03c216740b95c77f75bc53e6c9052debc7f8d6b7d1df16f0b60ec776ee40df89

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bbb99a669834375f8f334ce3d8efa5ac.exe
Size

184KB
MD5

bbb99a669834375f8f334ce3d8efa5ac
SHA1

b629ceb6baad5f10544c963ed72180d0c3f06cb7
SHA256

03c216740b95c77f75bc53e6c9052debc7f8d6b7d1df16f0b60ec776ee40df89
SHA512

c9f5c92a0d88c1d78a4f2b86b67ab3476b7b0e466d9ab4403dec1eed876ae692fe851b54be5b0c3729d3a0963cc0899e7fe9abd09241294cf349bbbd55c928e8
SSDEEP

3072:qv4oomLyonwQolHZo3TKnJcLGzXM8Mf460xv+EDuNlvvpFO:qvjoWwQo/oDKnJliW6NlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2312	Unicorn-40632.exe
2548	Unicorn-23549.exe
2808	Unicorn-7767.exe
2576	Unicorn-14669.exe
2564	Unicorn-39344.exe
2412	Unicorn-63294.exe
2892	Unicorn-62547.exe
464	Unicorn-10009.exe
1496	Unicorn-25791.exe
2732	Unicorn-1841.exe
2760	Unicorn-21707.exe
1936	Unicorn-9620.exe
796	Unicorn-34871.exe
2388	Unicorn-26917.exe
916	Unicorn-23025.exe
1512	Unicorn-59973.exe
2096	Unicorn-51784.exe
2296	Unicorn-10943.exe
1248	Unicorn-14280.exe
2264	Unicorn-741.exe
1364	Unicorn-18592.exe
1780	Unicorn-13953.exe
1352	Unicorn-46818.exe
1956	Unicorn-39396.exe
596	Unicorn-17846.exe
2988	Unicorn-55349.exe
1628	Unicorn-47550.exe
564	Unicorn-55718.exe
2220	Unicorn-52895.exe
816	Unicorn-7264.exe
3036	Unicorn-25651.exe
2120	Unicorn-46071.exe
2700	Unicorn-21545.exe
2108	Unicorn-4654.exe
2624	Unicorn-42349.exe
2792	Unicorn-62215.exe
2748	Unicorn-48271.exe
2396	Unicorn-27488.exe
2608	Unicorn-52163.exe
2208	Unicorn-14851.exe
2452	Unicorn-27104.exe
2380	Unicorn-24726.exe
268	Unicorn-28256.exe
344	Unicorn-19512.exe
928	Unicorn-65183.exe
2688	Unicorn-57015.exe
1952	Unicorn-16580.exe
1648	Unicorn-58297.exe
2652	Unicorn-60004.exe
1708	Unicorn-13948.exe
2104	Unicorn-60580.exe
2288	Unicorn-2848.exe
1696	Unicorn-43860.exe
2260	Unicorn-4649.exe
1124	Unicorn-53850.exe
1040	Unicorn-62786.exe
1768	Unicorn-34368.exe
1620	Unicorn-60155.exe
536	Unicorn-19699.exe
2480	Unicorn-28059.exe
2612	Unicorn-29019.exe
2516	Unicorn-16959.exe
2740	Unicorn-37379.exe
2432	Unicorn-57415.exe

Loads dropped DLL 64 IoCs

pid	Process
1736	bbb99a669834375f8f334ce3d8efa5ac.exe
1736	bbb99a669834375f8f334ce3d8efa5ac.exe
2312	Unicorn-40632.exe
2312	Unicorn-40632.exe
1736	bbb99a669834375f8f334ce3d8efa5ac.exe
1736	bbb99a669834375f8f334ce3d8efa5ac.exe
2548	Unicorn-23549.exe
2548	Unicorn-23549.exe
2312	Unicorn-40632.exe
2312	Unicorn-40632.exe
2808	Unicorn-7767.exe
2808	Unicorn-7767.exe
2576	Unicorn-14669.exe
2576	Unicorn-14669.exe
2548	Unicorn-23549.exe
2548	Unicorn-23549.exe
2564	Unicorn-39344.exe
2564	Unicorn-39344.exe
2808	Unicorn-7767.exe
2808	Unicorn-7767.exe
2412	Unicorn-63294.exe
2412	Unicorn-63294.exe
2892	Unicorn-62547.exe
2892	Unicorn-62547.exe
2576	Unicorn-14669.exe
2576	Unicorn-14669.exe
464	Unicorn-10009.exe
464	Unicorn-10009.exe
2732	Unicorn-1841.exe
2732	Unicorn-1841.exe
1496	Unicorn-25791.exe
1496	Unicorn-25791.exe
2564	Unicorn-39344.exe
2564	Unicorn-39344.exe
2412	Unicorn-63294.exe
2412	Unicorn-63294.exe
2760	Unicorn-21707.exe
2760	Unicorn-21707.exe
1936	Unicorn-9620.exe
1936	Unicorn-9620.exe
2892	Unicorn-62547.exe
2892	Unicorn-62547.exe
796	Unicorn-34871.exe
796	Unicorn-34871.exe
2388	Unicorn-26917.exe
2388	Unicorn-26917.exe
464	Unicorn-10009.exe
464	Unicorn-10009.exe
916	Unicorn-23025.exe
916	Unicorn-23025.exe
2732	Unicorn-1841.exe
2732	Unicorn-1841.exe
1248	Unicorn-14280.exe
1248	Unicorn-14280.exe
2096	Unicorn-51784.exe
2096	Unicorn-51784.exe
2760	Unicorn-21707.exe
2760	Unicorn-21707.exe
2296	Unicorn-10943.exe
2296	Unicorn-10943.exe
1364	Unicorn-18592.exe
1364	Unicorn-18592.exe
2264	Unicorn-741.exe
2264	Unicorn-741.exe

Program crash 6 IoCs

pid	pid_target	Process	procid_target
2884	2456	WerFault.exe	112
1724	2252	WerFault.exe	142
1696	1972	WerFault.exe	141
916	1480	WerFault.exe	212
2220	1996	WerFault.exe	279
1040	2880	WerFault.exe	320

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1736	bbb99a669834375f8f334ce3d8efa5ac.exe
2312	Unicorn-40632.exe
2548	Unicorn-23549.exe
2808	Unicorn-7767.exe
2576	Unicorn-14669.exe
2564	Unicorn-39344.exe
2412	Unicorn-63294.exe
2892	Unicorn-62547.exe
464	Unicorn-10009.exe
2732	Unicorn-1841.exe
1496	Unicorn-25791.exe
2760	Unicorn-21707.exe
1936	Unicorn-9620.exe
796	Unicorn-34871.exe
2388	Unicorn-26917.exe
916	Unicorn-23025.exe
1512	Unicorn-59973.exe
2296	Unicorn-10943.exe
2096	Unicorn-51784.exe
1248	Unicorn-14280.exe
2264	Unicorn-741.exe
1364	Unicorn-18592.exe
1780	Unicorn-13953.exe
1352	Unicorn-46818.exe
1956	Unicorn-39396.exe
596	Unicorn-17846.exe
564	Unicorn-55718.exe
1628	Unicorn-47550.exe
816	Unicorn-7264.exe
2988	Unicorn-55349.exe
2220	Unicorn-52895.exe
3036	Unicorn-25651.exe
2792	Unicorn-62215.exe
2748	Unicorn-48271.exe
2624	Unicorn-42349.exe
2120	Unicorn-46071.exe
2608	Unicorn-52163.exe
2108	Unicorn-4654.exe
268	Unicorn-28256.exe
2208	Unicorn-14851.exe
2396	Unicorn-27488.exe
2380	Unicorn-24726.exe
344	Unicorn-19512.exe
2452	Unicorn-27104.exe
2688	Unicorn-57015.exe
928	Unicorn-65183.exe
1952	Unicorn-16580.exe
2652	Unicorn-60004.exe
1648	Unicorn-58297.exe
2104	Unicorn-60580.exe
1696	Unicorn-43860.exe
1708	Unicorn-13948.exe
2260	Unicorn-4649.exe
1124	Unicorn-53850.exe
2288	Unicorn-2848.exe
1040	Unicorn-62786.exe
1768	Unicorn-34368.exe
1620	Unicorn-60155.exe
536	Unicorn-19699.exe
2480	Unicorn-28059.exe
2612	Unicorn-29019.exe
2516	Unicorn-16959.exe
2740	Unicorn-37379.exe
2476	Unicorn-20659.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2312	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	28
PID 1736 wrote to memory of 2312	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	28
PID 1736 wrote to memory of 2312	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	28
PID 1736 wrote to memory of 2312	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	28
PID 2312 wrote to memory of 2548	2312	Unicorn-40632.exe	29
PID 2312 wrote to memory of 2548	2312	Unicorn-40632.exe	29
PID 2312 wrote to memory of 2548	2312	Unicorn-40632.exe	29
PID 2312 wrote to memory of 2548	2312	Unicorn-40632.exe	29
PID 1736 wrote to memory of 2808	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	30
PID 1736 wrote to memory of 2808	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	30
PID 1736 wrote to memory of 2808	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	30
PID 1736 wrote to memory of 2808	1736	bbb99a669834375f8f334ce3d8efa5ac.exe	30
PID 2548 wrote to memory of 2576	2548	Unicorn-23549.exe	31
PID 2548 wrote to memory of 2576	2548	Unicorn-23549.exe	31
PID 2548 wrote to memory of 2576	2548	Unicorn-23549.exe	31
PID 2548 wrote to memory of 2576	2548	Unicorn-23549.exe	31
PID 2312 wrote to memory of 2564	2312	Unicorn-40632.exe	32
PID 2312 wrote to memory of 2564	2312	Unicorn-40632.exe	32
PID 2312 wrote to memory of 2564	2312	Unicorn-40632.exe	32
PID 2312 wrote to memory of 2564	2312	Unicorn-40632.exe	32
PID 2808 wrote to memory of 2412	2808	Unicorn-7767.exe	33
PID 2808 wrote to memory of 2412	2808	Unicorn-7767.exe	33
PID 2808 wrote to memory of 2412	2808	Unicorn-7767.exe	33
PID 2808 wrote to memory of 2412	2808	Unicorn-7767.exe	33
PID 2576 wrote to memory of 2892	2576	Unicorn-14669.exe	34
PID 2576 wrote to memory of 2892	2576	Unicorn-14669.exe	34
PID 2576 wrote to memory of 2892	2576	Unicorn-14669.exe	34
PID 2576 wrote to memory of 2892	2576	Unicorn-14669.exe	34
PID 2548 wrote to memory of 464	2548	Unicorn-23549.exe	35
PID 2548 wrote to memory of 464	2548	Unicorn-23549.exe	35
PID 2548 wrote to memory of 464	2548	Unicorn-23549.exe	35
PID 2548 wrote to memory of 464	2548	Unicorn-23549.exe	35
PID 2564 wrote to memory of 1496	2564	Unicorn-39344.exe	36
PID 2564 wrote to memory of 1496	2564	Unicorn-39344.exe	36
PID 2564 wrote to memory of 1496	2564	Unicorn-39344.exe	36
PID 2564 wrote to memory of 1496	2564	Unicorn-39344.exe	36
PID 2808 wrote to memory of 2732	2808	Unicorn-7767.exe	37
PID 2808 wrote to memory of 2732	2808	Unicorn-7767.exe	37
PID 2808 wrote to memory of 2732	2808	Unicorn-7767.exe	37
PID 2808 wrote to memory of 2732	2808	Unicorn-7767.exe	37
PID 2412 wrote to memory of 2760	2412	Unicorn-63294.exe	38
PID 2412 wrote to memory of 2760	2412	Unicorn-63294.exe	38
PID 2412 wrote to memory of 2760	2412	Unicorn-63294.exe	38
PID 2412 wrote to memory of 2760	2412	Unicorn-63294.exe	38
PID 2892 wrote to memory of 1936	2892	Unicorn-62547.exe	39
PID 2892 wrote to memory of 1936	2892	Unicorn-62547.exe	39
PID 2892 wrote to memory of 1936	2892	Unicorn-62547.exe	39
PID 2892 wrote to memory of 1936	2892	Unicorn-62547.exe	39
PID 2576 wrote to memory of 796	2576	Unicorn-14669.exe	40
PID 2576 wrote to memory of 796	2576	Unicorn-14669.exe	40
PID 2576 wrote to memory of 796	2576	Unicorn-14669.exe	40
PID 2576 wrote to memory of 796	2576	Unicorn-14669.exe	40
PID 464 wrote to memory of 2388	464	Unicorn-10009.exe	41
PID 464 wrote to memory of 2388	464	Unicorn-10009.exe	41
PID 464 wrote to memory of 2388	464	Unicorn-10009.exe	41
PID 464 wrote to memory of 2388	464	Unicorn-10009.exe	41
PID 2732 wrote to memory of 916	2732	Unicorn-1841.exe	42
PID 2732 wrote to memory of 916	2732	Unicorn-1841.exe	42
PID 2732 wrote to memory of 916	2732	Unicorn-1841.exe	42
PID 2732 wrote to memory of 916	2732	Unicorn-1841.exe	42
PID 1496 wrote to memory of 1512	1496	Unicorn-25791.exe	43
PID 1496 wrote to memory of 1512	1496	Unicorn-25791.exe	43
PID 1496 wrote to memory of 1512	1496	Unicorn-25791.exe	43
PID 1496 wrote to memory of 1512	1496	Unicorn-25791.exe	43

C:\Users\Admin\AppData\Local\Temp\bbb99a669834375f8f334ce3d8efa5ac.exe
"C:\Users\Admin\AppData\Local\Temp\bbb99a669834375f8f334ce3d8efa5ac.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46071.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3035.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13532.exe
        12⤵
        
        PID:480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        14⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
        16⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51994.exe
        15⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21545.exe
        7⤵
        Executes dropped EXE
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18592.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58297.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
        9⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36298.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18587.exe
        13⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39551.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28502.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
        17⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49297.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4326.exe
        13⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53530.exe
        14⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50396.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
        16⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60004.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2623.exe
        9⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        10⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        12⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
        13⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6187.exe
        14⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18850.exe
        15⤵
        
        PID:1336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14107.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41555.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58519.exe
        12⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        13⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
        14⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        15⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23236.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        10⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
        11⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        12⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
        13⤵
        
        PID:1940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4699.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28597.exe
        11⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        12⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
        13⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
        14⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38813.exe
        15⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        16⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60580.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29019.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64076.exe
        9⤵
        
        PID:2456
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 188
        10⤵
        Program crash
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2540.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20579.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        11⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 244
        12⤵
        Program crash
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        9⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23911.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
        11⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
        12⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        13⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        14⤵
        
        PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36448.exe
        7⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
        8⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        9⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        10⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        11⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1617.exe
        12⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45022.exe
        13⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39410.exe
        14⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55139.exe
        15⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25674.exe
        8⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18878.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
        11⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6031.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        13⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        14⤵
        
        PID:2068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25956.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35764.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38144.exe
        9⤵
        
        PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55718.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28256.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        8⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46173.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52198.exe
        10⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        14⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7283.exe
        8⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        10⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        11⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34721.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18629.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21050.exe
        14⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35103.exe
        15⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
        9⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64087.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36480.exe
        11⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
        12⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58234.exe
        13⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41605.exe
        14⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        15⤵
        
        PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
        8⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51825.exe
        10⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58932.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
        12⤵
        
        PID:620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe
        10⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        12⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34996.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9565.exe
        14⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18300.exe
        15⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61273.exe
        16⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-713.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3049.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54435.exe
        12⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        13⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32586.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30251.exe
        15⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10577.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64789.exe
        8⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21036.exe
        11⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19194.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45831.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52318.exe
        14⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50533.exe
        15⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
        16⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37952.exe
        17⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
        14⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
        15⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        9⤵
        
        PID:1480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 200
        10⤵
        Program crash
        
        PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48508.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        9⤵
        
        PID:2252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 244
        10⤵
        Program crash
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52895.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43860.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        8⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35997.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24503.exe
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        13⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        14⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
        8⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38249.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2665.exe
        11⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        12⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40043.exe
        13⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4796.exe
        14⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22026.exe
        15⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6695.exe
        13⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59415.exe
        14⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39764.exe
        7⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60667.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59650.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47289.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
        12⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
        13⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64481.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50626.exe
        10⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44944.exe
        12⤵
        
        PID:1996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
        13⤵
        Program crash
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-691.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57282.exe
        13⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34610.exe
        14⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
        10⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65367.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
        12⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2281.exe
        9⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
        11⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50258.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        13⤵
        
        PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17846.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27488.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        8⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
        10⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33823.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        13⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
        14⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56505.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21763.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
        12⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10735.exe
        13⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12388.exe
        14⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        15⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        13⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
        14⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43108.exe
        7⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36147.exe
        8⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1139.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        10⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13241.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22661.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51685.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61176.exe
        11⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31405.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61122.exe
        13⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61065.exe
        14⤵
        
        PID:2880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
        15⤵
        Program crash
        
        PID:1040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
        6⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34528.exe
        7⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
        10⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57185.exe
        11⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
        12⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe
        14⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39005.exe
        15⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
        16⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
        9⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19386.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20611.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65011.exe
        12⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19016.exe
        14⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56182.exe
        15⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
        13⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9882.exe
        14⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3101.exe
        10⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        11⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        12⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
        15⤵
        
        PID:1168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55349.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16580.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57415.exe
        6⤵
        Executes dropped EXE
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        7⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29261.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
        10⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44127.exe
        12⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14765.exe
        13⤵
        
        PID:2100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10009.exe

Filesize
184KB

MD5
39e70498379e00123a198cba036661a1

SHA1
3ac7146258306e2faf678d3b8361344117fb9255

SHA256
c00c15d8f20cd76a515af0f60c15fe2eb5cf9c3bb59844270b6468dd186b0a40

SHA512
26c21b38ff3304188fb9f921811f964f2db3ca896fcb3e5544566512f0215971cc51dfeb0795e83690b39e52851f3f4aa8d1973e37f50f05b3fbd77b07a1e565

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17720.exe

Filesize
184KB

MD5
f732a4dcd9c9c22639d2115dbf0d0fca

SHA1
e43d559c73eb1f1327569d5c9efb24675ad0bc8e

SHA256
05d4a7ce2539437f318300030f3c3c62879db5da36466b57d69d6d4f434dc4f0

SHA512
18a04a7ff88a020407b8f45a7c9edafd65201256f5efa7539faea0c921461d208cfb51d36f6d453e48beb37ad167a7ba971331869856ab2efc963f390e148d3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18354.exe

Filesize
184KB

MD5
23cdc4e2ab3eeb621c0b8301db62b3b8

SHA1
dcc9985d79c5a9ab4d67459391c63ccce8793d1e

SHA256
24517db2d18e23c5191f12133d5c0ab66907b3cd9e5f59f2710b50f88cfa85a9

SHA512
d99a0b80ab359c6d693170e2bd919dc1274c6260d08053efe3bfaf0307b5320f503e2ce5c2e4079a19b1187e4fb54b8bcfe3f992731b23bdbc2fed3567721ca5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21707.exe

Filesize
184KB

MD5
8d1606727b54264e048374282e366c06

SHA1
9e18c857b3746e95749eb2695cac5854e2bbc5c0

SHA256
17e532d278f7246dea4c932fe12ae3d8d765acf3c1589140c5ff7ec5acdf2442

SHA512
05f039d85c98704fe94d6752239a09e95b42b0a59bce5b1e83c6770c1abced3340e908ec6c75b6d87c3fb628d360cb9590130ea169b5f4b5b0a08605686f5f2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26917.exe

Filesize
184KB

MD5
016fd615947feaedd14ed120b8f7a2f7

SHA1
f385b6872e1c96a3ffd2652e28e3136607536ec3

SHA256
9e4d60cd8bcef460a1d442a10d3e8987517a4f634ab4b7529ae145ac242774c8

SHA512
6b743860a781237355d110e0c25de92b2ae6decc7e8b0840bf20898c1b5bff5979abc655e8fb2e1955efd581d305598727dce72d1b7aa0f337d5d0b3fd2a7830

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39784.exe

Filesize
184KB

MD5
46b082e7b50b4f76506428957a48bb85

SHA1
8fed5f9ffe3ef4d18fd70a3801a6762fd0c2f1b3

SHA256
b4ac56ba4086e62ae7844768a558c5bc4f27baeae0e40c9d73974dd33139be60

SHA512
f1f5d6ea20b73eeeaa9fcfb8728576928657e2a39aa726adcc617577feb0b57964f033f6b8a75f4365925137d00f60ddb1df852b3f6214dc3085d0d33477b4c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe

Filesize
184KB

MD5
aa72f6f7f698911f275fd22618e1aab1

SHA1
31afe945925b4c408b89c1272f902d20231274dc

SHA256
aef0d8032fbe5f08bb1d48a5ef1c7ed6bd51fd98b6ef3914684df0d6553b4556

SHA512
ac2dda8f75bfb6a19cbab0add7a78762d318913a92f0f88bf8e0e2ff25af05cdb3d661a4a4beb5edc1a7f10732bb25d2a619fbdcd6ed0ce1efae1fc5f5b24ea4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5555.exe

Filesize
184KB

MD5
31f348c639b7cd838817a3c56ee1de26

SHA1
2c73579dacf96852b50f689a4b00d54498751598

SHA256
7f20b5e6acae058053a3789a1e500d78f740ba1879dcafecbf35fb6e3679e897

SHA512
63a4dbc34a829d4f426468befecac26665ff680ac192069ad13a0bca721fe0b65b947305b535422ca338b88047b29fc1bccdd6820b493a1007b352727537880d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe

Filesize
184KB

MD5
adf394949358c638db17e0f980a36240

SHA1
f98d1131ff4c0bb5d7033bc54efbfa2192592191

SHA256
9c79ad389332492ed1c9d0b6c046fa66dedeca1e045a4ba1d7833057a6fa35fc

SHA512
4d1f55a77678de2470a9d57cf3eda05a21941e85354005da773046f622539e62be59289723b997f13fe9ba2ed07610662678614584bdf793c6c8d987d49510f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe

Filesize
64KB

MD5
dfd4f228c22012e5e0050b95bca3dacd

SHA1
9e6fcad763c1a22127f296d611c0e2b50e225101

SHA256
57a28c0a795c949b33a9e1f088977c015aa4850a388d2ac2031df3656721bad7

SHA512
b544a1bf63eca062145d5e6a34d5bcc07834fab5ebc5df8c4e741a1b1032142fa6ffa237b5db57542484b5d54b44e312ce5a93794398456e25a2af9add84e3b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe

Filesize
184KB

MD5
df452d9536ee0a7d53be0ccd4f7582e4

SHA1
834679f81a504be933cee8fefc8cb5debd727d83

SHA256
7fb403a6c1f380bc82eac0101963c651341fafa846e18e5c863ad6ececeecd48

SHA512
3db53f79e5bc9d8d893ca9b26dc063a437f843f6be18354b317570f05597c60282348af01b3417f4d10a1ae53ae594ab970365b64a1acc1dcc001a3b1e2f15d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10943.exe

Filesize
184KB

MD5
b0afb213cac35d206d8b4bba3d901420

SHA1
c76751c8e93f7c4b5aac541e223c68896a168af3

SHA256
0623abe657a9d47543ee1253ada33118b36f22d57712c0e12babadb3bbf8e66e

SHA512
4973363360d203c64d9741db9f300c6503c47a6825eeb8cc8f64b2bc98b112583b27490ffe8672f35a1e7a58fad8771f4887e5b26b4102d6c1756925ca0a0947

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14669.exe

Filesize
184KB

MD5
bc1c0522741c81ca0b721ba087405e90

SHA1
1e5c9e911c6036889bc670c8b3c38f622a4958fc

SHA256
340152be35dd47d31f417b683a541cd1c0f0314a338284690357e9663fa99732

SHA512
1edcb37246154ee432d510a4ef104b608d61570c084b8c1bd0348f76ff5d08bf892b9ca8c05cfe785e2e391ff91d6c891dbd08238c7efebdcd4052d4697b48cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1841.exe

Filesize
184KB

MD5
2953cbb095928993088d7de22a7e05e5

SHA1
88760a27e774538ecf1a17ecc1934068051465f0

SHA256
fe1d8ccf620b4d69d9c738cb44ddc3b5cae80652f28e9cc19defb84b2ab88c52

SHA512
135765166420e182ab775205c12e286e782d961e2cc42eb53bc8404e35e5d11b4ec2b21c714c3abf4189cf89e269ddcf49192a7ace1fde761969663b013c328a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe

Filesize
184KB

MD5
f53b45db0d5c576822abe1803dabd8e2

SHA1
d567ccee0795abe352d9d264105b76b8d4e174c4

SHA256
19415a8bf912d9f8b99043f51fbf31bc354f84af905bba71924e1928618250ad

SHA512
38286f16fea9cbe982e147c7cef3934eb8a06223cfa41aa7c5b9c4d6fb89b7d0d4201100d69e2dda7717af8ff554a397a89c48d5c8593e7e325c36130b1c2b9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe

Filesize
184KB

MD5
c05dd391f326babc1af9988de07291bb

SHA1
2edfcf851253c2bd473def081fe1df64df3127c4

SHA256
7b01e00f3f50eb63ce4e4109cc798dd002ba9f6da01ef40265d58d6d54397a39

SHA512
3a22517e1705c8ad9c2f92520a37b16f3219d85404ab48d7f81f2d4468538118eaadf2b72b65f22600f85537daeb741aff24744f3dc0fbdcb355e2c2cd685db7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe

Filesize
184KB

MD5
58553b02aa9891adbd26dcc4f864c628

SHA1
aa8295d0eec67d9d20f3bf98ddd258d30473334d

SHA256
be0d4c03db0b0fe4592c7fbc3c2118aed2a8d4e1f536ff035eda9366168aae09

SHA512
8a8f07a76c5e3deca2b98811bca542050a24462892878f1857247ac9d2f58cfb20b2c6f282da2b153392ef1af70b1ef67e1db7ff34079760fba0978c9d6fa563

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34871.exe

Filesize
184KB

MD5
b88a97ff359d2e006af1f0d1a59240e6

SHA1
4ae6d6b96f5ba14e238cb6ec1e799c3a5992c9a8

SHA256
f818314d9a1cda88663bf984a2f59ac504e789873b05e69506ee2d887747f6e0

SHA512
cb668f935a70f9f46747e974f5da0cf228f24c40910b0d619cb15df1c74e91592bce63e07f0d1f4a2a31b6a6decef1c6c851172189a1b4d5fa7d95623f26f724

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe

Filesize
184KB

MD5
e3d751100c31e34f28613fbc285f55e9

SHA1
e9ea63521a7683e86bb5360a97ef8cbd5656d230

SHA256
ca73432980947ba547641688f686b534404a1e7bf20c064de3f4d71277beb36e

SHA512
ae6a94b8cbdd528797acfafe0af783c1df2c7b2b24c71ad287e99bf2c8a330b83f38bf46752a3da5cc62e8c8023c51db7020d9d97b4ea85f740403fa87a7f39a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe

Filesize
184KB

MD5
519b2baca17762e02c05ff8e0547799c

SHA1
59593f2ab64551bd2797357d84b92d58b9a82c50

SHA256
39340a4f5108dfb6483382e3afda5648849563b32c6f452013ea26ba1de938a6

SHA512
501a697fc80856caffd6722398e0142730a2a7f07ebcd983d90ad8bfd7601e86ddcb0dd40e838081e904fdce8b54f38d32ae9077e258a3b192924faf11198586

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51784.exe

Filesize
184KB

MD5
628a249ebd2b3c6eeaa0822656ff7d18

SHA1
988cc067a36bedc8bca6d42108cef1e08fe6d8f9

SHA256
8939cea0caa9b4338a68aeeedb0e89e01098c4f6a6fd64efeec621efdb94ecd6

SHA512
85302c2c52f62d150c2bf294f9dc210c25469b5e778587f0552238a3b341294734108671ba7738477542d244e8e8a16aa44ebb1213c3877a08d6941c99aebd64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59973.exe

Filesize
128KB

MD5
a5f5c8a18348d6494a7fbb2733c26c7d

SHA1
c14713fe00f98cde345f5fb91465d8ab50a50ea9

SHA256
827e83f35577b47b1c0752cfde0577bdf5518655498a2ce93e83ebe21a336362

SHA512
4df4ad6e8818ab4131b7a895b132f6c09aaab39ba370844edab9c95f39c9e26aa6ae14b48438f67994e50e69b4bb573d5a2a1e32f8bbc7d8dcbd6717fb760392

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62547.exe

Filesize
184KB

MD5
1d521ce998ccaa0be13ddaca07bfa427

SHA1
815a64318866b9d8517c0059e5560d1f7bcc4c8f

SHA256
05228a4eb22ac7604213e61daff1ed7db656092d15901caefcc6dec7c2420f77

SHA512
9a27b70b1d015816a32b5eed931dbece7246f006f424f0b2d7f8bf5b972631fa7c3812f3852d79ba2d93bec905e06f9cb86813bdfa0048467c20d405a80fd885

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe

Filesize
184KB

MD5
074ca25d149b4fa7e703f21838390f8e

SHA1
b1f42a7ce3649ecdf0a83457094665a4ca43d5bd

SHA256
296cd1fd8806fb9a818557311c4c8a98a5403591c7f32eeb0d49c57f75b8aec8

SHA512
544950f097f8e1de5e8983e83d879f62fb67e6c92f176c41554775b26e5a2bba3f9fe8f3c680fa72680e881c94f480ebd3466228d4d64a0de627277b9105f9e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe

Filesize
184KB

MD5
904284f0db9af79e7b4e7973be005f28

SHA1
221c0e5b733de6aa6e324e155aac05df04d963cf

SHA256
8faf40d72199da5178b5f86b7358ad875e0ddf6d67e17565cb6e9f5c49238826

SHA512
94bd091d569459c1ac64d87b7566be61db9e9f4e081d6f0a04d41e1517ec27a3ee71286da4146e1dde4cbddf9af61355609cf217d1217d7a8d9531c9c9e9b077

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads