d00c3cee7c0180c75c9a88922dbae8e42994fb126e7d54d9bf302c6d282b719d

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 20:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
Size

184KB
MD5

b8229c9e5aa8ab2a6dabec3d8cfc7712
SHA1

cd330cc7aa909b565f714fe027a178d33a3168aa
SHA256

d00c3cee7c0180c75c9a88922dbae8e42994fb126e7d54d9bf302c6d282b719d
SHA512

f23b06110c08b4776358c0e359f7d6cd30b031aa4ede85dc670d185fa4384da0c5afecce49a2777ea5126bf4f767ac1caf4eb9d44afa0c17d0a58a33e80734ba
SSDEEP

3072:xuRUomuxcOAEAmjQMhcrc8AMEX1MvxXldkHxKDC2RylPvpFv:xuWowDEAXM6rc8j1FzylPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2984	Unicorn-1140.exe
2632	Unicorn-9391.exe
2580	Unicorn-32504.exe
2464	Unicorn-36994.exe
2420	Unicorn-31518.exe
1172	Unicorn-55551.exe
1616	Unicorn-19925.exe
636	Unicorn-9064.exe
2828	Unicorn-15237.exe
2012	Unicorn-38350.exe
1848	Unicorn-27490.exe
1988	Unicorn-17184.exe
2484	Unicorn-5486.exe
596	Unicorn-18336.exe
2288	Unicorn-33280.exe
3052	Unicorn-16198.exe
1680	Unicorn-3130.exe
2052	Unicorn-20858.exe
3068	Unicorn-4521.exe
1444	Unicorn-60821.exe
1476	Unicorn-51070.exe
2200	Unicorn-4028.exe
1088	Unicorn-8112.exe
700	Unicorn-25771.exe
2504	Unicorn-17049.exe
1612	Unicorn-46192.exe
2340	Unicorn-43499.exe
1628	Unicorn-20941.exe
2948	Unicorn-19357.exe
1512	Unicorn-14718.exe
1456	Unicorn-3042.exe
2356	Unicorn-7105.exe
2532	Unicorn-14417.exe
2452	Unicorn-1350.exe
2428	Unicorn-35606.exe
2544	Unicorn-38106.exe
2380	Unicorn-10909.exe
576	Unicorn-56410.exe
1600	Unicorn-58356.exe
2788	Unicorn-30130.exe
3028	Unicorn-7017.exe
1640	Unicorn-56794.exe
1308	Unicorn-63571.exe
2808	Unicorn-23930.exe
276	Unicorn-19846.exe
2180	Unicorn-61433.exe
1952	Unicorn-23738.exe
1520	Unicorn-38682.exe
1508	Unicorn-6031.exe
2024	Unicorn-52902.exe
652	Unicorn-31438.exe
1356	Unicorn-35845.exe
1116	Unicorn-58958.exe
1344	Unicorn-32337.exe
112	Unicorn-40313.exe
1844	Unicorn-59726.exe
2196	Unicorn-20853.exe
2740	Unicorn-6270.exe
888	Unicorn-2762.exe
2980	Unicorn-22991.exe
2568	Unicorn-50188.exe
1596	Unicorn-51278.exe
2440	Unicorn-10053.exe
2588	Unicorn-10053.exe

Loads dropped DLL 64 IoCs

pid	Process
1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
2984	Unicorn-1140.exe
2984	Unicorn-1140.exe
1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2604	WerFault.exe
2632	Unicorn-9391.exe
2632	Unicorn-9391.exe
2984	Unicorn-1140.exe
2984	Unicorn-1140.exe
2464	Unicorn-36994.exe
2464	Unicorn-36994.exe
2632	Unicorn-9391.exe
2420	Unicorn-31518.exe
2632	Unicorn-9391.exe
2420	Unicorn-31518.exe
1172	Unicorn-55551.exe
1172	Unicorn-55551.exe
1616	Unicorn-19925.exe
1616	Unicorn-19925.exe
2464	Unicorn-36994.exe
2464	Unicorn-36994.exe
636	Unicorn-9064.exe
636	Unicorn-9064.exe
2420	Unicorn-31518.exe
2420	Unicorn-31518.exe
2828	Unicorn-15237.exe
2828	Unicorn-15237.exe
1172	Unicorn-55551.exe
1172	Unicorn-55551.exe
1848	Unicorn-27490.exe
1848	Unicorn-27490.exe
1616	Unicorn-19925.exe
1616	Unicorn-19925.exe
2484	Unicorn-5486.exe
2484	Unicorn-5486.exe
2012	Unicorn-38350.exe
2012	Unicorn-38350.exe
1988	Unicorn-17184.exe
1988	Unicorn-17184.exe
636	Unicorn-9064.exe
636	Unicorn-9064.exe
2288	Unicorn-33280.exe
2288	Unicorn-33280.exe
596	Unicorn-18336.exe
596	Unicorn-18336.exe
2828	Unicorn-15237.exe
2828	Unicorn-15237.exe
3052	Unicorn-16198.exe
3052	Unicorn-16198.exe
1848	Unicorn-27490.exe
1848	Unicorn-27490.exe
1680	Unicorn-3130.exe
1680	Unicorn-3130.exe
1444	Unicorn-60821.exe
1444	Unicorn-60821.exe
1988	Unicorn-17184.exe
1988	Unicorn-17184.exe
3068	Unicorn-4521.exe

Program crash 7 IoCs

pid	pid_target	Process	procid_target
2604	2580	WerFault.exe	30
2736	2620	WerFault.exe	233
2888	2052	WerFault.exe	46
1300	1620	WerFault.exe	301
2084	2816	WerFault.exe	295
1288	840	WerFault.exe	306
2600	2912	WerFault.exe	324

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
2984	Unicorn-1140.exe
2632	Unicorn-9391.exe
2464	Unicorn-36994.exe
2420	Unicorn-31518.exe
1616	Unicorn-19925.exe
1172	Unicorn-55551.exe
636	Unicorn-9064.exe
2828	Unicorn-15237.exe
1848	Unicorn-27490.exe
2012	Unicorn-38350.exe
2484	Unicorn-5486.exe
1988	Unicorn-17184.exe
596	Unicorn-18336.exe
2288	Unicorn-33280.exe
3052	Unicorn-16198.exe
1680	Unicorn-3130.exe
2052	Unicorn-20858.exe
1444	Unicorn-60821.exe
3068	Unicorn-4521.exe
1476	Unicorn-51070.exe
2200	Unicorn-4028.exe
1088	Unicorn-8112.exe
700	Unicorn-25771.exe
2504	Unicorn-17049.exe
1612	Unicorn-46192.exe
2340	Unicorn-43499.exe
1628	Unicorn-20941.exe
1512	Unicorn-14718.exe
2948	Unicorn-19357.exe
2356	Unicorn-7105.exe
1456	Unicorn-3042.exe
2532	Unicorn-14417.exe
2428	Unicorn-35606.exe
2452	Unicorn-1350.exe
2544	Unicorn-38106.exe
1600	Unicorn-58356.exe
2380	Unicorn-10909.exe
576	Unicorn-56410.exe
3028	Unicorn-7017.exe
2808	Unicorn-23930.exe
2788	Unicorn-30130.exe
1640	Unicorn-56794.exe
276	Unicorn-19846.exe
1308	Unicorn-63571.exe
1952	Unicorn-23738.exe
1508	Unicorn-6031.exe
2180	Unicorn-61433.exe
1520	Unicorn-38682.exe
2024	Unicorn-52902.exe
652	Unicorn-31438.exe
1116	Unicorn-58958.exe
1356	Unicorn-35845.exe
1344	Unicorn-32337.exe
112	Unicorn-40313.exe
2196	Unicorn-20853.exe
1844	Unicorn-59726.exe
888	Unicorn-2762.exe
2740	Unicorn-6270.exe
2568	Unicorn-50188.exe
2696	Unicorn-43494.exe
2588	Unicorn-10053.exe
2980	Unicorn-22991.exe
1596	Unicorn-51278.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2984	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	28
PID 1936 wrote to memory of 2984	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	28
PID 1936 wrote to memory of 2984	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	28
PID 1936 wrote to memory of 2984	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	28
PID 2984 wrote to memory of 2632	2984	Unicorn-1140.exe	29
PID 2984 wrote to memory of 2632	2984	Unicorn-1140.exe	29
PID 2984 wrote to memory of 2632	2984	Unicorn-1140.exe	29
PID 2984 wrote to memory of 2632	2984	Unicorn-1140.exe	29
PID 1936 wrote to memory of 2580	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	30
PID 1936 wrote to memory of 2580	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	30
PID 1936 wrote to memory of 2580	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	30
PID 1936 wrote to memory of 2580	1936	b8229c9e5aa8ab2a6dabec3d8cfc7712.exe	30
PID 2580 wrote to memory of 2604	2580	Unicorn-32504.exe	31
PID 2580 wrote to memory of 2604	2580	Unicorn-32504.exe	31
PID 2580 wrote to memory of 2604	2580	Unicorn-32504.exe	31
PID 2580 wrote to memory of 2604	2580	Unicorn-32504.exe	31
PID 2632 wrote to memory of 2464	2632	Unicorn-9391.exe	32
PID 2632 wrote to memory of 2464	2632	Unicorn-9391.exe	32
PID 2632 wrote to memory of 2464	2632	Unicorn-9391.exe	32
PID 2632 wrote to memory of 2464	2632	Unicorn-9391.exe	32
PID 2984 wrote to memory of 2420	2984	Unicorn-1140.exe	33
PID 2984 wrote to memory of 2420	2984	Unicorn-1140.exe	33
PID 2984 wrote to memory of 2420	2984	Unicorn-1140.exe	33
PID 2984 wrote to memory of 2420	2984	Unicorn-1140.exe	33
PID 2464 wrote to memory of 1172	2464	Unicorn-36994.exe	34
PID 2464 wrote to memory of 1172	2464	Unicorn-36994.exe	34
PID 2464 wrote to memory of 1172	2464	Unicorn-36994.exe	34
PID 2464 wrote to memory of 1172	2464	Unicorn-36994.exe	34
PID 2632 wrote to memory of 1616	2632	Unicorn-9391.exe	35
PID 2632 wrote to memory of 1616	2632	Unicorn-9391.exe	35
PID 2632 wrote to memory of 1616	2632	Unicorn-9391.exe	35
PID 2632 wrote to memory of 1616	2632	Unicorn-9391.exe	35
PID 2420 wrote to memory of 636	2420	Unicorn-31518.exe	36
PID 2420 wrote to memory of 636	2420	Unicorn-31518.exe	36
PID 2420 wrote to memory of 636	2420	Unicorn-31518.exe	36
PID 2420 wrote to memory of 636	2420	Unicorn-31518.exe	36
PID 1172 wrote to memory of 2828	1172	Unicorn-55551.exe	37
PID 1172 wrote to memory of 2828	1172	Unicorn-55551.exe	37
PID 1172 wrote to memory of 2828	1172	Unicorn-55551.exe	37
PID 1172 wrote to memory of 2828	1172	Unicorn-55551.exe	37
PID 1616 wrote to memory of 1848	1616	Unicorn-19925.exe	38
PID 1616 wrote to memory of 1848	1616	Unicorn-19925.exe	38
PID 1616 wrote to memory of 1848	1616	Unicorn-19925.exe	38
PID 1616 wrote to memory of 1848	1616	Unicorn-19925.exe	38
PID 2464 wrote to memory of 2012	2464	Unicorn-36994.exe	39
PID 2464 wrote to memory of 2012	2464	Unicorn-36994.exe	39
PID 2464 wrote to memory of 2012	2464	Unicorn-36994.exe	39
PID 2464 wrote to memory of 2012	2464	Unicorn-36994.exe	39
PID 636 wrote to memory of 1988	636	Unicorn-9064.exe	40
PID 636 wrote to memory of 1988	636	Unicorn-9064.exe	40
PID 636 wrote to memory of 1988	636	Unicorn-9064.exe	40
PID 636 wrote to memory of 1988	636	Unicorn-9064.exe	40
PID 2420 wrote to memory of 2484	2420	Unicorn-31518.exe	41
PID 2420 wrote to memory of 2484	2420	Unicorn-31518.exe	41
PID 2420 wrote to memory of 2484	2420	Unicorn-31518.exe	41
PID 2420 wrote to memory of 2484	2420	Unicorn-31518.exe	41
PID 2828 wrote to memory of 596	2828	Unicorn-15237.exe	42
PID 2828 wrote to memory of 596	2828	Unicorn-15237.exe	42
PID 2828 wrote to memory of 596	2828	Unicorn-15237.exe	42
PID 2828 wrote to memory of 596	2828	Unicorn-15237.exe	42
PID 1172 wrote to memory of 2288	1172	Unicorn-55551.exe	43
PID 1172 wrote to memory of 2288	1172	Unicorn-55551.exe	43
PID 1172 wrote to memory of 2288	1172	Unicorn-55551.exe	43
PID 1172 wrote to memory of 2288	1172	Unicorn-55551.exe	43

C:\Users\Admin\AppData\Local\Temp\b8229c9e5aa8ab2a6dabec3d8cfc7712.exe
"C:\Users\Admin\AppData\Local\Temp\b8229c9e5aa8ab2a6dabec3d8cfc7712.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8112.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
        14⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35991.exe
        16⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39520.exe
        17⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        18⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        19⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17516.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14703.exe
        14⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40319.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        16⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31438.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51278.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25072.exe
        11⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38181.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
        13⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13243.exe
        14⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38106.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41408.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33863.exe
        11⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
        13⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        14⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        15⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1642.exe
        16⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        11⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
        12⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21928.exe
        13⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        11⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1292.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10909.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52238.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20713.exe
        12⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24216.exe
        13⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        14⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
        15⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20563.exe
        16⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
        17⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
        18⤵
        
        PID:2816
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
        19⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39861.exe
        17⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25130.exe
        18⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50847.exe
        9⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        11⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe
        13⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
        14⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16199.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        16⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9161.exe
        14⤵
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4028.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35845.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7594.exe
        13⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58077.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
        15⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
        16⤵
        
        PID:1088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
        15⤵
        Program crash
        
        PID:2600
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 236
        14⤵
        Program crash
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58958.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        9⤵
        Executes dropped EXE
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59794.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25918.exe
        13⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        14⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34429.exe
        15⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23459.exe
        16⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32284.exe
        10⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33946.exe
        12⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        13⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        15⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26209.exe
        16⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        17⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
        18⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19503.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        14⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40838.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18939.exe
        16⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15217.exe
        15⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1350.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
        9⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47677.exe
        11⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        13⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39886.exe
        15⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56777.exe
        14⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4521.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14718.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7017.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40313.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43494.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50375.exe
        11⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        12⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
        13⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5269.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe
        15⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
        16⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe
        17⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30231.exe
        18⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46058.exe
        11⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
        13⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
        14⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59726.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        9⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
        10⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37122.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
        13⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7262.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3404.exe
        15⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35046.exe
        9⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26058.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
        11⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        12⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
        14⤵
        
        PID:2848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7105.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        9⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
        11⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
        12⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
        14⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56603.exe
        15⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40270.exe
        16⤵
        
        PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22991.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61335.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25394.exe
        11⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20096.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43588.exe
        13⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        9⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25124.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35036.exe
        13⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50324.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
        15⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8211.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49758.exe
        11⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47532.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46292.exe
        13⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22590.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32948.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
        9⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33889.exe
        11⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        12⤵
        
        PID:2620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
        13⤵
        Program crash
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        11⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
        13⤵
        
        PID:1620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
        14⤵
        Program crash
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58356.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64210.exe
        10⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36660.exe
        11⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55513.exe
        12⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4226.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        15⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45908.exe
        16⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
        17⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63395.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
        10⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
        11⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35903.exe
        14⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
        15⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
        8⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59161.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19359.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        11⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29047.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47926.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41870.exe
        9⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22047.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55036.exe
        11⤵
        
        PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60821.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19846.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21787.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17978.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51055.exe
        12⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34994.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        16⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40153.exe
        17⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25880.exe
        18⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54599.exe
        12⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
        13⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30485.exe
        16⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37065.exe
        17⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31331.exe
        18⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
        19⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51528.exe
        20⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34048.exe
        21⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2513.exe
        11⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27506.exe
        13⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52752.exe
        14⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59353.exe
        15⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35695.exe
        16⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        17⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        11⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15227.exe
        13⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
        14⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        15⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34569.exe
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
        17⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
        18⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
        19⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61433.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
        9⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20786.exe
        10⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26873.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        12⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47252.exe
        13⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
        9⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
        10⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4257.exe
        11⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14506.exe
        12⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16770.exe
        13⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51070.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5316.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
        14⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57967.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11963.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36224.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13302.exe
        13⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22104.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        15⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24287.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62264.exe
        9⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25067.exe
        11⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9197.exe
        12⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18020.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39831.exe
        14⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52716.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        11⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
        14⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58927.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12347.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16863.exe
        10⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        12⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
        7⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
        8⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47075.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11252.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
        11⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25768.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
        13⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
        12⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
        13⤵
        
        PID:560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
        6⤵
        Program crash
        
        PID:2888
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 180
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2604

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe

Filesize
35KB

MD5
39956a7812a79562d966004d956d901b

SHA1
452d55c3fc46de1f5895a8805aa88d182b3287a0

SHA256
9af75afae02a4cc2253915f909e845b84b01ba9bd45ed55308e2bb9a30de697f

SHA512
c413db26add3e7b6b3640b137d7e8536ebb4876768284158f9f0b244fa2df2302f64b00fa946a59fc7cdb083b39e656cd946a8bfdaf40d520209fd41b642aff8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe

Filesize
184KB

MD5
0bce6a6b9e88a4b34b9f02ab161129c2

SHA1
a6bdbacb39c67209c8da33717f082610c38fad4d

SHA256
031c51259baea97980f70cc3d631950deabbf3221b5ff876c46ef2d68774ff47

SHA512
a50641f972519f300231c031097fecd9cac0db6ffc2aa42be265e0b52ea2ab1d6286342eb472fb8ee529da01c9d6639fcfeb3f034243de26771f8f8b3ad18d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1667.exe

Filesize
184KB

MD5
d9ef7724b8f668457fcf450db1dd21e9

SHA1
1881023aaec1dec96881f8f804b6d31206f72e9b

SHA256
1a07354f7aa130b6825ab8e799f30652659f5e2d8c05f9ed7cdec07501dceec5

SHA512
7f7489fbd4898ae969127714cd49f45e8818d344e69a507f5f20629ea7405ea4b871b1e4df09e13c839b9c94a0b7b642b67b5b6c171d6de5209fc1b8a560ad83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe

Filesize
184KB

MD5
256e01b0c0b24141b86e3e5d11bb3b30

SHA1
a72e33bb55a732462abb33670e5259077dd90db5

SHA256
e49df7f465753036553a64ad19481c20ecca242b7921b99c6878bbe64489587d

SHA512
6d8cefeb7b5065b304712bd3940cf4756252fd448e17ff7a71f14ca151cffc1b27c507a6a27d3bec530e1369bd6e2320e45da1d52820fdda56ad4d794f9784cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe

Filesize
184KB

MD5
0215af3cbd828228b30e19e7bd3aa617

SHA1
92d276bd03a74f36fee52eccd7813db791270775

SHA256
9a88ad823d22a91adff0b611323594f840c97740e1108fb1ed1b6d190e70e15f

SHA512
a8fd302a45619ff32c9d360a5427b91367fb2aa9e1b03390cf75aa1f814901e56cd06b7e616c3aec577f59e6679b78a1ed1767c54c47c498f3492be1b27c43bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe

Filesize
184KB

MD5
2d45e4634fa6604307444108d92c817c

SHA1
bb63f68325b5f1a568d899616c307859bfef8c31

SHA256
814656dde5021bc7657017f561de1860f0a66b1037ceec5d072f21e65a621a27

SHA512
347bf13a96ce532e5faa4382c381baacc02dea73962a11cba4c9a84b5651cfd7411fc2ad5bfb67e7012e7209de065f3489b8f9f7b09e4beeafa5e9db9b0a49f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe

Filesize
184KB

MD5
695135d00e4834577e3b0e3eb13dd875

SHA1
019129da30b4d8f1fb71a133cf86e2f7200ad72b

SHA256
739a704a55cda9fc2c023bcc4a2b696041a0f13c9f8d09e51fe98f505ffaaa5c

SHA512
176159e3660c803c823817fe7c0daa57a60a31d142a252b04cc97641564e807adc4e60b0923b31d5d7dade2f077716e946315bf613159b1dee70be5b2e66d944

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61585.exe

Filesize
184KB

MD5
4e5e8c08d99949a96ffc2409ccfcfbe9

SHA1
393f03468d5d39e8a4a64174c549e4490dab3b02

SHA256
a91d73f200031dd45001a3b05bc1286a6a0f62e8393c109a85b19630bfc270ba

SHA512
9e7fb3c8bc2895f2f0da93c6ec95007db532a6dd861b848d40a3ded0abe46d3dd924593cca7dd18ca6c47b6cbe8a3b8896920d0595e23b4718e4877fc576d4b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe

Filesize
184KB

MD5
724fbd8b2a4740f155b0b1eea596c390

SHA1
fe5ad45144d8b65502c8e3bf53201a8881eddcf7

SHA256
e238ea70347ce67a4962c842182cb357ee5db2d67ca8eac627a7ce01f1063c6c

SHA512
b5d220fda4f2536fdc8f944f0b926776bfe2a053091e8375cfd3b3af5c0fcf83eb66ada3c40a3e35ea7c5f30c2e6d486b83203f92e0ded0a3c11f1f7a852e261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6551.exe

Filesize
184KB

MD5
71db2d7e3b1f5df208edf215b3b46f3e

SHA1
ab5b645a5b88633756e185f810ae6830cc57a0db

SHA256
cb32805e341c1abf181a708ec3b48a1790ec72696977ad32d89f99d1b75dc909

SHA512
90597500816a8f091cbcd070866d00f2d3f850caf62f52aecc4b31f02664cd7b6fed4dcefa886ea0b3a2133980b03125a5d4605efc28ddfbdd630d26f548c894

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6587.exe

Filesize
184KB

MD5
bba8558a4799cd0a5e0a31941a2cc64a

SHA1
66a8cfe3b927fb422dcd1aade3404b97cdb0c018

SHA256
385b5233711b32af1432c401ec8adb2c5aa22dc664febbe58a47750de406b0c6

SHA512
45598f99f20c4011b733dbfb4f4b1e601f22ba316d9b4814363dadef2eb48dcdcac42d860431accc4eb54b9783cc633ef46020a8f252e21a3882ed143b4637f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe

Filesize
184KB

MD5
397766b9cca97920c04340d57c80aab6

SHA1
8e642cccc0893b4ece6fa9184bc02279c47a6946

SHA256
3b1daa04db476504ef2d130ebedaa14886fdcf041181b04a9f4b0addee8fa911

SHA512
21e8ab8fca7167ee4eae72ffbdc54434a664f663adc8eaabf7645a9ef28a4d0db862e8ca8049b7868c3168b85b028ad96a3f209ed997a5f9f1d7c8910e9453dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe

Filesize
184KB

MD5
7347461cd79f50f8359f6f4f8aca4dd6

SHA1
49f582318dc64ba3ddac4ef0a335420081b75aef

SHA256
58c2e6a8e7f559057b55c9ad72a4b0ceb90910c280c0f3f00b68c0e9e1dbacc9

SHA512
8ecc21ae3433482c439310746da2ecf4ca2a1cae1bf60891931b129f3c89036cee3c899698b0fa9d778b35e7652bc26193c26b7efc89f6268d582d2ab234835f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15237.exe

Filesize
184KB

MD5
2381977b59574102357c943a2d040596

SHA1
ee0de3a431fb7412cc5f4b3fef0cbe70ca79b45e

SHA256
bd73080c430246598c727c30003504cbb6ba77f066068f822a36cd3d19964039

SHA512
919ce28660cbebb70307b72cfa17b03c40dadbe3df85126e0370267212bb2801fa2b9e0cf53d8b304586a846d946e268f3c2d7f7d27a6574baa91f06d57714b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe

Filesize
184KB

MD5
0410ba848532850da1825c1e6660c751

SHA1
733c926e21e5b6cc51bf98e09aab9eac1516ec21

SHA256
fe1dc5086e6eb1fd4a8d8f7aeafd830d2581442c4f034f09f9d8737f16cb2371

SHA512
0e56a898736e22e9485dc9fdc8a0e92298cef8889d51924248f56208302ed2c0324ad11be9180a7d33d7e4c1a323a77b95dcb82a97334c54a36ba020a0506908

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe

Filesize
184KB

MD5
59d02d2366d1a4c0b0e8cc34142110ac

SHA1
1dfc68d0482e71948033bf375e0581b8adc8aa12

SHA256
500777e30bc8651a562bb96feda3c9891fbe1c31ec4fed8d8e08e36eb5810fa4

SHA512
45174634fc41f24e420e8afd75e2480445ceb4b36e38884530e72a20119fb6b9ed2efa273f1e0d278a0b481d88e6bc528ecb6ba6c58e5969ca51afc7571b15ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe

Filesize
184KB

MD5
8e1b485acbe27e1f5c0e6811a077a238

SHA1
17c74f3330c6659490db18f8a879eb92eb4f2bf6

SHA256
7503187722946bee0cdcb290de3366c1607cf468b7c1e055b51d9d4f3ddc8715

SHA512
29c189ccc5b00f43b94cfef5b77de27c9df4340c63ce3860ba9d6e3bd6bfe9faa966105cabbf367d8a5d14983faa2f28238e09ac7c0099cc2e5223fab599aafa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe

Filesize
64KB

MD5
5726602291552ecaaebf8d0b77247d55

SHA1
5e9e814e110308c11cc35bd1ba01a94be4506c93

SHA256
13287ea1848ae9493fa13870dec1c73561e8ef5caaacb11942c22593ed44539f

SHA512
ddb3059642090287f803e266a69424dd2a841d26d062ba3ca3a1a1949effc29d82de2fb77235ba4f499e85247fcfee1e570f9779325ccd02be2ba542559db581

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3130.exe

Filesize
184KB

MD5
5f8f2a83566b4e1b609f3f64cc34742c

SHA1
d9492208d0ea5dc9e89be4435b61622d53c54dcb

SHA256
ae94787e30155e75f497933454b7e3f8b366c9612e6ba0cd8a6584a2384bef07

SHA512
0c2f77d5ae327a27f205c7b4632f4abace24c854088ab5d5aa58de72cd114bd65cef0515212c628385f3184ff05adc54070f172ad2db9305b2e8db8d9e225fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31518.exe

Filesize
184KB

MD5
3a107c91c6f0a3af395462826589b229

SHA1
5acffe1dac9c3e24a588e881d273f9de8a1159f8

SHA256
43a133c99e0935f2ef0f4a52e40c730c11588d965c154b8ebd7022b91fdcaa69

SHA512
7e313690be20fde13af6b3d5a91530a3230e99d9a018a457f5c25d464d0ef263f74175423ac70fa73261e5e4f9f129fa27470d7039254857b197746468080f89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe

Filesize
184KB

MD5
ca2e2b040d0e6c31ad6fc4a045c53b1e

SHA1
cebce80e1c48c0a7041796fe714e204b7979299d

SHA256
c1f79d311a3f44fae40c4b024a07fc8b09d2338ea3ee5dc3405a2643962ee254

SHA512
a79bbf1c1d08f4f99e6c56b2ca27319c2b29c1b39dda2022caaac527f26ef0bdb084f055a40016621aec55830455e7da7ac91c251937a88421320c1476220e05

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33280.exe

Filesize
184KB

MD5
25bc7e69530f00b08430cd046de051d2

SHA1
d08f6dfa9e59220680bd40903c56a072347df862

SHA256
e259015f7ea38e430aa694cd4e443027d63e9f431f06fb45c3f877f6c92b0f3e

SHA512
c95bca7ea83cf7251c8d6a084a05e035aa27e5943bd0c9e10f6d35d3594595b6fd5328986a0671df812d763b353264d167b8ad01c5d618ae68212f833e8b552c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe

Filesize
184KB

MD5
90fc2643c6884b014c3c1f0340b46ec7

SHA1
830d2abc209346067e756bd5517a500eb0d14b89

SHA256
8ccc5515626236f562ea70ed1ed789543799875fc7a4d2280a53b024cd56aa86

SHA512
00f4e810c25de7077cfb37f291259b4cbed781a912e10773d78eb578595575fc498d6e00f823c31ef255e4e672a678505185d831f9343990ea85426eb1638868

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38350.exe

Filesize
184KB

MD5
be1effe5d7368c8f41065ffc742aab32

SHA1
f97cd54886024862832c50d425ce48d06f19774c

SHA256
414a3943858ac2632572cccf48cde50d4d10ebb63b039d8f976b58aece116674

SHA512
f7753aaa940d55f8a92f7d46ac534eccd19b88450b7863338f871630d9f22e64263eb189fe50abaebe33d3468d422988e766e443ad616fb07dceecf03d73dd60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55551.exe

Filesize
184KB

MD5
4fd032bf8cdb47cfe00f76e829e362bf

SHA1
a29375ac0aeeeca070cb01fc05a42d097183b4d8

SHA256
e70ce7ad819b9374f62994a69b853e0433d2d0e12573f604438580fd87bd8442

SHA512
d0ec57b576a189193f8693c4582fba61873f3b4406ddf67a97a7876f483d8fab96ed50a54e2fb3f4a3980a527ed24ced4b969e6a41c73aded86dc000b315594c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe

Filesize
184KB

MD5
eb5dec285d856b49ddc6190062c264cc

SHA1
f3723365eabea091032a5f3dfd0b31422cc3ce12

SHA256
20ae86e9a72a5d56c640ce5620daf27f6884b0de309db137a574c87dcafad43c

SHA512
b63af9a222be4d7a08d79b955107973b63b2fe58f18c5afeb51c2798e7693695ccc7585a0f2ab5b337e04ddc9ffe323c885b36507fb34b5bda7f2f3a4eea3f29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9391.exe

Filesize
184KB

MD5
d8a610cc33b7ba07390b43512dd7ef77

SHA1
9d082d7b1502e555978343e363ebe0c6a5e89eff

SHA256
3f98916c8a0ef7c48767b610a2daf22e542241c5dd5ff1a23a822ad728a00542

SHA512
97c3b964b4c5ca977a55d34186d1cdd20fc332c59ef43fe410a6728376ddae8d20a7b41f0f60b5af57ceec9d802c9996e3401374d748557c2a541ae554174971

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads