19a082ee99048d044680de6b6fc3f0b05214ebc376f1d7fb291aa7d2e652a1c0

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a064bd3108a9d37c041d421aad7e907.exe
Size

184KB
MD5

2a064bd3108a9d37c041d421aad7e907
SHA1

b1bcf7cc9c344eb0c9804a0d7cc17d36aa0cdece
SHA256

19a082ee99048d044680de6b6fc3f0b05214ebc376f1d7fb291aa7d2e652a1c0
SHA512

ed32e985c48992f3c5a263089ba313a62f01565a81bd0e84c6ecd324660b18d13d27c6e4a0da831eab2e126a29fb10e4b3e909d12c2f6b71899bcccf05e9fc8e
SSDEEP

3072:rXHuomMHP+AO+Oj9Ph+TS8lMlE9MZIrlbDqxKiPRVNlPvpFp:rXOozzO+uPYTS8lZPANlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1456	Unicorn-13438.exe
2296	Unicorn-22287.exe
2272	Unicorn-10589.exe
1180	Unicorn-21623.exe
3808	Unicorn-46127.exe
4948	Unicorn-26261.exe
264	Unicorn-62959.exe
116	Unicorn-54983.exe
4040	Unicorn-22119.exe
3052	Unicorn-31351.exe
4364	Unicorn-31351.exe
4400	Unicorn-11485.exe
4456	Unicorn-894.exe
4756	Unicorn-9254.exe
4232	Unicorn-22253.exe
4620	Unicorn-10982.exe
2812	Unicorn-25591.exe
3156	Unicorn-5725.exe
2360	Unicorn-55575.exe
208	Unicorn-3037.exe
4584	Unicorn-63743.exe
2372	Unicorn-25237.exe
2828	Unicorn-52238.exe
4564	Unicorn-35709.exe
3148	Unicorn-39239.exe
3844	Unicorn-13982.exe
2368	Unicorn-59462.exe
1096	Unicorn-43509.exe
4532	Unicorn-59654.exe
4908	Unicorn-5238.exe
1440	Unicorn-51678.exe
1236	Unicorn-46655.exe
2252	Unicorn-46463.exe
2344	Unicorn-53022.exe
536	Unicorn-31397.exe
1452	Unicorn-31397.exe
8	Unicorn-19847.exe
456	Unicorn-26863.exe
2488	Unicorn-18887.exe
1600	Unicorn-43583.exe
2760	Unicorn-2550.exe
3184	Unicorn-2550.exe
3156	Unicorn-19079.exe
4388	Unicorn-53863.exe
4756	Unicorn-4662.exe
4864	Unicorn-56494.exe
3704	Unicorn-10822.exe
1428	Unicorn-44071.exe
4272	Unicorn-40541.exe
3148	Unicorn-65238.exe
1544	Unicorn-65238.exe
1348	Unicorn-13126.exe
4984	Unicorn-9789.exe
3644	Unicorn-13510.exe
4648	Unicorn-62711.exe
5064	Unicorn-10173.exe
1388	Unicorn-42845.exe
2928	Unicorn-53199.exe
1980	Unicorn-53199.exe
1560	Unicorn-661.exe
1740	Unicorn-853.exe
1108	Unicorn-45415.exe
3980	Unicorn-20719.exe
804	Unicorn-661.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
6932	4396	WerFault.exe	175
6744	1524	WerFault.exe	170
6128	5628	WerFault.exe	197
5912	6508	WerFault.exe	243
6348	5628	WerFault.exe	197
2784	1524	WerFault.exe	170
6532	4396	WerFault.exe	175
6424	1496	WerFault.exe	265
3528	1496	WerFault.exe	265
5780	5144	WerFault.exe	352

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4300	2a064bd3108a9d37c041d421aad7e907.exe
1456	Unicorn-13438.exe
2296	Unicorn-22287.exe
2272	Unicorn-10589.exe
1180	Unicorn-21623.exe
3808	Unicorn-46127.exe
4948	Unicorn-26261.exe
264	Unicorn-62959.exe
116	Unicorn-54983.exe
4040	Unicorn-22119.exe
3052	Unicorn-31351.exe
4364	Unicorn-31351.exe
4400	Unicorn-11485.exe
2812	Unicorn-25591.exe
4756	Unicorn-9254.exe
4620	Unicorn-10982.exe
3156	Unicorn-5725.exe
4232	Unicorn-22253.exe
4584	Unicorn-63743.exe
208	Unicorn-3037.exe
2360	Unicorn-55575.exe
2372	Unicorn-25237.exe
3148	Unicorn-39239.exe
2828	Unicorn-52238.exe
4564	Unicorn-35709.exe
2368	Unicorn-59462.exe
4532	Unicorn-59654.exe
3844	Unicorn-13982.exe
1096	Unicorn-43509.exe
1236	Unicorn-46655.exe
4908	Unicorn-5238.exe
2252	Unicorn-46463.exe
1440	Unicorn-51678.exe
2344	Unicorn-53022.exe
536	Unicorn-31397.exe
1452	Unicorn-31397.exe
8	Unicorn-19847.exe
456	Unicorn-26863.exe
2488	Unicorn-18887.exe
1600	Unicorn-43583.exe
2760	Unicorn-2550.exe
3184	Unicorn-2550.exe
3156	Unicorn-19079.exe
4388	Unicorn-53863.exe
4756	Unicorn-4662.exe
3704	Unicorn-10822.exe
4864	Unicorn-56494.exe
1428	Unicorn-44071.exe
4272	Unicorn-40541.exe
1348	Unicorn-13126.exe
3148	Unicorn-65238.exe
1544	Unicorn-65238.exe
4984	Unicorn-9789.exe
3644	Unicorn-13510.exe
4648	Unicorn-62711.exe
5064	Unicorn-10173.exe
2928	Unicorn-53199.exe
1388	Unicorn-42845.exe
1980	Unicorn-53199.exe
1560	Unicorn-661.exe
1740	Unicorn-853.exe
1936	Unicorn-41885.exe
1108	Unicorn-45415.exe
3980	Unicorn-20719.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4300 wrote to memory of 1456	4300	2a064bd3108a9d37c041d421aad7e907.exe	91
PID 4300 wrote to memory of 1456	4300	2a064bd3108a9d37c041d421aad7e907.exe	91
PID 4300 wrote to memory of 1456	4300	2a064bd3108a9d37c041d421aad7e907.exe	91
PID 1456 wrote to memory of 2296	1456	Unicorn-13438.exe	94
PID 1456 wrote to memory of 2296	1456	Unicorn-13438.exe	94
PID 1456 wrote to memory of 2296	1456	Unicorn-13438.exe	94
PID 4300 wrote to memory of 2272	4300	2a064bd3108a9d37c041d421aad7e907.exe	95
PID 4300 wrote to memory of 2272	4300	2a064bd3108a9d37c041d421aad7e907.exe	95
PID 4300 wrote to memory of 2272	4300	2a064bd3108a9d37c041d421aad7e907.exe	95
PID 2272 wrote to memory of 1180	2272	Unicorn-10589.exe	99
PID 2272 wrote to memory of 1180	2272	Unicorn-10589.exe	99
PID 2272 wrote to memory of 1180	2272	Unicorn-10589.exe	99
PID 2296 wrote to memory of 3808	2296	Unicorn-22287.exe	100
PID 2296 wrote to memory of 3808	2296	Unicorn-22287.exe	100
PID 2296 wrote to memory of 3808	2296	Unicorn-22287.exe	100
PID 1456 wrote to memory of 4948	1456	Unicorn-13438.exe	101
PID 1456 wrote to memory of 4948	1456	Unicorn-13438.exe	101
PID 1456 wrote to memory of 4948	1456	Unicorn-13438.exe	101
PID 4948 wrote to memory of 116	4948	Unicorn-26261.exe	104
PID 4948 wrote to memory of 116	4948	Unicorn-26261.exe	104
PID 4948 wrote to memory of 116	4948	Unicorn-26261.exe	104
PID 3808 wrote to memory of 264	3808	Unicorn-46127.exe	103
PID 3808 wrote to memory of 264	3808	Unicorn-46127.exe	103
PID 3808 wrote to memory of 264	3808	Unicorn-46127.exe	103
PID 1180 wrote to memory of 4040	1180	Unicorn-21623.exe	105
PID 1180 wrote to memory of 4040	1180	Unicorn-21623.exe	105
PID 1180 wrote to memory of 4040	1180	Unicorn-21623.exe	105
PID 116 wrote to memory of 3052	116	Unicorn-54983.exe	110
PID 116 wrote to memory of 3052	116	Unicorn-54983.exe	110
PID 116 wrote to memory of 3052	116	Unicorn-54983.exe	110
PID 4948 wrote to memory of 4400	4948	Unicorn-26261.exe	106
PID 4948 wrote to memory of 4400	4948	Unicorn-26261.exe	106
PID 4948 wrote to memory of 4400	4948	Unicorn-26261.exe	106
PID 264 wrote to memory of 4364	264	Unicorn-62959.exe	109
PID 264 wrote to memory of 4364	264	Unicorn-62959.exe	109
PID 264 wrote to memory of 4364	264	Unicorn-62959.exe	109
PID 4040 wrote to memory of 4456	4040	Unicorn-22119.exe	111
PID 4040 wrote to memory of 4456	4040	Unicorn-22119.exe	111
PID 4040 wrote to memory of 4456	4040	Unicorn-22119.exe	111
PID 3052 wrote to memory of 4756	3052	Unicorn-31351.exe	112
PID 3052 wrote to memory of 4756	3052	Unicorn-31351.exe	112
PID 3052 wrote to memory of 4756	3052	Unicorn-31351.exe	112
PID 264 wrote to memory of 4232	264	Unicorn-62959.exe	113
PID 264 wrote to memory of 4232	264	Unicorn-62959.exe	113
PID 264 wrote to memory of 4232	264	Unicorn-62959.exe	113
PID 4364 wrote to memory of 2812	4364	Unicorn-31351.exe	116
PID 4364 wrote to memory of 2812	4364	Unicorn-31351.exe	116
PID 4364 wrote to memory of 2812	4364	Unicorn-31351.exe	116
PID 4400 wrote to memory of 4620	4400	Unicorn-11485.exe	115
PID 4400 wrote to memory of 4620	4400	Unicorn-11485.exe	115
PID 4400 wrote to memory of 4620	4400	Unicorn-11485.exe	115
PID 116 wrote to memory of 3156	116	Unicorn-54983.exe	114
PID 116 wrote to memory of 3156	116	Unicorn-54983.exe	114
PID 116 wrote to memory of 3156	116	Unicorn-54983.exe	114
PID 4620 wrote to memory of 2360	4620	Unicorn-10982.exe	117
PID 4620 wrote to memory of 2360	4620	Unicorn-10982.exe	117
PID 4620 wrote to memory of 2360	4620	Unicorn-10982.exe	117
PID 3052 wrote to memory of 208	3052	Unicorn-31351.exe	118
PID 3052 wrote to memory of 208	3052	Unicorn-31351.exe	118
PID 3052 wrote to memory of 208	3052	Unicorn-31351.exe	118
PID 2812 wrote to memory of 4584	2812	Unicorn-25591.exe	123
PID 2812 wrote to memory of 4584	2812	Unicorn-25591.exe	123
PID 2812 wrote to memory of 4584	2812	Unicorn-25591.exe	123
PID 4040 wrote to memory of 2372	4040	Unicorn-22119.exe	122

C:\Users\Admin\AppData\Local\Temp\2a064bd3108a9d37c041d421aad7e907.exe
"C:\Users\Admin\AppData\Local\Temp\2a064bd3108a9d37c041d421aad7e907.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4300
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:8
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        11⤵
        
        PID:4184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        12⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16223.exe
        13⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        12⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
        11⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23623.exe
        12⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63783.exe
        11⤵
        
        PID:5424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
        12⤵
        
        PID:5536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
        11⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35615.exe
        13⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        14⤵
        
        PID:5364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24876.exe
        15⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60739.exe
        13⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
        14⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
        10⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        11⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41111.exe
        12⤵
        
        PID:4136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45759.exe
        13⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
        11⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10798.exe
        13⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54550.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10918.exe
        14⤵
        
        PID:4736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6515.exe
        15⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19514.exe
        14⤵
        
        PID:6844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31922.exe
        15⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        10⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8630.exe
        11⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
        12⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4662.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45415.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        11⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        12⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63518.exe
        11⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15959.exe
        12⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
        13⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
        14⤵
        
        PID:4484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        15⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
        16⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38154.exe
        15⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26044.exe
        16⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        14⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8819.exe
        15⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
        16⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36636.exe
        17⤵
        
        PID:216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
        10⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        11⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23031.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
        11⤵
        
        PID:5592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
        12⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3782.exe
        13⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48526.exe
        10⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62711.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
        10⤵
        
        PID:4796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33607.exe
        11⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37359.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52215.exe
        13⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
        14⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29676.exe
        15⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17684.exe
        17⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26338.exe
        14⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
        15⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41421.exe
        11⤵
        
        PID:6624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
        12⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2750.exe
        13⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
        14⤵
        
        PID:5568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        15⤵
        
        PID:5144
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 468
        16⤵
        Program crash
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        14⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        15⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        16⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60355.exe
        13⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64787.exe
        14⤵
        
        PID:6512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54006.exe
        10⤵
        
        PID:5320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7790.exe
        11⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2822.exe
        12⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
        12⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
        13⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
        14⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
        15⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
        16⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53827.exe
        14⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49012.exe
        15⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11538.exe
        13⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19885.exe
        9⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25439.exe
        10⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17493.exe
        10⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14286.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
        10⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38053.exe
        9⤵
        
        PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53863.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61022.exe
        11⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        12⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
        13⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
        14⤵
        
        PID:4580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        15⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34092.exe
        16⤵
        
        PID:6656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46220.exe
        17⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
        18⤵
        
        PID:4744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
        15⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
        16⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52292.exe
        17⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42290.exe
        14⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1419.exe
        15⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57180.exe
        16⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
        17⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13445.exe
        10⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        11⤵
        
        PID:4476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-853.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        10⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
        11⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53022.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55127.exe
        9⤵
        
        PID:4820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63975.exe
        10⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
        11⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23367.exe
        12⤵
        
        PID:5184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        9⤵
        
        PID:5920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        9⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55807.exe
        10⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
        10⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3206.exe
        11⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36884.exe
        13⤵
        
        PID:5404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
        14⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36338.exe
        13⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
        14⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23948.exe
        15⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49883.exe
        12⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23340.exe
        13⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        9⤵
        
        PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19079.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
        9⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
        10⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
        9⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13253.exe
        8⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        9⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16591.exe
        8⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17847.exe
        9⤵
        
        PID:5808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39205.exe
        8⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        10⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
        9⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        10⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42845.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44071.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30047.exe
        9⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
        10⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7981.exe
        10⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59294.exe
        9⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14717.exe
        10⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46143.exe
        11⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63943.exe
        12⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
        13⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62924.exe
        14⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65332.exe
        15⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        13⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34685.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30151.exe
        9⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
        10⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56231.exe
        11⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 744
        11⤵
        Program crash
        
        PID:5912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 636
        10⤵
        Program crash
        
        PID:6128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 636
        10⤵
        Program crash
        
        PID:6348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 728
        9⤵
        Program crash
        
        PID:6744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 728
        9⤵
        Program crash
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30623.exe
        8⤵
        
        PID:4908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe
        9⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
        10⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        11⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
        12⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53103.exe
        13⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37076.exe
        14⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        15⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52867.exe
        14⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        15⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61804.exe
        16⤵
        
        PID:5472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
        13⤵
        
        PID:116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37093.exe
        8⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43991.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44654.exe
        10⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27255.exe
        11⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14683.exe
        12⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6811.exe
        13⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
        14⤵
        
        PID:6728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52187.exe
        11⤵
        
        PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57151.exe
        10⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
        11⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
        13⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
        14⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        15⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4626.exe
        15⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9515.exe
        16⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59587.exe
        14⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        15⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        16⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
        17⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35941.exe
        9⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
        8⤵
        
        PID:4396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 724
        9⤵
        Program crash
        
        PID:6932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 724
        9⤵
        Program crash
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21111.exe
        8⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
        9⤵
        
        PID:5196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
        11⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
        12⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20431.exe
        13⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15451.exe
        14⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1907.exe
        15⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20090.exe
        13⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26604.exe
        14⤵
        
        PID:5900
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 756
        11⤵
        Program crash
        
        PID:6424
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 756
        11⤵
        Program crash
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
        8⤵
        
        PID:5912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe
        5⤵
        Executes dropped EXE
        
        PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55895.exe
        9⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52055.exe
        10⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-661.exe
        7⤵
        Executes dropped EXE
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8614.exe
        8⤵
        
        PID:5172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        9⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55350.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65159.exe
        9⤵
        
        PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4396 -ip 4396
1⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 5628 -ip 5628
1⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 1524 -ip 1524
1⤵
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6508 -ip 6508
1⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 2496 -ip 2496
1⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 1496 -ip 1496
1⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 1496 -ip 1496
1⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 5144 -ip 5144
1⤵
PID:1640

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10589.exe

Filesize
184KB

MD5
b0ab75040afa480e8fadb74ca7c9bcaa

SHA1
351de69479e4d1ff4ab59e913709507130b97af1

SHA256
402b9685b4a83233ac0ab6251668a6b4dda701b64ef7ad50b03fab176483d562

SHA512
47626b42c391f93e5970dd0ef72a9bab1aff01a3a7bab3d7afb462df0e047e60adb237900ebad70aa25ec5db76ee32896ffc89e6376359d4e3711fb2d3181a12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe

Filesize
184KB

MD5
543a456249794bfc7a5fbf52923feda8

SHA1
e2923dd477c4ae13c06e021a8ddbb8a7b2ae304a

SHA256
293e885f5da07a522589da83fba5dc1a070118c701f7adb264404ed3ef491cf0

SHA512
dd38c524e16594e6b46a59bb5d8c03266f09da1692ecd1569b75ccc59086cb9eda6f87c5edbeb6aec5265782b10a18f48c885bedbcb144a562b0eb144176f90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe

Filesize
184KB

MD5
f1846877a3a2ffa3a21d81654066bff8

SHA1
88d2fbd869967fbb1b2a4dd497065b349c975833

SHA256
214110ee881e6fcfbfa3cd5bd3747213457c729879a2ba0542320b63aa2bdacf

SHA512
b3aefd8b0527fa25f61ab4f6c98c543ca8270c28db9d6099a6b0bb640965b596a7a168c8623ed4fbbb0e8c4904b5259279a659c19af7f1a2333ba2a01cc43aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11485.exe

Filesize
14KB

MD5
dc5e4c687baccded8c7b1c7f2250189f

SHA1
c387c22aae0faf8b04b150608c2e1e91d2ebd6a4

SHA256
5c092b6385f78762a87b6e28507d3bbfc5a2071cc889137c380bfcf5ae3ca271

SHA512
37dbe461cabe2a881081ad5aab147d0caaef6fc52f1225de520e50ea66fc49d2ef23b9f14280ba7a398897e84c1fe5db11c31a2b35423f58d7ba8c6ae157d993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13438.exe

Filesize
184KB

MD5
ca575074cc26c4e30b2cc05f29cf6f8f

SHA1
9aa3bec6f6be05553c4184740b9eccf28c9a47e0

SHA256
38957d0b1cd67990faa30dc9623272da1d259143e487a2ff40faf8f30bbdbf2f

SHA512
4b917d3aa5b87a5af67043b1d59a7e8d83205a1a3dd79775d10179334a54788088f0d4b6b69df159ff0ab9c29a56fdcf79e7e3835171d935fa4eebb4b16a998d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe

Filesize
184KB

MD5
47f09958a766826c8ab6ae1423551421

SHA1
92d071564b00a350f46bfbd84b0a22196a7d8a86

SHA256
fabe45f8ac51463e3f23f6597300415574e0cfc56bc16c445d3b3dc650297fd5

SHA512
1b27887603ee98c51ea9d3b431511d55f08f32ca431b99b105d45990a00f8ec2881e1d559a3830f42927a286def7e599183a32e44de57085bd65b676725ed8db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe

Filesize
184KB

MD5
5fea7f6bfeb59db0bb2f5bdced60abb9

SHA1
fa864e9aa9cd2e62634e883ffb7d4e6f16cac821

SHA256
2ad0dd0413c3abbcf054533a079c394770e595306564121beef961aaa22263d9

SHA512
5568886bc61e5d28fd840ca503e30cf9ea55fb793adb2fbc8d0129798b7048ca8355f43768a68240fe2165dd56fe30bc53be25599635f881aa92a892e77f8e74

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22119.exe

Filesize
184KB

MD5
d6373b4ef89c41367774c82151919ba8

SHA1
ed57e3f98c071f96e95051ea3515715a00c76b56

SHA256
f42daa3c348e7864ba1127cf860c7d1d5d2ec6eabdcb62b4a67797a31aa286f0

SHA512
0dd1f0500d2ac62981d22d8d8ac28ceb62e64976b25d3ed1878e3c6bb75cfe5c3695a6ae0673ce11c6882864e8e4cb71e2c2fc6963b80e65711eb3be636e308b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22253.exe

Filesize
64KB

MD5
e4c34256c4793d4bd152e270742fd19a

SHA1
674055719cd25a9aa100bd47a820778cd0d536ba

SHA256
4808ee273016bca2e8fae511bf0074df381ed4084bbd1e8a68535037cb931c52

SHA512
a52e2832cd8f6583ac8e10e5e6c4361e7f73f5efc806b981da31d9af3168b8c19854a3bcf8e5d2fe58a021cc0399fb674776dd19730463dc0019f178fde5914a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe

Filesize
184KB

MD5
596f1cec46fab5846c137777dbb49d41

SHA1
5b61470d0521d2e71c9f0c319478d06f0f55a7a5

SHA256
614456c5ca635402698c3020be872d97bf73e3c9ed9124982636baf834dbb0e3

SHA512
d700e59cf44254c6cf0a9b71e07c096d7a680a5eed1801178e97d68d648386821acc27669ab0b586925e40d9617e3bf1502a8e7dfa80f0d15e2f7f6ece8e1132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe

Filesize
184KB

MD5
091967dc135bfdcd5a319f9a13a7e828

SHA1
8097680aee0005cf715f57b196fa5d43a5c266d0

SHA256
a2305d18137425a5c65060241043fc79f2f0f1c3ffad1055c7d2e91574e62c24

SHA512
05ca9139454aa12e8fcf7c88714fe60a87abf990bf06a94ad8fa74ec1146b0b5c162a9ecc60ab5cd4f790de1cf9a2e521373c7273fa76d4903059d93b16ffb0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe

Filesize
184KB

MD5
77d3c2ba4a315757fb7e38bfe0717667

SHA1
38a8db74857d69218f489f02785bf0e5b562a768

SHA256
fb9a3138fa6ba7785e5da69fd28637bbb54f4da20d936673c4a632b3d4cd46cd

SHA512
27de84bff155f09fdd42d0396ccf1cc8b353129062f565ac30a6c27eec253f32ca07247de31363d7f42e6ee2821e9632c9820ab194f62bcc8ce333fa7df0f843

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26261.exe

Filesize
184KB

MD5
d7d5e29f2f47fafb2ecc54506cab6d01

SHA1
12f8f94e7a2f94e132d30bad936a557d90a96450

SHA256
7b3d4eab8ecb623adff11ff07c2921607189cfa05e03a6a350f8f5b95b59801a

SHA512
17942a59fdd280cde309284231943979ecb36d08e23bdcb2fb0ef5a73347df4aa8c04e2e03b5baccedeb61b515152a5bbebc4fa8088f8d24219e1ecdf21c6595

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe

Filesize
184KB

MD5
18235ba511eb86a2175008bd9316b211

SHA1
ce2999e4be18575d47030062afc104111721288e

SHA256
f176cf64680afff38a55fd9140133952562b7c8eb84e56d7d8ccdb1e3979c458

SHA512
6b76a1a572302a9a1e65884a76c31593196e08839062743d292c029bfa7cd56c8c59374058e0da6c6e1d1e2b76f70e24ae38633e5ac7d745d1f18934826a5089

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe

Filesize
71KB

MD5
57a63b81709188e4e9e30bc57faf7754

SHA1
68c98b29915bf3f006930344aac32f3dbc242991

SHA256
3176c25da6d49756632ab034d154ae107a2692269733acc6d7720c6ff1229966

SHA512
eed9f3801e39dceff2c8fb572f9c65bec61ef7ef43fa0e721c0e3160041797144f2c8b4ac5452102e12193ca8ad0f0ed483bbebaab82c9e606575b00e3092959

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe

Filesize
184KB

MD5
1a8fc16c69686e9fcd2370b6ee45ebae

SHA1
35b6c3008f72e5d060e470bd6b2aeac63e93ab59

SHA256
4aeb071c44dd364ae29ae74893b2f8e36e60d63f82a64624ec8cbee605f7ff85

SHA512
0a2ccab14f14d3bb98b9ccba58feea49914eb227a19c657d4c1709bc641d6482cc7b62553a1906c2b9517ad182c90bb967badffb99dba10ce7eb057939467872

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe

Filesize
42KB

MD5
8a3a5ceefc9d59eca1f12d27aa66c63c

SHA1
9eb4f4a30495adaf97e95295cf5243a95f47fcaf

SHA256
4741c446c3df2d4e1e128202e8fbd4453a7ad364e22c283d3d74dba9f9b08d9c

SHA512
de2df55ef61cdadb680c233653fc654961ace450de20239c05b6390fa60e01fe84b0e440388be9ec7561baa8b3c3c4f81f7513806cc213f9f59b96f0b6c04fd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe

Filesize
184KB

MD5
90c87009462f4346ec0ff5386de18e30

SHA1
37fa26c9d20badb16a52b9aacc36b01e456922ef

SHA256
623e3cab0a62c87767181b310c0c60ee90128e92bb50d12912d6147b7d266a20

SHA512
97d41e794d387c1d7f3170b7084d4959c1c812390e8ef87a3b369cd9bcf1a746eb8877fa7eb3447c3c5723bcdaedc5a268c2c804c78c826cd9e5d83f8e9fc1e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35709.exe

Filesize
184KB

MD5
391d72122103de40302fbbbe976bbf55

SHA1
1ab05ac991ef2b5ec3f9aeb15d4a5148e8443169

SHA256
723dc0acd4b001f85d294e1a473ef602c9ff50af774efa6bbbff564fed8806ee

SHA512
f9393e3168353d850fa7cfd8fcdfba0fbe2ce8df2e862459e27342dee53cdb4b2eaacfa44b6e29678666afacc1f7a5097558bdfa59a3c749a967d7b11e01ab18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe

Filesize
128KB

MD5
9cacb58d63832bebfdd349037df990e5

SHA1
3568014bc00b51c24699c66cf0e24025b5ed0661

SHA256
bb961bd8900da26e8222aea58705b5d2d8fa18b29be19d037bc7d1f9565f54ce

SHA512
ba8d1ceb24905310853b8a661281e926fd2ac01f41c993ad0de366c542db8b905c50b0de49592bb8d185efc74e7e9dd1d2c83758d24192c47caa82ea1a6fd75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39239.exe

Filesize
184KB

MD5
7ee9266c2b7492c34e1c89de5171e3a7

SHA1
83b110621afa7c8f2fbc533646b315b6244284b2

SHA256
85f800454db535cc450983d7182925b7b04a9fa3f84079e9ad918eddba0cdf29

SHA512
8e3ad1b81a16faad4392de47af39af3d76deab860e6d2048eb81caf7c6f26910aa2f0cc0a5e9453a757142fec78a5e1275527f9149ab6d53c62b5b657fd357af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40239.exe

Filesize
184KB

MD5
63332fc8a5136935b73c59214c7e4d4c

SHA1
80ee15571bf186ead6a4bede7520af47879ecb6f

SHA256
5373b4a45acb3605a645675c88730a82b17b9d8d23e8c2df047fd4315dd89447

SHA512
44111d58477844c583b4bcef1e87b9aeaf61be09b487ca63e02c4e95f1b871ebfcf41cd22310682d1dad145a988035e8f07251ba53ee05d89a5c9e7b151e5384

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe

Filesize
184KB

MD5
b709a513579583b9a523f8041a6bce3a

SHA1
070ca5184cb599b06c3a5ec7495329a3128cbba9

SHA256
73eda46c33e31f77083af6270a0a91030298ca99af1f66865771c342491a7ee8

SHA512
2e633c42a8cf30964fa76d5963cd05dc2b332229ca5a84bbe24ce37cbbc674325e3902080c959c7dd49ff1c857cf43a0158ee6b79594237799471b678e048754

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43509.exe

Filesize
184KB

MD5
b02567f8c6f3428e74a24bae897e790e

SHA1
29bc5d2b3ed826aebcc78354a67ef48cde9394f6

SHA256
9c09ccdb38f61b21c19ee33342392375d801bbc6eec014f483fc96494c28c2ec

SHA512
d6cf5c7c31e63ebb1728c7fc7201cb3b300b9c5e4eed372b45444da131ad832778f198b0697e7e3fa5ac985a5094cc51255ce21be5a04084ae1c7a5a63f2060f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46127.exe

Filesize
184KB

MD5
78968401e7a6000b134e81f4818b901f

SHA1
68a65de1fa6dcd72b79798a31ce40610295766ef

SHA256
d688bee9bef8899329a2d39aa77e60eee9705ad8865d5743b0edb9319da9bb86

SHA512
a736edff6f3ff3cc53443e3942553dcdd274c510d9b781e317f08a0fafec5e7aa7b4a78bec26a073ea9574488e4165c9de8e20d34de0bbadcecc85e7c40e5492

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46655.exe

Filesize
184KB

MD5
50c9a3f74451f3bd0d985c7062e3b0d3

SHA1
17ef52a82809e8353003b53666202be48be296d4

SHA256
d54b8329b39017d908e7e5bcd537e3bb9c63e835518590d90476163c6a07c4d3

SHA512
cab7f100df2903ee0aa8e1ccf72f2f1f9a1324c3c164459e69eb8cb281bece73aa08610d067ab250e98ae762932e37814625897ce54c3283d3e9b4ba59562252

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51678.exe

Filesize
92KB

MD5
687211c50287ddca09aca5c615ffbb51

SHA1
fc0e8cf3682b246d12cd611cdfe0a89e481e17d9

SHA256
e4450134e9bbb0bb6fa56f548848f8b9a2767c1e525c74818faeffbd99a8c3e2

SHA512
25b9d0ea6e7b9faa25769c330ea3ff8ebc44e161028b5f9f2d44271f321cbe2c88f5a391e1e7c490f79b0ce08da1e1a7eccbdb40adbdfac0eff018a5cf8c2db3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe

Filesize
184KB

MD5
098ff24dcc050ee8141278095263da8d

SHA1
8b1521d4afa3b3793305fdc3d31bc4ef9a0be298

SHA256
9bdc4fe4ff215103c5276325a102cfbcd0ce9c98a1c7ce2eb3116ca1a657aeab

SHA512
5ccbbb37af07a1927d191c39b0eb52e21cb90f0e7cdc4847176e1d2cb1eaca9820927758d303a3ead438b981ff96eee119856c5dbed685ede2e63cb4a27ddbe1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe

Filesize
92KB

MD5
abc15f9edbfbdb8171f258693ada90cb

SHA1
c64dfac14c8949553ee290c1f579d4ccee39129c

SHA256
d4dfd1c8cd4d13e4e2e86603419ac1b4a794e58d856fb7f4a591c95d565f8445

SHA512
b59505b5f77dd0a8e96cf5dcc7fd0db1987ace04857f5ff49699ea2cc667647b8b97d4210bdcb87abfbf8b6eebd78a20a1d2fa51821f29d9d12d9ee1bd865b99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe

Filesize
92KB

MD5
744ab99e75ffc52d51a67b549b244c48

SHA1
a6cf7a7cf06b91df07f8ce79ad2b4e2e0855df5c

SHA256
fd1a4732b0e197085b660835395191a5a2c07fd759e133be92fda614ccb24c18

SHA512
fc432b39166f609bbe052460c45753f7019774be016001ea0f11b9f76a6aa257bc470f2acfe1b775a5d53e1f22405f557f4e7fab8bd4c36a280406a46529bea5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe

Filesize
184KB

MD5
6bd6d6700f787d41fc720f7eef4fc8d2

SHA1
38a9f5f0dc3e4ba4febf66e0f16f4a8770c2c8b6

SHA256
41b6ccb55e4561888f6eba2f47a26cf000129ace2de6e630a1d32afad0749649

SHA512
8c9e9f53646289387e4bda0922dee3e4183d3bb6a94fc8b2f0139847b16b68eda096979b7c9a7bb115f80dc5fe34d3e0feacd4fef095b886fe92a9553338cd60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe

Filesize
64KB

MD5
4af56d983f2b8b8a0130b6e0a82864f4

SHA1
bd30fc6875f0d5def05b12ce1f8e1950295c2c9f

SHA256
d2caab3a62d3feafd83f889a0994fb47431c0ebfa471f3a354f9ed5d132594b8

SHA512
ae271fba92c323cf4c55cba892994863103510a6eec1d49f96aa935257ec78d9b6053e54e56276f8a94103d5c5b417d538a344cca2b051b9b58eadb3472af1bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
184KB

MD5
3053e0da55fc950638c69ab01c028648

SHA1
81ccc2873815c0656c6fb84cd2627b194aef94d0

SHA256
df9d17274c7d800cdfbeb5f0c4840e3c7eb89c1188112fc4c7dd68382653e946

SHA512
ee3848df454433c37bdc37301ef771aa16515f1afa63a7b223d9f5f59cfe5b04729d83c46869f88fe7ec77e678021c4d2d992ad32b3570793661c132968863c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
92KB

MD5
e77c8e601c4e38ca542a5161548698dc

SHA1
b61481c2a913237a791d99cba78d7794ea70a6f3

SHA256
04c6b5f141b2789a8b9c3f8f164961b7bfc80165b04f5c3ed19c9a2bd46074e0

SHA512
0ce26e1cfa8443ebe0f29c0f94fbac27c4b48e72f59ab5cda2fc5d53c639cf811d6709277c2dc5d3b52d7f1289ac4bf02004656cf3ce83951e21fc68ff1486fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe

Filesize
184KB

MD5
b70670fa40e1afcbe0be76374b1a777f

SHA1
40093a1e1d65c259398b609867e8b2abbb465248

SHA256
dfba192e3abbc841c4be83bb791e6f223b2a019ee3b7b4ce222eb3227f38a4c3

SHA512
46680837769985e2d8478ec161202976fab2f190f692f80a464acd8bab89f3cadd5b55d4a6dde6618644fe961588e127dd03d1a8f6bb1c05a37d7ad065ce9886

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe

Filesize
184KB

MD5
335a447bf6c7aaed97f65ae54f1947f1

SHA1
e3f79147f98c0c61eb71f1efd457a2e994c1710a

SHA256
d1a5207e4f5ce400c0361cf036da510b6d772dab52faf966b2f90dd8348bdbe0

SHA512
4136686dfe7b0dd096d97bfb6453056bbe45f8bebdef471b5ebe3c49194336636d5302b8039c63371e4ea6961debde197bdfefaefbf052fa4609159e04a249b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe

Filesize
92KB

MD5
9a8e2a3c7d64f221d7817bac1a39dd42

SHA1
87764db9f98ae47974b1ce2e558d1266c4a8fef0

SHA256
e0d3201cbfee62843149c0864562a3c064865fe1a7199254bec88e50c1a6d22b

SHA512
1750516ab1164daa8e6ad501d99b6d08e7c892163e637b930fcd92414e3ec04e382ebed93b50ed639ade690198fad26fce922266968d254e51c2ccd3faeb4650

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62959.exe

Filesize
184KB

MD5
b75f11e86afba1563376001d54f5f451

SHA1
9dc760a26e2870b5bd206fb145e6f09247fb0aaa

SHA256
48b6084c33b3e3dba15d7e04df0a7e3fd879ecb97106e505f7e2e6836618a714

SHA512
dcd79f2a25f08d1ec8b10ebd70bb2adebe93ce3b48fd7e4df47f1ebe1037b64f9e8c9e284e7a64d7a9b3cd525d4191bc46ce575c7d986beafacaed6f60017212

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63743.exe

Filesize
184KB

MD5
9d2db458d2746b890a1b6b144689aff2

SHA1
d70d1c5b69282c8d112cdcfe1d558cc086e01b69

SHA256
7846e0b59e6970b6596ec1b7f330d5706c35eff4ae2a0b68820a79b783844722

SHA512
bad8a34cfba7b02bc4d51f9061c58f37655769328f43669931cf42ebf066de851944132ffc492ebf28ec80c928e210cd2f3755ecd679070e3f9ae11403d70b72

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-894.exe

Filesize
184KB

MD5
754b1c47ad0fc8c6b92755b51c289181

SHA1
3e976079d62c8a09fa1c8b3f5f62e79a51eae133

SHA256
603b271c36c8e5c812c61117b876c79616a3770b6ffb8eca73bd736b9dc5df3a

SHA512
07381da32ba1acff82da3ef07445223f811d38d2a85606ab6d7c51358202d4c9a2eef16e82e0d8f16d7afbddcc89c40028030947f6cfeb81bc4a35d27d65a59e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe

Filesize
129KB

MD5
4f7239651f00eb9cb91f479abeaad438

SHA1
4d11d83d1cde5f0e5714e61a833a768fcb9bdff8

SHA256
b05fe15b43b5dbb624084a216aa2efa66607eebc6957643d4b3fda372d438ac7

SHA512
15f9ceeb1a64893940cd220d04f687ae53af41688960e59aa495b9250c9e7110e0b40bd8f30e3a41ea8f49e2945a2f5c95c11165681bd741734722a571425e25

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe

Filesize
184KB

MD5
5be7616ebbb389a6745a12d57843f3f0

SHA1
416afbf813a75be8e5953f8777e546ac4b8780ad

SHA256
89dfb2a56d038f3e2049c2a3613688a197a888984174b9e0b61fa468e9ca4117

SHA512
88616d36438b871d3e10abb9a64d4ddefb9a61a4bd555b8a5eac8393a0411c01465c49038842bb5aafc6b35761b3b94e1749e8e01607a72beac24e20289a4731

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads