16a3ae8bbe390f4e59114d1bef1767b2215701c9c5e7e39f3b63bec72b18bc9c

Analysis

max time kernel
34s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

64232300ae48b234b6d9a50439344653.exe
Size

184KB
MD5

64232300ae48b234b6d9a50439344653
SHA1

0a8fb6262c5e5d7fd6319ab0011dc1e026fc6c8c
SHA256

16a3ae8bbe390f4e59114d1bef1767b2215701c9c5e7e39f3b63bec72b18bc9c
SHA512

21f88778d0ec8450b2c26d4b7d242f119f28e8526f638ea8c14a20cefecb4e7f9783527d8c22ea52f183928489259998135a0f49c393454cb5c87d55e1523c0d
SSDEEP

3072:S++yoEuHXpA8k5//wTOS08db3et6VdzhBR7x+Sd9PNlPvpFc:S+roPG8kVwqS08p1ggNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2164	Unicorn-31676.exe
2752	Unicorn-24907.exe
2852	Unicorn-54927.exe
2728	Unicorn-8861.exe
2524	Unicorn-36935.exe
2612	Unicorn-41534.exe
1980	Unicorn-28831.exe
2896	Unicorn-8773.exe
1404	Unicorn-46428.exe
2792	Unicorn-52842.exe
300	Unicorn-39717.exe
2104	Unicorn-8548.exe
1688	Unicorn-54028.exe
1560	Unicorn-41797.exe
2240	Unicorn-21704.exe
2212	Unicorn-34894.exe
2056	Unicorn-39493.exe
592	Unicorn-2606.exe
1396	Unicorn-6820.exe
2364	Unicorn-45347.exe
2488	Unicorn-10406.exe
2416	Unicorn-60640.exe
1932	Unicorn-27968.exe
1944	Unicorn-24521.exe
1624	Unicorn-58497.exe
1080	Unicorn-10557.exe
1260	Unicorn-6535.exe
1964	Unicorn-43614.exe
332	Unicorn-43614.exe
1524	Unicorn-37095.exe
2512	Unicorn-56961.exe
1516	Unicorn-4423.exe
2032	Unicorn-24502.exe
2840	Unicorn-2498.exe
2768	Unicorn-40153.exe
2744	Unicorn-31225.exe
2916	Unicorn-11935.exe
2660	Unicorn-14203.exe
2608	Unicorn-60643.exe
1532	Unicorn-60415.exe
2348	Unicorn-19466.exe
2928	Unicorn-29087.exe
2168	Unicorn-13061.exe
1732	Unicorn-4016.exe
1800	Unicorn-56938.exe
1036	Unicorn-1904.exe
1044	Unicorn-36845.exe
2756	Unicorn-17939.exe
2788	Unicorn-22538.exe
2856	Unicorn-37805.exe
1692	Unicorn-51188.exe
2128	Unicorn-29165.exe
1972	Unicorn-13103.exe
1772	Unicorn-2486.exe
1872	Unicorn-15869.exe
912	Unicorn-57826.exe
448	Unicorn-11780.exe
616	Unicorn-58568.exe
892	Unicorn-2401.exe
916	Unicorn-57585.exe
1276	Unicorn-35215.exe
3020	Unicorn-63457.exe
1808	Unicorn-23980.exe
996	Unicorn-43846.exe

Loads dropped DLL 64 IoCs

pid	Process
1340	64232300ae48b234b6d9a50439344653.exe
1340	64232300ae48b234b6d9a50439344653.exe
2164	Unicorn-31676.exe
2164	Unicorn-31676.exe
1340	64232300ae48b234b6d9a50439344653.exe
1340	64232300ae48b234b6d9a50439344653.exe
2752	Unicorn-24907.exe
2752	Unicorn-24907.exe
2164	Unicorn-31676.exe
2164	Unicorn-31676.exe
2852	Unicorn-54927.exe
2852	Unicorn-54927.exe
2728	Unicorn-8861.exe
2728	Unicorn-8861.exe
2752	Unicorn-24907.exe
2752	Unicorn-24907.exe
2524	Unicorn-36935.exe
2524	Unicorn-36935.exe
2612	Unicorn-41534.exe
2612	Unicorn-41534.exe
2852	Unicorn-54927.exe
2852	Unicorn-54927.exe
1980	Unicorn-28831.exe
1980	Unicorn-28831.exe
2728	Unicorn-8861.exe
2728	Unicorn-8861.exe
2896	Unicorn-8773.exe
2896	Unicorn-8773.exe
1404	Unicorn-46428.exe
1404	Unicorn-46428.exe
2524	Unicorn-36935.exe
2524	Unicorn-36935.exe
2792	Unicorn-52842.exe
2792	Unicorn-52842.exe
2612	Unicorn-41534.exe
2612	Unicorn-41534.exe
300	Unicorn-39717.exe
300	Unicorn-39717.exe
2104	Unicorn-8548.exe
2104	Unicorn-8548.exe
1980	Unicorn-28831.exe
1980	Unicorn-28831.exe
1688	Unicorn-54028.exe
1688	Unicorn-54028.exe
1560	Unicorn-41797.exe
1560	Unicorn-41797.exe
2896	Unicorn-8773.exe
2896	Unicorn-8773.exe
2212	Unicorn-34894.exe
2212	Unicorn-34894.exe
2056	Unicorn-39493.exe
2056	Unicorn-39493.exe
2792	Unicorn-52842.exe
2792	Unicorn-52842.exe
592	Unicorn-2606.exe
2240	Unicorn-21704.exe
2240	Unicorn-21704.exe
592	Unicorn-2606.exe
1404	Unicorn-46428.exe
1396	Unicorn-6820.exe
1404	Unicorn-46428.exe
1396	Unicorn-6820.exe
300	Unicorn-39717.exe
300	Unicorn-39717.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2716	2844	WerFault.exe	165
1492	2032	WerFault.exe	171
2900	2708	WerFault.exe	170
2752	1696	WerFault.exe	202
1988	2956	WerFault.exe	290
3312	3056	WerFault.exe	296

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1340	64232300ae48b234b6d9a50439344653.exe
2164	Unicorn-31676.exe
2752	Unicorn-24907.exe
2852	Unicorn-54927.exe
2728	Unicorn-8861.exe
2524	Unicorn-36935.exe
2612	Unicorn-41534.exe
1980	Unicorn-28831.exe
2896	Unicorn-8773.exe
1404	Unicorn-46428.exe
2792	Unicorn-52842.exe
300	Unicorn-39717.exe
2104	Unicorn-8548.exe
1688	Unicorn-54028.exe
1560	Unicorn-41797.exe
2240	Unicorn-21704.exe
2212	Unicorn-34894.exe
2056	Unicorn-39493.exe
592	Unicorn-2606.exe
1396	Unicorn-6820.exe
2364	Unicorn-45347.exe
2488	Unicorn-10406.exe
2416	Unicorn-60640.exe
1932	Unicorn-27968.exe
1944	Unicorn-24521.exe
1624	Unicorn-58497.exe
1080	Unicorn-10557.exe
1260	Unicorn-6535.exe
332	Unicorn-43614.exe
1964	Unicorn-43614.exe
2512	Unicorn-56961.exe
1524	Unicorn-37095.exe
1516	Unicorn-4423.exe
2032	Unicorn-24502.exe
2840	Unicorn-2498.exe
2768	Unicorn-40153.exe
2744	Unicorn-31225.exe
2916	Unicorn-11935.exe
2660	Unicorn-14203.exe
2608	Unicorn-60643.exe
1532	Unicorn-60415.exe
2928	Unicorn-29087.exe
2348	Unicorn-19466.exe
1800	Unicorn-56938.exe
2168	Unicorn-13061.exe
1732	Unicorn-4016.exe
1044	Unicorn-36845.exe
1036	Unicorn-1904.exe
2128	Unicorn-29165.exe
2788	Unicorn-22538.exe
2756	Unicorn-17939.exe
2856	Unicorn-37805.exe
1692	Unicorn-51188.exe
1972	Unicorn-13103.exe
1772	Unicorn-2486.exe
1872	Unicorn-15869.exe
912	Unicorn-57826.exe
448	Unicorn-11780.exe
616	Unicorn-58568.exe
892	Unicorn-2401.exe
916	Unicorn-57585.exe
3020	Unicorn-63457.exe
1276	Unicorn-35215.exe
1808	Unicorn-23980.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2164	1340	64232300ae48b234b6d9a50439344653.exe	28
PID 1340 wrote to memory of 2164	1340	64232300ae48b234b6d9a50439344653.exe	28
PID 1340 wrote to memory of 2164	1340	64232300ae48b234b6d9a50439344653.exe	28
PID 1340 wrote to memory of 2164	1340	64232300ae48b234b6d9a50439344653.exe	28
PID 2164 wrote to memory of 2752	2164	Unicorn-31676.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-31676.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-31676.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-31676.exe	29
PID 1340 wrote to memory of 2852	1340	64232300ae48b234b6d9a50439344653.exe	30
PID 1340 wrote to memory of 2852	1340	64232300ae48b234b6d9a50439344653.exe	30
PID 1340 wrote to memory of 2852	1340	64232300ae48b234b6d9a50439344653.exe	30
PID 1340 wrote to memory of 2852	1340	64232300ae48b234b6d9a50439344653.exe	30
PID 2752 wrote to memory of 2728	2752	Unicorn-24907.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-24907.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-24907.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-24907.exe	33
PID 2164 wrote to memory of 2524	2164	Unicorn-31676.exe	32
PID 2164 wrote to memory of 2524	2164	Unicorn-31676.exe	32
PID 2164 wrote to memory of 2524	2164	Unicorn-31676.exe	32
PID 2164 wrote to memory of 2524	2164	Unicorn-31676.exe	32
PID 2852 wrote to memory of 2612	2852	Unicorn-54927.exe	31
PID 2852 wrote to memory of 2612	2852	Unicorn-54927.exe	31
PID 2852 wrote to memory of 2612	2852	Unicorn-54927.exe	31
PID 2852 wrote to memory of 2612	2852	Unicorn-54927.exe	31
PID 2728 wrote to memory of 1980	2728	Unicorn-8861.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8861.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8861.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8861.exe	38
PID 2752 wrote to memory of 2896	2752	Unicorn-24907.exe	34
PID 2752 wrote to memory of 2896	2752	Unicorn-24907.exe	34
PID 2752 wrote to memory of 2896	2752	Unicorn-24907.exe	34
PID 2752 wrote to memory of 2896	2752	Unicorn-24907.exe	34
PID 2524 wrote to memory of 1404	2524	Unicorn-36935.exe	37
PID 2524 wrote to memory of 1404	2524	Unicorn-36935.exe	37
PID 2524 wrote to memory of 1404	2524	Unicorn-36935.exe	37
PID 2524 wrote to memory of 1404	2524	Unicorn-36935.exe	37
PID 2612 wrote to memory of 2792	2612	Unicorn-41534.exe	35
PID 2612 wrote to memory of 2792	2612	Unicorn-41534.exe	35
PID 2612 wrote to memory of 2792	2612	Unicorn-41534.exe	35
PID 2612 wrote to memory of 2792	2612	Unicorn-41534.exe	35
PID 2852 wrote to memory of 300	2852	Unicorn-54927.exe	36
PID 2852 wrote to memory of 300	2852	Unicorn-54927.exe	36
PID 2852 wrote to memory of 300	2852	Unicorn-54927.exe	36
PID 2852 wrote to memory of 300	2852	Unicorn-54927.exe	36
PID 1980 wrote to memory of 2104	1980	Unicorn-28831.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-28831.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-28831.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-28831.exe	46
PID 2728 wrote to memory of 1688	2728	Unicorn-8861.exe	45
PID 2728 wrote to memory of 1688	2728	Unicorn-8861.exe	45
PID 2728 wrote to memory of 1688	2728	Unicorn-8861.exe	45
PID 2728 wrote to memory of 1688	2728	Unicorn-8861.exe	45
PID 2896 wrote to memory of 1560	2896	Unicorn-8773.exe	44
PID 2896 wrote to memory of 1560	2896	Unicorn-8773.exe	44
PID 2896 wrote to memory of 1560	2896	Unicorn-8773.exe	44
PID 2896 wrote to memory of 1560	2896	Unicorn-8773.exe	44
PID 1404 wrote to memory of 2240	1404	Unicorn-46428.exe	39
PID 1404 wrote to memory of 2240	1404	Unicorn-46428.exe	39
PID 1404 wrote to memory of 2240	1404	Unicorn-46428.exe	39
PID 1404 wrote to memory of 2240	1404	Unicorn-46428.exe	39
PID 2524 wrote to memory of 2212	2524	Unicorn-36935.exe	43
PID 2524 wrote to memory of 2212	2524	Unicorn-36935.exe	43
PID 2524 wrote to memory of 2212	2524	Unicorn-36935.exe	43
PID 2524 wrote to memory of 2212	2524	Unicorn-36935.exe	43

C:\Users\Admin\AppData\Local\Temp\64232300ae48b234b6d9a50439344653.exe
"C:\Users\Admin\AppData\Local\Temp\64232300ae48b234b6d9a50439344653.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43846.exe
        9⤵
        Executes dropped EXE
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
        10⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15969.exe
        12⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
        13⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4847.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        10⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        11⤵
        Program crash
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44556.exe
        9⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        10⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        12⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
        12⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32175.exe
        11⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53388.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        9⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6431.exe
        10⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49905.exe
        11⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23840.exe
        12⤵
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31225.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29683.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        10⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22881.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38692.exe
        12⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38702.exe
        7⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
        9⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49964.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        12⤵
        
        PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60640.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2486.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
        9⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55929.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        11⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        12⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        12⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        10⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13372.exe
        12⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12438.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25284.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        11⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19009.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        8⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        9⤵
        
        PID:2032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
        10⤵
        Program crash
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        9⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48693.exe
        10⤵
        
        PID:1276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2498.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56638.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2401.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        11⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
        7⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
        11⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17292.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64794.exe
        13⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47521.exe
        10⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        8⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43581.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        12⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        13⤵
        
        PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        8⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14425.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
        10⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
        11⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34520.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26526.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35096.exe
        12⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
        12⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
        13⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        8⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        9⤵
        
        PID:2820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58568.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10668.exe
        8⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24521.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60415.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30593.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15729.exe
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11373.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16986.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        13⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55303.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-701.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49480.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        10⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57534.exe
        7⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        9⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6965.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46159.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
        12⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50518.exe
        10⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48387.exe
        9⤵
        
        PID:2804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5273.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25718.exe
        9⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        11⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32133.exe
        12⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38671.exe
        13⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        14⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21285.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52452.exe
        9⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2430.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        11⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56282.exe
        8⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47426.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15412.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
        11⤵
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55889.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27077.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28030.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21900.exe
        11⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61485.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29184.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        9⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8041.exe
        11⤵
        
        PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37095.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41978.exe
        7⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27254.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        10⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45277.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        12⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57440.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28285.exe
        8⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        10⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60644.exe
        6⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
        7⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50179.exe
        8⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65442.exe
        9⤵
        
        PID:1696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 244
        10⤵
        Program crash
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8580.exe
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45621.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8945.exe
        9⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        10⤵
        
        PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34894.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34894.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58497.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29087.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48999.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15463.exe
        11⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18473.exe
        12⤵
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18080.exe
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        7⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        8⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2631.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17141.exe
        10⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        6⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33566.exe
        8⤵
        
        PID:2312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57385.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8535.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30691.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9001.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21918.exe
        8⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65083.exe
        9⤵
        
        PID:2844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
        10⤵
        Program crash
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23656.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57584.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24708.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
        8⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25708.exe
        12⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 380
        12⤵
        Program crash
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-377.exe
        10⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        7⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49687.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57996.exe
        12⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        13⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63265.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        11⤵
        
        PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6535.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29165.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40198.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46392.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6995.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
        11⤵
        
        PID:2956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
        12⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1426.exe
        11⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29884.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41033.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20819.exe
        10⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23980.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
        7⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64840.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        9⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        10⤵
        
        PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24713.exe
        7⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
        8⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11949.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
        11⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        12⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
        6⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
        7⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24589.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62402.exe
        11⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
        12⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58468.exe
        10⤵
        
        PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1904.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22653.exe
        6⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15008.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47565.exe
        10⤵
        
        PID:3008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56961.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36845.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        7⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39591.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-184.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55575.exe
        12⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        7⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29531.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1211.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62889.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37810.exe
        11⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56340.exe
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57585.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46676.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57572.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        11⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42968.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22906.exe
        10⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
        8⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10716.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42935.exe
        11⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        10⤵
        
        PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4423.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
        6⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58405.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59639.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11851.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
        11⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        12⤵
        
        PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe

Filesize
184KB

MD5
8249b8d4de618b9799bad48e381ffe72

SHA1
fe365696d367c5fbd7d4ec5c95c29596d9a6b928

SHA256
2a332560bfd2e96941e01d3b1f8ab61088d9a278a89d589fc00a17bfa32f4a54

SHA512
e1847b25bacde86e5a4a3ea432a1d5aa7472da4d98c0746f30954ec4e0e3109fbc3a15e4254dbb15bcf5f44226fd5b6b71d8b95ff76357eb74b27db227677865

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe

Filesize
184KB

MD5
b3cb4efbbcd5b5d1c6ad74a5f55269e5

SHA1
10c6c0672a2237cad57c460c4365d2de80b026d4

SHA256
74ccec18e719994addb1f38a66870529d062e8faaebfc84d87cd1433dad60570

SHA512
177cce906faf9a00da82c182a667c339d3fbb195c6077f99141102cd57fb1c4ab5d044eb585fd5b8ef70da0e915ac80d3e0b844e8296a2ea735b5ef5e62c4f8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2606.exe

Filesize
184KB

MD5
4f372f50e61aada95a9fed64aca1b91c

SHA1
68f4f748f0af8bdde170b176fa5b9b91ca5e7cb3

SHA256
0894aa3c644b75f8c157c53d1000b88672313aa1e66bbf63fe83bd326e3c1dfd

SHA512
1747f83b64c15ea2eb3b39409fd7fc2a238297c57503d8acec8ecfee5ca92cae220d4011a17c9a2c20cc43bdaa80a9058b6c8c0905b7c59667b4c46683f5c114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe

Filesize
184KB

MD5
478c73c46db179dd9ed7ef13e08cbccc

SHA1
9dbd968563b6150add27be3732380c5afb1240ee

SHA256
92cb2ad3faa198a80cb6b684885424203866dc276d15041c127f660a1391f214

SHA512
3d90ba6ec796e8e3895b218de3aaae7f31be5c2009f0d25c86d5b6e30143cde6fa67b50cd8a29ef0790b447f6feebb329a4e0f24cdd4a14f5c589daa416aec47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
8KB

MD5
5515d784395cd1b4dd151fcfee87a56e

SHA1
3246773a549602fc1ad169ff37c3063837230442

SHA256
312bbdeadcd80c1cb6a6e5544408ccd96f678b3343a6e61ba70af86795b3e45a

SHA512
d4d77985a69ae0b6678c0cc6ff5dfeff58538a13c91b016616e84cdd297a3d20426231552fd55cf6ab076d667e785576bd0568fc76f68fffbb84969a204ee286

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
23KB

MD5
6908485d6ae4f5baec2d272746731d43

SHA1
424efd6a2b42da9b10946c08d536018b80c8ef3e

SHA256
afb0a46a04b60e6bfa7dc89a49f492b1dacfb310a41ce6ce99f14839c236147c

SHA512
a62f0739a34228716866897ad237a581de7c6699b0d4bd265f585f21ab31e9964037cb4655459b3c3aa4cb7cdd9306f05b497105fadc76321751df8c8db86d2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34894.exe

Filesize
184KB

MD5
9e6a67d02ef1d0bdf397a7fc32a3e8d9

SHA1
16b72199fc9b4880ec3300c28de17b468eb2475c

SHA256
a2139076f716fbda9750089f52919a1fe4736057595603e633a30c2b79791d5c

SHA512
4f0c09ab5109282c62ae370e594a3cb5202f4e3ca6b6e71076e555c17e56209c36f35e541b85565b293973f0c505bdba54f8e55db9f75db1b2cfb19f29a724b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36935.exe

Filesize
184KB

MD5
bbc64e08e68508d09dccb5a5e325c015

SHA1
5b00bf3c12ce38bea35540f427d5880b4e54549a

SHA256
ac158323e48de9cc5ae359009e6bef7e871d63894149f665805b8303c9387362

SHA512
c134682a2b1afb18f48794b2fc06d13704f1b3a6646c676f2af4166e73ef73f17fc2467c60fd0b13009a55a88bbb56c06f175cee49b9734e8b8fe7255869a2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39493.exe

Filesize
184KB

MD5
2b753f2415eba003bd7cc78cc638c508

SHA1
a81c8f1e2b2d274fd54098137b2a21f5cc6f555e

SHA256
9fe174bfc66101b8bf0e40493e3d70071c9b44ed1c6fdd840e47e46c61440a27

SHA512
deb67b0ab0c5e18216895919cf95c82d546116c6e3d2f92e0a02adb242661859ffd86805ccda8e6956de6449472b7e2c66ac1d721c16e363a4a2559e1fee2955

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe

Filesize
184KB

MD5
1532859f2047e7080681c4942a4f3486

SHA1
93f229d6180235b26a8e422da60f31aaf1db4bc2

SHA256
82c66926d482a0a49eb35859e5b53a183f3e63e1ed86d421ef7890d3e7c4a18b

SHA512
d9c52994f13fc1eaf20598cb09ea5799ff992c4ff168b39d51573a5549caabce5515a72e376be039f6453f5042cc4dc98b033dde831a928fd1b2f10db6dd4774

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe

Filesize
184KB

MD5
d9ef0a853dc5beb27f2cb7528381f3ef

SHA1
e6fbf8bcb1d8706de7e6959c1f64b8ff118de788

SHA256
6a2cac316eabae65e5e0c153df3d07cb7584cee09980eb7b5f8c990eca5f2010

SHA512
bfe384e85bd0fa644125f0f9228577ba9a575ae7d254ce560fa91dfeb88b74ba127c2d9cbd9736ee40734c94944674e1c8f738de62967d4277f213030fcec201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe

Filesize
184KB

MD5
2fdc4b6a3f3ba1cd9ff91411e2421af9

SHA1
ad574509581b6469ef171e5850d15f456bfdac02

SHA256
f72cb90a3014b69fb8db554e6b03972c68f719682d3060bef221ee5d37d236cb

SHA512
07c4c5ef8dafdc73c411e3d5fa235ac0f733b03a6dc206369e75067ca5b22b76f154e3ab97f8c5776a026a19f86f4a041aab1741ea00600f472990b620d558ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe

Filesize
184KB

MD5
9675d1708195d85504099cbd39a95bf4

SHA1
7554364621b9c8caa2790957849b454358f6f4c8

SHA256
20ebd887789df5b1c3992c65919e747eed624452f8662b0b15c928c2718a009e

SHA512
0bf0bb1ddca09916d73a69a567ff78bbb829fce5a4b43ecbbd1ff665e39d80c5320f6366918d7351409d49f30bf8af44dacdac8bbe01fd68589aa2090d23b5cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe

Filesize
184KB

MD5
7f3dc17c4c6720fc8629d460e07d5748

SHA1
29042a9649b4f319d6d7433d7860cdc423d3bbaf

SHA256
ebb2cae869726058d8005a6a6420b6400e923d8647752264cb4ae5aa8c6eb3ea

SHA512
29c989603a5ff1ccfc3e3ac8a0071839b1832580247e77d3be09608e548353f2329d09c34a9fc7459ce213dd5b5f8c0f7d5669124567f3ce407833284a5de1e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe

Filesize
112KB

MD5
b91a567ed0f8c641326f61f957d50d10

SHA1
4fe475a3b32d73f7e396477b5555ca44a4b41784

SHA256
57f759dfe8672ba72cc8a93bd15954960a00e02698cee4c93a80689b2d462305

SHA512
a005d83ca8aa06470734079aa153a5526de96277dc3327eb42eedcfd188a9a522985be87693190b6c868cd4acca23ce31a06641091cfea18d74115ff28ffe999

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe

Filesize
184KB

MD5
feb2b91af929bd0c9bb9215d499846cd

SHA1
30d5427b1efe002e361f69832ca9c49b21c0b5d4

SHA256
a8010d39eefb520ce9c5c5d0f6feecff492d58d8af3e7f04938d9072ebd4d116

SHA512
eaf00cdb3f2cc6a1bbf6648228a74cf378e4b2f03293a5f38c1c2af0030d138fc3088c00d4ccf9822ebebfee26fcc50ba4c86b28bbf42c2faed9f38a2b2b1267

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe

Filesize
184KB

MD5
2e2ffcd97f033e1bf340feff34b507d0

SHA1
b240a84fed7f01b879132d8d1b2842a8183804bf

SHA256
f603053bb878ebad1fc1cdf1d943692115abd033dc3973ea2e2ce7225b0ad873

SHA512
44e20328e4ff2fdc4dd69abbab00a268801c3e38e77183dd3da7400d0ffadbba4ab6419af54d75b9232fb94c701b4e8d997a8b20adc812236b1de57ff9254de2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe

Filesize
184KB

MD5
f6c8d73c4c5db4c561f83600bc3c09fb

SHA1
fd6821834e8c99eb1403b6a6a521478ba8519e28

SHA256
7a94e68c65b8aa391ef2843bfca15ff22d0cd32765e17fe32a42fc3e49402606

SHA512
1992ef699b92dd9925a7457b99250cd30514e2c5a31887b28f06f451fffe096907c66a6a3845b1c1405fa18bfc5b64849ced8a43185674ad844c7e4146470af1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe

Filesize
184KB

MD5
fe03f781657190a5c6f6dc4844b04d8c

SHA1
242a472d3242d689b03a4953f6f89120a6fa1b64

SHA256
40cb2f0f930c3219f540a663ba4b046b938f89a2403908fa33c48428c419e959

SHA512
a634476dfe4c680c033a7f79fbba330d678e6bf5c696df5e729984f7c7e975fa37011b4f7d11e3112a63dd31e40a8b367d99ee976a21740e8c95fcddbf327dc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8773.exe

Filesize
184KB

MD5
81999880ce97251803b6a4aca0e90a36

SHA1
e09cbd8e44dd4db54b1d3473855179a52b9563ef

SHA256
a79943463c7f393c78bec6298023d97d60170ef254d0752cbe8cda33af44a929

SHA512
e87389ec82d4b668807be52f104b5bf6fad6764b6f7f4fc36fc29cd0ad43222b4f9b7295cc6bb7edb7d287bc14bc18d5f171bc300c0c331a69e28b0425ae9e05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe

Filesize
142KB

MD5
a5cd4eb91bd220f5b902515cb601ea84

SHA1
daff69f562778adf1dd4e2ec517e063d763af7c7

SHA256
3ead80cd910887d4b7c1b12e2acdf1fbf8e149e018236db4cce5f80a719b022c

SHA512
7d9f2e22721ac5ef8619ebd19bbd8ee8349c327ab2f3003262e703647b681bc70155f0e7eeb69e69e57d9f360509fb635ac344c7d23bb72a461985de01575f83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
64KB

MD5
ace02a6fe74e24b5406643ac037f65a1

SHA1
865b2bcb09495c39ff6c0566bd28d13293f9e05a

SHA256
246b596e020dbcc1a5f29ab525b5a538cb7715df4d6e325f38a7e60526e72def

SHA512
8b01264618dccd1ba591a9346c1fee45e44e2d15948209e62076a2a26ac9dd3c78feed99377f65647bcab43f16c0aaa2fa61495a55c33f6c1cabfc8653ec791d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
184KB

MD5
27348837dfa2ed3cc7b10a675e2894c5

SHA1
069a2f5defc7884618641f8e1e08f55c26caea98

SHA256
e91ef1c5d21f57ca6894bdd147c1e512158c5f27531df11f0cc24d96b0ec5c06

SHA512
a7dd9a689a06ebbb3edfceb783f9b4c3d199c5b4959a8593a386917fb7ff4aaf356931011d237e8737881ea1a0720440c320664821b15f20c607694fad365af3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39717.exe

Filesize
184KB

MD5
ab54f3323b5401bc39230f66caaf1c00

SHA1
cef0cef629296af666a25f636aadcd23602f4c14

SHA256
77af6ab51a5c620682fff625fdc01d0941e82688ac1cb16b0112bcbf96af2f39

SHA512
f1c4be10229eaf1de2f175e68a48056b9e161719a36511ec1b8116ac9e84ddad269940b4e466cc0279108918478210d34696fd6461e7b657ed7b38425dbe25a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41797.exe

Filesize
184KB

MD5
f89ffe80ad3fb272aa9b68b21e984d98

SHA1
ee71e743a27e1cf0fe007563f0a2415a2b3a2052

SHA256
567c6d42043d97094ba3141db4fc199f656daa4672f5c5d71d44f4eaf094343a

SHA512
f4b50b4f4a6d5b8fe7c9ec8632248a30204b932eb7fb178aca52dd638776b8ee29d7deac8bca8de4ba05085251d8d03f3483a9d71e1ae34f02da4a4ef77d3a7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe

Filesize
91KB

MD5
5c04ced84e47bdaa57d5182059317ea1

SHA1
9768b90c134c0b1dd1758ca6fe48833c44a95bbc

SHA256
b9258b1f8c7ad03c52bfc94e81df6dd6ec261191b060b8236adebbc5f65416fd

SHA512
0635a3e8c9c4c1d3583851dce6ab9e15cf819a72d5faa032ac31535279f0fd35553f0ce37c9e755b2dacd75c6b567ce160f2b7104172e9061cef6ffd40f5d88e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54927.exe

Filesize
179KB

MD5
c416dc89d173bad1a17fb9c4e885d143

SHA1
e60360b20d436db67655253d82df259925229a5a

SHA256
5fb86d03d4bf63b533c5ecab2d48a305964793ae237f0bfb5bf630b1e700cf5b

SHA512
259527f0507911e956b51c5a1a231e036ae55135f3d89a2e3731c5d03dff5b0414e09ca2e7ff7a1f1222c95f2dfa51c98af898d211367f1ac2f8a4fe3785439e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8861.exe

Filesize
184KB

MD5
65d3d3ebeb903a24cc26ab9ff31eb087

SHA1
c5c1c67e57f7b8c24c043b6b64a2b27c82bb23c8

SHA256
85fe7862f4e7120cba261bc616a33db1afaef2fd2c029186a83bfba6d4a021f4

SHA512
827dd3bb1665f442d494ca2ddb78f5839b38224cf90ec0c7cc452952d9a5697483a2ce16759111f0f6062d47176e3d637d735d1910a85140f8cefd95463129a3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads