe	105
2120	2616	WerFault.exe	101
940	2072	WerFault.exe	95
412	2920	WerFault.exe	126
796	912	WerFault.exe	156
2576	3060	WerFault.exe	161
2700	1632	WerFault.exe	215
2888	1716	WerFault.exe	234
2300	1080	WerFault.exe	214
1092	1064	WerFault.exe	226
1812	1252	WerFault.exe	224
2400	1244	WerFault.exe	241
2296	956	WerFault.exe	244
1992	2732	WerFault.exe	223
2612	2392	WerFault.exe	264
2712	2060	WerFault.exe	238
1864	2964	WerFault.exe	227
2004	2788	WerFault.exe	257
2456	996	WerFault.exe	274
2544	1620	WerFault.exe	324

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2536	169a15fc4cd15da66470768cfdb49dd3.exe
1524	Unicorn-22925.exe
2896	Unicorn-45410.exe
2656	Unicorn-7906.exe
2400	Unicorn-46604.exe
2708	Unicorn-38436.exe
2600	Unicorn-2234.exe
2624	Unicorn-53314.exe
2172	Unicorn-25280.exe
2988	Unicorn-12089.exe
1440	Unicorn-15851.exe
2920	Unicorn-44954.exe
1304	Unicorn-25899.exe
2964	Unicorn-38897.exe
1764	Unicorn-42427.exe
1688	Unicorn-3506.exe
2056	Unicorn-32841.exe
2060	Unicorn-36371.exe
3060	Unicorn-32649.exe
336	Unicorn-11482.exe
964	Unicorn-2987.exe
2408	Unicorn-49728.exe
1600	Unicorn-58348.exe
1540	Unicorn-42697.exe
920	Unicorn-58732.exe
1936	Unicorn-47528.exe
1876	Unicorn-25868.exe
2348	Unicorn-32884.exe
2016	Unicorn-30506.exe
2192	Unicorn-36698.exe
1680	Unicorn-9339.exe
868	Unicorn-48353.exe
2884	Unicorn-8387.exe
2604	Unicorn-40728.exe
2196	Unicorn-54051.exe
3048	Unicorn-16832.exe
2208	Unicorn-36698.exe
1000	Unicorn-3342.exe
2668	Unicorn-2631.exe
2068	Unicorn-43908.exe
1868	Unicorn-18304.exe
576	Unicorn-1967.exe
1364	Unicorn-17344.exe
2440	Unicorn-31454.exe
2248	Unicorn-30698.exe
912	Unicorn-41267.exe
1576	Unicorn-22710.exe
1932	Unicorn-55574.exe
892	Unicorn-39430.exe
2144	Unicorn-23094.exe
2184	Unicorn-55958.exe
2796	Unicorn-41734.exe
2784	Unicorn-20799.exe
2696	Unicorn-40089.exe
2380	Unicorn-25481.exe
2820	Unicorn-8376.exe
1672	Unicorn-3970.exe
1696	Unicorn-23836.exe
1328	Unicorn-28282.exe
2684	Unicorn-9995.exe
2584	Unicorn-9803.exe
1820	Unicorn-14826.exe
2168	Unicorn-42668.exe
2072	Unicorn-41708.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 1524	2536	169a15fc4cd15da66470768cfdb49dd3.exe	28
PID 2536 wrote to memory of 1524	2536	169a15fc4cd15da66470768cfdb49dd3.exe	28
PID 2536 wrote to memory of 1524	2536	169a15fc4cd15da66470768cfdb49dd3.exe	28
PID 2536 wrote to memory of 1524	2536	169a15fc4cd15da66470768cfdb49dd3.exe	28
PID 1524 wrote to memory of 2656	1524	Unicorn-22925.exe	29
PID 1524 wrote to memory of 2656	1524	Unicorn-22925.exe	29
PID 1524 wrote to memory of 2656	1524	Unicorn-22925.exe	29
PID 1524 wrote to memory of 2656	1524	Unicorn-22925.exe	29
PID 2536 wrote to memory of 2896	2536	169a15fc4cd15da66470768cfdb49dd3.exe	30
PID 2536 wrote to memory of 2896	2536	169a15fc4cd15da66470768cfdb49dd3.exe	30
PID 2536 wrote to memory of 2896	2536	169a15fc4cd15da66470768cfdb49dd3.exe	30
PID 2536 wrote to memory of 2896	2536	169a15fc4cd15da66470768cfdb49dd3.exe	30
PID 2896 wrote to memory of 2400	2896	Unicorn-45410.exe	31
PID 2896 wrote to memory of 2400	2896	Unicorn-45410.exe	31
PID 2896 wrote to memory of 2400	2896	Unicorn-45410.exe	31
PID 2896 wrote to memory of 2400	2896	Unicorn-45410.exe	31
PID 2656 wrote to memory of 2708	2656	Unicorn-7906.exe	32
PID 2656 wrote to memory of 2708	2656	Unicorn-7906.exe	32
PID 2656 wrote to memory of 2708	2656	Unicorn-7906.exe	32
PID 2656 wrote to memory of 2708	2656	Unicorn-7906.exe	32
PID 1524 wrote to memory of 2600	1524	Unicorn-22925.exe	33
PID 1524 wrote to memory of 2600	1524	Unicorn-22925.exe	33
PID 1524 wrote to memory of 2600	1524	Unicorn-22925.exe	33
PID 1524 wrote to memory of 2600	1524	Unicorn-22925.exe	33
PID 2400 wrote to memory of 2624	2400	Unicorn-46604.exe	34
PID 2400 wrote to memory of 2624	2400	Unicorn-46604.exe	34
PID 2400 wrote to memory of 2624	2400	Unicorn-46604.exe	34
PID 2400 wrote to memory of 2624	2400	Unicorn-46604.exe	34
PID 2896 wrote to memory of 2172	2896	Unicorn-45410.exe	35
PID 2896 wrote to memory of 2172	2896	Unicorn-45410.exe	35
PID 2896 wrote to memory of 2172	2896	Unicorn-45410.exe	35
PID 2896 wrote to memory of 2172	2896	Unicorn-45410.exe	35
PID 2708 wrote to memory of 2988	2708	Unicorn-38436.exe	36
PID 2708 wrote to memory of 2988	2708	Unicorn-38436.exe	36
PID 2708 wrote to memory of 2988	2708	Unicorn-38436.exe	36
PID 2708 wrote to memory of 2988	2708	Unicorn-38436.exe	36
PID 2600 wrote to memory of 2920	2600	Unicorn-2234.exe	38
PID 2600 wrote to memory of 2920	2600	Unicorn-2234.exe	38
PID 2600 wrote to memory of 2920	2600	Unicorn-2234.exe	38
PID 2600 wrote to memory of 2920	2600	Unicorn-2234.exe	38
PID 2656 wrote to memory of 1440	2656	Unicorn-7906.exe	37
PID 2656 wrote to memory of 1440	2656	Unicorn-7906.exe	37
PID 2656 wrote to memory of 1440	2656	Unicorn-7906.exe	37
PID 2656 wrote to memory of 1440	2656	Unicorn-7906.exe	37
PID 2624 wrote to memory of 1304	2624	Unicorn-53314.exe	39
PID 2624 wrote to memory of 1304	2624	Unicorn-53314.exe	39
PID 2624 wrote to memory of 1304	2624	Unicorn-53314.exe	39
PID 2624 wrote to memory of 1304	2624	Unicorn-53314.exe	39
PID 2400 wrote to memory of 2964	2400	Unicorn-46604.exe	40
PID 2400 wrote to memory of 2964	2400	Unicorn-46604.exe	40
PID 2400 wrote to memory of 2964	2400	Unicorn-46604.exe	40
PID 2400 wrote to memory of 2964	2400	Unicorn-46604.exe	40
PID 2172 wrote to memory of 1764	2172	Unicorn-25280.exe	41
PID 2172 wrote to memory of 1764	2172	Unicorn-25280.exe	41
PID 2172 wrote to memory of 1764	2172	Unicorn-25280.exe	41
PID 2172 wrote to memory of 1764	2172	Unicorn-25280.exe	41
PID 2920 wrote to memory of 1688	2920	Unicorn-44954.exe	42
PID 2920 wrote to memory of 1688	2920	Unicorn-44954.exe	42
PID 2920 wrote to memory of 1688	2920	Unicorn-44954.exe	42
PID 2920 wrote to memory of 1688	2920	Unicorn-44954.exe	42
PID 2600 wrote to memory of 2056	2600	Unicorn-2234.exe	43
PID 2600 wrote to memory of 2056	2600	Unicorn-2234.exe	43
PID 2600 wrote to memory of 2056	2600	Unicorn-2234.exe	43
PID 2600 wrote to memory of 2056	2600	Unicorn-2234.exe	43

C:\Users\Admin\AppData\Local\Temp\169a15fc4cd15da66470768cfdb49dd3.exe
"C:\Users\Admin\AppData\Local\Temp\169a15fc4cd15da66470768cfdb49dd3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11482.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18304.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5761.exe
        11⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43019.exe
        12⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        13⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 200
        14⤵
        Program crash
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19170.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        15⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50637.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58058.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        12⤵
        
        PID:2060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
        13⤵
        Program crash
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        12⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        14⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9995.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64837.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30534.exe
        12⤵
        
        PID:2964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
        13⤵
        Program crash
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54017.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54526.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57067.exe
        11⤵
        
        PID:1252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 220
        12⤵
        Program crash
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40686.exe
        9⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59215.exe
        11⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53549.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58321.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        14⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        10⤵
        
        PID:2732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
        11⤵
        Program crash
        
        PID:1992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41267.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42668.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        9⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2095.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65074.exe
        11⤵
        
        PID:1080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 200
        12⤵
        Program crash
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
        11⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12791.exe
        12⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58622.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        7⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62336.exe
        8⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
        13⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        8⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        10⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        11⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1094.exe
        11⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33734.exe
        12⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        13⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60201.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
        10⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
        11⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
        12⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23589.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
        12⤵
        
        PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32884.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63986.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
        10⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54016.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58430.exe
        12⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
        13⤵
        Program crash
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58098.exe
        12⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43929.exe
        7⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44473.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14154.exe
        12⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1967.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41734.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14702.exe
        8⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 220
        9⤵
        Program crash
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60499.exe
        8⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        9⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        10⤵
        
        PID:1064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
        11⤵
        Program crash
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46223.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52658.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50414.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12547.exe
        10⤵
        
        PID:956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 220
        11⤵
        Program crash
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38908.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57548.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        12⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59442.exe
        11⤵
        
        PID:2000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8387.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50260.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17716.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61525.exe
        14⤵
        
        PID:2392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
        15⤵
        Program crash
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        9⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        10⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        11⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
        14⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28431.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50145.exe
        12⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58666.exe
        13⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        14⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4976.exe
        12⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57600.exe
        13⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30698.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
        7⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29607.exe
        8⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        12⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        13⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41275.exe
        10⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47657.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        12⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11339.exe
        6⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44106.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17249.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        10⤵
        
        PID:1716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
        11⤵
        Program crash
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
        9⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13195.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7840.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51712.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        11⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18127.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        11⤵
        
        PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2056
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2987.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43908.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40089.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-637.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe
        13⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47460.exe
        15⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30465.exe
        16⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34660.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15817.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19969.exe
        14⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        15⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13770.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21504.exe
        14⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        15⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        10⤵
        
        PID:3060
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
        11⤵
        Program crash
        
        PID:2576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55958.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
        8⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13545.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31520.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        11⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
        12⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        10⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58290.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7491.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51630.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
        8⤵
        
        PID:912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
        9⤵
        Program crash
        
        PID:796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        8⤵
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
        9⤵
        Program crash
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
        7⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17441.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        11⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61966.exe
        12⤵
        
        PID:996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 220
        13⤵
        Program crash
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50845.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43630.exe
        12⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
        10⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62971.exe
        12⤵
        
        PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22710.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
        8⤵
        Program crash
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
        6⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4674.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54187.exe
        9⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4597.exe
        10⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20398.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13.exe
        11⤵
        
        PID:2880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
        6⤵
        Program crash
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55574.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49684.exe
        8⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32165.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12502.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
        11⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5147.exe
        12⤵
        
        PID:1244
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 220
        13⤵
        Program crash
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        10⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        12⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        13⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
        14⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
        8⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 220
        9⤵
        Program crash
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        7⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62720.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
        10⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18324.exe
        11⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44139.exe
        12⤵
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
        9⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11158.exe
        10⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
        12⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12822.exe
        13⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9548.exe
        14⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        15⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56830.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27311.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
        12⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16290.exe
        13⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15634.exe
        14⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6485.exe
        10⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29320.exe
        11⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
        12⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
        13⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17565.exe
        11⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
        12⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20160.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51047.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51329.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6752.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14856.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61333.exe
        11⤵
        
        PID:2788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
        12⤵
        Program crash
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        10⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19879.exe
        12⤵
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3970.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63602.exe
        7⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15541.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10648.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        12⤵
        
        PID:2568

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe

Filesize
184KB

MD5
915cadce80c6b41e7605f4f5bc5a81d9

SHA1
e0369ae4a2425f4d9c90f3efcc3d2eb403ad318c

SHA256
8bf20b74db32870e86a01abde6042a9c64c6c49896e788405a3643d4cd7003a7

SHA512
308031f754541b054f9c41bc712ce169e441611353d46747fa94f7a47b5cc3cf26ff30047b09a5fee72d8b1ceddaf89c09f02b95e5c6dfb306673478d9bcda4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2234.exe

Filesize
184KB

MD5
e09175b344c1a04c63537d7dc15be54c

SHA1
4a3d04428c2b70d88e3eca2d57cfa19e0199a80d

SHA256
b55d007c9423809ac6b31491fb28d34f9148edfe1a72d2ab4db09da1acac2655

SHA512
be4288cb6775ea254a54f224470185f19d07063f0538ae4532b9f8c94438974617b4de62c5564ecba784a50f5a9d91a0e9d459a6c43f53b356d57547b3359460

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe

Filesize
128KB

MD5
d17f38342514138b9c216c9fc65b7383

SHA1
900b2277fd9776bc9417f984b0a9c02772e93de3

SHA256
3607f3c6128dba56780eb7f9353dd5285fddd023d80f11888b1ce9e5ff32e27f

SHA512
af8001f8008c23f958629a3d3e6a37e54986ccb654b47f9beeb78959223b73b5a9584e4c79b26ac1bd131d907e33be233f195c5ee7347632d4fde5138bd7ec09

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe

Filesize
184KB

MD5
47170fedc21d3fd26ec666efdf43ee88

SHA1
76b386d7fda5625db5766d5d91395fa6a04d02bd

SHA256
9eda78f24341fb30e85684fc501860866221492d777143e5996a6e27ae9ec18d

SHA512
7f599fdf67359cc5820cdf212aef5e9eaf97067550f8c788f69735482dd7044af2af3e04c90248b29f09c5b0b74cca44125ae832dfcf884835e228357d38388b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe

Filesize
128KB

MD5
d69b12023e0ebc217e5e76f4d3fce728

SHA1
7e0a45b9a637349526b4e4371cc8e8ff91b296ab

SHA256
c127025025d4445e8ef39139b068941c6e3ef9c7bd91b632b88c713ec1fd3627

SHA512
c951f6ad742d6524245deeb9d54dac5c7a3ffa0aaedddac2d8b5ee2d51aade3cdc8aa076d628afa76c31baa968ef3364cad7b2c149d270568d71e55de1b7cb31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe

Filesize
184KB

MD5
583859d1dd09e026bb490fd7f89c94e0

SHA1
f396392e02ede8a81e181d543fe6eea54cfe4332

SHA256
c32f55e2d12f8d43698f8729d27ed8c053672cd0fabebd8cb9b00a2b365f4a04

SHA512
2adf6ae5eb890016002289e16e395da75f85423f690bd18fdb0cfa1821169a216909936cc2c553d794fc6346e31c4df453c35119db8c24b149a9475e473a25ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40065.exe

Filesize
184KB

MD5
bfc7cd65901cf47a2a654de996b62c17

SHA1
c8d0cfed986841dd4f543b28dc3ec15c7a7e83a6

SHA256
c5e108050b44e1aaf04f8b170f62da274c7ff1686f8559441ce21fa0cd1c6136

SHA512
7f0ce45efb8ec83c1ab517b2afba631365df74694c2019904270264118a5f5ee181309758c53065cfdce41ba8ed139887fec8e9ef1ff107b9b37d8074f299331

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42427.exe

Filesize
184KB

MD5
37a113b5ce99b5fb33acb6e52aba6db8

SHA1
41167f6cddb2c7092d8af725ebede96131d90ef2

SHA256
0aacf625d1530a2e19ed99b22238651a549c3e370acf0db920842a6b657c845a

SHA512
07181c3cc1461f7edc207f5d6b18a9b475ebc2976685c64b9d43d7c0e5c18b956325dae151bf416b269d491561704e53eee0f51a97e59c2f17b00309e78c7e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe

Filesize
170KB

MD5
d25de900e1bbbff84cd799d10c134f0c

SHA1
16bd229f519a02e9c25bcd8e8b8adf3938e309e8

SHA256
ed4551c50982d70826bdcd2bf4de4b96d02fd08a890dad82da281fbe085c4885

SHA512
f83d3777cab33de2449a4590dc626b49ad7a7f50a600585f4d90d9f90cc88543e27785a96d2e53b80dc8978bf2b2f49cac07ba5ead62bcb8070f19823b055519

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5818.exe

Filesize
184KB

MD5
90133e05ac28ba58a823879557bcc4e0

SHA1
0b882e7a5a5d8a7d9657bc0f57c173a78356df04

SHA256
2d89c41f38fe01f83dbb37def0a66afd52308a15049e708707b1017c2ae4f888

SHA512
c6bfab715e583727a5768fc53affc06190b3c23f6905152c0487428e772b2b5715c7e5a800bb351da341f42cda0a63a0b7856f2d9c7a4afb7a56c2491843662c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6112.exe

Filesize
184KB

MD5
14f741c215de36fb5bbe95ae5a943f48

SHA1
f0ca99f08e1b09d11aa80b28f67226ddeca88f38

SHA256
644a993da2a7f002682ba6cbbb83bfc9649cec195d79a23a6516f0e84692a037

SHA512
e9684747e6c379f4c63d2f484ec858513e2094abd9d5905fd4eac8e71d657f0fb05610aebbb22fb58f93282a60df941ed1d41054fcaf1748a9cc0d27d6db7e9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62043.exe

Filesize
184KB

MD5
1c5c56bf7c72c9d6e636afd4b9c88c46

SHA1
33f14f450b313736355e8d52d6e67f186267bc3d

SHA256
a2ee184d1a9ba4c2a9ba3cec6ae19bc278f294e981f13b3afed960f218306be0

SHA512
e7aab5dc0b3ba55ca3c99ce097cfb5ade26471632e1b460e7d82efd6e2794b34fd2d97d97d3b12461f35d6059b71a69c28d2ad0a1593d6bf1d35321c5ec7f06b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12089.exe

Filesize
184KB

MD5
e5cabf984a54998b5afe1502d62fc5db

SHA1
537b0b381a4e77effe4cb1da3e068027db4e1840

SHA256
40f6fb86d9a43a557f98beb8ed8bf9a9fe58dd4dda72386d052d5cb5d27d0b3a

SHA512
7130603016e6fb2a7ca6bcdf0b9d7a330a430fd99fd259846c34b5dc682e66f15f113d704ef1fe65415db0243ab60d97580eff63a73dc724623f01223e2435fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15851.exe

Filesize
184KB

MD5
a889941c7e52767c07be7659ee26bbdc

SHA1
faa9f698ddb3de4a9701145b99de1c767811e355

SHA256
230e2c5f0f34dfa910b7b095615bfc56b3b8b6eb0003ef042b9fd84013d558f4

SHA512
23cfb9329238971f6012c959cfb83c61fceecaa7225c14eb292e9b3034a6c348d15324cb5dd2a494a138441685926f4b3a6ea79090c34db36f0970c8569d8c16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe

Filesize
184KB

MD5
7a8dc4b0a17c4c99201b42bde4a7cd8d

SHA1
3b3e1dc1019d5acc251e2a5fba5782415b480e04

SHA256
fa0ac0b724407c360bc463b0bf1b94b8480e03060febaa0be5bed4a38ec4b51f

SHA512
ddd0f10ecd805834b6a10fd3553cb184efae7b0c5f48d4051339b5f4061347912930a0f264738fe51f5592b5799564c129d144494bedac56b4c3cd0155d0a25a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe

Filesize
184KB

MD5
2789a2bebe524403784f867f253e9383

SHA1
dca57e621e3fbc147679f32e7122c91ef86f5f0b

SHA256
cb37c9d22de45859ffebcc441474f7db0bd1ea3113a9007d797dad77485961e6

SHA512
34accee83eec58285aa5e712ccc5ef3359063e50a791a3322b8127523734f516db840170f4c7f126836e61eef7af346e580d415f807cf76aed56ee6854b489cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25899.exe

Filesize
184KB

MD5
ad534fb22f6c86aa9ed75b6b6cac7322

SHA1
e6a4b157daf36c8f7c72dde39ca557667861e5aa

SHA256
ab46327ddd579c91c27e14e1c27baf814b2be57e04d3663b3c9c5356b196e013

SHA512
80e82146207bcc29e2ace726ac378c5d1e21d7ace7f5247e4adcfee071c67b38a68b877445f7edeb3ad3dee0174f9c72324a8af7b58de36090c038ba94590673

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe

Filesize
184KB

MD5
25f497db378f9065b89596296183c3ac

SHA1
5e699a6406dd218b72bd86dd653f0f4e25926cbb

SHA256
0147704842c570e6b679c3b6c5ca1760efc3e88ad10b4ae13650f2adc372ec1f

SHA512
8dd4c0f96308c401e7af6b14f5631579e222c9f6e81baf5bd860b6b2cadd5972602d12c3db00c24e5681aa813b3516ba0fe19f3100ef2b99025b75fb7663e344

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32649.exe

Filesize
92KB

MD5
f8c0906a3ffb06cb02b1de0f14d18984

SHA1
53a7cfd8f0b816ef404eb1c0681c9fa26cda56c0

SHA256
b2270a847f10c023777607e2d487627820a1caa6377666e7fbf8620408646301

SHA512
96a0035927474818318a56dd33b1dc91bb17a48edf48b19dce1571e28e235dff285659cd8260e8e47d9c3b65e8b9252ebc4b33bb83f7454288c729bb8c2105c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32841.exe

Filesize
184KB

MD5
ba6025aeed73a8c7f202d17e8292c8ec

SHA1
ba241decf6f1433c16601db2d97f3287b137cde6

SHA256
cad64d3c3d20c1eb825f18d59c049b8769ea3b8ed48b66910988044f29806d58

SHA512
9595cbb4198603e30a15114e0894e08972aa8a48853cf35ea459285ec93db909a8473db2343b5abba92441c17d11e07f34113bc7eaa530694be81be0674351b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3506.exe

Filesize
184KB

MD5
30c0249989820bde2310028b3c33afcd

SHA1
bc732b904bd827202e5af37b915a8a6406059677

SHA256
88f6a92794e6fc9e09f92360c748eb44b0777a21ac8bae210f38cf95a91345c0

SHA512
aac8646ff5dfb7414ae2591234cfc3404e5367e6f6765c897275a1e441d47222745321b7e7c3758ec94106b69583c030a3ab5faee5aea6f33d32e9279f4e4ade

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe

Filesize
129KB

MD5
36907e6180a5db6ce461970fd13b0372

SHA1
bcc862f7ae6beb2209945e149297789b8c88176e

SHA256
4b8091fa3d08e397c55ea489c6b76ee12d7329fcfc4b7822da6e577599a26a69

SHA512
b3dbb0f3e1cf95b336d9c7dabe79f02874ff138b626ddf65232cf962e628a07f86d87673c9b66cbeaf588484b697af3d7e5c606f123a312d77a7a858258b6343

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe

Filesize
128KB

MD5
6fe2f7eca8d1e8a9545e6671421810b8

SHA1
157140aeb21356374d9de3ebd57cf3a6a864401f

SHA256
b9d3571807e0787d740739f4132812f676b96ab5776fff8a993391154c79e761

SHA512
5ba198e40b9f44b6fe3e2bae6ae4c96f3019c87ccf6285d301c6cd27e623a5e9dee958699b48f6bd877869185d2578b2e663b3af21e2e09099959eda7d024250

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe

Filesize
64KB

MD5
2f289b5e3fe062d0560153bce0011596

SHA1
5dd4260c9c6441e98e598c5001dd84bef23c8624

SHA256
4e2b72c70880d3c0be5a2a48faa03ac39ecea1fb22ce59ea9446d74c796da240

SHA512
ecee42c627b1ab0e6c3d050303f9ee927b6f6a11c4b0bc6313a0643f8d2cf726c35fc765183c0c11fda9fffdaca629ac4bc5a3439263ff1f83805289454432aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe

Filesize
184KB

MD5
637f1215589173967adc8556e356c72b

SHA1
4b25b68d2de3d4e3105cd3cbe7a806e725d4853b

SHA256
514c610df999f1f89085f00e45a7b16ced2979a3f80ce3bdfcee640fffe87083

SHA512
d4128d481b470dd75885c55c519a6af833344b3b19166bbd5f044898ba82e5156afcee7254fc2ac3b45c723962ed03d2334bf601fd6d573bece5224ec10a2396

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44954.exe

Filesize
184KB

MD5
bc5f43f9538a1d6a5021036c6ceae5d3

SHA1
0df3ab289d43f70d35508b3bfe1b810e53c412b4

SHA256
5cd6ca61486e0e5fc58fe22b2f37f946a65ed2183b98f26fd2ea9e5869a50707

SHA512
bf3f08b9baa4cc784d7de0abf7db7dc50d042915091d96ca4dd8fd486c5ad7581bc980767357c9b6c8367b2f71df40be9fd5dcf999e236ac9507ae4e6803eda3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe

Filesize
184KB

MD5
93d2a75c6e11c23c92944b5357c7bed6

SHA1
e318ba7f57c4d727112811999ebccd834af901fa

SHA256
6517405c7aeba090013ef8fc63a7e55cff43a983f72c9c9cffca4a9f36f93f48

SHA512
6035abccb28bdd0a6b6640300e1e2d864b1daf58d7d949b0343bc1cfdebe075dcd482e826ce8245bd0010fb49aa41983b172f575bfc26d83f17a737f6dacce19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46604.exe

Filesize
184KB

MD5
47954af33dd4faf22e2486032e0e7ae6

SHA1
b8f7cc441133ba707e32f41d05f247e54d1f14bb

SHA256
8533bfd1006e7e443829bbfe9fbc0bee02b2855ddf1221c660f92c6944e1d77c

SHA512
076657d4fe294dd17554cf7ffac3417560108e52ba1f4d7cb03e160c74697569a0189dbbca3c913e65b417da7b9e9e9a757115958226bdccbcbf2eba444ab187

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53314.exe

Filesize
184KB

MD5
6ca988c18a11d93a1ef5413350d78268

SHA1
bde0246d9f6a3d9caa823c2eccb80dd8a651de94

SHA256
3a8069a330816b1581a69d9e8eb6ee4a2079727a5e21e1d7611fa998a85b3382

SHA512
109287e3a99f960d8cdcba47be8eab48e98090709288cefb5dc7cf0c853b32654a0168d124d5fb147ffbd96b459b0e4ddb0551e49bc3672d2d6aafd36b1a70ac

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7906.exe

Filesize
184KB

MD5
ae5dbefa3855ba5b505e2ecd2a53d6e4

SHA1
7f2629f6126ead7fa00db178c476ff63c876c32f

SHA256
35f419c510263e9a7f411b1a51e698dfcfb3c96ba7606473dda2746774a25627

SHA512
0e4e71202d6a5c6d9cfe229f59869c38a30f4979ebe757616e4ae9ccb09b9b5d0e33ea42c4676f4d552a44d9039ad889d9c66290f400b3a9176516d414e20152

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads