8293fa2df6773e12cce547fa610881b9c740ab8b44a0456e8fe25e4e0c2a465c

Analysis

max time kernel
125s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/03/2024, 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b565e39e36284365941268ef2d71cf4e.exe
Size

184KB
MD5

b565e39e36284365941268ef2d71cf4e
SHA1

866c94ddf79065b4f40aa6fa758eb62a8bca441b
SHA256

8293fa2df6773e12cce547fa610881b9c740ab8b44a0456e8fe25e4e0c2a465c
SHA512

f8f8a37802394c32bab69046b2b5b02a8aa2eb236acd13ebb26434998bfcc4e7fd53bcdb0846d809a54cfb125ea489cc41220cb69929c86d5e7bcd8e735cca42
SSDEEP

3072:0PmBo98H4DA85OjndTsWI8hb6ZM6iOgiWDExXMPmsNlPvpFh:0P8ox885QdoWI8s/ZmNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2200	Unicorn-63921.exe
2968	Unicorn-46298.exe
2636	Unicorn-34600.exe
2112	Unicorn-41228.exe
2896	Unicorn-16209.exe
2944	Unicorn-40159.exe
2888	Unicorn-35089.exe
268	Unicorn-833.exe
1076	Unicorn-28867.exe
2688	Unicorn-45971.exe
2752	Unicorn-19883.exe
2024	Unicorn-43304.exe
1656	Unicorn-56879.exe
2388	Unicorn-47964.exe
916	Unicorn-33574.exe
1748	Unicorn-30044.exe
1616	Unicorn-49910.exe
2812	Unicorn-4793.exe
1312	Unicorn-28674.exe
1680	Unicorn-4191.exe
1140	Unicorn-39556.exe
3020	Unicorn-14305.exe
2000	Unicorn-29573.exe
1800	Unicorn-51316.exe
596	Unicorn-11674.exe
2092	Unicorn-23927.exe
1468	Unicorn-48431.exe
1588	Unicorn-44902.exe
2348	Unicorn-46293.exe
2920	Unicorn-38679.exe
1524	Unicorn-54461.exe
1592	Unicorn-59868.exe
2724	Unicorn-51337.exe
2908	Unicorn-47808.exe
2556	Unicorn-53283.exe
2532	Unicorn-42977.exe
2572	Unicorn-3267.exe
2448	Unicorn-23133.exe
2400	Unicorn-19603.exe
2336	Unicorn-47637.exe
2036	Unicorn-53667.exe
1036	Unicorn-35747.exe
560	Unicorn-33823.exe
2500	Unicorn-45561.exe
2772	Unicorn-59204.exe
1232	Unicorn-44814.exe
1968	Unicorn-18726.exe
1508	Unicorn-18748.exe
1448	Unicorn-51996.exe
1900	Unicorn-465.exe
1284	Unicorn-3734.exe
3048	Unicorn-23600.exe
2244	Unicorn-13848.exe
1032	Unicorn-33714.exe
852	Unicorn-33714.exe
1172	Unicorn-33714.exe
2896	Unicorn-28046.exe
2028	Unicorn-57403.exe
1584	Unicorn-47097.exe
1956	Unicorn-58602.exe
644	Unicorn-64331.exe
2956	Unicorn-62193.exe
1932	Unicorn-740.exe
3040	Unicorn-25593.exe

Loads dropped DLL 64 IoCs

pid	Process
1784	b565e39e36284365941268ef2d71cf4e.exe
1784	b565e39e36284365941268ef2d71cf4e.exe
2200	Unicorn-63921.exe
2200	Unicorn-63921.exe
1784	b565e39e36284365941268ef2d71cf4e.exe
1784	b565e39e36284365941268ef2d71cf4e.exe
2968	Unicorn-46298.exe
2968	Unicorn-46298.exe
2200	Unicorn-63921.exe
2200	Unicorn-63921.exe
2636	Unicorn-34600.exe
2636	Unicorn-34600.exe
2112	Unicorn-41228.exe
2112	Unicorn-41228.exe
2968	Unicorn-46298.exe
2968	Unicorn-46298.exe
2896	Unicorn-16209.exe
2896	Unicorn-16209.exe
2944	Unicorn-40159.exe
2944	Unicorn-40159.exe
2636	Unicorn-34600.exe
2636	Unicorn-34600.exe
2888	Unicorn-35089.exe
2888	Unicorn-35089.exe
2112	Unicorn-41228.exe
2112	Unicorn-41228.exe
268	Unicorn-833.exe
268	Unicorn-833.exe
2688	Unicorn-45971.exe
2688	Unicorn-45971.exe
2944	Unicorn-40159.exe
2752	Unicorn-19883.exe
2752	Unicorn-19883.exe
2944	Unicorn-40159.exe
1076	Unicorn-28867.exe
1076	Unicorn-28867.exe
2896	Unicorn-16209.exe
2896	Unicorn-16209.exe
2024	Unicorn-43304.exe
2024	Unicorn-43304.exe
2888	Unicorn-35089.exe
2888	Unicorn-35089.exe
1656	Unicorn-56879.exe
1656	Unicorn-56879.exe
2388	Unicorn-47964.exe
2388	Unicorn-47964.exe
268	Unicorn-833.exe
268	Unicorn-833.exe
1312	Unicorn-28674.exe
1748	Unicorn-30044.exe
1312	Unicorn-28674.exe
1748	Unicorn-30044.exe
2812	Unicorn-4793.exe
2812	Unicorn-4793.exe
1076	Unicorn-28867.exe
1076	Unicorn-28867.exe
916	Unicorn-33574.exe
916	Unicorn-33574.exe
2688	Unicorn-45971.exe
1616	Unicorn-49910.exe
2688	Unicorn-45971.exe
1616	Unicorn-49910.exe
2752	Unicorn-19883.exe
2752	Unicorn-19883.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
1916	644	WerFault.exe	88
2712	1900	WerFault.exe	77
2664	564	WerFault.exe	113
2996	1620	WerFault.exe	112
2036	2784	WerFault.exe	141
1980	2404	WerFault.exe	166
1500	2908	WerFault.exe	158
2616	2796	WerFault.exe	162
1356	2528	WerFault.exe	246

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1784	b565e39e36284365941268ef2d71cf4e.exe
2200	Unicorn-63921.exe
2968	Unicorn-46298.exe
2636	Unicorn-34600.exe
2112	Unicorn-41228.exe
2896	Unicorn-16209.exe
2944	Unicorn-40159.exe
2888	Unicorn-35089.exe
268	Unicorn-833.exe
1076	Unicorn-28867.exe
2688	Unicorn-45971.exe
2752	Unicorn-19883.exe
2024	Unicorn-43304.exe
1656	Unicorn-56879.exe
2388	Unicorn-47964.exe
1616	Unicorn-49910.exe
1748	Unicorn-30044.exe
1312	Unicorn-28674.exe
916	Unicorn-33574.exe
2812	Unicorn-4793.exe
1680	Unicorn-4191.exe
1140	Unicorn-39556.exe
3020	Unicorn-14305.exe
2000	Unicorn-29573.exe
1800	Unicorn-51316.exe
596	Unicorn-11674.exe
2092	Unicorn-23927.exe
1588	Unicorn-44902.exe
1468	Unicorn-48431.exe
2920	Unicorn-38679.exe
1524	Unicorn-54461.exe
2348	Unicorn-46293.exe
1592	Unicorn-59868.exe
2908	Unicorn-47808.exe
2724	Unicorn-51337.exe
2556	Unicorn-53283.exe
2532	Unicorn-42977.exe
2448	Unicorn-23133.exe
2572	Unicorn-3267.exe
2400	Unicorn-19603.exe
2336	Unicorn-47637.exe
2036	Unicorn-53667.exe
1036	Unicorn-35747.exe
560	Unicorn-33823.exe
2500	Unicorn-45561.exe
1232	Unicorn-44814.exe
2772	Unicorn-59204.exe
1968	Unicorn-18726.exe
1508	Unicorn-18748.exe
1448	Unicorn-51996.exe
1900	Unicorn-465.exe
3048	Unicorn-23600.exe
1284	Unicorn-3734.exe
1172	Unicorn-33714.exe
1032	Unicorn-33714.exe
2244	Unicorn-13848.exe
852	Unicorn-33714.exe
2896	Unicorn-28046.exe
2028	Unicorn-57403.exe
1584	Unicorn-47097.exe
1956	Unicorn-58602.exe
644	Unicorn-64331.exe
1932	Unicorn-740.exe
2956	Unicorn-62193.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2200	1784	b565e39e36284365941268ef2d71cf4e.exe	28
PID 1784 wrote to memory of 2200	1784	b565e39e36284365941268ef2d71cf4e.exe	28
PID 1784 wrote to memory of 2200	1784	b565e39e36284365941268ef2d71cf4e.exe	28
PID 1784 wrote to memory of 2200	1784	b565e39e36284365941268ef2d71cf4e.exe	28
PID 2200 wrote to memory of 2968	2200	Unicorn-63921.exe	29
PID 2200 wrote to memory of 2968	2200	Unicorn-63921.exe	29
PID 2200 wrote to memory of 2968	2200	Unicorn-63921.exe	29
PID 2200 wrote to memory of 2968	2200	Unicorn-63921.exe	29
PID 1784 wrote to memory of 2636	1784	b565e39e36284365941268ef2d71cf4e.exe	30
PID 1784 wrote to memory of 2636	1784	b565e39e36284365941268ef2d71cf4e.exe	30
PID 1784 wrote to memory of 2636	1784	b565e39e36284365941268ef2d71cf4e.exe	30
PID 1784 wrote to memory of 2636	1784	b565e39e36284365941268ef2d71cf4e.exe	30
PID 2968 wrote to memory of 2112	2968	Unicorn-46298.exe	31
PID 2968 wrote to memory of 2112	2968	Unicorn-46298.exe	31
PID 2968 wrote to memory of 2112	2968	Unicorn-46298.exe	31
PID 2968 wrote to memory of 2112	2968	Unicorn-46298.exe	31
PID 2200 wrote to memory of 2896	2200	Unicorn-63921.exe	32
PID 2200 wrote to memory of 2896	2200	Unicorn-63921.exe	32
PID 2200 wrote to memory of 2896	2200	Unicorn-63921.exe	32
PID 2200 wrote to memory of 2896	2200	Unicorn-63921.exe	32
PID 2636 wrote to memory of 2944	2636	Unicorn-34600.exe	33
PID 2636 wrote to memory of 2944	2636	Unicorn-34600.exe	33
PID 2636 wrote to memory of 2944	2636	Unicorn-34600.exe	33
PID 2636 wrote to memory of 2944	2636	Unicorn-34600.exe	33
PID 2112 wrote to memory of 2888	2112	Unicorn-41228.exe	34
PID 2112 wrote to memory of 2888	2112	Unicorn-41228.exe	34
PID 2112 wrote to memory of 2888	2112	Unicorn-41228.exe	34
PID 2112 wrote to memory of 2888	2112	Unicorn-41228.exe	34
PID 2968 wrote to memory of 268	2968	Unicorn-46298.exe	35
PID 2968 wrote to memory of 268	2968	Unicorn-46298.exe	35
PID 2968 wrote to memory of 268	2968	Unicorn-46298.exe	35
PID 2968 wrote to memory of 268	2968	Unicorn-46298.exe	35
PID 2896 wrote to memory of 1076	2896	Unicorn-16209.exe	36
PID 2896 wrote to memory of 1076	2896	Unicorn-16209.exe	36
PID 2896 wrote to memory of 1076	2896	Unicorn-16209.exe	36
PID 2896 wrote to memory of 1076	2896	Unicorn-16209.exe	36
PID 2944 wrote to memory of 2688	2944	Unicorn-40159.exe	37
PID 2944 wrote to memory of 2688	2944	Unicorn-40159.exe	37
PID 2944 wrote to memory of 2688	2944	Unicorn-40159.exe	37
PID 2944 wrote to memory of 2688	2944	Unicorn-40159.exe	37
PID 2636 wrote to memory of 2752	2636	Unicorn-34600.exe	38
PID 2636 wrote to memory of 2752	2636	Unicorn-34600.exe	38
PID 2636 wrote to memory of 2752	2636	Unicorn-34600.exe	38
PID 2636 wrote to memory of 2752	2636	Unicorn-34600.exe	38
PID 2888 wrote to memory of 2024	2888	Unicorn-35089.exe	39
PID 2888 wrote to memory of 2024	2888	Unicorn-35089.exe	39
PID 2888 wrote to memory of 2024	2888	Unicorn-35089.exe	39
PID 2888 wrote to memory of 2024	2888	Unicorn-35089.exe	39
PID 2112 wrote to memory of 1656	2112	Unicorn-41228.exe	40
PID 2112 wrote to memory of 1656	2112	Unicorn-41228.exe	40
PID 2112 wrote to memory of 1656	2112	Unicorn-41228.exe	40
PID 2112 wrote to memory of 1656	2112	Unicorn-41228.exe	40
PID 268 wrote to memory of 2388	268	Unicorn-833.exe	41
PID 268 wrote to memory of 2388	268	Unicorn-833.exe	41
PID 268 wrote to memory of 2388	268	Unicorn-833.exe	41
PID 268 wrote to memory of 2388	268	Unicorn-833.exe	41
PID 2688 wrote to memory of 916	2688	Unicorn-45971.exe	42
PID 2688 wrote to memory of 916	2688	Unicorn-45971.exe	42
PID 2688 wrote to memory of 916	2688	Unicorn-45971.exe	42
PID 2688 wrote to memory of 916	2688	Unicorn-45971.exe	42
PID 2752 wrote to memory of 1616	2752	Unicorn-19883.exe	44
PID 2752 wrote to memory of 1616	2752	Unicorn-19883.exe	44
PID 2752 wrote to memory of 1616	2752	Unicorn-19883.exe	44
PID 2752 wrote to memory of 1616	2752	Unicorn-19883.exe	44

C:\Users\Admin\AppData\Local\Temp\b565e39e36284365941268ef2d71cf4e.exe
"C:\Users\Admin\AppData\Local\Temp\b565e39e36284365941268ef2d71cf4e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63584.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52650.exe
        10⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55217.exe
        14⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe
        16⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22300.exe
        15⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
        9⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        13⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56509.exe
        15⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
        16⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21599.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50671.exe
        15⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11335.exe
        16⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55705.exe
        17⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        18⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33701.exe
        16⤵
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39556.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53283.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
        12⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        13⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        14⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
        15⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63115.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        17⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14485.exe
        18⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
        19⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63008.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17477.exe
        9⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        10⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
        11⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35238.exe
        12⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
        13⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        14⤵
        
        PID:596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14305.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42977.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23600.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50756.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26688.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54900.exe
        12⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        13⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59555.exe
        14⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15372.exe
        15⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30770.exe
        16⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
        17⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15056.exe
        18⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16081.exe
        10⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3369.exe
        11⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        13⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24932.exe
        14⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15232.exe
        15⤵
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64345.exe
        17⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64641.exe
        18⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        19⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        18⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61200.exe
        16⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
        8⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        12⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42788.exe
        13⤵
        
        PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33714.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36667.exe
        9⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        10⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34555.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        13⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64495.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
        15⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        16⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17241.exe
        13⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
        14⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29862.exe
        15⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44688.exe
        16⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29956.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
        12⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49420.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59363.exe
        14⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        15⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19369.exe
        16⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        17⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40360.exe
        18⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21367.exe
        19⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        20⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
        14⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        15⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17698.exe
        16⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        17⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-562.exe
        18⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
        19⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45390.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63641.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
        11⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22612.exe
        12⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        13⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        15⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
        16⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28046.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59801.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        9⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18136.exe
        11⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        12⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7209.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57604.exe
        14⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38409.exe
        16⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42166.exe
        17⤵
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-647.exe
        8⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20365.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65476.exe
        11⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 244
        12⤵
        Program crash
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53968.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48102.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
        10⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42015.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47443.exe
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5746.exe
        14⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42057.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61319.exe
        12⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
        13⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51316.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        9⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
        11⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58367.exe
        13⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6125.exe
        14⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56452.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        16⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        17⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
        16⤵
        
        PID:1548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 376
        11⤵
        Program crash
        
        PID:2616
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 376
        10⤵
        Program crash
        
        PID:2036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 380
        9⤵
        Program crash
        
        PID:2996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 380
        8⤵
        Program crash
        
        PID:2712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21566.exe
        7⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        8⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14326.exe
        9⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
        11⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12632.exe
        12⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41403.exe
        13⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe
        14⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 376
        8⤵
        Program crash
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
        8⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        9⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        10⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        11⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        12⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29810.exe
        14⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        15⤵
        
        PID:728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5263.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        12⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
        13⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
        14⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
        9⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53032.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17615.exe
        12⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
        15⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50334.exe
        16⤵
        
        PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48431.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62193.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19973.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20308.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
        14⤵
        
        PID:668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44902.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
        7⤵
        Executes dropped EXE
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19044.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25178.exe
        9⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7536.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34854.exe
        12⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50479.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8922.exe
        14⤵
        
        PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28674.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
        7⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
        11⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
        12⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25207.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17226.exe
        14⤵
        
        PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26444.exe
        7⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28338.exe
        8⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39031.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32482.exe
        11⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45824.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19478.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34143.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
        15⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17994.exe
        16⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        17⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39260.exe
        18⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20494.exe
        15⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
        17⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
        14⤵
        
        PID:2460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
        8⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        9⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12964.exe
        11⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20028.exe
        13⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        14⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43415.exe
        13⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13525.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39710.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62913.exe
        16⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
        14⤵
        
        PID:1124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45878.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
        8⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13675.exe
        10⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25538.exe
        13⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38679.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18748.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
        7⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17840.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        10⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
        11⤵
        
        PID:2404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
        12⤵
        Program crash
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52515.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34672.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14884.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18004.exe
        13⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        16⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29535.exe
        17⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        18⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
        7⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64072.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21644.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59552.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2554.exe
        11⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
        12⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8408.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45736.exe
        14⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14179.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        16⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8185.exe
        15⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6822.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27163.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        12⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        13⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53001.exe
        14⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30224.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
        16⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43728.exe
        17⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33135.exe
        13⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28051.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
        10⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64215.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        13⤵
        
        PID:560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
        7⤵
        Program crash
        
        PID:1916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33626.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
        9⤵
        
        PID:2908
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 220
        10⤵
        Program crash
        
        PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59868.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        6⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
        7⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
        8⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10626.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45611.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8787.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10572.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        14⤵
        
        PID:1804

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16209.exe

Filesize
184KB

MD5
b2944f014914236471fbc204f72bfe2f

SHA1
585ad9e8a34a11d1efe22ee411406c8f4dab14be

SHA256
84d9afcc5052f7f523840177220affbdd7b09cbd0e38da8d72716ad8049d78fe

SHA512
c420be25e01dc213312ff4618f62c16461bc9805bdddca2d939fa525987b30d464f4baee1efee0dad399db691259afba4d46869e2441ecfdd59a3059ae1d3124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe

Filesize
184KB

MD5
b70d7256a66ad622a4fac5d552c6e8df

SHA1
f6c2e2cb9a64980ecdea8d43d45003feb7d9fd53

SHA256
a5dab182c826ea0db47ef20dd8848bd5f8e73fd09119a62a8051b11d6c924428

SHA512
a9a53eac95de63316ce15f11aeebb4ce322192c9a8c5c5a6736439fdc8cdc50a8a75961ebb5d7b3f76f79965998c0caf524d51aa5302c6b29e2dea96fd1a4eeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe

Filesize
184KB

MD5
df6a40b3f6de97cfac27bd9fc360cb44

SHA1
ddb50eeaa66d011a5c488e3d9b4f2296d7010342

SHA256
2f7f3a9d145edd3a6f78d0b6e6198891fc3bb56971e94874c89230fbb5ac9755

SHA512
b5539209a667cd83e050709dffab6569ed28d1455dbae79febd3eb8dfd573608600dc2d4c5a0dd278fbdcdec2cf8a9f0a6ce3c6ddd47ee2e0922a08f1605fcbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe

Filesize
184KB

MD5
46555e2fa0a9920cd4f115b601f9e4dd

SHA1
bd8a4ed4d87c07603c4dac39ae2bf1450d718c5d

SHA256
7cb55a7d6b2ec42bdd65ae98fcb1f6f834f4a1986db7cb2c7dc824ac927d9be8

SHA512
393cbbe81fb0853871532e92a74d98c919fc8693646eb4badd3da3a92892fd75b90182227c50f5b04eae0588e4b42ac30967529d379526beb1834edb9c5f6718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6312.exe

Filesize
89KB

MD5
0b78a9f21cfd7798d9879daa41c344d6

SHA1
1bd98dcd1401a11410a9657c912c1432f26f28c6

SHA256
cb34ef7ba76fa187b668e72a0ba853d1b76ae861a84818779f3d7b7eef9eddeb

SHA512
a0acabced8187dbc1290647e58979049de3efecc492a3e00828bcbf14ead4ce528f9dfeb4b537945f13a44986a0f5bb1a3768a355258857cbc5bb6ce07cd207e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6779.exe

Filesize
44KB

MD5
d89e078293a975235a916fbab434201f

SHA1
0947810e449dedb3123f1158137eb40981c4b2f0

SHA256
08430bbe077e3e78fb13f98a06571c17fa073f2c94e91a6585bb6ee995710453

SHA512
b86f5bf8b9fe1b6a32967eb1489bc37464b2703b08bc86e0e81bcde15ca89b96ae7c10d62f6f8370e75d8e07edbf415b1dbf446e65cf4393a534f9b52c3861d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe

Filesize
184KB

MD5
f4b6f822a663712a9f8475d1fd5c4c95

SHA1
9b741bd4c5d7697b0bea09efdfa486542c1f9e78

SHA256
82dc6a1be94b08ad09df7ce17b94f24b3f9f08ac2c881054f0e7f75fd56b0302

SHA512
726d65dc6e27810fbe68a024f75e5cad65235d2c6b402c5c3c5084a3329f539fe896f10f62e97e1d21e03002a89c990d67f8c44577fe48dbac86e77b9b1af205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19883.exe

Filesize
184KB

MD5
ce2130022d21ce8dd37e2a84a2f0e7eb

SHA1
b2ae57cd2ebc38a525b0c1a79377f55e9123344b

SHA256
9bf01a9f8d2feaa375cecc40b0fcc8b3fd9f7a117b59a815a3a5c6f9eb80f68e

SHA512
adf831e61ad1e3ddae0c8e73537a5df0f60b102e7fe050e2be64d5db253bb6787b66cad3bc41f5fc36e415f8c0bf84ee742330a826e9e2be72a4860eecc9c0c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28867.exe

Filesize
184KB

MD5
a16f2ce24b247e85a4560f5b8ce42c8d

SHA1
6a0c46e72b1475a15a33b97efcca1d19db5968d9

SHA256
b3b8bab5a1ccf5f8a451bbeaf114b0bd20a3c3b08f9d9f7a6a2223f5981fe197

SHA512
8086b6a89f8d19bcddc6405437ce7684205666746473d365023f3c95e0a31206923b0c2bd39f379e12dc1818c5fdb3e73f9bfaaff9603fc24fef09e3dfde93da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe

Filesize
184KB

MD5
759b29f4cf61c4e814ad9ce190205633

SHA1
7becfd5ec78e14d787b919aefa8c3a06899834a8

SHA256
b6811979b45be04d58c1a80503c6c2d05d584ea81ab2e5ce01cf206c42f19885

SHA512
385bb4d177ea354c48f0a39ccb79c6755a6e7e89effdd4002ed12295096d9910359988f184f969cd82df1d7a786a969975a9789e8ce32732982c57b571269cf8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe

Filesize
68KB

MD5
427c0f984ff5a2b2264d81a4fa369a96

SHA1
08242242d60748ff1ae58f59834c21d5cb81ed92

SHA256
1c6fb8ccc034419a59bfabbf4a515caad33cfcb4b97ad24930ac403c16b879f1

SHA512
6dfb38014b34d1bb16fc0333ef2f9565ba96ddd240798f141d8a40952dd3486ae987be8fd0bcd3071d6c44bbb62931d9bc47987c40337fdd0b214834858c2ccf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe

Filesize
184KB

MD5
f6792c51eeb3a4fcb7521fff25b8ea70

SHA1
348ffba6f2d3f851353d1e5574033b1bb846b381

SHA256
7435bcc1831a3325016b5833b429056fcd2c6563aa032a3ca9d6f3b3317ba65b

SHA512
4b3abc2e36810a0ea2c4bf1759f12896798355d33514f71002c130b52637136cd1d2613007c58b7dfc230b62087772ceb096c981bf5f20d3a0a4d05a2160cb86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe

Filesize
184KB

MD5
1fa270b8ae8ae8714a76068ef6f01216

SHA1
7bf31f82a681533c1d115ba9f5cbe516b686ecfb

SHA256
991b1ae597e12afd737b478d1dc07619a2dcf26ded7bf32ff13aa89c1fe3f2b3

SHA512
e0fce69364f3cdb09124e4324330daf213bf365e5965638382eeed5c435aa48abbb9e208a412d79db3dc80aaa35909b5ce223c9bc69701058faf4aad61255fcd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35089.exe

Filesize
184KB

MD5
c173e076bc6081ee9e373fa7ad9d4e5f

SHA1
7b40c9c9c7d51fd570d53be9d264ef73269c9574

SHA256
d94458d665ff87f8c5d86366163b6e7af4efd34e2aa4eb57228c2cb5da27a796

SHA512
62d1d89a77574a99b49b6a26440a27d85761e90dff41c6399d3e73e433023ca20fd544456bb5ff8e9f145f6d7863c36f9462df0739f42f5d8a18f10f1aabdfd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40159.exe

Filesize
184KB

MD5
7ce3aff36cab4771ec18e43b438cd748

SHA1
0de07255f9da6a09513035ebe776b2dbe62adeba

SHA256
1ed44f85ffe28a5da86cf34feb770dc50f422379c43e3c060263173a50a5423f

SHA512
1b30a4379da9d91fb82ef112af1bf080bfcc6bc28e15f65e9e9efa8c0425b83d2226af513f2bf7817624eb667b76d0b44081b3c934cc95aa12a8735e5ca79120

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41228.exe

Filesize
184KB

MD5
665d7c4af2893b792f186c099047df63

SHA1
a7556fc3ed3911e9b2130c77c491aaff6217f07c

SHA256
4dc7fef30902ccc56d17d28642971623a12f860d7fb2b3a9058dac9ca9ae9ad4

SHA512
affccf980e5c4682d9bc818b9de95ddfa9b7560cf3b9a2b0350f6f7288483936e58f874facea6b251799c9978de3b6168644737fd574300a055642190ccfe96a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe

Filesize
184KB

MD5
879548d3e831572ec38891224bec4239

SHA1
139206bb4db8e8e1112ea40bef0ec3e4f07b5fd6

SHA256
aadba1da57e1f994108e789c356ac4e70b55903c5cfa1814a04e3c576219d9c5

SHA512
584488c3e8bfd2f8fe08a12104c305ab5fd37e7d0f4e5d54541782301a046cfc81ff1c21120ff4610f7f228084b38f6610922d8a477e7ae91fdd6ea0901ac2cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe

Filesize
184KB

MD5
8d644b16f2282de0fa4597a27a7d205d

SHA1
e49a879bab12bfc2f1c22176480faef5089ff081

SHA256
e8df5f10d62b2d2754440cd0f6db5946f9e747b1b6702378e8203e7bd7c552db

SHA512
34aa2661c753407c8c6dc55a5f56c33806a339463a263c07267e8c77732db4ae403f57b9dac690ffa4077a4331a0204158fcda425a9701b50f72554d24042c84

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe

Filesize
184KB

MD5
8cffd1d33090304be0dad3802b48e73a

SHA1
6afbe629b68ae4a6800445909eb3706ff7f49172

SHA256
336937c12692c99f7ba5d0836ee3376c23268e4dca3b8e010369af996bc600d0

SHA512
cfe81ab17b267f313426b4e9ce24bc62c663710a78059916cca76cacbe370003e670e01765ecb34a0a0def2a4ef50cca52fc2322ce27f38684c095d355084468

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4793.exe

Filesize
184KB

MD5
cf78d84a7715a9c026577aab331f22e1

SHA1
76d9ed6e5eeef9d7a54fbb56b3feacde0008012b

SHA256
5bb1bd1dcd73ce6e745094803f8313df71410f0d477565ff8a37b842a6863e6d

SHA512
4b334944ead273e023261a2edb367a8e4c2971760b24a335449e530b55e55af927198d929d52c1ac539c6873a0d22bdfda79a708a66477f00ba60ea69f4a8b07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe

Filesize
184KB

MD5
997d1d55321b2d42474bbd09222b6aeb

SHA1
11c48a7ace3b69ca07388df8dd4baff1177ada02

SHA256
503c3ff59b41bb159b8a5ead32c507219fafe480f24c0bfcd08d5d4f3229ab04

SHA512
148f78752f4d4fcfbaa0b0d36f56c7baa985828ee75809ba8a37a4c243694e2f408c98a61a7fac1140e76836de62a11106a759195d5ba9063af8cded3b736297

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe

Filesize
184KB

MD5
563be7fa550b802b7eb7ed74ff9daf60

SHA1
b4dd1e6773bf31afd82a66343543f7c5599d2358

SHA256
821d6d8c185cfe69ea480e076e60ff73f079790767faf23a43748e48eebe9ae4

SHA512
35f67f1bfded349de6942e6ba3155c45af6b154e77f1e39b6f021ff62b43aa0cc46ebbabaab67c9147fc5e7e854407668018e0ebc36ed12015e44fe9b14704cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe

Filesize
184KB

MD5
75768adbedef9e1a7fb70a2d1118e133

SHA1
f3a1a23c7606fcd1a3611deff56e28c83967e2fa

SHA256
3d05dce760c93d47e8deebe186293d2529f4c56e0277962eca21e9e9c6d8a976

SHA512
eca9d5e3b251bdca438e68ef410b4ea3d47da77d5a5d7f0ed13fdaee48b9354e9a091ee27f42c50d18fbedd14dd3bfd3dc47635762aa9a918e03e2d05e2cdc63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe

Filesize
184KB

MD5
86e90547480bff5d3ef2e2dd9ad542dd

SHA1
e4744a5b9bedbc7d18276911d36a0d19c54bf023

SHA256
0b5685a0e96ee39d6ab76da0d8c029d12cdab501eb513419c9292a789f450d11

SHA512
634eddf1ff3a584cffd2977b86a3c40735b32d9403d211ce043ebda5553bdfc2880e6f74d0df19aedaeed06c141f1215c61d8eed4a5680eae81ac36ae4ac32cb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads