3a7fa1fee87d58085b1f08008fecac5cd359562dd63e0d6150006dcd9c4ebd89

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

37384a99144571d76343010aa576a62d.exe
Size

184KB
MD5

37384a99144571d76343010aa576a62d
SHA1

2dd79e8661c83cc596b4ba1b203844e5c61e4a2d
SHA256

3a7fa1fee87d58085b1f08008fecac5cd359562dd63e0d6150006dcd9c4ebd89
SHA512

4518e7676fd44aa3a4b5aa31e0c219550c05f4737536dc2b7bf08d5ac2c78a0983c660a8d1baac8632e9a9c6e5663f37ec1b8d1ddc7a4dd308fd38e2120e6bec
SSDEEP

3072:TeJDoc2ABA0JOjgdJRcozuLmJS6+MVI1Dzx4+PFj7lPdpFw:TeBoMu0JTdTcozZS8W7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2256	Unicorn-28099.exe
2728	Unicorn-51809.exe
2860	Unicorn-30537.exe
2064	Unicorn-7507.exe
3036	Unicorn-63485.exe
2652	Unicorn-26174.exe
1904	Unicorn-25873.exe
648	Unicorn-44347.exe
3044	Unicorn-47040.exe
1504	Unicorn-41306.exe
1572	Unicorn-6775.exe
2784	Unicorn-18473.exe
2656	Unicorn-8441.exe
1968	Unicorn-37776.exe
2928	Unicorn-51612.exe
688	Unicorn-5104.exe
1012	Unicorn-64824.exe
1800	Unicorn-17570.exe
2088	Unicorn-13485.exe
2488	Unicorn-60226.exe
1640	Unicorn-62686.exe
1540	Unicorn-33605.exe
2144	Unicorn-5016.exe
2460	Unicorn-11601.exe
1636	Unicorn-31467.exe
2312	Unicorn-48550.exe
1496	Unicorn-60787.exe
2216	Unicorn-49090.exe
1604	Unicorn-32775.exe
2776	Unicorn-24969.exe
2440	Unicorn-1856.exe
2244	Unicorn-42697.exe
2832	Unicorn-30999.exe
2788	Unicorn-57087.exe
2852	Unicorn-37221.exe
3024	Unicorn-53579.exe
2284	Unicorn-21461.exe
2644	Unicorn-41327.exe
2604	Unicorn-58218.exe
2756	Unicorn-55525.exe
2620	Unicorn-8462.exe
3000	Unicorn-2795.exe
1956	Unicorn-59609.exe
2968	Unicorn-36942.exe
1616	Unicorn-45665.exe
896	Unicorn-26636.exe
2980	Unicorn-53278.exe
1632	Unicorn-20968.exe
2084	Unicorn-55224.exe
2276	Unicorn-22360.exe
844	Unicorn-23682.exe
1276	Unicorn-33626.exe
1928	Unicorn-37710.exe
1808	Unicorn-48016.exe
2764	Unicorn-48016.exe
528	Unicorn-15706.exe
1528	Unicorn-38264.exe
764	Unicorn-6791.exe
1368	Unicorn-46241.exe
900	Unicorn-53854.exe
344	Unicorn-22120.exe
2356	Unicorn-55883.exe
2296	Unicorn-7429.exe
1568	Unicorn-49661.exe

Loads dropped DLL 64 IoCs

pid	Process
1424	37384a99144571d76343010aa576a62d.exe
1424	37384a99144571d76343010aa576a62d.exe
2256	Unicorn-28099.exe
2256	Unicorn-28099.exe
1424	37384a99144571d76343010aa576a62d.exe
1424	37384a99144571d76343010aa576a62d.exe
2256	Unicorn-28099.exe
2728	Unicorn-51809.exe
2256	Unicorn-28099.exe
2728	Unicorn-51809.exe
2860	Unicorn-30537.exe
2860	Unicorn-30537.exe
3036	Unicorn-63485.exe
2064	Unicorn-7507.exe
2064	Unicorn-7507.exe
3036	Unicorn-63485.exe
2728	Unicorn-51809.exe
2728	Unicorn-51809.exe
1904	Unicorn-25873.exe
1904	Unicorn-25873.exe
2652	Unicorn-26174.exe
2860	Unicorn-30537.exe
3044	Unicorn-47040.exe
648	Unicorn-44347.exe
2064	Unicorn-7507.exe
2860	Unicorn-30537.exe
2652	Unicorn-26174.exe
3044	Unicorn-47040.exe
648	Unicorn-44347.exe
2064	Unicorn-7507.exe
3036	Unicorn-63485.exe
3036	Unicorn-63485.exe
1968	Unicorn-37776.exe
1968	Unicorn-37776.exe
2784	Unicorn-18473.exe
2784	Unicorn-18473.exe
1504	Unicorn-41306.exe
1504	Unicorn-41306.exe
1904	Unicorn-25873.exe
1904	Unicorn-25873.exe
688	Unicorn-5104.exe
688	Unicorn-5104.exe
1572	Unicorn-6775.exe
1572	Unicorn-6775.exe
2656	Unicorn-8441.exe
2656	Unicorn-8441.exe
648	Unicorn-44347.exe
648	Unicorn-44347.exe
2928	Unicorn-51612.exe
2928	Unicorn-51612.exe
3044	Unicorn-47040.exe
3044	Unicorn-47040.exe
1012	Unicorn-64824.exe
1012	Unicorn-64824.exe
1968	Unicorn-37776.exe
1968	Unicorn-37776.exe
2088	Unicorn-13485.exe
2088	Unicorn-13485.exe
1504	Unicorn-41306.exe
1504	Unicorn-41306.exe
1640	Unicorn-62686.exe
1640	Unicorn-62686.exe
1800	Unicorn-17570.exe
1800	Unicorn-17570.exe

Program crash 16 IoCs

pid	pid_target	Process	procid_target
2008	1012	WerFault.exe	44
880	1496	WerFault.exe	54
2740	2968	WerFault.exe	71
1028	1616	WerFault.exe	72
2312	1944	WerFault.exe	108
1816	2864	WerFault.exe	96
1276	560	WerFault.exe	103
1668	2092	WerFault.exe	98
2440	456	WerFault.exe	99
2768	1260	WerFault.exe	134
1744	2888	WerFault.exe	126
2068	2536	WerFault.exe	149
1524	1468	WerFault.exe	163
2800	1520	WerFault.exe	137
3372	1016	WerFault.exe	178
4004	3264	WerFault.exe	254

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1424	37384a99144571d76343010aa576a62d.exe
2256	Unicorn-28099.exe
2728	Unicorn-51809.exe
2860	Unicorn-30537.exe
2064	Unicorn-7507.exe
3036	Unicorn-63485.exe
2652	Unicorn-26174.exe
1904	Unicorn-25873.exe
3044	Unicorn-47040.exe
648	Unicorn-44347.exe
1504	Unicorn-41306.exe
1968	Unicorn-37776.exe
688	Unicorn-5104.exe
2784	Unicorn-18473.exe
2656	Unicorn-8441.exe
1572	Unicorn-6775.exe
2928	Unicorn-51612.exe
1012	Unicorn-64824.exe
1800	Unicorn-17570.exe
2088	Unicorn-13485.exe
2488	Unicorn-60226.exe
1540	Unicorn-33605.exe
1640	Unicorn-62686.exe
1636	Unicorn-31467.exe
2312	Unicorn-48550.exe
2144	Unicorn-5016.exe
2460	Unicorn-11601.exe
1496	Unicorn-60787.exe
2216	Unicorn-49090.exe
1604	Unicorn-32775.exe
2776	Unicorn-24969.exe
2440	Unicorn-1856.exe
2244	Unicorn-42697.exe
2832	Unicorn-30999.exe
2284	Unicorn-21461.exe
3024	Unicorn-53579.exe
2852	Unicorn-37221.exe
2788	Unicorn-57087.exe
2644	Unicorn-41327.exe
2604	Unicorn-58218.exe
2620	Unicorn-8462.exe
3000	Unicorn-2795.exe
2756	Unicorn-55525.exe
1956	Unicorn-59609.exe
2980	Unicorn-53278.exe
896	Unicorn-26636.exe
2968	Unicorn-36942.exe
1616	Unicorn-45665.exe
1632	Unicorn-20968.exe
2084	Unicorn-55224.exe
2276	Unicorn-22360.exe
844	Unicorn-23682.exe
1808	Unicorn-48016.exe
1276	Unicorn-33626.exe
1928	Unicorn-37710.exe
2764	Unicorn-48016.exe
1528	Unicorn-38264.exe
528	Unicorn-15706.exe
764	Unicorn-6791.exe
1368	Unicorn-46241.exe
900	Unicorn-53854.exe
344	Unicorn-22120.exe
2296	Unicorn-7429.exe
2356	Unicorn-55883.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1424 wrote to memory of 2256	1424	37384a99144571d76343010aa576a62d.exe	28
PID 1424 wrote to memory of 2256	1424	37384a99144571d76343010aa576a62d.exe	28
PID 1424 wrote to memory of 2256	1424	37384a99144571d76343010aa576a62d.exe	28
PID 1424 wrote to memory of 2256	1424	37384a99144571d76343010aa576a62d.exe	28
PID 2256 wrote to memory of 2728	2256	Unicorn-28099.exe	29
PID 2256 wrote to memory of 2728	2256	Unicorn-28099.exe	29
PID 2256 wrote to memory of 2728	2256	Unicorn-28099.exe	29
PID 2256 wrote to memory of 2728	2256	Unicorn-28099.exe	29
PID 1424 wrote to memory of 2860	1424	37384a99144571d76343010aa576a62d.exe	30
PID 1424 wrote to memory of 2860	1424	37384a99144571d76343010aa576a62d.exe	30
PID 1424 wrote to memory of 2860	1424	37384a99144571d76343010aa576a62d.exe	30
PID 1424 wrote to memory of 2860	1424	37384a99144571d76343010aa576a62d.exe	30
PID 2256 wrote to memory of 3036	2256	Unicorn-28099.exe	32
PID 2256 wrote to memory of 3036	2256	Unicorn-28099.exe	32
PID 2256 wrote to memory of 3036	2256	Unicorn-28099.exe	32
PID 2256 wrote to memory of 3036	2256	Unicorn-28099.exe	32
PID 2728 wrote to memory of 2064	2728	Unicorn-51809.exe	31
PID 2728 wrote to memory of 2064	2728	Unicorn-51809.exe	31
PID 2728 wrote to memory of 2064	2728	Unicorn-51809.exe	31
PID 2728 wrote to memory of 2064	2728	Unicorn-51809.exe	31
PID 2860 wrote to memory of 2652	2860	Unicorn-30537.exe	33
PID 2860 wrote to memory of 2652	2860	Unicorn-30537.exe	33
PID 2860 wrote to memory of 2652	2860	Unicorn-30537.exe	33
PID 2860 wrote to memory of 2652	2860	Unicorn-30537.exe	33
PID 2064 wrote to memory of 1904	2064	Unicorn-7507.exe	34
PID 2064 wrote to memory of 1904	2064	Unicorn-7507.exe	34
PID 2064 wrote to memory of 1904	2064	Unicorn-7507.exe	34
PID 2064 wrote to memory of 1904	2064	Unicorn-7507.exe	34
PID 3036 wrote to memory of 648	3036	Unicorn-63485.exe	35
PID 3036 wrote to memory of 648	3036	Unicorn-63485.exe	35
PID 3036 wrote to memory of 648	3036	Unicorn-63485.exe	35
PID 3036 wrote to memory of 648	3036	Unicorn-63485.exe	35
PID 2728 wrote to memory of 3044	2728	Unicorn-51809.exe	36
PID 2728 wrote to memory of 3044	2728	Unicorn-51809.exe	36
PID 2728 wrote to memory of 3044	2728	Unicorn-51809.exe	36
PID 2728 wrote to memory of 3044	2728	Unicorn-51809.exe	36
PID 1904 wrote to memory of 1504	1904	Unicorn-25873.exe	42
PID 1904 wrote to memory of 1504	1904	Unicorn-25873.exe	42
PID 1904 wrote to memory of 1504	1904	Unicorn-25873.exe	42
PID 1904 wrote to memory of 1504	1904	Unicorn-25873.exe	42
PID 2860 wrote to memory of 1572	2860	Unicorn-30537.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-30537.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-30537.exe	39
PID 2860 wrote to memory of 1572	2860	Unicorn-30537.exe	39
PID 2652 wrote to memory of 2784	2652	Unicorn-26174.exe	41
PID 2652 wrote to memory of 2784	2652	Unicorn-26174.exe	41
PID 2652 wrote to memory of 2784	2652	Unicorn-26174.exe	41
PID 2652 wrote to memory of 2784	2652	Unicorn-26174.exe	41
PID 3044 wrote to memory of 2928	3044	Unicorn-47040.exe	38
PID 3044 wrote to memory of 2928	3044	Unicorn-47040.exe	38
PID 3044 wrote to memory of 2928	3044	Unicorn-47040.exe	38
PID 3044 wrote to memory of 2928	3044	Unicorn-47040.exe	38
PID 648 wrote to memory of 2656	648	Unicorn-44347.exe	37
PID 648 wrote to memory of 2656	648	Unicorn-44347.exe	37
PID 648 wrote to memory of 2656	648	Unicorn-44347.exe	37
PID 648 wrote to memory of 2656	648	Unicorn-44347.exe	37
PID 2064 wrote to memory of 688	2064	Unicorn-7507.exe	40
PID 2064 wrote to memory of 688	2064	Unicorn-7507.exe	40
PID 2064 wrote to memory of 688	2064	Unicorn-7507.exe	40
PID 2064 wrote to memory of 688	2064	Unicorn-7507.exe	40
PID 3036 wrote to memory of 1968	3036	Unicorn-63485.exe	43
PID 3036 wrote to memory of 1968	3036	Unicorn-63485.exe	43
PID 3036 wrote to memory of 1968	3036	Unicorn-63485.exe	43
PID 3036 wrote to memory of 1968	3036	Unicorn-63485.exe	43

C:\Users\Admin\AppData\Local\Temp\37384a99144571d76343010aa576a62d.exe
"C:\Users\Admin\AppData\Local\Temp\37384a99144571d76343010aa576a62d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1424
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53278.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24877.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54508.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        13⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5862.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        14⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16629.exe
        15⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        16⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        17⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
        18⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40770.exe
        19⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        20⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
        18⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        19⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20968.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43439.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23590.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        12⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        13⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60977.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe
        15⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        16⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
        17⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        18⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
        19⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50588.exe
        16⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        17⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        18⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55224.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38452.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23507.exe
        10⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52645.exe
        11⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        12⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe
        14⤵
        
        PID:3996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        10⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9451.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7429.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        10⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        11⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40085.exe
        12⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        13⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3463.exe
        15⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
        16⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        17⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
        16⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        14⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        15⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14698.exe
        16⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1887.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        11⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63577.exe
        12⤵
        
        PID:3896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18046.exe
        14⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
        15⤵
        
        PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22360.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4264.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        11⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7344.exe
        12⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
        13⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13667.exe
        10⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe
        13⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8294.exe
        14⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        15⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        16⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        17⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        18⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21871.exe
        10⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18092.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23682.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27954.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        11⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        13⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        15⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        16⤵
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35643.exe
        17⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
        18⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63039.exe
        9⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        10⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        11⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24221.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        13⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
        14⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54226.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8647.exe
        16⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13563.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54132.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
        10⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37710.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
        8⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39075.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        11⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
        12⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        13⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57087.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        10⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        11⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe
        12⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        7⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        11⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        12⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
        13⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        14⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
        15⤵
        
        PID:3672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 376
        9⤵
        Program crash
        
        PID:2068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 456 -s 384
        8⤵
        Program crash
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        7⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 200
        8⤵
        Program crash
        
        PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56571.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        11⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        12⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15706.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48120.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1127.exe
        12⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
        13⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        14⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3188.exe
        15⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
        16⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        17⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17511.exe
        10⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
        11⤵
        
        PID:3380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        10⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64952.exe
        11⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        12⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51045.exe
        13⤵
        
        PID:3664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58310.exe
        14⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        15⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32706.exe
        16⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53854.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
        8⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18655.exe
        9⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44586.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19179.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        12⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        13⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12276.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe
        11⤵
        
        PID:308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
        9⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22550.exe
        10⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        11⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
        13⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16422.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30760.exe
        15⤵
        
        PID:3744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60787.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45769.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33429.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        11⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        12⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
        13⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        14⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        15⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
        16⤵
        
        PID:732
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 376
        11⤵
        Program crash
        
        PID:1524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 376
        10⤵
        Program crash
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 380
        9⤵
        Program crash
        
        PID:1816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 376
        8⤵
        Program crash
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        7⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8159.exe
        11⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40286.exe
        12⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53951.exe
        13⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
        14⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35311.exe
        15⤵
        
        PID:3036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 376
        9⤵
        Program crash
        
        PID:1744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 368
        8⤵
        Program crash
        
        PID:1668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 376
        7⤵
        Program crash
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        7⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25845.exe
        9⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        10⤵
        
        PID:3264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 376
        11⤵
        Program crash
        
        PID:4004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 380
        10⤵
        Program crash
        
        PID:3372
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 380
        9⤵
        Program crash
        
        PID:2800
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 376
        8⤵
        Program crash
        
        PID:1276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 380
        7⤵
        Program crash
        
        PID:1028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 380
        6⤵
        Program crash
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56651.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58076.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        11⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2124.exe
        12⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        13⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
        14⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39940.exe
        15⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        16⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39399.exe
        15⤵
        
        PID:3444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2860
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6791.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        8⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10250.exe
        10⤵
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46241.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12061.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15757.exe
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10188.exe
        11⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33078.exe
        12⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
        13⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
        14⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        15⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
        16⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        14⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        15⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
        6⤵
        Executes dropped EXE
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
        7⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58963.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        9⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43790.exe
        10⤵
        
        PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53579.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4134.exe
        7⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62868.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
        9⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        10⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6161.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        15⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
        16⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24329.exe
        14⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
        15⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62712.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        10⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        11⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10396.exe
        12⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15716.exe
        13⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1787.exe
        14⤵
        
        PID:3564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61249.exe
        7⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
        10⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5274.exe
        11⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23204.exe
        12⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
        13⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11522.exe
        14⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17849.exe
        15⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57194.exe
        13⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46053.exe
        14⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65478.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        8⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        9⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
        10⤵
        
        PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58218.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60372.exe
        6⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6075.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
        9⤵
        
        PID:1772

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18087.exe

Filesize
184KB

MD5
1dd89245c81d4174f58a89ec1bed3afd

SHA1
39051ff0a581b9ed802a05ffb1d7bd8d11915688

SHA256
1e0389c99cfb9c6707c111c04585a57a9de430eea3e0a9355a94498ece5993ea

SHA512
520183f9931064a544fb80c068c9cd6939d65d6bde2ceaf248bce1fd797d08aa333153908ac745c5f465274c3c77d999c8d194f61d80cde6355c63fda73f55f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe

Filesize
184KB

MD5
9fdbc2501f2d5f92419b1ac6cc758304

SHA1
d91c7fed3baa8409a6e32b14a06dfdff409b2372

SHA256
b422c381a55f4fc3b5113c0ab447dca5ae814766c7f079d5dd138151616dd4f8

SHA512
65d7c0310be3ad4b4da9e1fb2b0d6f3358240574ffc3e7deac3d63cc3d80c14366d48cfbdba3882e2e3e5caadde7fedc522bee638c51c7681f5df4c9735fe590

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24636.exe

Filesize
184KB

MD5
605dc83937ecedbcc133186546102f4b

SHA1
e38365dd944d617f6c984b0dfe71ebacbd32d562

SHA256
a59def97fb6f3859b5d39b58a33acd5a8afa2857eb5e1fec71791cda33dfde95

SHA512
0e016908572a63df306525899bfcefe8b315a6d0f6894c533cd82ef83e390b3c2bd25f29d464a1e6f10a6dd59ae970b993938afae3aae8afba040da428704684

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe

Filesize
184KB

MD5
a9918bb6afe2b44047e4a3319d911bae

SHA1
400191517bde34724fe8c3bf4de5cc643748be5d

SHA256
ab3d1deca09ae1face101c0c4ced6b2a94715d11b122bc6522c19c77c45fefca

SHA512
d38ed3f698beff8ef41b6dc3bdc1709bf5daec0d3cf14b87edf4200715b2499270d2827b352481cee0f69377857a620d888eb925baa71b9d313b21ebe06e0f08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25975.exe

Filesize
184KB

MD5
17f67fb645858ca3ad65b626d7c87e67

SHA1
0521af70629cbaa9e04228dfbca8c1bb2a82bbdc

SHA256
387a87ec1ed40f4f140ee08ea6d3a87888386397ec7ec73cfd2ccb627bce085b

SHA512
0063ec9ed953381ad1b8309427289d9bd65a1109c0af7c17903718c408bd768ef9a833df81e602aa72b352f2955a11e90c263185ad6c77564c713f49aafdd6ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32118.exe

Filesize
184KB

MD5
9f8f4794cf386a67b4a8e4a207a3bc6b

SHA1
2f7291054d83b4bba7f8a7eaca018f884a762af1

SHA256
4991645554b899e74433810c4519f431b88d152bf8066632d8c27787f5b3a576

SHA512
53c26cb21b3cf56db568d859b36019672e35c832ef7829bffcc9318973a0f493e3361f4273963bdb83809e57a9fc1d4e8c4b328ab392b703483aa2d20b354ed5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37776.exe

Filesize
184KB

MD5
671667d56a78d1b77b73786ba29e1bc6

SHA1
10cb0048d0262575cf042b2687f02c1ede837356

SHA256
b63267e8a61eba21a9fd563899603f6f725fec7a8a19e538aa5cccc203c75325

SHA512
861fd4b71a07dd78d757f96e91120cafaf337adc9728e59fcc4ab6b5d97cc5985844d1ccc3acf6fd9c6833bcf7e19eb690fa547a355e7379afe9f7d983127ac6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe

Filesize
184KB

MD5
3c85a5ea23de251066aaaa40b366753d

SHA1
698e6477af51b7cc8971c2fc1d005b3097a0931e

SHA256
38140aa5c22164adcd35192208974f853be218fdcc3f5de94670e13524c0d9de

SHA512
a0b7c4d0283742574bc6046c7ac451508b8d3931217219bafb8cc2daeda3c2042beaaf76184bfe59e4628c7499b5f108468db5acbe6165ed14559dbc66730529

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5779.exe

Filesize
184KB

MD5
f22d12422fa535fe718c13286e08c273

SHA1
d331dc5fb6805ee4a88f3b365f3f64d64378d15d

SHA256
802cb4b77e073b391f6c236753dc910a335808412bba1ea4fe98c7d3dfef99c6

SHA512
41e04a6d29458e03a18bd2dc0bfb72aba138f0cbec24a506d7857ceafafe55deee69061810559610815c4fbc971d38e44c7d049e6ffcb2d4772fb786a29307bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59254.exe

Filesize
184KB

MD5
d86864af6172feb330782bd1ec410b88

SHA1
4ebfcc80c4f84cb1d08a653740ec054e4c9ab0d9

SHA256
8c2ef3bd9db54deebe36831b4ac835f4bb962c1275828074b4933c25ef8ba432

SHA512
782902f4653cf524bca2ad77b7775e4bb56b68a5a83c2905b8b9f2cd70412639c56f69b4fc5f4bd58ab187c1772d2ddf4ac92234abbfa6a41a07a76dd3a24e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe

Filesize
27KB

MD5
e795e096ff85b51f4642a60ad323dbe4

SHA1
8b3c4a947a00536669795469ea9ded6e7e35331c

SHA256
242908c99577fb7fa33ae12dba394afdf0c81367cb15ee53db6fca962feabcda

SHA512
ea8bec7b846c865cd54da23645d34128fb2a9566d55a35730d46489d0d280776f523f797d329641b101c13bb1874bf125d1752981e43ffa977394a9e972f3d87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe

Filesize
184KB

MD5
70e7881cae7860f8b0dc6371f59a47f9

SHA1
333a9fa1e8795fd10c6c61e29d48799c99483de9

SHA256
234b94d6a58d3f8bacea46dce570731b22d4bb683fa79b40cbf43faa01c4211a

SHA512
1883f41fe23e33026f2617a15b8ef68b0ac2f9dfeb2fd009217390a83ffede7cd0bd7d9f03b7da39b441fcbbff54af6d972c5c4c134dbd3460345621e5ba3363

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe

Filesize
184KB

MD5
7f2b106a2c2b99b4cc83488035343341

SHA1
1132bc36fbbb320fc61b9eeceb9fefa2d3bad0dc

SHA256
7f02c6a45b835aff6766ca93c0b5e633897311f77e5ae369e583c25d95e5e655

SHA512
4e4f57e650293ff7a76a8ef100b3a97ec807ed27dca8001b43ca05666a3d699a0749f67b8c3242b0f278c00a0bad196fddda83143584787ebf60045e8cef2c79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26174.exe

Filesize
184KB

MD5
fda81c99a917bb7dde7c2fd4a3bc469b

SHA1
2903ebf1a745a4d27e0a927bb52b9de6286e96bc

SHA256
08e46c8404e84579d389651a1a23df1611dd324b7d4752712198a1c769b247b8

SHA512
1c624a9bcc75ba2d1ec2807e0bb95ad037c94a30ee46cec5947b3e788d616bc50d775b568e6c1c90f9ccd92d3f1c1f3751043a1344b93ce6a99e06d0a373851e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe

Filesize
64KB

MD5
f287817bb5ff780013d6baa967e4b57f

SHA1
f36eb13c7b280ead29d0766418c052bd7df4126c

SHA256
d0a685f087620ed4517b203b3d8407bf065410aa5fd8e1cea6268708b0dc1a53

SHA512
d0f9fd4c3eaa319f032e9fa84244d51f5cb230e9ddb5d2ef1799f31cae7d78d0d8b6f6263f318e9de45b1f1a6082726885c2bb780416de9a1a7279348229d6d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28099.exe

Filesize
184KB

MD5
e9dc2f6c0117ca38aef02a114973e13a

SHA1
e8b749bbb021cdd7381d2b70d2593358abef29c9

SHA256
1262374d067d8cde27a422921ae4f885d72e0265fea4bbc3a089058475954dad

SHA512
65de574c3fa0c924570f7d817c63c8231b0b087d0fa0a06abe2dfb8d57f631287a047362530b9a49d4f42c9c39d57559e89ad2084d6560cfbdc58685331cf70e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe

Filesize
184KB

MD5
7e09f8a916aca247934b621fa8238c01

SHA1
32eb99450ff7b3cc39db13a9880cfd486e359ebf

SHA256
4ba1b8dc7238fafe14d3e2c67c99289be8541e67179621065147ceb3c9f34347

SHA512
9e5eba13e0842d83e35a65dde15a6322e266e37690a01e55018180955adfc64cad696164efc1d7dc142f1ade6ccc3a1e96623055f41eca241eab8063fccbaca8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44347.exe

Filesize
184KB

MD5
4db1c949918e762bbaa76df923e8af48

SHA1
bd8e4bb0bfd71c2686a1842ec0d45f11a4292c96

SHA256
250916c56ef1072a620d222a61b420a04365cd571abc3468020dd6867c84dab3

SHA512
1fb47bf2eca08eac560129c3fb9056fb9d68366a66bfdd36397801baf4abc746976a4317d3e45e30962cd49513a56df64d696f13063757a513c4a21b796ea208

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47040.exe

Filesize
184KB

MD5
002d1daab0bb8bc6939fd6fb335702e8

SHA1
6e937ac3a51f0cceb638d0b681b08e5844b0dbee

SHA256
3e377b1b384701330b9b09eb2069d0d5b5f0a125f0d58ac2172cfc98e5e76707

SHA512
8a4b357dbb326a7539b9ad4575d9230231e990bf4bfaecf8cdfd10956c45c04b01c43221cb81e3ad61bb8ceb911ce0ec41c766651f8913bc1f90d207f6956730

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5104.exe

Filesize
184KB

MD5
844be42b95a1acac0de08f8a0de7b773

SHA1
71df6fe6245681214467e73052edd02fc8db4652

SHA256
540fe27b34d72cae8f805a2d1018e91bd5bf0004c18d16c121b3088438ebbed5

SHA512
b9ad5464117c62dab739c2270eb057767debd080dcf51401dd54048cc76ff1d8793319fea284065bad2808e5b125238add12188a7101a020588ced6e15708fcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51612.exe

Filesize
184KB

MD5
ffbc4e117802c18a942e3ae632011f35

SHA1
d1a97a5b6eda4ee72f6006cecddff4809f1f2d35

SHA256
2fd333b655e6a9160bb12dc205b8ca1bee42a7f76cd342ed45a09b42d5818306

SHA512
6c39c1a8855d57f4d12d3dabf73633cadc970d02b0c2b0f76c672d1b74148a45bc5c7646e5525936f75445166eaad24e3bfcedfd221fd2fb71f2e9f2f3070f6c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51809.exe

Filesize
184KB

MD5
dd6fe00dc672e681782791b0c56554b5

SHA1
ae65a3a6b6bdf24374399a332b2e83895f14cac4

SHA256
da1a1c02e660b2a69bad01710f627b2af707bfd374264a4626e6d3e92f71f55c

SHA512
cd2d1271f3bb42b690a962335ddcacae9fa4a6f0ba58458f87c80d9e09799e059fc0c810f7c40f85e686276fdf8aa1b8acb8ff25673e993e4b597d80d587274a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63485.exe

Filesize
184KB

MD5
43b8ea3b84412c43cd69adc1c30c6b16

SHA1
ed1537de4a00e31a904e093aa206ba293b4edacf

SHA256
310609f00e65458b47c14d74f8819cbc4124273596bdd9ea90b64769751db8f1

SHA512
f3ed19d1f5b737b3ced665bb59fb1ae066c56eea420f6759c4d182b930f014b54574f0459fa7727aa3a8465bb362709fb7f8bc8f5d9ffdc6d0bf63188617f4aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe

Filesize
184KB

MD5
56e2cd657c695416f0185b7080db13a0

SHA1
59b9c41fbd5a46d114a104539ebc020ea31d0909

SHA256
7824ac4afc063cdc628a31931d0662b94e73d4f19852b704b8fb850aa4c2b9bf

SHA512
cbcfa8da0f4b42a78c21e3fe67ff8d9b45d0c9b9e0e0b8cdbd56e5e0f91938886a331b25662820574f43d78ce4dd7f8fe03b5a3eebaa7690f0dc74bfb78d18ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64824.exe

Filesize
170KB

MD5
d84978167a9d9eba35251aacb99fb8b3

SHA1
c9b0b48d32c61448b6def8c431b2d2c9aa532b82

SHA256
5aaf9955e6a05147bb67e26bcc6c467ef7f95e8a1c27d8ac5aa413bb6e07ef83

SHA512
517ed48c1415d7cde68986699528ffc91c2e0a216a111a1c2befb9e05bf4bcd2fc48412c2d8a352213c72ae3815c17981845b5ea8ec10f65fb0f362ab065c23b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6775.exe

Filesize
184KB

MD5
7bf09c12744c69f5b277cf3fc1087145

SHA1
daf8fbdf7c8034df730340f2e89c5770d5397146

SHA256
37a264c318e0e98c4a56b5a8b0524cf67fd8c56b74d534c3c40b3debf24c5d27

SHA512
dca5f1f679633bf397ce2cb8d310ad95ed5eaeaec8d12e98d0ef3450ab43b9017ce1f67d8841768f464da2c3d73cc01b8d1c34b59b102c579c763ca7ad653e55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe

Filesize
184KB

MD5
35e2458b549bbb7bb0fba4364a4ce9db

SHA1
fd1c4110eb5066c51b27ebce6a8d62069bad6168

SHA256
58f05e9b565a5bc8d61faeef6dd2d7b511ed4594b242ffd43bd76f13b7fdc119

SHA512
382a9b7130a31aae68c4d9a09e0fd46dcc6d0b193d5970125f3e65c7bd562d5b9a244f66d76686dd79df7e156536e53e992eaa244ae962f2564e2969909f27e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8441.exe

Filesize
184KB

MD5
760b5f4d0f28836db083dca7866bd6ef

SHA1
36eefa09d06fcf7addcc7a963edb0f623a02cfec

SHA256
96c23b1767bce5358786c883a8acb8373ccfcf64c6e1bdb274dce6bd78dd746c

SHA512
70caa4e6aa029d85639f8cc17d0df0f32c075d0a2ff72d5aca2bb8c7267d9995962964cbf86a4d88b65bd26dca7f18b52b5c2c3142a9521c48532970316d7290

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads