4d440d85bcf0ce18ce7df38cb2138911ffed18040d073a711a4e5588a9503cd5

Analysis

max time kernel
149s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ad325499dd5f7cd9c932d683bbde805d.exe
Size

184KB
MD5

ad325499dd5f7cd9c932d683bbde805d
SHA1

f8ad65bc85af8b6f328f2a9bb185263f67727aec
SHA256

4d440d85bcf0ce18ce7df38cb2138911ffed18040d073a711a4e5588a9503cd5
SHA512

31eef22b3db8441b4045a5fb12438cf7fd89ffcff7ed40ee883de97e01b4e48106d12d68aa11acddcb96e13c316e49483c5edcdf0950cde182a8714edb4b4b45
SSDEEP

3072:okcNocOhAoE8Ojid8AcNzFbQbt6NtYIUDYx4OPWV7lPdpFE:okKoXOf8Rd5cNzblgt7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2380	Unicorn-8798.exe
2704	Unicorn-11896.exe
2820	Unicorn-43177.exe
2596	Unicorn-26946.exe
2000	Unicorn-14693.exe
2612	Unicorn-64449.exe
3000	Unicorn-39281.exe
520	Unicorn-39835.exe
1736	Unicorn-6416.exe
1840	Unicorn-22753.exe
2864	Unicorn-15139.exe
1052	Unicorn-17839.exe
2004	Unicorn-42897.exe
1988	Unicorn-9177.exe
1800	Unicorn-40458.exe
1596	Unicorn-25514.exe
528	Unicorn-46489.exe
336	Unicorn-817.exe
2440	Unicorn-50594.exe
956	Unicorn-4854.exe
680	Unicorn-18498.exe
1404	Unicorn-46894.exe
2912	Unicorn-21574.exe
2476	Unicorn-41440.exe
2404	Unicorn-27050.exe
1152	Unicorn-27604.exe
3016	Unicorn-8575.exe
2112	Unicorn-20828.exe
1780	Unicorn-15160.exe
1768	Unicorn-12550.exe
1568	Unicorn-37055.exe
2388	Unicorn-16443.exe
1660	Unicorn-8829.exe
2780	Unicorn-43661.exe
2276	Unicorn-21657.exe
2744	Unicorn-57859.exe
2632	Unicorn-25571.exe
2312	Unicorn-11180.exe
2604	Unicorn-65020.exe
868	Unicorn-7096.exe
1628	Unicorn-60189.exe
872	Unicorn-40323.exe
1876	Unicorn-52597.exe
2620	Unicorn-59374.exe
1956	Unicorn-2005.exe
1668	Unicorn-52405.exe
2504	Unicorn-37522.exe
1476	Unicorn-14963.exe
1812	Unicorn-46245.exe
1636	Unicorn-8741.exe
1028	Unicorn-56359.exe
2100	Unicorn-62602.exe
2264	Unicorn-34376.exe
476	Unicorn-15347.exe
552	Unicorn-15347.exe
2932	Unicorn-51289.exe
112	Unicorn-18698.exe
2392	Unicorn-36871.exe
1820	Unicorn-18397.exe
1584	Unicorn-40763.exe
896	Unicorn-36679.exe
1428	Unicorn-50877.exe
3048	Unicorn-50877.exe
2240	Unicorn-61567.exe

Loads dropped DLL 64 IoCs

pid	Process
812	ad325499dd5f7cd9c932d683bbde805d.exe
812	ad325499dd5f7cd9c932d683bbde805d.exe
2380	Unicorn-8798.exe
2380	Unicorn-8798.exe
812	ad325499dd5f7cd9c932d683bbde805d.exe
812	ad325499dd5f7cd9c932d683bbde805d.exe
2704	Unicorn-11896.exe
2704	Unicorn-11896.exe
2820	Unicorn-43177.exe
2820	Unicorn-43177.exe
2380	Unicorn-8798.exe
2380	Unicorn-8798.exe
2596	Unicorn-26946.exe
2596	Unicorn-26946.exe
2704	Unicorn-11896.exe
2704	Unicorn-11896.exe
2612	Unicorn-64449.exe
2612	Unicorn-64449.exe
2000	Unicorn-14693.exe
2000	Unicorn-14693.exe
2820	Unicorn-43177.exe
2820	Unicorn-43177.exe
3000	Unicorn-39281.exe
3000	Unicorn-39281.exe
2596	Unicorn-26946.exe
2596	Unicorn-26946.exe
1840	Unicorn-22753.exe
1840	Unicorn-22753.exe
2000	Unicorn-14693.exe
2000	Unicorn-14693.exe
1736	Unicorn-6416.exe
1736	Unicorn-6416.exe
2612	Unicorn-64449.exe
2612	Unicorn-64449.exe
2864	Unicorn-15139.exe
2864	Unicorn-15139.exe
1052	Unicorn-17839.exe
1052	Unicorn-17839.exe
3000	Unicorn-39281.exe
3000	Unicorn-39281.exe
2004	Unicorn-42897.exe
2004	Unicorn-42897.exe
1988	Unicorn-9177.exe
1988	Unicorn-9177.exe
1840	Unicorn-22753.exe
1840	Unicorn-22753.exe
1800	Unicorn-40458.exe
1800	Unicorn-40458.exe
336	Unicorn-817.exe
336	Unicorn-817.exe
2864	Unicorn-15139.exe
528	Unicorn-46489.exe
2864	Unicorn-15139.exe
528	Unicorn-46489.exe
1596	Unicorn-25514.exe
1596	Unicorn-25514.exe
1736	Unicorn-6416.exe
1736	Unicorn-6416.exe
2440	Unicorn-50594.exe
2440	Unicorn-50594.exe
956	Unicorn-4854.exe
956	Unicorn-4854.exe
680	Unicorn-18498.exe
680	Unicorn-18498.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
632	1972	WerFault.exe	104
2800	868	WerFault.exe	69
2216	2884	WerFault.exe	101
392	2656	WerFault.exe	125
2304	2464	WerFault.exe	149
1992	2692	WerFault.exe	164
2028	1096	WerFault.exe	189
2856	2004	WerFault.exe	217
764	1572	WerFault.exe	226
2728	2768	WerFault.exe	248
944	2240	WerFault.exe	280
2556	1028	WerFault.exe	281
2892	1708	WerFault.exe	273

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
812	ad325499dd5f7cd9c932d683bbde805d.exe
2380	Unicorn-8798.exe
2704	Unicorn-11896.exe
2820	Unicorn-43177.exe
2596	Unicorn-26946.exe
2000	Unicorn-14693.exe
2612	Unicorn-64449.exe
3000	Unicorn-39281.exe
1736	Unicorn-6416.exe
1840	Unicorn-22753.exe
2864	Unicorn-15139.exe
1052	Unicorn-17839.exe
2004	Unicorn-42897.exe
1988	Unicorn-9177.exe
1800	Unicorn-40458.exe
528	Unicorn-46489.exe
336	Unicorn-817.exe
1596	Unicorn-25514.exe
2440	Unicorn-50594.exe
956	Unicorn-4854.exe
680	Unicorn-18498.exe
1404	Unicorn-46894.exe
2912	Unicorn-21574.exe
2476	Unicorn-41440.exe
2112	Unicorn-20828.exe
3016	Unicorn-8575.exe
2404	Unicorn-27050.exe
1152	Unicorn-27604.exe
1780	Unicorn-15160.exe
1768	Unicorn-12550.exe
1568	Unicorn-37055.exe
2388	Unicorn-16443.exe
1660	Unicorn-8829.exe
2780	Unicorn-43661.exe
2744	Unicorn-57859.exe
2276	Unicorn-21657.exe
872	Unicorn-40323.exe
1956	Unicorn-2005.exe
2632	Unicorn-25571.exe
1876	Unicorn-52597.exe
2604	Unicorn-65020.exe
1668	Unicorn-52405.exe
1628	Unicorn-60189.exe
2620	Unicorn-59374.exe
2312	Unicorn-11180.exe
868	Unicorn-7096.exe
2504	Unicorn-37522.exe
1812	Unicorn-46245.exe
476	Unicorn-15347.exe
1636	Unicorn-8741.exe
1028	Unicorn-56359.exe
1476	Unicorn-14963.exe
2264	Unicorn-34376.exe
2100	Unicorn-62602.exe
552	Unicorn-15347.exe
2932	Unicorn-51289.exe
112	Unicorn-18698.exe
1820	Unicorn-18397.exe
1428	Unicorn-50877.exe
2392	Unicorn-36871.exe
896	Unicorn-36679.exe
3048	Unicorn-50877.exe
1584	Unicorn-40763.exe
1056	Unicorn-33917.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 812 wrote to memory of 2380	812	ad325499dd5f7cd9c932d683bbde805d.exe	28
PID 812 wrote to memory of 2380	812	ad325499dd5f7cd9c932d683bbde805d.exe	28
PID 812 wrote to memory of 2380	812	ad325499dd5f7cd9c932d683bbde805d.exe	28
PID 812 wrote to memory of 2380	812	ad325499dd5f7cd9c932d683bbde805d.exe	28
PID 2380 wrote to memory of 2704	2380	Unicorn-8798.exe	29
PID 2380 wrote to memory of 2704	2380	Unicorn-8798.exe	29
PID 2380 wrote to memory of 2704	2380	Unicorn-8798.exe	29
PID 2380 wrote to memory of 2704	2380	Unicorn-8798.exe	29
PID 812 wrote to memory of 2820	812	ad325499dd5f7cd9c932d683bbde805d.exe	30
PID 812 wrote to memory of 2820	812	ad325499dd5f7cd9c932d683bbde805d.exe	30
PID 812 wrote to memory of 2820	812	ad325499dd5f7cd9c932d683bbde805d.exe	30
PID 812 wrote to memory of 2820	812	ad325499dd5f7cd9c932d683bbde805d.exe	30
PID 2704 wrote to memory of 2596	2704	Unicorn-11896.exe	31
PID 2704 wrote to memory of 2596	2704	Unicorn-11896.exe	31
PID 2704 wrote to memory of 2596	2704	Unicorn-11896.exe	31
PID 2704 wrote to memory of 2596	2704	Unicorn-11896.exe	31
PID 2820 wrote to memory of 2000	2820	Unicorn-43177.exe	33
PID 2820 wrote to memory of 2000	2820	Unicorn-43177.exe	33
PID 2820 wrote to memory of 2000	2820	Unicorn-43177.exe	33
PID 2820 wrote to memory of 2000	2820	Unicorn-43177.exe	33
PID 2380 wrote to memory of 2612	2380	Unicorn-8798.exe	32
PID 2380 wrote to memory of 2612	2380	Unicorn-8798.exe	32
PID 2380 wrote to memory of 2612	2380	Unicorn-8798.exe	32
PID 2380 wrote to memory of 2612	2380	Unicorn-8798.exe	32
PID 2596 wrote to memory of 3000	2596	Unicorn-26946.exe	34
PID 2596 wrote to memory of 3000	2596	Unicorn-26946.exe	34
PID 2596 wrote to memory of 3000	2596	Unicorn-26946.exe	34
PID 2596 wrote to memory of 3000	2596	Unicorn-26946.exe	34
PID 2704 wrote to memory of 520	2704	Unicorn-11896.exe	35
PID 2704 wrote to memory of 520	2704	Unicorn-11896.exe	35
PID 2704 wrote to memory of 520	2704	Unicorn-11896.exe	35
PID 2704 wrote to memory of 520	2704	Unicorn-11896.exe	35
PID 2612 wrote to memory of 1736	2612	Unicorn-64449.exe	36
PID 2612 wrote to memory of 1736	2612	Unicorn-64449.exe	36
PID 2612 wrote to memory of 1736	2612	Unicorn-64449.exe	36
PID 2612 wrote to memory of 1736	2612	Unicorn-64449.exe	36
PID 2000 wrote to memory of 1840	2000	Unicorn-14693.exe	37
PID 2000 wrote to memory of 1840	2000	Unicorn-14693.exe	37
PID 2000 wrote to memory of 1840	2000	Unicorn-14693.exe	37
PID 2000 wrote to memory of 1840	2000	Unicorn-14693.exe	37
PID 2820 wrote to memory of 2864	2820	Unicorn-43177.exe	38
PID 2820 wrote to memory of 2864	2820	Unicorn-43177.exe	38
PID 2820 wrote to memory of 2864	2820	Unicorn-43177.exe	38
PID 2820 wrote to memory of 2864	2820	Unicorn-43177.exe	38
PID 3000 wrote to memory of 1052	3000	Unicorn-39281.exe	39
PID 3000 wrote to memory of 1052	3000	Unicorn-39281.exe	39
PID 3000 wrote to memory of 1052	3000	Unicorn-39281.exe	39
PID 3000 wrote to memory of 1052	3000	Unicorn-39281.exe	39
PID 2596 wrote to memory of 2004	2596	Unicorn-26946.exe	40
PID 2596 wrote to memory of 2004	2596	Unicorn-26946.exe	40
PID 2596 wrote to memory of 2004	2596	Unicorn-26946.exe	40
PID 2596 wrote to memory of 2004	2596	Unicorn-26946.exe	40
PID 1840 wrote to memory of 1988	1840	Unicorn-22753.exe	41
PID 1840 wrote to memory of 1988	1840	Unicorn-22753.exe	41
PID 1840 wrote to memory of 1988	1840	Unicorn-22753.exe	41
PID 1840 wrote to memory of 1988	1840	Unicorn-22753.exe	41
PID 2000 wrote to memory of 1800	2000	Unicorn-14693.exe	42
PID 2000 wrote to memory of 1800	2000	Unicorn-14693.exe	42
PID 2000 wrote to memory of 1800	2000	Unicorn-14693.exe	42
PID 2000 wrote to memory of 1800	2000	Unicorn-14693.exe	42
PID 1736 wrote to memory of 1596	1736	Unicorn-6416.exe	43
PID 1736 wrote to memory of 1596	1736	Unicorn-6416.exe	43
PID 1736 wrote to memory of 1596	1736	Unicorn-6416.exe	43
PID 1736 wrote to memory of 1596	1736	Unicorn-6416.exe	43

C:\Users\Admin\AppData\Local\Temp\ad325499dd5f7cd9c932d683bbde805d.exe
"C:\Users\Admin\AppData\Local\Temp\ad325499dd5f7cd9c932d683bbde805d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50594.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
        10⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
        13⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        15⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
        16⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65257.exe
        17⤵
        
        PID:2004
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
        18⤵
        Program crash
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21131.exe
        15⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8848.exe
        16⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18657.exe
        17⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9305.exe
        18⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39210.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37006.exe
        12⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45636.exe
        14⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64214.exe
        15⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10649.exe
        16⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44401.exe
        17⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65356.exe
        18⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        19⤵
        
        PID:1740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
        19⤵
        Program crash
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56359.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19352.exe
        10⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49087.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
        14⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50779.exe
        15⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        16⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45185.exe
        17⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
        16⤵
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4854.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14963.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        10⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4338.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
        12⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12605.exe
        13⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22388.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        15⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57764.exe
        16⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59274.exe
        17⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20736.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21428.exe
        13⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12932.exe
        14⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44661.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3083.exe
        17⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42443.exe
        9⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46245.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38298.exe
        9⤵
        
        PID:1972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 200
        10⤵
        Program crash
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55677.exe
        9⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57426.exe
        10⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32642.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38999.exe
        13⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13742.exe
        15⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        16⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34376.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4193.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38952.exe
        10⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14878.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        13⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50883.exe
        14⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19523.exe
        8⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54899.exe
        11⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22004.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5387.exe
        13⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62896.exe
        14⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
        15⤵
        
        PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe
      4⤵
      Executes dropped EXE
      PID:520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33913.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        10⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
        11⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        12⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59559.exe
        13⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47084.exe
        14⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        15⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43737.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        17⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2005.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57239.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26337.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40509.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        12⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42938.exe
        13⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10898.exe
        14⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39290.exe
        15⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
        16⤵
        
        PID:2092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        16⤵
        Program crash
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39501.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        11⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18024.exe
        12⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61635.exe
        13⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
        14⤵
        
        PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15160.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3212.exe
        7⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        8⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
        10⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51298.exe
        12⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54946.exe
        13⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29280.exe
        15⤵
        
        PID:680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51837.exe
        7⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44131.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13269.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13456.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15122.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62543.exe
        12⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
        13⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33732.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        15⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40711.exe
        6⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17489.exe
        7⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15922.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19207.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54671.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15449.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63711.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
        13⤵
        
        PID:2404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62522.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        10⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48158.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55335.exe
        12⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        13⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
        14⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64090.exe
        15⤵
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50877.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59424.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31163.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14302.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27235.exe
        13⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9611.exe
        14⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41340.exe
        15⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64328.exe
        13⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
        14⤵
        
        PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21574.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30021.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28667.exe
        10⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        11⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15480.exe
        12⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
        13⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32876.exe
        14⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22373.exe
        15⤵
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61567.exe
        7⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46466.exe
        8⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5511.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60431.exe
        11⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        12⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18626.exe
        13⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63467.exe
        15⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35516.exe
        12⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        14⤵
        
        PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41440.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58801.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7286.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51583.exe
        11⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
        12⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        13⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16462.exe
        14⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65465.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6892.exe
        16⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
        17⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65020.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18698.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38874.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38677.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        12⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40577.exe
        13⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12019.exe
        14⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38189.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29741.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9891.exe
        9⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        12⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48226.exe
        13⤵
        
        PID:1424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
        7⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
        8⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34588.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45849.exe
        11⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47842.exe
        14⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36871.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
        7⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6108.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32014.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60550.exe
        10⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41241.exe
        11⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51905.exe
        12⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
        13⤵
        
        PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27604.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56305.exe
        6⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61370.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
        10⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        11⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59331.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18403.exe
        13⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
        14⤵
        
        PID:1836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 380
        14⤵
        Program crash
        
        PID:2892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 376
        13⤵
        Program crash
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 376
        12⤵
        Program crash
        
        PID:764
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 380
        11⤵
        Program crash
        
        PID:2028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 376
        10⤵
        Program crash
        
        PID:1992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 376
        9⤵
        Program crash
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 380
        8⤵
        Program crash
        
        PID:392
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 376
        7⤵
        Program crash
        
        PID:2216
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 376
        6⤵
        Program crash
        
        PID:2800

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14693.exe

Filesize
184KB

MD5
15d682c094bd5ba13b70734dc2b100bc

SHA1
8e1db77334d9892878fcb162726e5556440b0e03

SHA256
b40ebd7d37268d85cb3da651d2ba88c4c3e2c6e9880a606f023ea700e5fc38e2

SHA512
ca622d604cdbcb0514259b0cd6715befbbb06f41db63d30cbf45f615b76bdaf610f799bc33c32059cfe17abf572ca314daae0e7f36a14b22e5e539a194389002

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe

Filesize
184KB

MD5
33892e080a8befaa7e26cb82dd4a4d72

SHA1
b2f6f179f1d128c345915a22b7fbc1a087a02022

SHA256
745746f4f94ae2f2ec3cbf703af2dd26c7ec3ed170533f5e27c58829312e85e7

SHA512
ca517b5251b29d4030a1108b40753fcd3e9e6776396d789531bd3a9925d58f572f627bbd493cb1b9d575efbef09ff104012c243fd2109aba2081cb5e4212d0ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22753.exe

Filesize
184KB

MD5
4827c23a0a3bfa66e1816831fd4a853b

SHA1
baf5b1241cc04eccd8dc6f10f6783a9a4052c9fc

SHA256
323907de92d8827b31fca6c9b23b43607178b338d9bc2a866311ec6aabd3eddd

SHA512
43bb324f5299c50bf8e13d72f6aa13e07e5db85366aa6723818f3f3f00671d6f60cbc142031f5e41559659a6f1fbf0c50b2d2033ae65711702ef54a271eaa629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30976.exe

Filesize
184KB

MD5
c4871a0c30dea7189378cc5168ea78b6

SHA1
c92da7c84f4319c4ddaf4ed9a4eb1406aee38efe

SHA256
2106652ebf67a9e2e1532e2a045193cd3417455135fbb1ba0cd5a924a8f47f33

SHA512
2f4662a7ada11613fb298100fadd1098b566ef84e1353acd1d7d8295358333a3dec7cd8dd498ac168ea6fe1d737eebaf805193697b963bffa57a88223e98f6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36679.exe

Filesize
184KB

MD5
3d3e119c76085e833b5a9e18eab96473

SHA1
d1da2f98362a79b7db26b5b5c8d97fba88fc931c

SHA256
bb56634aae32f56df154575d88d15289d58ad3f3e84496fbb6992b97a4549477

SHA512
2d92454a43278e5cf552245958e57412fd9b7d58fee469bd7aa11bf8e44960b6a0d18ff12269f0768acb10a5a8e18d0cdbfe20a84ce6adef5365d73f90b7772a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe

Filesize
184KB

MD5
5ccd50938fa43036331831c7c3f622e9

SHA1
a49a0f265507914645900860d89f513b3239e755

SHA256
da5f51f78bd2e127fe4a601f6c04e53ae84af9efe36f28f06ac7871f305d7b5f

SHA512
571a1edaf3a2474490caa6937c16f3cc8fca1a3268d54fc865b8776c310045a6ac7a9f36ac34d57765697249f3fc2cf3a569116c4748ad036dd06669170f1a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39835.exe

Filesize
184KB

MD5
f202d82bd283bccff33c672f7c9a3645

SHA1
9207ef84dc7646f83ce46b9e0c77cdae09b0bf25

SHA256
f614dff18d123bcf3da1456e791ba624dc94bc81bc2e00d48987cdbc86e2921c

SHA512
f83a968d250f889a40c4fdb4012facf153f3449fce9d16a2151e0d0495f65c8efeab0d8d1c37d2642edac1dfd6975801dfd4265936d91bc434e8e5743ab39383

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe

Filesize
184KB

MD5
2397a9fbe5e397d48838e578d38e3c83

SHA1
1e746aa32841825f6ba55f885ee2b1cb85beb23f

SHA256
750bacabb8310d4986e630cd3f1659a56a11cd226ad4756beaafc1353feee259

SHA512
4c96e96115e35d7008aa8ba60bad05a418c57a43131735643b5a4948c9a0188017f33d49d77cc69a02dcd5b4c3a8d745e9b3d8104092fa850f39405921dcc885

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44370.exe

Filesize
184KB

MD5
aa41962072183b803a4d4a62dd15ab9c

SHA1
d3b75d195646cec0de2f7f80907c4e725c512615

SHA256
0e3b27d19d4e5f16705770b0cb89e70970ea97227b9d9008a89c9b43200b1511

SHA512
6cc4e0f11e90c1b800c4569bb1dba0be653c6a0b4dd12cdc4bf309afafe2f4f74c2d693c74a2ff1944608f820b7fa800d9fc8f74f8763b588b874135abccd39b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46489.exe

Filesize
184KB

MD5
a5c5a2a9bd773c85a5e7af47a5ff17e0

SHA1
de80ae0604a5aa56512c0d0b8ff30200e237575f

SHA256
ca551e646f170d29632cef21ee24da160a8c93660e8b0d1aaa381029800cbe94

SHA512
4084852eaea73422e5f38a66d174d9d100fabfcf3be27ffe35efcbb517114ecc27f43324e3d4e97e0949218584fdd5773610071662e27021f9c3161079744a3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe

Filesize
184KB

MD5
50a8dab6398b1854be4927d1466b2d17

SHA1
5fe5573baff70d094ee7cd4352f2b4edf1500900

SHA256
648bbe1a4951b8652b226277d89ae1ef097210ad5364020d54bcbbd4f598933a

SHA512
0988ace8e699f46329ad2e141591decf17cdcdf6bfa5fea30436db6dc06ad2b6869713a91f9b3530b00ef489a4512abc71511e4ba978649c4b4e07b1e5b57dce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe

Filesize
184KB

MD5
c54347e560d0caccb0c174c4955735f9

SHA1
91afc44c2e5c1c0c2cb139e1146f7400a2f0a8e7

SHA256
bae6fd234b44517e0a7309c7fab934a6e34fdb36d16f590f37e20eb08d52088b

SHA512
3c3e96e63c2a976cc85a939e17f50e212533b8b0f0fc0ac0c54b1e5bba581e9c05c4c47519a958215cd0e21c0f57de7067db121f54689563dfd0dac64887b0f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6383.exe

Filesize
184KB

MD5
7c84e466b5a01791703b88861f3910d4

SHA1
592e960844638fa61f9918dc8add6b9d09096e1d

SHA256
7c9996a476fdb4e2c81b096461d28f92e36663bb3360ae02f06cc66ccc141439

SHA512
f906789a59cd76dfb65923820b3ed8e1b0bcaa9d207417d9925b2a4a7070be27b4dd9f060a41482a9a5f3a52b172dedb9896d7ab8f9761783742335ff1471caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64449.exe

Filesize
184KB

MD5
67003ef405ca0496a6619b506493400e

SHA1
d7f215bab1007ae3462a407e4bf1837b99cd7fff

SHA256
e5918f3e072f92aedb9082161ca7ee62c12a33cb33cd75b559e8dd634ccc5c9a

SHA512
2c26b29a25c77eefcc8fa57f3dab14910d4ad7b4f97127bf2f3199a5d3c0ae96e2bbba98f460bba45a0ac42f65f4205a0664cde452fce71161cc6fdd49ba3818

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe

Filesize
184KB

MD5
552acf517181511552d466c8f78a1afa

SHA1
a779e74611004349c5543610cc0c3777108841c8

SHA256
9df11d62c0b08ad0811ddc3db37e4314b1dfffbe8978fcf69f4f760e6d577cf3

SHA512
09773343992626718c8b427c33e59f531328e3e324d25c04062c360214aaf45cd43b32941c5dea0960b74875da6f6eb63baaa830bcf4cb17d9c5cce9a8b83637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11896.exe

Filesize
184KB

MD5
2f1ef1c13d596f5520e16c47efd2b754

SHA1
a3c5f527d636af56b221195569b82c01c4bc2631

SHA256
64d624032c1928485d08a878bd4380a2e25fbfe37a4cb9cffee1ae9f75c6d01d

SHA512
43547418d8f14c35e3f2c24a2e014e9692a750fe80e31605c895542158307a9988fe8b2f8a3f35fcb3b3824063e54edeb965ef5dcabcba1560237b25c755d442

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe

Filesize
184KB

MD5
ab04d7cec32ccbb3dd2d48124468181d

SHA1
704528cd45deb7512c1e893f348c98305c00d5cc

SHA256
d24b7c975849728b2ea023bb100fc36aacb97bf928b2d4d834d8e568d6fc01d5

SHA512
cf36a0cc700da496688b5677819b76157e905aa89be207af4bb0be1472730dc45f08ab6515e5ab3ceaeb362a4062d27946fbc8375ac4df4e1f4eca2b1e48862e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe

Filesize
184KB

MD5
9b42c6c946ddcbd9ae4bc1a3a48786c0

SHA1
735e2fdb7cc154eb5fe673025f7a702ccee12e3d

SHA256
7168bb7a826e4c0b5ae1baeb0a61317514a73ef234817035d76f37637f45035f

SHA512
4b7e7b994bb5edd92408da92c277787db6687f4cbb767d31b250173d9c4fb30d8aac508d08e24c7e0bfaf194c3f3e44de39c4d86340684eab6bfb4b358d64306

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26946.exe

Filesize
184KB

MD5
23dad6f5ccdf91650ecd1461b645063c

SHA1
0143d67a13700802817777164270201677e2a84c

SHA256
2ed3b127678589f0ac3ff554332c1234c38ca225b9590b18e24f1953ca697baa

SHA512
e756beec4927d9b17a0907852f89b38225fa6d95364e6a740014966433cdba4bbc3ea71d61d3bd01ef8bf8f0960464fc262c3abc348769aa7d302b523b77a0c7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39281.exe

Filesize
184KB

MD5
3b768c8f446565fa92fa84daa3a86b4a

SHA1
e90850a0eeed9441d6b9784fcc9cbabfbdd8aa95

SHA256
0dcdc8237ba7b39d9183f922bf41b310925f86cf33d60f4ee085be7865697386

SHA512
0c3be68b60276ae6ab804a3b08f7d3fdfca74f5c4e3eca06b70520d624a7037b2b67f6ef9701e4ec3663fbebbe643966709d0019fab6e868da646c7bbc59c7a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40458.exe

Filesize
184KB

MD5
57fb84b2bec83836b940ebc42eef0f71

SHA1
e1fdb64ce6dfb326dbe1367f4759e35a0b58121f

SHA256
dbb18b5b651657e24d457ee36d8b8fad3fdef4bc6d97e65ce64980bba8a04e02

SHA512
11707614085aec04780ca0a4c3b09358747cceebff39eaec8f62e8d69f3c1537dd57a0b63fce7649b12059e41523e45df6d3816186b2ae46da4eb3d8b001dd3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe

Filesize
184KB

MD5
5369cde2c5055e5e945322b4c0057a63

SHA1
65d50735b3626bfd34e039405a91e55d6b0b6871

SHA256
1d48fa7c81a6c6c2e38ebed933e96365310ca2a1bc2680c1d8a14d830c8e674f

SHA512
157fdcb8501fc1d4bab0713e01ffb4e34b9abd5c4e22f5c3f2600d93cde742034adfc58567fa29a962d062939a81407dcf404c15be71b5d227384170eb62b6db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe

Filesize
184KB

MD5
22bc9d45b57d9e5495232a08bf6e59a8

SHA1
31d321135c4c0305b111626adfe7151f636147b9

SHA256
fd145d63a958d4fd60747d3bec4e009349271fb09c75622ca92e1483d02461dc

SHA512
fb229924300f19637d372da5193845f8802fd858bcbb596d5cfbb1bfa1d516c81e5093b3b87d0328476c2b7d7610e6b0753eaf60b2a5c4ba43c5bb748dcb9cc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6416.exe

Filesize
184KB

MD5
e86685fc4a99fbff865471799e4b67cb

SHA1
6d87ed9e09ddcbf6eaf22973090532c02122c12b

SHA256
503bb637c711b69c6d0ef16bf6df61eec1656b590a9a79641b1711a73c882f84

SHA512
73bd76925df1f576a52bc33e58112aa744e4bbe98a17b10509758362fb0a6732485db0fa089b8fd4f1b318d04fdbe2dc73bf31359f0efb976181c8eaf6ed82f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-817.exe

Filesize
184KB

MD5
e4478b9c9134d61e4944e47636d2bfc6

SHA1
3f0bdd6060b4af3237c5317ee25fbcccd0308985

SHA256
fd951fca8360f0c8084473a4fd509bea478b9f9ac4cdc476ab7e9c112b921115

SHA512
575ee99044702dc4649a245eb76af820b47d697df38d52206ddbcd3653d299d89b09c5f075a9c6b0695de21b3cf58dcdb242b10ba6fcdabef6f675b8e4f90ff6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe

Filesize
184KB

MD5
c25558e358123f344943d41fba465d8e

SHA1
3fa5317924c098b53079d972db1faa111634588b

SHA256
3cfc2442201b265687b8994cf25e6593c0436186b1978569ec5a0257ec66340d

SHA512
467a75a1d335909ce1f7b68b188a775126089edcac1396c957050e137bedcde4de083881860ed46b74aa7a6f0d2c38351e59c61d5fb17eef0c56446fae433198

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe

Filesize
184KB

MD5
543b9666e81b3f6a9d9bf0cb746fd611

SHA1
bdbe0ff855d991b25bb4022dfc44de35bcc4461e

SHA256
c67c3e84bf699df9933f62301a2cd16ccc6609eacd1b29725bc0ea0190f4770f

SHA512
e423575ff55b2e7af219919bfa10d25d2c8fd9ead6ed72813683c687f582166e1cc148889f81dbf91bb93b09ca8ed0f3c324d8f919caf69bc3b97d39467afdce

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads