56d1d4044645bd8d5b54a3fe948fff7fdaee83072da5c2e253126b16056d6021

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/03/2024, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9f95fa664bff6d6aae71b37e4122e56.exe
Size

184KB
MD5

c9f95fa664bff6d6aae71b37e4122e56
SHA1

f7fe40a9ce782731834f93a2a15501c62f733220
SHA256

56d1d4044645bd8d5b54a3fe948fff7fdaee83072da5c2e253126b16056d6021
SHA512

66deb4a5154f0b9504e120db5698842881ed56c1078365bb203b07f78c46c8ed6fb9ee7741c8aec468afbd6cfe7035da3d118fcf32c17a6532cf3b98b25784e6
SSDEEP

3072:BY76ozyOZYA5rpjmdTntw8NnFlF6dzrV3DEx83voh6lPvlFC:BYGo555rYdbtw8MRPk6lPvlF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2496	Unicorn-2778.exe
2604	Unicorn-49580.exe
2768	Unicorn-22522.exe
2492	Unicorn-45780.exe
2572	Unicorn-46320.exe
2424	Unicorn-43705.exe
1204	Unicorn-63189.exe
676	Unicorn-6438.exe
556	Unicorn-19826.exe
2444	Unicorn-324.exe
2856	Unicorn-25440.exe
1796	Unicorn-51823.exe
1972	Unicorn-49213.exe
2676	Unicorn-10685.exe
1112	Unicorn-48638.exe
2280	Unicorn-28772.exe
2128	Unicorn-1049.exe
2276	Unicorn-11674.exe
2136	Unicorn-9954.exe
1436	Unicorn-40304.exe
1520	Unicorn-24120.exe
980	Unicorn-59107.exe
1116	Unicorn-12488.exe
300	Unicorn-16820.exe
3068	Unicorn-49923.exe
2792	Unicorn-46164.exe
2904	Unicorn-61094.exe
2892	Unicorn-25615.exe
1740	Unicorn-16444.exe
3016	Unicorn-36673.exe
2996	Unicorn-19807.exe
2540	Unicorn-32036.exe
2596	Unicorn-53020.exe
2652	Unicorn-7348.exe
2428	Unicorn-39228.exe
2420	Unicorn-21562.exe
2468	Unicorn-64191.exe
2876	Unicorn-43178.exe
2496	Unicorn-29923.exe
1424	Unicorn-29923.exe
2384	Unicorn-19602.exe
1004	Unicorn-63273.exe
1568	Unicorn-36504.exe
1128	Unicorn-38986.exe
276	Unicorn-60081.exe
576	Unicorn-25602.exe
2532	Unicorn-26165.exe
1832	Unicorn-59925.exe
1380	Unicorn-56210.exe
2660	Unicorn-58809.exe
812	Unicorn-12196.exe
2312	Unicorn-42254.exe
1580	Unicorn-65349.exe
2984	Unicorn-61343.exe
1920	Unicorn-52733.exe
1708	Unicorn-25446.exe
1824	Unicorn-37617.exe
940	Unicorn-20854.exe
900	Unicorn-60125.exe
3052	Unicorn-60125.exe
1224	Unicorn-46741.exe
2916	Unicorn-5934.exe
2372	Unicorn-39317.exe
2940	Unicorn-36353.exe

Loads dropped DLL 64 IoCs

pid	Process
2692	c9f95fa664bff6d6aae71b37e4122e56.exe
2692	c9f95fa664bff6d6aae71b37e4122e56.exe
2496	Unicorn-2778.exe
2496	Unicorn-2778.exe
2692	c9f95fa664bff6d6aae71b37e4122e56.exe
2692	c9f95fa664bff6d6aae71b37e4122e56.exe
2604	Unicorn-49580.exe
2604	Unicorn-49580.exe
2496	Unicorn-2778.exe
2496	Unicorn-2778.exe
2768	Unicorn-22522.exe
2768	Unicorn-22522.exe
2492	Unicorn-45780.exe
2492	Unicorn-45780.exe
2604	Unicorn-49580.exe
2604	Unicorn-49580.exe
2424	Unicorn-43705.exe
2424	Unicorn-43705.exe
2768	Unicorn-22522.exe
2768	Unicorn-22522.exe
2572	Unicorn-46320.exe
2572	Unicorn-46320.exe
1204	Unicorn-63189.exe
1204	Unicorn-63189.exe
2492	Unicorn-45780.exe
2492	Unicorn-45780.exe
676	Unicorn-6438.exe
676	Unicorn-6438.exe
2856	Unicorn-25440.exe
2572	Unicorn-46320.exe
2856	Unicorn-25440.exe
2572	Unicorn-46320.exe
556	Unicorn-19826.exe
556	Unicorn-19826.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
2424	Unicorn-43705.exe
2424	Unicorn-43705.exe
1268	WerFault.exe
1796	Unicorn-51823.exe
1796	Unicorn-51823.exe
1204	Unicorn-63189.exe
1204	Unicorn-63189.exe
1972	Unicorn-49213.exe
1972	Unicorn-49213.exe
2676	Unicorn-10685.exe
2676	Unicorn-10685.exe
676	Unicorn-6438.exe
676	Unicorn-6438.exe
1112	Unicorn-48638.exe
1112	Unicorn-48638.exe
2856	Unicorn-25440.exe
2856	Unicorn-25440.exe
2276	Unicorn-11674.exe
2276	Unicorn-11674.exe
556	Unicorn-19826.exe
556	Unicorn-19826.exe
2280	Unicorn-28772.exe
2280	Unicorn-28772.exe
2128	Unicorn-1049.exe
2128	Unicorn-1049.exe
2136	Unicorn-9954.exe

Program crash 5 IoCs

pid	pid_target	Process	procid_target
1268	2444	WerFault.exe	38
1152	2596	WerFault.exe	61
1992	2200	WerFault.exe	251
2828	2332	WerFault.exe	249
2976	2664	WerFault.exe	318

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2692	c9f95fa664bff6d6aae71b37e4122e56.exe
2496	Unicorn-2778.exe
2604	Unicorn-49580.exe
2768	Unicorn-22522.exe
2492	Unicorn-45780.exe
2424	Unicorn-43705.exe
2572	Unicorn-46320.exe
1204	Unicorn-63189.exe
676	Unicorn-6438.exe
2856	Unicorn-25440.exe
2444	Unicorn-324.exe
556	Unicorn-19826.exe
1796	Unicorn-51823.exe
1972	Unicorn-49213.exe
2676	Unicorn-10685.exe
1112	Unicorn-48638.exe
2280	Unicorn-28772.exe
2276	Unicorn-11674.exe
2128	Unicorn-1049.exe
2136	Unicorn-9954.exe
1436	Unicorn-40304.exe
1520	Unicorn-24120.exe
980	Unicorn-59107.exe
1116	Unicorn-12488.exe
300	Unicorn-16820.exe
3068	Unicorn-49923.exe
2904	Unicorn-61094.exe
2792	Unicorn-46164.exe
2892	Unicorn-25615.exe
1740	Unicorn-16444.exe
3016	Unicorn-36673.exe
2996	Unicorn-19807.exe
2428	Unicorn-39228.exe
2652	Unicorn-7348.exe
2540	Unicorn-32036.exe
2596	Unicorn-53020.exe
2420	Unicorn-21562.exe
2468	Unicorn-64191.exe
2876	Unicorn-43178.exe
2384	Unicorn-19602.exe
2496	Unicorn-29923.exe
1424	Unicorn-29923.exe
1004	Unicorn-63273.exe
276	Unicorn-60081.exe
1128	Unicorn-38986.exe
1568	Unicorn-36504.exe
576	Unicorn-25602.exe
2532	Unicorn-26165.exe
1832	Unicorn-59925.exe
1380	Unicorn-56210.exe
2660	Unicorn-58809.exe
812	Unicorn-12196.exe
1580	Unicorn-65349.exe
2312	Unicorn-42254.exe
2984	Unicorn-61343.exe
1920	Unicorn-52733.exe
1708	Unicorn-25446.exe
1824	Unicorn-37617.exe
940	Unicorn-20854.exe
900	Unicorn-60125.exe
1224	Unicorn-46741.exe
3052	Unicorn-60125.exe
2916	Unicorn-5934.exe
2372	Unicorn-39317.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 2496	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	28
PID 2692 wrote to memory of 2496	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	28
PID 2692 wrote to memory of 2496	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	28
PID 2692 wrote to memory of 2496	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	28
PID 2496 wrote to memory of 2604	2496	Unicorn-2778.exe	29
PID 2496 wrote to memory of 2604	2496	Unicorn-2778.exe	29
PID 2496 wrote to memory of 2604	2496	Unicorn-2778.exe	29
PID 2496 wrote to memory of 2604	2496	Unicorn-2778.exe	29
PID 2692 wrote to memory of 2768	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	30
PID 2692 wrote to memory of 2768	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	30
PID 2692 wrote to memory of 2768	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	30
PID 2692 wrote to memory of 2768	2692	c9f95fa664bff6d6aae71b37e4122e56.exe	30
PID 2604 wrote to memory of 2492	2604	Unicorn-49580.exe	31
PID 2604 wrote to memory of 2492	2604	Unicorn-49580.exe	31
PID 2604 wrote to memory of 2492	2604	Unicorn-49580.exe	31
PID 2604 wrote to memory of 2492	2604	Unicorn-49580.exe	31
PID 2496 wrote to memory of 2572	2496	Unicorn-2778.exe	32
PID 2496 wrote to memory of 2572	2496	Unicorn-2778.exe	32
PID 2496 wrote to memory of 2572	2496	Unicorn-2778.exe	32
PID 2496 wrote to memory of 2572	2496	Unicorn-2778.exe	32
PID 2768 wrote to memory of 2424	2768	Unicorn-22522.exe	33
PID 2768 wrote to memory of 2424	2768	Unicorn-22522.exe	33
PID 2768 wrote to memory of 2424	2768	Unicorn-22522.exe	33
PID 2768 wrote to memory of 2424	2768	Unicorn-22522.exe	33
PID 2492 wrote to memory of 1204	2492	Unicorn-45780.exe	34
PID 2492 wrote to memory of 1204	2492	Unicorn-45780.exe	34
PID 2492 wrote to memory of 1204	2492	Unicorn-45780.exe	34
PID 2492 wrote to memory of 1204	2492	Unicorn-45780.exe	34
PID 2604 wrote to memory of 676	2604	Unicorn-49580.exe	35
PID 2604 wrote to memory of 676	2604	Unicorn-49580.exe	35
PID 2604 wrote to memory of 676	2604	Unicorn-49580.exe	35
PID 2604 wrote to memory of 676	2604	Unicorn-49580.exe	35
PID 2424 wrote to memory of 556	2424	Unicorn-43705.exe	36
PID 2424 wrote to memory of 556	2424	Unicorn-43705.exe	36
PID 2424 wrote to memory of 556	2424	Unicorn-43705.exe	36
PID 2424 wrote to memory of 556	2424	Unicorn-43705.exe	36
PID 2768 wrote to memory of 2856	2768	Unicorn-22522.exe	37
PID 2768 wrote to memory of 2856	2768	Unicorn-22522.exe	37
PID 2768 wrote to memory of 2856	2768	Unicorn-22522.exe	37
PID 2768 wrote to memory of 2856	2768	Unicorn-22522.exe	37
PID 2572 wrote to memory of 2444	2572	Unicorn-46320.exe	38
PID 2572 wrote to memory of 2444	2572	Unicorn-46320.exe	38
PID 2572 wrote to memory of 2444	2572	Unicorn-46320.exe	38
PID 2572 wrote to memory of 2444	2572	Unicorn-46320.exe	38
PID 1204 wrote to memory of 1796	1204	Unicorn-63189.exe	39
PID 1204 wrote to memory of 1796	1204	Unicorn-63189.exe	39
PID 1204 wrote to memory of 1796	1204	Unicorn-63189.exe	39
PID 1204 wrote to memory of 1796	1204	Unicorn-63189.exe	39
PID 2492 wrote to memory of 1972	2492	Unicorn-45780.exe	40
PID 2492 wrote to memory of 1972	2492	Unicorn-45780.exe	40
PID 2492 wrote to memory of 1972	2492	Unicorn-45780.exe	40
PID 2492 wrote to memory of 1972	2492	Unicorn-45780.exe	40
PID 676 wrote to memory of 2676	676	Unicorn-6438.exe	41
PID 676 wrote to memory of 2676	676	Unicorn-6438.exe	41
PID 676 wrote to memory of 2676	676	Unicorn-6438.exe	41
PID 676 wrote to memory of 2676	676	Unicorn-6438.exe	41
PID 2444 wrote to memory of 1268	2444	Unicorn-324.exe	42
PID 2444 wrote to memory of 1268	2444	Unicorn-324.exe	42
PID 2444 wrote to memory of 1268	2444	Unicorn-324.exe	42
PID 2444 wrote to memory of 1268	2444	Unicorn-324.exe	42
PID 2856 wrote to memory of 1112	2856	Unicorn-25440.exe	43
PID 2856 wrote to memory of 1112	2856	Unicorn-25440.exe	43
PID 2856 wrote to memory of 1112	2856	Unicorn-25440.exe	43
PID 2856 wrote to memory of 1112	2856	Unicorn-25440.exe	43

C:\Users\Admin\AppData\Local\Temp\c9f95fa664bff6d6aae71b37e4122e56.exe
"C:\Users\Admin\AppData\Local\Temp\c9f95fa664bff6d6aae71b37e4122e56.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9954.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36673.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46741.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
        11⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29421.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9644.exe
        14⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22054.exe
        15⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        16⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        17⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
        18⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39317.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46882.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53519.exe
        11⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        14⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14970.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48045.exe
        16⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12845.exe
        17⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6904.exe
        18⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55305.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14769.exe
        15⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22708.exe
        16⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4501.exe
        17⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
        9⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5092.exe
        10⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22316.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe
        13⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43390.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60277.exe
        15⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        16⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30740.exe
        17⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        18⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19807.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25446.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5642.exe
        9⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
        12⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51176.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
        15⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23810.exe
        16⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
        17⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        18⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        9⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37817.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
        11⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30478.exe
        12⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
        13⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe
        15⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39656.exe
        16⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        17⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        18⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
        16⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        17⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        13⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
        15⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        16⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25690.exe
        17⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47317.exe
        18⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38686.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        12⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9550.exe
        13⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        14⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39772.exe
        15⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
        16⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24520.exe
        17⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40587.exe
        8⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19451.exe
        9⤵
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55295.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18589.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
        12⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61755.exe
        13⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59862.exe
        14⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8721.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
        16⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        17⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56080.exe
        18⤵
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26290.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
        12⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11843.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        15⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
        16⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49742.exe
        17⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65349.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21686.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56824.exe
        9⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20077.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
        11⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11872.exe
        12⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
        13⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21926.exe
        14⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36626.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16760.exe
        14⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53020.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
        7⤵
        Program crash
        
        PID:1152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21562.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        8⤵
        Executes dropped EXE
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6579.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30049.exe
        12⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54525.exe
        13⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7769.exe
        14⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
        10⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61339.exe
        12⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        13⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
        14⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32929.exe
        15⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35687.exe
        16⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
        17⤵
        
        PID:2884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11462.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5712.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12420.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8780.exe
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        13⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52225.exe
        14⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        16⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        17⤵
        
        PID:2304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39963.exe
        9⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52947.exe
        11⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
        12⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20567.exe
        14⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40901.exe
        15⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33050.exe
        16⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
        12⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
        13⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13625.exe
        14⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
        15⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        8⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15045.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
        11⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23511.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51389.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18366.exe
        15⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35052.exe
        16⤵
        
        PID:2252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25615.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        7⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13142.exe
        8⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37764.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4889.exe
        12⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
        13⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29499.exe
        14⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15254.exe
        6⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51581.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
        8⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11230.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
        12⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
        14⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
        15⤵
        
        PID:2436
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61743.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18285.exe
        10⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
        11⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23474.exe
        12⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        13⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        15⤵
        
        PID:2664
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
        16⤵
        Program crash
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60081.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        9⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
        11⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
        12⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64565.exe
        13⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        10⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26352.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
        12⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38527.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
        14⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        15⤵
        
        PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61094.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37617.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10575.exe
        10⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        12⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45116.exe
        13⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
        14⤵
        
        PID:2332
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 244
        15⤵
        Program crash
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
        8⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
        9⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9368.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        12⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        13⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48086.exe
        14⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
        15⤵
        
        PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1049.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17033.exe
        8⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35152.exe
        9⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38997.exe
        10⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
        11⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
        13⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60752.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
        15⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24810.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        17⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24567.exe
        18⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56247.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54320.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
        13⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53614.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63047.exe
        15⤵
        
        PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26165.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
        6⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
        7⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4670.exe
        10⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-290.exe
        12⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 220
        13⤵
        Program crash
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11745.exe
        7⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37613.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46678.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31450.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        13⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-434.exe
        14⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
        15⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15722.exe
        16⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
        17⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2305.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59289.exe
        11⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24788.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42134.exe
        13⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15598.exe
        14⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7933.exe
        15⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        16⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
        17⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
        18⤵
        
        PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16820.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20001.exe
        8⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9512.exe
        9⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57535.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57658.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32848.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40277.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29194.exe
        15⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43841.exe
        15⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7318.exe
        16⤵
        
        PID:2888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12733.exe
        7⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        9⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64614.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51464.exe
        13⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49549.exe
        14⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
        15⤵
        
        PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49923.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64711.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23302.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
        11⤵
        
        PID:1700

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe

Filesize
184KB

MD5
42bef9342224a01ed0b48b85b327a0cd

SHA1
15012482c0709964e64133682b38100e1cda73de

SHA256
9523e4a206833550af72190fc97001421dfb29db51b02372f0a6eb360ef30ff8

SHA512
8e8a191e5b52701583a08290b6b3d88e44f4ed3e409509fc03cc28f88b10b6e8e22006fe44b116428f30918962e97a152d749c323e92cfa20fb1cc2a9843e68c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe

Filesize
184KB

MD5
2de457db1188334b251d889e53b97332

SHA1
6e6e4fa1f77412ea08995ab3356de42cf9bba649

SHA256
f89f4014ca3e377264dd8e4491ad35aa298ff85daa9f7dda7126bb826e2dcee8

SHA512
5db729d7165d6292bb8a5418a871fa570667ab213c6ad248121171baa137f8e9e12a0bb0872612806512acb47a2de77ccd8db9cb5b1f4841db7a52169a2214dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40304.exe

Filesize
184KB

MD5
22cafdd174cbe894467123a5ca9dd366

SHA1
5fe8c9bb04eb02ce932eb97a35afe805800c2fb8

SHA256
68cdf1193546a7cc2703eb726964da54f7be191f1ca0d85610f1f8306502ed1e

SHA512
2612594d21bf6ed5daf8f127f43c9b86b17034adfe1e52c659d4d9840d47c8a52d3636dc0b6f074a85e7328533c0cb35b698aa3d627dd011f1f337e72f5ef93f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45780.exe

Filesize
184KB

MD5
d24df4a84a6a5752fa46d4739e1ac8a4

SHA1
9c61c415a2942cf33e428e990be8baf2a50eab76

SHA256
a1cf5d6d37b4caf873cf0a6e9dc24307ec980e7262301b0276767f965f4b7030

SHA512
154e8595bc8b7844d55791f3afe59863fe61e2626d236626fc589c527aebc16e2d53f3519361e7a119789a854aa0ea01a33e9830aecf8aa4d3283913152852c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe

Filesize
184KB

MD5
16cb75c9aab689d2cb3d36157dc5e0ce

SHA1
a16e31e3ac27922df216493a23d9c14a2af3c5cd

SHA256
b1219ce1a8af00291ce32f92b805d897fdb4ad04422de8372135a5f23005debb

SHA512
4b2ad96638f3218d554b67e8d90485013cd86b147552553061f90891ec1034ed1d028083bce22cc8caca925135c485fb3f23cc2f8c1d384f58ccf4a2a9067005

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6442.exe

Filesize
184KB

MD5
04cf38d6c97020a996c47564fe892559

SHA1
046832089df90437d235069c428098e6de3a5b77

SHA256
2c0313c7369d6f2bada9d3d3426dae4d1c6cb246e3732c5d8a0c7a7973782088

SHA512
526c44e54414b2638eab5fc9786980ad495dd965e4ecf940181c337c6a2683f42349643fd877d6ccc4465781eaad46de97b11e46747a7d96eacb8dbcc4822c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6778.exe

Filesize
184KB

MD5
d8ee6744179ac7118a498b9c05400aac

SHA1
2829796bd480126b55b0d3838b1cf700ef3929c1

SHA256
3cab074630d25943baf62f60eb58b33815494a39b9b9595ccd78716b56a04db7

SHA512
7d2024d44e02ea56767e10e7ef148a9de42cd1b012c39a1fe2d68426c9e79c512df145a5abb7f4f0d2cf0634efc984e1129d157695a7282a43f4480d574e7e0d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe

Filesize
184KB

MD5
5e626477605ced9fd3e43963d325d171

SHA1
a96e1a538d4e2f88e861e194692b104b11d7e379

SHA256
68a26bbd6904bdbc67e52dc699f6f513319d8a74632ff4750baeadc7dce96a29

SHA512
b83a9c544349b724d1c1c8c1a333deca1cb7b94897417a018fdfaee151af059a767dbd43310ebeb9dbff1463a0eada48f523cd5cbf2a2963ba027a82bb27316f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11674.exe

Filesize
184KB

MD5
5d1aecb0cc470cf575192a08b6eec930

SHA1
81f4fdf254610a5f88a7dcd8aede34dc3a3351e1

SHA256
dcbb5a1d91c3194438731154b72241a4789506ec2193c556b6b47ea10c5ce0e9

SHA512
21284f883b11e96e3da0c459f96c72dd065dc40bc459212de838f772576f7f1b6efcd83d0ee1d0f119184b6bbe4e317019c16e89ef53e2a6b4b5a8f9d78f575e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe

Filesize
184KB

MD5
252703144ef8cdb7d9bd2dc7f1b660e0

SHA1
c071e8ff60ddd2e6179b04937d73cbc0d7d6b83e

SHA256
1aa94430c901f5a0e5c3647edddf00615a1f0e0db3a6bba177e8fd1646f50362

SHA512
730bdc49cbcbb81eb4cdf54ba4b3a5b1fda4143999c5f618c5e0a6046cb56a53c203957809adc8a21addadf5ceb3c5394b1d59370ee08bb60b0f2ab583c9ba02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe

Filesize
184KB

MD5
3355d719185b84efce80806e8c6e6f2c

SHA1
66c7c0252b4959327222ac59d4f38701c8d8e7dc

SHA256
11cca5b6ead8622ec7236a30ab27eee289677994c479b80ec4db55f33aa2fc51

SHA512
3fceccd1418198ec561f7a6dccc87ceb98573326219d243104415523e8cff1b6585fbf8aa7252a14c2e384f7304b1ec17d2d6cec35aab238fe3d734f84872ba4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25440.exe

Filesize
184KB

MD5
9a56996321384dfbcae3b13f4d57fd13

SHA1
4625a725ecf76ee068b5defe5ec85f0375d49569

SHA256
a5bfcb978fc166c8f6d36788f5f1db4d06193b2f301fd346ad465ae9614fc713

SHA512
b5798bf142cf997072e2fe565cc5a34b551af0d9108fa29d626ac4a083329b8e1d704930137c12293e5f6c3fa269eecb4a3438775743ca3e4c42bfbab0001316

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2778.exe

Filesize
184KB

MD5
f7f44d81ef844e37e15ec92573e9b075

SHA1
145455580daabb291bdc29a8016b23ca72c671fc

SHA256
da0674ec1f278813834b7526ebf2e4caa09fc615c23f9be0d3a59100f6eba32b

SHA512
0e5d95cac94af68788730a4eee5f5dd703a943402cd2a10467572960a49542f3b35391c54d5358b636c00204878647e3f405c42bef257f761e076e2f8d08aadb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28772.exe

Filesize
184KB

MD5
ed6f7e67490bfe45a8e889062f6c87d2

SHA1
cafb42b880e97ed17d053dca0ad3eab52e07b884

SHA256
2a1b82163d4cbb289eb0c639e3f96784ffec0eb7b69d5ecf1e41e4cf6d2c40d8

SHA512
66c931f6cea5e79c21f6c38b5084beda8c6826a5ab11ee30c4fea8d4001e6fcf0fbdf150a7120a0588ac2a3f01a800e8c3a0b93e2220be37aa1b51f472cf39ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43705.exe

Filesize
184KB

MD5
0208afd2c44441327be33074030a9aeb

SHA1
69cfff209300061d6f5e69defed8dda5cb3d0aa7

SHA256
dcd34b80383f94fa5ee288f0cae11eb7d4e8bd4885f3274ea981a416d3115904

SHA512
edba29a37856a3cb75af67b20538984efb4532fba040b56697718f3e528cccc913d49230f594bf156d1318d3353d45367e5933c54961ecfdff9d5f22f0173db3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46320.exe

Filesize
184KB

MD5
6805d61e279e388e3520d95f804faea7

SHA1
d17441755137515d87232a97008d11b633fee8b2

SHA256
2e86feaa4593f2b792ded1cc7242585f3ffd9a275eea9e192c6275c5ef376e5e

SHA512
0f68dea21b7e6cfd7f025fe721e57c3c28219ec19fc90a879883b65649c4499a2c0ac195f4c12f01457fef251dad7f68276d648e5caefa6f38591d980d4d46b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48638.exe

Filesize
184KB

MD5
498a4277e1b9a04d00fe7f7436f53291

SHA1
6dabd463fa591371bee5c6ca840bcf92e364c8a0

SHA256
bf8559b62ed5b81dd04fa569fcc7cd728a1316104276f165d5a800d9ab37d2c6

SHA512
3f9bd934e53674c9a17ee67bcb9ad98eb83295a23a841224612be73502d10cccc4c341cc54bc0763ddfaad75761a1dff97fb9dee70e966c8c206efa7badcb6a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe

Filesize
184KB

MD5
86eabf44cfaed0cdaa365effaa1fdafa

SHA1
2aed9bb00daaa44629dbf6a83ead42100cae029f

SHA256
e173efc313eb4ebe63ef796af9d6e1687c3c59d6e4a7bd954e18fb52684d23e4

SHA512
f0f86253e25cdad47e101ba461b72cdfd6d02497114366c4b680b2b48ab11c01b461de00ecc485850d69f7341ddf8ad39b6b7a8b68262cab731a41b181118dd1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49580.exe

Filesize
184KB

MD5
d9b35f8c8082fe2b7dc7a5a19c320fdb

SHA1
5ca908c9b6cc92ddf2daa7cb6470c852f2e814ce

SHA256
839d1e4fdeaf0d05e935211c4912a5007e137529a2659fd377d82e25618957fa

SHA512
9ef1df637a4395f8065e4d81d0fba500ef29efea85f4243c80fb08df4c877206c04a844fa496b7e802028a4b87c8e2c4e098625a9340f3713daf9ce7b343788c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51823.exe

Filesize
184KB

MD5
11cab5de4116882a9439300d9a924e92

SHA1
4dac4f51d6ae1ceb147e5a7b0dd8baab965009bf

SHA256
077b83e813b6829459267b408cbcfd4806623a56fda19111e0480d15a6aeae68

SHA512
8082170a22cc6c171a795e56374ae7f3b9dbd552d3781e4201cd171a95b9ebe175ba5af8b16b6d1a3adca32280eb4614d1c3b4c903c133fbf29f627a0c09978c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63189.exe

Filesize
184KB

MD5
21c7baf171a0f9423e3418e980c39f41

SHA1
31a419011d19ae90fb5ccbb71e303ebbfe791c7f

SHA256
a8ab4d7fda9250aa16d3acadbd0c22c4f2c4ffacefcb276fe835679715fd7f08

SHA512
d913a8ee1c503557ad6729d8840abfb98cda8ec51d8b494b0218bd0959b1fde103b65ad6a90058a7e587621d90c7cf573863c597111b058bae0f2c2e825fd66b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe

Filesize
184KB

MD5
dc2358bccdf1507881d761b8e1d9839d

SHA1
5ad8d07e186971204d83a525c2e1259b5ecaca38

SHA256
25174d64249fbcec44397460804d53be88d713fb813a7108e60f903895cfacc6

SHA512
3068bcaced50098c58210df2a4960d0e74549bed0494ed0e87e36efd75360567af9b5516f5413b7cfc6bc7a59000e1aedf05e13c53f6e5d3cb518e73647195e0

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads