20fba88cfc9d8a4550240fe1e4e9f8eaf6f653e9106dcf8b8ee5d1ac1dcb16d1

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 06:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c620a4fc016d6f72ba3927300606a2c.exe
Size

184KB
MD5

7c620a4fc016d6f72ba3927300606a2c
SHA1

1cf045aa4cf1c77b38645046cb9208fc35fd6074
SHA256

20fba88cfc9d8a4550240fe1e4e9f8eaf6f653e9106dcf8b8ee5d1ac1dcb16d1
SHA512

569370cbaf8feb6530741e28e76f97a53e85fed5d8529902f87a95629e8f46c92322b68f1941211bc8c7b357d036f959ef364bf9c52e39402b284f03e6e43899
SSDEEP

3072:Dj9joz+MRlAK3OjYdTD/tCFbGDg6YsbI0hGxTHPC/7lPvpFg:DjhoDCK3TdP/tCKUDA7lPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1468	Unicorn-36479.exe
3040	Unicorn-2252.exe
2564	Unicorn-56092.exe
2716	Unicorn-29336.exe
2744	Unicorn-50503.exe
2792	Unicorn-54032.exe
2512	Unicorn-60358.exe
2952	Unicorn-24156.exe
840	Unicorn-32839.exe
320	Unicorn-24732.exe
1268	Unicorn-14852.exe
2548	Unicorn-20067.exe
2444	Unicorn-23597.exe
2568	Unicorn-20067.exe
1536	Unicorn-56461.exe
2976	Unicorn-19875.exe
1088	Unicorn-23405.exe
112	Unicorn-64048.exe
1816	Unicorn-59642.exe
1916	Unicorn-56731.exe
2452	Unicorn-33104.exe
1960	Unicorn-33104.exe
1668	Unicorn-38318.exe
1976	Unicorn-58184.exe
768	Unicorn-623.exe
1688	Unicorn-5262.exe
1696	Unicorn-25128.exe
1624	Unicorn-21790.exe
1728	Unicorn-30124.exe
3020	Unicorn-9341.exe
2928	Unicorn-17318.exe
1640	Unicorn-15309.exe
1940	Unicorn-27924.exe
3068	Unicorn-56726.exe
3004	Unicorn-11972.exe
2400	Unicorn-15501.exe
2772	Unicorn-30878.exe
2712	Unicorn-49030.exe
2640	Unicorn-2652.exe
2752	Unicorn-11334.exe
2056	Unicorn-3742.exe
2480	Unicorn-36223.exe
1232	Unicorn-36223.exe
2764	Unicorn-10301.exe
2192	Unicorn-30167.exe
940	Unicorn-42781.exe
2368	Unicorn-39077.exe
1892	Unicorn-11619.exe
2940	Unicorn-14956.exe
2844	Unicorn-27955.exe
2228	Unicorn-63197.exe
1660	Unicorn-21973.exe
2316	Unicorn-21973.exe
1652	Unicorn-35547.exe
384	Unicorn-14188.exe
1328	Unicorn-1552.exe
1020	Unicorn-21418.exe
2740	Unicorn-8459.exe
2240	Unicorn-36685.exe
2448	Unicorn-46306.exe
1748	Unicorn-13441.exe
1808	Unicorn-784.exe
2424	Unicorn-53514.exe
700	Unicorn-25672.exe

Loads dropped DLL 64 IoCs

pid	Process
2044	7c620a4fc016d6f72ba3927300606a2c.exe
2044	7c620a4fc016d6f72ba3927300606a2c.exe
1468	Unicorn-36479.exe
2044	7c620a4fc016d6f72ba3927300606a2c.exe
1468	Unicorn-36479.exe
2044	7c620a4fc016d6f72ba3927300606a2c.exe
3040	Unicorn-2252.exe
3040	Unicorn-2252.exe
1468	Unicorn-36479.exe
1468	Unicorn-36479.exe
2564	Unicorn-56092.exe
2564	Unicorn-56092.exe
2716	Unicorn-29336.exe
2716	Unicorn-29336.exe
3040	Unicorn-2252.exe
3040	Unicorn-2252.exe
2744	Unicorn-50503.exe
2744	Unicorn-50503.exe
2564	Unicorn-56092.exe
2564	Unicorn-56092.exe
2512	Unicorn-60358.exe
2512	Unicorn-60358.exe
2716	Unicorn-29336.exe
2792	Unicorn-54032.exe
2716	Unicorn-29336.exe
2792	Unicorn-54032.exe
2952	Unicorn-24156.exe
2952	Unicorn-24156.exe
840	Unicorn-32839.exe
840	Unicorn-32839.exe
2744	Unicorn-50503.exe
2744	Unicorn-50503.exe
320	Unicorn-24732.exe
320	Unicorn-24732.exe
1268	Unicorn-14852.exe
1268	Unicorn-14852.exe
2512	Unicorn-60358.exe
2512	Unicorn-60358.exe
2548	Unicorn-20067.exe
2548	Unicorn-20067.exe
2568	Unicorn-20067.exe
1536	Unicorn-56461.exe
2568	Unicorn-20067.exe
1536	Unicorn-56461.exe
840	Unicorn-32839.exe
840	Unicorn-32839.exe
2444	Unicorn-23597.exe
2444	Unicorn-23597.exe
1088	Unicorn-23405.exe
1088	Unicorn-23405.exe
2952	Unicorn-24156.exe
2976	Unicorn-19875.exe
2952	Unicorn-24156.exe
2976	Unicorn-19875.exe
320	Unicorn-24732.exe
320	Unicorn-24732.exe
112	Unicorn-64048.exe
1268	Unicorn-14852.exe
112	Unicorn-64048.exe
1268	Unicorn-14852.exe
1816	Unicorn-59642.exe
1816	Unicorn-59642.exe
1916	Unicorn-56731.exe
1916	Unicorn-56731.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
948	1920	WerFault.exe	127
1716	2056	WerFault.exe	156
2232	1888	WerFault.exe	157

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2044	7c620a4fc016d6f72ba3927300606a2c.exe
1468	Unicorn-36479.exe
3040	Unicorn-2252.exe
2564	Unicorn-56092.exe
2716	Unicorn-29336.exe
2744	Unicorn-50503.exe
2792	Unicorn-54032.exe
2512	Unicorn-60358.exe
2952	Unicorn-24156.exe
840	Unicorn-32839.exe
320	Unicorn-24732.exe
1268	Unicorn-14852.exe
2548	Unicorn-20067.exe
2444	Unicorn-23597.exe
1536	Unicorn-56461.exe
2568	Unicorn-20067.exe
2976	Unicorn-19875.exe
1088	Unicorn-23405.exe
112	Unicorn-64048.exe
1816	Unicorn-59642.exe
1916	Unicorn-56731.exe
1960	Unicorn-33104.exe
2452	Unicorn-33104.exe
1976	Unicorn-58184.exe
1668	Unicorn-38318.exe
1688	Unicorn-5262.exe
768	Unicorn-623.exe
1696	Unicorn-25128.exe
1624	Unicorn-21790.exe
3020	Unicorn-9341.exe
1728	Unicorn-30124.exe
1640	Unicorn-15309.exe
2928	Unicorn-17318.exe
1940	Unicorn-27924.exe
3068	Unicorn-56726.exe
2400	Unicorn-15501.exe
3004	Unicorn-11972.exe
2772	Unicorn-30878.exe
2712	Unicorn-49030.exe
2640	Unicorn-2652.exe
2752	Unicorn-11334.exe
2056	Unicorn-3742.exe
2480	Unicorn-36223.exe
1232	Unicorn-36223.exe
2192	Unicorn-30167.exe
2764	Unicorn-10301.exe
940	Unicorn-42781.exe
2368	Unicorn-39077.exe
1892	Unicorn-11619.exe
2940	Unicorn-14956.exe
2844	Unicorn-27955.exe
1660	Unicorn-21973.exe
2228	Unicorn-63197.exe
2316	Unicorn-21973.exe
1652	Unicorn-35547.exe
1328	Unicorn-1552.exe
384	Unicorn-14188.exe
1020	Unicorn-21418.exe
2740	Unicorn-8459.exe
2240	Unicorn-36685.exe
2448	Unicorn-46306.exe
1808	Unicorn-784.exe
1748	Unicorn-13441.exe
2424	Unicorn-53514.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1468	2044	7c620a4fc016d6f72ba3927300606a2c.exe	28
PID 2044 wrote to memory of 1468	2044	7c620a4fc016d6f72ba3927300606a2c.exe	28
PID 2044 wrote to memory of 1468	2044	7c620a4fc016d6f72ba3927300606a2c.exe	28
PID 2044 wrote to memory of 1468	2044	7c620a4fc016d6f72ba3927300606a2c.exe	28
PID 1468 wrote to memory of 3040	1468	Unicorn-36479.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-36479.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-36479.exe	29
PID 1468 wrote to memory of 3040	1468	Unicorn-36479.exe	29
PID 2044 wrote to memory of 2564	2044	7c620a4fc016d6f72ba3927300606a2c.exe	30
PID 2044 wrote to memory of 2564	2044	7c620a4fc016d6f72ba3927300606a2c.exe	30
PID 2044 wrote to memory of 2564	2044	7c620a4fc016d6f72ba3927300606a2c.exe	30
PID 2044 wrote to memory of 2564	2044	7c620a4fc016d6f72ba3927300606a2c.exe	30
PID 3040 wrote to memory of 2716	3040	Unicorn-2252.exe	31
PID 3040 wrote to memory of 2716	3040	Unicorn-2252.exe	31
PID 3040 wrote to memory of 2716	3040	Unicorn-2252.exe	31
PID 3040 wrote to memory of 2716	3040	Unicorn-2252.exe	31
PID 1468 wrote to memory of 2744	1468	Unicorn-36479.exe	32
PID 1468 wrote to memory of 2744	1468	Unicorn-36479.exe	32
PID 1468 wrote to memory of 2744	1468	Unicorn-36479.exe	32
PID 1468 wrote to memory of 2744	1468	Unicorn-36479.exe	32
PID 2564 wrote to memory of 2792	2564	Unicorn-56092.exe	33
PID 2564 wrote to memory of 2792	2564	Unicorn-56092.exe	33
PID 2564 wrote to memory of 2792	2564	Unicorn-56092.exe	33
PID 2564 wrote to memory of 2792	2564	Unicorn-56092.exe	33
PID 2716 wrote to memory of 2512	2716	Unicorn-29336.exe	34
PID 2716 wrote to memory of 2512	2716	Unicorn-29336.exe	34
PID 2716 wrote to memory of 2512	2716	Unicorn-29336.exe	34
PID 2716 wrote to memory of 2512	2716	Unicorn-29336.exe	34
PID 3040 wrote to memory of 2952	3040	Unicorn-2252.exe	35
PID 3040 wrote to memory of 2952	3040	Unicorn-2252.exe	35
PID 3040 wrote to memory of 2952	3040	Unicorn-2252.exe	35
PID 3040 wrote to memory of 2952	3040	Unicorn-2252.exe	35
PID 2744 wrote to memory of 840	2744	Unicorn-50503.exe	37
PID 2744 wrote to memory of 840	2744	Unicorn-50503.exe	37
PID 2744 wrote to memory of 840	2744	Unicorn-50503.exe	37
PID 2744 wrote to memory of 840	2744	Unicorn-50503.exe	37
PID 2564 wrote to memory of 320	2564	Unicorn-56092.exe	36
PID 2564 wrote to memory of 320	2564	Unicorn-56092.exe	36
PID 2564 wrote to memory of 320	2564	Unicorn-56092.exe	36
PID 2564 wrote to memory of 320	2564	Unicorn-56092.exe	36
PID 2512 wrote to memory of 1268	2512	Unicorn-60358.exe	38
PID 2512 wrote to memory of 1268	2512	Unicorn-60358.exe	38
PID 2512 wrote to memory of 1268	2512	Unicorn-60358.exe	38
PID 2512 wrote to memory of 1268	2512	Unicorn-60358.exe	38
PID 2716 wrote to memory of 2548	2716	Unicorn-29336.exe	40
PID 2716 wrote to memory of 2548	2716	Unicorn-29336.exe	40
PID 2716 wrote to memory of 2548	2716	Unicorn-29336.exe	40
PID 2716 wrote to memory of 2548	2716	Unicorn-29336.exe	40
PID 2792 wrote to memory of 2568	2792	Unicorn-54032.exe	39
PID 2792 wrote to memory of 2568	2792	Unicorn-54032.exe	39
PID 2792 wrote to memory of 2568	2792	Unicorn-54032.exe	39
PID 2792 wrote to memory of 2568	2792	Unicorn-54032.exe	39
PID 2952 wrote to memory of 2444	2952	Unicorn-24156.exe	41
PID 2952 wrote to memory of 2444	2952	Unicorn-24156.exe	41
PID 2952 wrote to memory of 2444	2952	Unicorn-24156.exe	41
PID 2952 wrote to memory of 2444	2952	Unicorn-24156.exe	41
PID 840 wrote to memory of 1536	840	Unicorn-32839.exe	42
PID 840 wrote to memory of 1536	840	Unicorn-32839.exe	42
PID 840 wrote to memory of 1536	840	Unicorn-32839.exe	42
PID 840 wrote to memory of 1536	840	Unicorn-32839.exe	42
PID 2744 wrote to memory of 2976	2744	Unicorn-50503.exe	44
PID 2744 wrote to memory of 2976	2744	Unicorn-50503.exe	44
PID 2744 wrote to memory of 2976	2744	Unicorn-50503.exe	44
PID 2744 wrote to memory of 2976	2744	Unicorn-50503.exe	44

C:\Users\Admin\AppData\Local\Temp\7c620a4fc016d6f72ba3927300606a2c.exe
"C:\Users\Admin\AppData\Local\Temp\7c620a4fc016d6f72ba3927300606a2c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64048.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39077.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64669.exe
        12⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19621.exe
        13⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        14⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        15⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        16⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        13⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15906.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41125.exe
        11⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51340.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
        11⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34613.exe
        12⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        13⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        12⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        13⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        14⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11619.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60307.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        11⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        12⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-992.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4473.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
        8⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56522.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        11⤵
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17318.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14956.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        10⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47181.exe
        11⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        12⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20498.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        11⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12382.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46602.exe
        9⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45848.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40541.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55541.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        11⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15309.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7743.exe
        9⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        10⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        11⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        12⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        13⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
        12⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
        9⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52646.exe
        11⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15527.exe
        8⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        11⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        12⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25121.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7347.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
        12⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17830.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2132.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24996.exe
        10⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
        11⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20937.exe
        10⤵
        
        PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32632.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        10⤵
        
        PID:2056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 220
        11⤵
        Program crash
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24935.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37287.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
        11⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2106.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
        13⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51227.exe
        12⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1552.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64344.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
        10⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29224.exe
        12⤵
        
        PID:1508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2652.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        8⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48852.exe
        9⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        10⤵
        
        PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9352.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30705.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        11⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20234.exe
        12⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46664.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65193.exe
        8⤵
        
        PID:1888
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
        9⤵
        Program crash
        
        PID:2232
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15501.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21418.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45796.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        12⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63040.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        12⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8459.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
        8⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14389.exe
        10⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        11⤵
        
        PID:1228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21034.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13275.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24348.exe
        9⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2952.exe
        11⤵
        
        PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38318.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11334.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53741.exe
        7⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17931.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32324.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        11⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        6⤵
        Executes dropped EXE
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34817.exe
        7⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        9⤵
        
        PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25128.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30167.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        7⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
        9⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4515.exe
        11⤵
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        6⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20759.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
        8⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31468.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27592.exe
        10⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
        11⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        9⤵
        
        PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56010.exe
        6⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        7⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42168.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63948.exe
        9⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        10⤵
        
        PID:2040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        6⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52614.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54348.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37143.exe
        10⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11723.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
        8⤵
        
        PID:2324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46306.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1376.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60383.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23346.exe
        11⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        12⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
        7⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32687.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63642.exe
        9⤵
        
        PID:2956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
        7⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50393.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47757.exe
        9⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
        10⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
        10⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11972.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22814.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45417.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
        10⤵
        
        PID:1656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4505.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45263.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60232.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7923.exe
        10⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        11⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        6⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        7⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        8⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
        9⤵
        
        PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10301.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        6⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53175.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43985.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe
        11⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40005.exe
        6⤵
        
        PID:1920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
        7⤵
        Program crash
        
        PID:948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21790.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12154.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3073.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26512.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20306.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
        10⤵
        
        PID:3416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36144.exe
        5⤵
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43011.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37415.exe
        7⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
        8⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
        9⤵
        
        PID:3492

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe

Filesize
77KB

MD5
120f5d0011d26e9e6c942dfbd349c562

SHA1
34a87f170135389a03f4d50e669d7dc7bb56f5dd

SHA256
11237fb0c7cf1b5f3fa6b62e7e567cff9372c6cf99a329d3a0908cc3bbeb1674

SHA512
964cff3bbd871f39fa109f151d36435478b19d9b05e0cb3b3fb43d8dca1d466d218dbefcb9ccae5498269e511dcb524a69d2fd318075ccb300007d196bf3e52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe

Filesize
141KB

MD5
7bd15e97de550f8942d3221058c8a6b9

SHA1
7922b112722e6b4bee35c8ca23a3bbc99a4d2a9d

SHA256
4270e6d96b707051ed6853d734df52b39a89cecb4cfe0158062a4bdcbbfd66b8

SHA512
c596028890b64bcfd67559092b6c2f5bec87ef7f91f6425fb19a60ced19bcdd6ec47f3c665998022dfb9f27bb94c8180e02d11537d75da35773ab8ac218b8b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe

Filesize
46KB

MD5
055d142edff3c46c7cb2ef8a7028f7b8

SHA1
c4bb1bc1686ddb0e3c0a5a4324b700b1f47ddef8

SHA256
69749b1c1ffdf40deb3f8aed561901fabc80a1c754aae1faa9faa8d235bf7988

SHA512
e10a01755b1464628fb9a6d0422d86db9ebe5ff48c9e5146a2d93dac698bd8eda7fd0529a633c5f2636632162286fca1af1f1e9a065d963747ea17bacb04d6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe

Filesize
161KB

MD5
03d669ce8a99e422d29251c108501eed

SHA1
58f7837fde14b575e9c89b4c5b9644562afe947c

SHA256
6b482867b1ea9667405f6968ded0a2b31ca955c525cae17dc3cf23139e1c7763

SHA512
90cd061768dfaf2488a623e3452676a77e6e4c7627c4338fa8f6046b0adc911ce790bc742f000a09cb411c8c9e777b701d560b78a37cd7ff44dc41bc4b428c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe

Filesize
168KB

MD5
366cdb8a097183c6bafdd578a80102ef

SHA1
4491baf5b52105671a722c38b496aa031b3de274

SHA256
1adb068f268b08ee9aef4d6cefedc1c0b11ac6b55d7fb362b989f7e442cdeeb5

SHA512
7b92c82fce286d0a4b3c958d24a59cae8c98e805542976714b61b0efbfd00a3eabe3b56283711c819d5632372dd6e166b6ba24d6e192ca71b518ccfb88c08cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24156.exe

Filesize
184KB

MD5
7b6a931ba0c491aee91bcf2fe2730f25

SHA1
25e4362e675722ea76e70f9c6a24a6ec05255c4b

SHA256
b2d2d8157bcd0ac95441e6db39f99734f3acc7112b35e398ad8eed30c7987325

SHA512
2e8372e0f268fade36320ae8dd03dacee1dbb218d65b53b34211ee43486c73d77ff6ff32402ba78fab02a73d74b35673c63433b43082628cf5ba31db05a12ab8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe

Filesize
184KB

MD5
8907628649ba47cdf2c3ae8f073a3e02

SHA1
223094fbf943af86e58692da34063e3200e0ca07

SHA256
5765e80b4ed60e18162c14b7934052aef4cee8e8906638ddb2d23badb58ef9fa

SHA512
e874ea764fa2bbaf90c327f4af1d80c89b29afca2b73992be803e54f22a4c64bad0f68178c700095f2ce0c45d9e981151e38f7e3771ab0f35e8fea174d7926e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24732.exe

Filesize
70KB

MD5
4c4181b5d40a8036b815b2b43e57d5b4

SHA1
2326857c593c5e6aa304aba0163349dd82fba00d

SHA256
618a4c6ce3b86a73354976cd5901378415caefc585e0d7d8026596540ea45441

SHA512
b3a891b62eb13641eb25f505a08c589c584d558dce1c6595ba36d7db31f3fa456235b235a3419b1e72b46a949f53e2bad2a3a0544e912feef361beb8657667b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe

Filesize
184KB

MD5
ac06a419baf1cfc2ffa01881548ca63b

SHA1
859768db3f5c26ae7bc21716b4a393b16d53dd59

SHA256
ac6eb2d5c583f32c2b82519c5c517f3e7bfee5b30dff90a50a56f8d9eb032e86

SHA512
f4e4e664cc2828e62649233fdf79be578e6b213d847a142191c0171df558207a4d01221563350c3910dd0a4ee81ed2050f35a724d52a5522e64a20a780246ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36479.exe

Filesize
184KB

MD5
b34fa0828ba3f013ba9fe291aff2de3b

SHA1
a257763a75a26daa1dedcb7fa7c9adec72dd092c

SHA256
7b09f72236bf77b3229de034289ec48401621ab71e615304d11142172910c349

SHA512
d15b2d295e1eec80884d3d4a2301c58d9695e9f7b619bb9a0d5a501e2399be06e84a68de1106a45a2687a6fa7c3e97b0f11c0321ff766c5d90368c988659bd75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe

Filesize
184KB

MD5
e1400f4efbd321aaee9f157c3e4a6392

SHA1
1804fe9c3a38f85553eba2b663f0c20410578cb2

SHA256
c1690c5ab4dc518edd988ebb89058404d197eed329b2b57a4248e5c0f6832f1a

SHA512
b0ca5deb7d3033d9e0a6b86e65740071e0eeb3c5a3b26546669a231706bc495697b04038bd6a39cf13058d96bc9af28762decc58f66c703bcff2d84a9fce4509

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45887.exe

Filesize
184KB

MD5
23fd5080c9055e35ebc9cd0067853e60

SHA1
44f84dd3ff3b05af68586bca982e1fb816dd0f56

SHA256
1ed1743e78015218d64272b2ff7896f2a626ad2dab6fe905e215508cddd03460

SHA512
d80c758e6dcbbf7881258518c57d93fb5504fe8cfeaa7164c12a9f3ab76d62720e70fadf266a3d96243a6371b408f49304d5d710bab45605870ed0fb6a6108a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe

Filesize
184KB

MD5
f11fddb01d01e983a26b06d421dae443

SHA1
506228abb0fba8807677a719014aeece2fb0ad2a

SHA256
7e7a928eeea5d6fbc069476d99c95113c71c617f2ab6f66ff33997250cd48a89

SHA512
12441876eb8ab0e8d4547d0b88f4e7e64b9afb66b22d75307ec3af23054588eda9c35ed78b90010772d357c25e43ca64f970c4caf01b572640bdeb59e1685341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe

Filesize
184KB

MD5
22161cdd7e3a86375f7920f5aad98110

SHA1
9d01df4af8e34a1ffee7b9e96ebe3dc762c96bd0

SHA256
a0f3d1bce18da1a7737ad23692886ba35cb13f281c3aec82ec966b53c70593dc

SHA512
846bcc3fa602e38367e26329e2e6f06ad6369762841378ff647e998de4e7909497850c2ecf0f428d1d137636c2fa5e744341d7b91a654738f6cfb073602cef76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe

Filesize
184KB

MD5
e476251d3e7468865496bdddaa38095d

SHA1
31a9bd9eb3478d4f2c9edd62a57ff0715e508d44

SHA256
47227d663bb8648b9c95e0225aa7cebced1884ec5c1d9a337c86c318c195d8b7

SHA512
880e6d0d8c3da3d90e620a71762e5ad2ce884cfbd66ad3e751c28ab031ba42012d9107b40a56e96370b08948faa914190dd5b70f337df212e7af918f19d9d10c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6798.exe

Filesize
184KB

MD5
90f2e265a0c64cf95df7a9be4e7255bf

SHA1
fbe3c4df83a76e6193ec2f821de0e9222ef93e5d

SHA256
e08ba7b2427b752d160419b30ad3c11d8ef93496879afb94974cd37a65b5efa7

SHA512
018fd295b43e91c875b73b75c39b02eb86079900450518f8eaf83181d3b04a94793bc03cdb81b4a3b28d211e1972437a869e3b0f949ae697ab79f1a0dac610f6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe

Filesize
184KB

MD5
60b878d02b6cd32fef64f9c94f50289e

SHA1
5ae9c401fd21f5bfe10d350a5876a645ff4f69a9

SHA256
9f7f4cbc8467483a747d4940959db2af59e6e2b6874f6538a9c84fe27f819a78

SHA512
febfe1f8f26b84e0a70d1dc896eadcc1471c5980345ec3176f5b4e15965a8c14271ce3ae056de148a3b6687567c6d2fcc51f23a989578126aca7043e398fdb99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe

Filesize
111KB

MD5
d535d94eb91e59a1f7b00e33009f344e

SHA1
a02e03875f853dfe3c62b8172791c1afdee630d8

SHA256
107330a6872471155b756a0280a87034278e2f735d4d9ea42230751c8295b7a0

SHA512
2637b91fe83281094471dd9d565baf0bc071007e548c252e353109080142cd9860278e3b367b5fe28157ed86e3fffec86ec866c10cfe48e699144bd486640c04

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe

Filesize
52KB

MD5
21c18882179ade7300244a9af4f14af6

SHA1
f9e27656010e90f4d613170a4bdb025745d96882

SHA256
64dc2665ff60f00c8e0804b20e9ffb2e96390aa14452f4014165afb27635dde0

SHA512
36268e029801dc504717347c4058102c1f5e5cb0ec14ad05bac0bb3da8cbf456e92615625ec3ca270c2ac70314bd4149dc159fb6ad58306a0ad9144011117152

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20067.exe

Filesize
184KB

MD5
703ee930bbea5e874df4ea6424901a87

SHA1
07281613059cbfa1907e419e373e2bcd2fad9033

SHA256
0100aac06220c3364391112c8d6e8a240ece11c20962d93e5b2834330e4460bc

SHA512
8cb92d992512e86d4dfbef002723991a84035f0e473361dbcbcc8ed4d4b274d2aee5d27bcfc96e2960dac9be1c80ef72b488dac5c16bd76f052e8bdc9cb335e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe

Filesize
184KB

MD5
3d0cc6fc15e0b079962908da8f533717

SHA1
5168ba7961ae1dbaddfdf02e3895c70d34f0414f

SHA256
e241cdec08382dec7253a857c6d5c5e6025f59e67f4ea75f36c2da0dd9c5bf5e

SHA512
d3d976539457565c8913bd3f0f634ff91d0a7b08670ce7c8e529898a64c23ba55e9a98ed6f4bf8059e7bd682b2a49074758bff2fbe1b4388855bde7d04ed3898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe

Filesize
84KB

MD5
77077e193fceba4e0cf8e01fc9408298

SHA1
dda3435b24a1dbfc162f953e4bcac62cb8378fe6

SHA256
0a665e214acf8a208ae7a2fe8ec3307e5e4b677948579318a9342a7bb058d9ef

SHA512
40cf8afdd37c5cd41ec48410639dd95090bf30bb1b2701e0543d97c7b1363953ce4fab68b03101acd9ca772044c09950dd06619e2ad2a00f32f0324177961f55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe

Filesize
71KB

MD5
14dfbd4204cd4e8a84bd1fd58c683a6f

SHA1
01e126a35627838e06ea5e4b1a53c4799aa7006f

SHA256
c44ae97de6d820e51fb2be2d9f9a7ab3afdcd84d4153e06e511b35ff6a0a408f

SHA512
58aee69ff8f698f4c796b94cc1d596a2a1224c9c844714ac1c7c4feb1806fbd4fde9158185746255623285655670c68adc0a817f6fda0c3b4a2cfc687375bad6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe

Filesize
181KB

MD5
8b8b6bbf4acc2dcf8fcb47164849f6a9

SHA1
fe8c134b2fe6bf2ced24042c0b38368603e74dcf

SHA256
ee51890de0efd9da221045f792333a616e68cae349c95b65927e98cfafd4a397

SHA512
94c92f062deb02e96bc19a2db4e10daa8285d3df42458ef7ef79ace98451478c9fed3f5ba25d27815a24f0085591319538e54b34e928786c6c40c2aa5cb72882

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe

Filesize
75KB

MD5
9088f4d29ed379995ce2c64d993f64ad

SHA1
41a7b75af23ec5e7800b6c29c3de75dfee912257

SHA256
9cbf7397b9a6dd24ce66e19c466b73816b5fe2ed70b8b5e83c1ce46bf843870e

SHA512
6d05841b2ae1ce09c14747e254811a6f1d5e1d60529f867d1fd87a9981e37baaea6889b962ee9c7b2b02d34c2b4af027b5d09a7d91c20a3e0d8da69c85a44fd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29336.exe

Filesize
184KB

MD5
b694c7f8f9d767a407eaf52511a6f8c6

SHA1
c8dc0337a45c479cd9aabe01b0fd8a40e85858b6

SHA256
e9d328e57ab45f566c17bf7309786a4d00db27903c9bcea66662008e1c6a3289

SHA512
79e25442e337136b55b0df9e64f18a3a146e6f7007169045872c920ecc982e0f5634f41d4ecf53411bcc382c033d2642cc7af4bfb7183d694aa55b3f0e3e44ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe

Filesize
184KB

MD5
ccab7acd17151fabd9f59dded9336890

SHA1
0e521375c15e2565d641cbed72cf834e6281845a

SHA256
02cf1b849d72b628c874560d5d666409f7e907d64055066b896e3d89aef135c0

SHA512
c1ab89e6935494a46352005623afc6dee442addb6423b2402d74c6ecf80f7b324b93b8af9fdb0fedfd49c701cbb36b844aee8c7c0e748e8486b32c26bc0ff48c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe

Filesize
176KB

MD5
244859f9adafb2c97aa0bab7ea9b210c

SHA1
5ab5992509ed774c4a6ae033572e5a531681fc34

SHA256
ef46be528f0b191eb0123203af6d2a3ec4d4e7e9596cd7abe236b608602df47e

SHA512
328fb0ae5bb414029ec040a64d61a585f89979b080c1536e44f0be98a1e5aed5e31f6e6b31a3a3ffe703d6402cb2207fde009c60875c3331b72d8d72062240e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60358.exe

Filesize
184KB

MD5
527a15c70a1052b478b600b9e7b4830e

SHA1
3c831746574925db3c4ef4bd59ae519bf505e985

SHA256
0649dd48d578e60d1821048f3c2d35e7ba221b75c188e283bcfc8411cbb2cb20

SHA512
9990f391ce8f3c2865046e0de40d5f0563547a12d289bafb689f0b7a37beedd3cf8eff258db5f3b7245590d214b6c6b5d1736a38be1c754008daca57b29473d5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads