9e4e691dc63d53ca8347a2e627cf0459d7368b31872549f97360fc1e456d07bd

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 19:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

78265fec76f8381e31a23cfda90191e0.exe
Size

184KB
MD5

78265fec76f8381e31a23cfda90191e0
SHA1

1c4163f323834b87addde4be9223a7e6b86d1f67
SHA256

9e4e691dc63d53ca8347a2e627cf0459d7368b31872549f97360fc1e456d07bd
SHA512

9dfe113c50f048963c953d835eb73f2bc50f82ef276902f53610b6e7c80ccb252ea7e8a26077100ea94faa0432590138a3e9713831d027d7a605dfee70f8bb4d
SSDEEP

3072:6FPSomLyoJw/oOj1o3Q6oJSLGYXMAoIw60xV+ELuNlvvpFB:6FKoWi/oKog6oJmxYyNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1968	Unicorn-57687.exe
1112	Unicorn-38227.exe
2668	Unicorn-61340.exe
2800	Unicorn-58730.exe
2812	Unicorn-12222.exe
2696	Unicorn-36172.exe
2116	Unicorn-22633.exe
1004	Unicorn-59389.exe
1580	Unicorn-20495.exe
2936	Unicorn-16965.exe
2916	Unicorn-8797.exe
1252	Unicorn-1190.exe
2736	Unicorn-49877.exe
1196	Unicorn-61382.exe
1964	Unicorn-31978.exe
3020	Unicorn-6727.exe
2268	Unicorn-53790.exe
3004	Unicorn-31232.exe
2436	Unicorn-23618.exe
1604	Unicorn-29862.exe
3016	Unicorn-57059.exe
756	Unicorn-19556.exe
768	Unicorn-38606.exe
1804	Unicorn-20686.exe
2196	Unicorn-58834.exe
2216	Unicorn-49296.exe
684	Unicorn-51242.exe
1708	Unicorn-31376.exe
1700	Unicorn-23531.exe
1592	Unicorn-56203.exe
3040	Unicorn-36337.exe
2984	Unicorn-9695.exe
2000	Unicorn-42197.exe
2708	Unicorn-65310.exe
3008	Unicorn-6016.exe
2580	Unicorn-61247.exe
2732	Unicorn-1740.exe
2596	Unicorn-349.exe
2600	Unicorn-33021.exe
2608	Unicorn-61055.exe
2536	Unicorn-10484.exe
2964	Unicorn-11039.exe
2940	Unicorn-20599.exe
2628	Unicorn-31267.exe
1344	Unicorn-19037.exe
1676	Unicorn-42149.exe
2884	Unicorn-16899.exe
2036	Unicorn-51709.exe
2032	Unicorn-19399.exe
592	Unicorn-64537.exe
2124	Unicorn-55300.exe
2332	Unicorn-31158.exe
1936	Unicorn-37018.exe
1276	Unicorn-1392.exe
1896	Unicorn-37594.exe
1188	Unicorn-49654.exe
932	Unicorn-36586.exe
2392	Unicorn-44008.exe
2384	Unicorn-39732.exe
2068	Unicorn-17942.exe
1588	Unicorn-53115.exe
2836	Unicorn-23780.exe
1088	Unicorn-25979.exe
2220	Unicorn-19203.exe

Loads dropped DLL 64 IoCs

pid	Process
2204	78265fec76f8381e31a23cfda90191e0.exe
2204	78265fec76f8381e31a23cfda90191e0.exe
1968	Unicorn-57687.exe
1968	Unicorn-57687.exe
2204	78265fec76f8381e31a23cfda90191e0.exe
2204	78265fec76f8381e31a23cfda90191e0.exe
1112	Unicorn-38227.exe
1112	Unicorn-38227.exe
1968	Unicorn-57687.exe
1968	Unicorn-57687.exe
2668	Unicorn-61340.exe
2668	Unicorn-61340.exe
2812	Unicorn-12222.exe
2812	Unicorn-12222.exe
2800	Unicorn-58730.exe
2800	Unicorn-58730.exe
2696	Unicorn-36172.exe
2696	Unicorn-36172.exe
1112	Unicorn-38227.exe
2668	Unicorn-61340.exe
2668	Unicorn-61340.exe
1112	Unicorn-38227.exe
2116	Unicorn-22633.exe
2116	Unicorn-22633.exe
2812	Unicorn-12222.exe
2812	Unicorn-12222.exe
1580	Unicorn-20495.exe
1580	Unicorn-20495.exe
2696	Unicorn-36172.exe
2696	Unicorn-36172.exe
2936	Unicorn-16965.exe
2936	Unicorn-16965.exe
2916	Unicorn-8797.exe
2916	Unicorn-8797.exe
1004	Unicorn-59389.exe
1004	Unicorn-59389.exe
2800	Unicorn-58730.exe
2800	Unicorn-58730.exe
1252	Unicorn-1190.exe
1252	Unicorn-1190.exe
2116	Unicorn-22633.exe
2116	Unicorn-22633.exe
2736	Unicorn-49877.exe
2736	Unicorn-49877.exe
1196	Unicorn-61382.exe
1196	Unicorn-61382.exe
1580	Unicorn-20495.exe
1580	Unicorn-20495.exe
1964	Unicorn-31978.exe
1964	Unicorn-31978.exe
3020	Unicorn-6727.exe
3020	Unicorn-6727.exe
2436	Unicorn-23618.exe
2936	Unicorn-16965.exe
2436	Unicorn-23618.exe
2936	Unicorn-16965.exe
2268	Unicorn-53790.exe
2268	Unicorn-53790.exe
3004	Unicorn-31232.exe
2916	Unicorn-8797.exe
3004	Unicorn-31232.exe
2916	Unicorn-8797.exe
1004	Unicorn-59389.exe
1004	Unicorn-59389.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2260	1088	WerFault.exe	92
3040	2496	WerFault.exe	130
776	1188	WerFault.exe	145
3016	2356	WerFault.exe	239
2584	2308	WerFault.exe	262
2852	2768	WerFault.exe	260
2924	1768	WerFault.exe	323

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2204	78265fec76f8381e31a23cfda90191e0.exe
1968	Unicorn-57687.exe
1112	Unicorn-38227.exe
2668	Unicorn-61340.exe
2812	Unicorn-12222.exe
2800	Unicorn-58730.exe
2696	Unicorn-36172.exe
2116	Unicorn-22633.exe
1004	Unicorn-59389.exe
1580	Unicorn-20495.exe
2936	Unicorn-16965.exe
2916	Unicorn-8797.exe
1252	Unicorn-1190.exe
2736	Unicorn-49877.exe
1196	Unicorn-61382.exe
1964	Unicorn-31978.exe
3020	Unicorn-6727.exe
2268	Unicorn-53790.exe
3004	Unicorn-31232.exe
2436	Unicorn-23618.exe
1604	Unicorn-29862.exe
3016	Unicorn-57059.exe
756	Unicorn-19556.exe
768	Unicorn-38606.exe
1804	Unicorn-20686.exe
2196	Unicorn-58834.exe
2216	Unicorn-49296.exe
684	Unicorn-51242.exe
1708	Unicorn-31376.exe
1700	Unicorn-23531.exe
3040	Unicorn-36337.exe
2984	Unicorn-9695.exe
1592	Unicorn-56203.exe
2000	Unicorn-42197.exe
2708	Unicorn-65310.exe
2596	Unicorn-349.exe
3008	Unicorn-6016.exe
2580	Unicorn-61247.exe
2732	Unicorn-1740.exe
2600	Unicorn-33021.exe
2608	Unicorn-61055.exe
2536	Unicorn-10484.exe
2964	Unicorn-11039.exe
2940	Unicorn-20599.exe
2628	Unicorn-31267.exe
1344	Unicorn-19037.exe
1676	Unicorn-42149.exe
2884	Unicorn-16899.exe
2036	Unicorn-51709.exe
2032	Unicorn-19399.exe
592	Unicorn-64537.exe
2124	Unicorn-55300.exe
2332	Unicorn-31158.exe
1936	Unicorn-37018.exe
1276	Unicorn-1392.exe
1896	Unicorn-37594.exe
1188	Unicorn-49654.exe
932	Unicorn-36586.exe
2392	Unicorn-44008.exe
2384	Unicorn-39732.exe
2068	Unicorn-17942.exe
2836	Unicorn-23780.exe
1588	Unicorn-53115.exe
2220	Unicorn-19203.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1968	2204	78265fec76f8381e31a23cfda90191e0.exe	28
PID 2204 wrote to memory of 1968	2204	78265fec76f8381e31a23cfda90191e0.exe	28
PID 2204 wrote to memory of 1968	2204	78265fec76f8381e31a23cfda90191e0.exe	28
PID 2204 wrote to memory of 1968	2204	78265fec76f8381e31a23cfda90191e0.exe	28
PID 1968 wrote to memory of 1112	1968	Unicorn-57687.exe	29
PID 1968 wrote to memory of 1112	1968	Unicorn-57687.exe	29
PID 1968 wrote to memory of 1112	1968	Unicorn-57687.exe	29
PID 1968 wrote to memory of 1112	1968	Unicorn-57687.exe	29
PID 2204 wrote to memory of 2668	2204	78265fec76f8381e31a23cfda90191e0.exe	30
PID 2204 wrote to memory of 2668	2204	78265fec76f8381e31a23cfda90191e0.exe	30
PID 2204 wrote to memory of 2668	2204	78265fec76f8381e31a23cfda90191e0.exe	30
PID 2204 wrote to memory of 2668	2204	78265fec76f8381e31a23cfda90191e0.exe	30
PID 1112 wrote to memory of 2800	1112	Unicorn-38227.exe	31
PID 1112 wrote to memory of 2800	1112	Unicorn-38227.exe	31
PID 1112 wrote to memory of 2800	1112	Unicorn-38227.exe	31
PID 1112 wrote to memory of 2800	1112	Unicorn-38227.exe	31
PID 1968 wrote to memory of 2812	1968	Unicorn-57687.exe	32
PID 1968 wrote to memory of 2812	1968	Unicorn-57687.exe	32
PID 1968 wrote to memory of 2812	1968	Unicorn-57687.exe	32
PID 1968 wrote to memory of 2812	1968	Unicorn-57687.exe	32
PID 2668 wrote to memory of 2696	2668	Unicorn-61340.exe	33
PID 2668 wrote to memory of 2696	2668	Unicorn-61340.exe	33
PID 2668 wrote to memory of 2696	2668	Unicorn-61340.exe	33
PID 2668 wrote to memory of 2696	2668	Unicorn-61340.exe	33
PID 2812 wrote to memory of 2116	2812	Unicorn-12222.exe	34
PID 2812 wrote to memory of 2116	2812	Unicorn-12222.exe	34
PID 2812 wrote to memory of 2116	2812	Unicorn-12222.exe	34
PID 2812 wrote to memory of 2116	2812	Unicorn-12222.exe	34
PID 2800 wrote to memory of 1004	2800	Unicorn-58730.exe	35
PID 2800 wrote to memory of 1004	2800	Unicorn-58730.exe	35
PID 2800 wrote to memory of 1004	2800	Unicorn-58730.exe	35
PID 2800 wrote to memory of 1004	2800	Unicorn-58730.exe	35
PID 2696 wrote to memory of 1580	2696	Unicorn-36172.exe	36
PID 2696 wrote to memory of 1580	2696	Unicorn-36172.exe	36
PID 2696 wrote to memory of 1580	2696	Unicorn-36172.exe	36
PID 2696 wrote to memory of 1580	2696	Unicorn-36172.exe	36
PID 2668 wrote to memory of 2936	2668	Unicorn-61340.exe	37
PID 2668 wrote to memory of 2936	2668	Unicorn-61340.exe	37
PID 2668 wrote to memory of 2936	2668	Unicorn-61340.exe	37
PID 2668 wrote to memory of 2936	2668	Unicorn-61340.exe	37
PID 1112 wrote to memory of 2916	1112	Unicorn-38227.exe	38
PID 1112 wrote to memory of 2916	1112	Unicorn-38227.exe	38
PID 1112 wrote to memory of 2916	1112	Unicorn-38227.exe	38
PID 1112 wrote to memory of 2916	1112	Unicorn-38227.exe	38
PID 2116 wrote to memory of 1252	2116	Unicorn-22633.exe	41
PID 2116 wrote to memory of 1252	2116	Unicorn-22633.exe	41
PID 2116 wrote to memory of 1252	2116	Unicorn-22633.exe	41
PID 2116 wrote to memory of 1252	2116	Unicorn-22633.exe	41
PID 2812 wrote to memory of 2736	2812	Unicorn-12222.exe	42
PID 2812 wrote to memory of 2736	2812	Unicorn-12222.exe	42
PID 2812 wrote to memory of 2736	2812	Unicorn-12222.exe	42
PID 2812 wrote to memory of 2736	2812	Unicorn-12222.exe	42
PID 1580 wrote to memory of 1196	1580	Unicorn-20495.exe	43
PID 1580 wrote to memory of 1196	1580	Unicorn-20495.exe	43
PID 1580 wrote to memory of 1196	1580	Unicorn-20495.exe	43
PID 1580 wrote to memory of 1196	1580	Unicorn-20495.exe	43
PID 2696 wrote to memory of 1964	2696	Unicorn-36172.exe	44
PID 2696 wrote to memory of 1964	2696	Unicorn-36172.exe	44
PID 2696 wrote to memory of 1964	2696	Unicorn-36172.exe	44
PID 2696 wrote to memory of 1964	2696	Unicorn-36172.exe	44
PID 2936 wrote to memory of 3020	2936	Unicorn-16965.exe	45
PID 2936 wrote to memory of 3020	2936	Unicorn-16965.exe	45
PID 2936 wrote to memory of 3020	2936	Unicorn-16965.exe	45
PID 2936 wrote to memory of 3020	2936	Unicorn-16965.exe	45

C:\Users\Admin\AppData\Local\Temp\78265fec76f8381e31a23cfda90191e0.exe
"C:\Users\Admin\AppData\Local\Temp\78265fec76f8381e31a23cfda90191e0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56203.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64537.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
        11⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24445.exe
        13⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        14⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46850.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
        16⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61614.exe
        17⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50931.exe
        10⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28129.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        12⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        14⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57257.exe
        15⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
        16⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2584.exe
        17⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        18⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
        19⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
        14⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52989.exe
        15⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        16⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27681.exe
        17⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28662.exe
        18⤵
        
        PID:1904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19203.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57817.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23303.exe
        10⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61761.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52026.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23241.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        14⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43150.exe
        15⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
        16⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        17⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe
        18⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29522.exe
        16⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        17⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42123.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13053.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36697.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        13⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
        14⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
        15⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
        16⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57442.exe
        17⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23618.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51242.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43256.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55347.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28809.exe
        11⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
        13⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        14⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39362.exe
        15⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11131.exe
        16⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
        17⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19399.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17942.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        8⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6774.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35934.exe
        10⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
        11⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
        12⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16944.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36928.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54546.exe
        15⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49834.exe
        16⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        17⤵
        
        PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        8⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3162.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        10⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32234.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        13⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51938.exe
        14⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
        15⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        16⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41479.exe
        17⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        18⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        19⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27451.exe
        16⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6855.exe
        17⤵
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 200
        18⤵
        Program crash
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64750.exe
        11⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43858.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27110.exe
        15⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
        17⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        18⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        15⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20774.exe
        16⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        17⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42149.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        8⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13567.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47475.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16552.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21028.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
        14⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
        15⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
        16⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
        17⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15787.exe
        18⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
        19⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19486.exe
        18⤵
        
        PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        7⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55181.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51092.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62524.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42727.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14613.exe
        13⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        14⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        15⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
        16⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        17⤵
        
        PID:1296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44055.exe
        8⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25145.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12996.exe
        10⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        11⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13754.exe
        12⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43194.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31993.exe
        14⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
        15⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55309.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61012.exe
        17⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
        18⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48220.exe
        17⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27412.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54735.exe
        13⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        14⤵
        
        PID:2308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
        15⤵
        Program crash
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        7⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49556.exe
        10⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53313.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24720.exe
        12⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45999.exe
        13⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        14⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        15⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24474.exe
        16⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5117.exe
        17⤵
        
        PID:2536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39732.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14755.exe
        8⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55160.exe
        9⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5700.exe
        11⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
        12⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        13⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18062.exe
        14⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        15⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41391.exe
        16⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-820.exe
        17⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        12⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17595.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20919.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-934.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17266.exe
        17⤵
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19556.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37589.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7158.exe
        9⤵
        
        PID:1188
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
        10⤵
        Program crash
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1392.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17086.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45669.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52706.exe
        11⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
        12⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65428.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        14⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50872.exe
        15⤵
        
        PID:988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57127.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44953.exe
        10⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        11⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
        12⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33420.exe
        14⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58303.exe
        15⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        16⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16991.exe
        17⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        18⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7239.exe
        16⤵
        
        PID:1700
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
        8⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53925.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44299.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
        11⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34367.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
        14⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2693.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        16⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35740.exe
        17⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26624.exe
        7⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34273.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55399.exe
        9⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        10⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48378.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        12⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        13⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21412.exe
        14⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56108.exe
        15⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18501.exe
        17⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31651.exe
        18⤵
        
        PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61055.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
        8⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
        10⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1315.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
        12⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
        13⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45916.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        15⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35875.exe
        16⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
        17⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
        18⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
        16⤵
        
        PID:1928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 376
        15⤵
        Program crash
        
        PID:2852
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 376
        14⤵
        Program crash
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36586.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
        7⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50692.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33173.exe
        10⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
        11⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22691.exe
        12⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42491.exe
        14⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
        15⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33877.exe
        17⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        8⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18700.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37740.exe
        11⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4307.exe
        12⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41095.exe
        13⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42569.exe
        14⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26010.exe
        15⤵
        
        PID:3048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64060.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18783.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
        10⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
        11⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
        12⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45148.exe
        13⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        14⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
        15⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3300.exe
        12⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5625.exe
        13⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26233.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52076.exe
        15⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
        16⤵
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32846.exe
        7⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31580.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35228.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29987.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62161.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49424.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9901.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
        16⤵
        
        PID:2836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20599.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39644.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
        8⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
        9⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17403.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46658.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18257.exe
        14⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63046.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        16⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31267.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17278.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65082.exe
        7⤵
        
        PID:2496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
        8⤵
        Program crash
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31376.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17937.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
        9⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58684.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
        11⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59530.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37639.exe
        13⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        14⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        15⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
        16⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25979.exe
        5⤵
        Executes dropped EXE
        
        PID:1088
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
        6⤵
        Program crash
        
        PID:2260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12222.exe

Filesize
184KB

MD5
3f88cb070ac303c5a4d1153149ce320b

SHA1
df8f3de2b77a0774f5d17f65da8802a42da7d1ee

SHA256
5d1d08a0e545f5f3ebdf6a160beb8dce85987974099d52b2109b5b21fd107577

SHA512
461880ee4fd49038472e70cae34a3210c793b748bea64e0cc494b01c906da60ff26425c2bb294ce91e12176fe80ae56fa9a10f3826d931dfca9bcd987989be4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe

Filesize
184KB

MD5
dc4a7f1964061b0741bd6bc82a755ebd

SHA1
9eb6af2cdefd98d7d36f873a62b36865ce0c8624

SHA256
28c1d4152222fd88b7c7872d58c17dcc98604a3e8a363635247da25bb85dcd9e

SHA512
568c7c839c4157cf998cb1400dd8f0c7159a93942bc2f63e01099f877057a3463a5c8de9e07558eaaed1bef16b8703b9d3f27e00d5c54c54e43b4404a3e11fd8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3726.exe

Filesize
184KB

MD5
46e46fa4a180971e4e8d86ca366296ba

SHA1
68e9107b69fa955ca69e97d8c6a29baab8b4225d

SHA256
ccfb0b1d546b9db9c79f6d78a2fbf1d6a2581a328c099d6cff389087acfb9f82

SHA512
355b9c433c29be5bd03ff0e0fbc77fdc3447890387c84d279af45f24f1b2d6f0ae1383afec5057c07501b710a287a90f239fc60026a505694a7bd56992f56f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6016.exe

Filesize
184KB

MD5
1d02026ded22ac4b48f84ebda49b411e

SHA1
e57d0179a70a07462bc06f83d51187b0c6559b00

SHA256
2fb18fda81c7399c66dac5c293bf0ab026adcf923d29e24ff1c5972d4fd677f0

SHA512
9c1758dd6ca05d2d2ed596d4922b0e8cbc258badaa99bc283adb67951cc7f46aa316d2aa9ed5c2fc11f3c7d62f08bd5b363054fa09d114f5d4903c861c4efa75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe

Filesize
184KB

MD5
4ccc359d181ffe132ca5bb84bacc9d51

SHA1
ad3d1e8fbf6c72e6b51cfd8a98dc34877289ce38

SHA256
8e74324b1378c8425d6ed20c454efbba2aa76b3fd1f00411496cb13b693e3fd7

SHA512
263c7812cd831ea36e91c059c037ee4bfafcbc0c374e5e6205bcef9b7fc437d26398d2476b186d4f04b4e81425eb35b8e1d157f80271a553a5a89919ab050de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6492.exe

Filesize
184KB

MD5
ea0c203b00187bc2c091e68dac3075f2

SHA1
80511cc33dbff4a36717264fc13e75cb5aabae91

SHA256
4d43ac9242ef0bd0359a0ca3f4310c9fa901068f3b5a74bfe6e502dda57a959e

SHA512
a4353179f4de73984fb808b839bd4481b62e0d87071f9ed854db30e12c229062318f51e3f61c470d4cc9134d65a2fb3e91f9df2d39cc4e7116067a5c4efbaeaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6722.exe

Filesize
184KB

MD5
1679b0263ea3108302749ee6e1b1ab21

SHA1
bd0c1a3034729823f22721a50c13f32bad4a03fa

SHA256
d028e93280883674d99cdf9210ece1e5d7f2e07a9a658967ed16b7d78cc5ba80

SHA512
f1452952d2f9f29f22abffe970c3f32c7cc05fa8cb940bad4a2f8835cfd0f1020394e008a8f3cb21fb7a436dd65eb10f3b02be76ee650d4267e933ea4e0e1e18

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe

Filesize
184KB

MD5
733b24ee8c77bac5f2e364467a37d452

SHA1
81a1c1f9c5cf85f8e989fdd556b2e996cf1bfac7

SHA256
eace2868178fd35f12d3ead3a9f3b6f865d0e9bf00cb11bf9c7acea4f0ab242b

SHA512
fb13a5955cbed1d0fb711986be55f665249c4189a9abbec27635709fda0c786886eb0506fb93fab98878d1b6527b48a823ba27c1f52daf23ea8042ba86451063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16965.exe

Filesize
184KB

MD5
8f66627f042432788e233a97c07317e5

SHA1
64b9f97eba53fd876151c890c7f3778b0907037d

SHA256
796c632453cd81dd6cd0a0003244ec780185423fe4bfa4da8b6cd7f9b27f22da

SHA512
f9dc31d33e92d0415a5412a9352e0a0be161da45838af2c32871c30e82ff106c428d2921ae49b911a19a04f2d8b4243606cb69fe6951fd2a1ac82705b1ca6442

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe

Filesize
184KB

MD5
d6f03d29d9b94f7bd3939ea6ca496c55

SHA1
900741d6ad5782fc1b6d60f1155bc69b96f469f4

SHA256
3ac82f90fd2a8a5e4fe1303432396f78a65655fbecf8a71649054a9c92c22b98

SHA512
e3933b4acaa54ebb80546cfdefa6e98331b539afc23e3756a41ab871d80350e8f6317793c5c5b7abb9ab10a3fbab400815b76b1d83c8c04e6bb2bf1ae404d1d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22633.exe

Filesize
184KB

MD5
c1d7c4f5c53f70abdf4b5b61f0fecd9a

SHA1
7e993f02143cd8e6e507abc7a75feeff6ad964a3

SHA256
f56da935a7d4fa20678debe70726c8eb67712c582ea39fcaba0760a3b717a928

SHA512
d135e360f0f1f067c069244271acc0755721aec270f9f358d0f19c748e2a6924a4e0c268ce20f8cb5f963fff84123f836466f126c3491204582a4935c9519a42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe

Filesize
184KB

MD5
a39bdd87fd4c05e9be3aaa5c2f80db6f

SHA1
6cd6a2c4e34c97a3bcaf360182c1f5bf41d8effd

SHA256
58be2fa34c308176472889fa596397c11fd0286ab5bd43c4aea97f1b11725b6c

SHA512
92a6c9ef3cb1390d9de3d381242af9f5b8d4492689c0bb74fd9eaa9bad861c912d075f32a238494fc666dbdfa92598a1fb9b55776c2e094af90cf4b016bc577d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe

Filesize
184KB

MD5
81c0280f3b74f86048e71446076511e1

SHA1
e954e1447f816bf090d4609c97b03bae3dc79140

SHA256
dcb307df0ba8942f5dc104b1f45362e6784906704304528587e46ce5876a16fc

SHA512
5e54aaabf46c6ef6011c372e6bddeb07cc7eaae47e5eb9ba2f2d054ca0432892da18cd3df7ad310eb2522f925bc97a005df290b16fa62c930eb7e876880d88d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38227.exe

Filesize
184KB

MD5
b7595fd3fbbc57800d6625c92a979813

SHA1
237ef1a320b0f88917aff81f18e6484bf9238ab3

SHA256
c706a61ec051bf32fec018e15144c1a3eb42b02ea4c75f8221c6f78409daea7f

SHA512
62ea4f4764f0e736bc16a435b1b19782cf3eecfc1b2d2bf13984e3648ee93cec3606b4317387e05db4f6c5b8f5b6852e2628b49c67fe15aff3ca5467778c9661

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49877.exe

Filesize
184KB

MD5
e0b0e0f60c590a382c8601f2427dbc84

SHA1
1f63897d61dc9acde448bfca7c1f3d1db50b2c56

SHA256
4eb9506c9ddc771f31a30dfe6c1ca9b78231aedc5e7b4782fe68bcf59436e2ca

SHA512
0f4665e2514afa6ec15718e5295bf76db659143793faf338376e7e9aac0d1eb9a2389ee0200cf854558835dcfb1e3e7d90163182125f0233f1f4b4739769a554

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe

Filesize
184KB

MD5
24e26dcf238400fbbc863df3a090280a

SHA1
bab3ea30a8952157ae94dd573151e84de18ef906

SHA256
054798f17d95d465257e85294c0334d6dae969d214c013779056cacc1e5f8b0c

SHA512
8b02cf206525fe7ecc4d815a938a47abee8cbdc52f63cfef4546f8d916b73d0b304d4c16da72b087a4aa189b76c2f6b090f9e7eda82bf7e99fdfa0bdb2dee575

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe

Filesize
184KB

MD5
892a5184b6f696370c4e0bf2f0137262

SHA1
1c73b37fe55df3d35c097123bf00733fea995d80

SHA256
dccfe0d0bad9b2456ffbf8042ec8a3dc81d22daba0b7248adad5da6af66670b3

SHA512
858df6bd2a59f5999765be2b2192043a6de00ab40a7db04cdce51b0d6d3016ee37bfa2e0462975258c2938daa370b823b37651cf6a6f10565f72bd0ddb7f2ae0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58730.exe

Filesize
184KB

MD5
717c98e800d657960834094fbfe07468

SHA1
fff535dd4d768699a8c202a6d4b8a48b8e8a5291

SHA256
91e17732d4dcefea8e51d2f0a9cc0be08fad06186a42d7f85aee0142a2bc4337

SHA512
de2bdb7234733b8f6b36dfc198fbf329d90c2141c1c2e8a5a982c2d2f4479448caf8cb6d1e1ba70c92ab601d8c9a16297578295d330c0f43a3ad90b11ba3c8e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59389.exe

Filesize
184KB

MD5
673b3a9c365bc9d27f7ccca69fca0d89

SHA1
7ae77cdcb8d0304ef535a1a4ebf4f1ac57e88b51

SHA256
88ac3d59874de51a9ea0f785b92b4681bb6bed0385f3b606ff94bb4f24fba8fe

SHA512
d61ad40237093e0ed10bafbabc6d689abd450972ed274100ec3d744c0367c1f8e924caf7501544c8d9d3889f2f327164d484d7491d2675b0edc117e3db09930a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe

Filesize
184KB

MD5
c0c567012456b61aa4a13e390fe7fa7d

SHA1
fde3d00918f5e12d74aa28cadf2b91d30ac98532

SHA256
0ac237cb6b0f2b1c2e252f280e22c55310ca242f68cf895f73bb50f7e97f1ecf

SHA512
4dd34930dad7fbc065bfb76c4a68b66001e642c58c9384f5095d177374c0fd6a23006f63d9d2715d9c512fc7d79c2745707511164a54c25a610aec2cac6cf1ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe

Filesize
184KB

MD5
77eb43514798e31ca171d223c482b1b2

SHA1
9b8a08444bf3199bb0c814cef63b47cd50269433

SHA256
f13a919e24d8c07679f2f82a70934741621d7de03bd97880d774d7fcc34a81a1

SHA512
6a956ee2a28ae4b0dcd89df47846fa4c1ed52a2acf887ec0ef920bca94786f1bb7ba8d19d0c2285b482ccdcf7f968e97cc92649624a5cf16bad4a04646c8c110

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6727.exe

Filesize
184KB

MD5
2a2dc906a4688bfb3d140fe367bb7e50

SHA1
a9a5476c03defa7891998123fd59db415e45e569

SHA256
f99780b397908fab41db25b6b173e4001e8e200286202f8e2ca4a2826dd2a7eb

SHA512
137b035a8eb63f442e37d13097b106df901fcfbfebd23fb57d05fc97ff4bb4cb24eafcfd31fa126522213f677658f09acd5230bdb5fea257842e76e6aa63c597

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8797.exe

Filesize
184KB

MD5
356a55a2f85fedafcf9b864175de64e5

SHA1
27392786d86f6f56f8264911ac0afeb28e84f8df

SHA256
2838740a305bc3140587c8103bbc4c77a0deac44f06dca1cf425102582e9b1b1

SHA512
561d2c3e3c28d6deea56a05072bb99ee5001a1c77e2501a25bc00964e57aaa7611192e8c2a2b1770f450513a51274ad469292fa0d68efdfb03c97e2ba039f871

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads