94bc7d4b8c979e3a1053f849c58de17400b14f697edc89dc7ed08829d895bba1

Analysis

max time kernel
73s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

441175ec219a83b3055c50519761f6ef.exe
Size

184KB
MD5

441175ec219a83b3055c50519761f6ef
SHA1

94e5da67d6ebf7039d7d88676263b598d1b3d79c
SHA256

94bc7d4b8c979e3a1053f849c58de17400b14f697edc89dc7ed08829d895bba1
SHA512

dd73a4f837354c2e6158f86e17414b4242fb62174b333d5f214d743dce6320c3a1fbe50b417ccd308ee6420ce4a791b683c0b762ea1aa7a361684a115a73dc25
SSDEEP

3072:Ay2aomPTPDHQnOC4MhSzA8wM3Y6MxvTlrG3x5z/HZNlPvpFF:Ay7oYbQnuMczA8exW9NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1620	Unicorn-9673.exe
2876	Unicorn-29923.exe
2420	Unicorn-49789.exe
2728	Unicorn-36080.exe
2076	Unicorn-38628.exe
2840	Unicorn-27947.exe
2672	Unicorn-34208.exe
2008	Unicorn-50409.exe
2700	Unicorn-30612.exe
3052	Unicorn-36620.exe
1932	Unicorn-17997.exe
2256	Unicorn-51350.exe
2928	Unicorn-57198.exe
1444	Unicorn-45045.exe
1820	Unicorn-39949.exe
2252	Unicorn-36353.exe
2984	Unicorn-56064.exe
1060	Unicorn-64775.exe
444	Unicorn-53602.exe
1856	Unicorn-4314.exe
2564	Unicorn-35062.exe
2364	Unicorn-15196.exe
1392	Unicorn-2555.exe
1628	Unicorn-3957.exe
1160	Unicorn-18913.exe
356	Unicorn-42082.exe
1760	Unicorn-44730.exe
1996	Unicorn-4769.exe
2224	Unicorn-7218.exe
2200	Unicorn-27084.exe
832	Unicorn-61401.exe
1972	Unicorn-19118.exe
2408	Unicorn-13537.exe
2052	Unicorn-14938.exe
2820	Unicorn-34804.exe
2860	Unicorn-55836.exe
2100	Unicorn-10164.exe
2344	Unicorn-28660.exe
2772	Unicorn-28660.exe
2716	Unicorn-65076.exe
2628	Unicorn-57531.exe
2060	Unicorn-54340.exe
2912	Unicorn-26425.exe
1028	Unicorn-18881.exe
2664	Unicorn-58408.exe
1968	Unicorn-28383.exe
2668	Unicorn-14137.exe
2904	Unicorn-22929.exe
632	Unicorn-62456.exe
2080	Unicorn-16785.exe
2000	Unicorn-16785.exe
3048	Unicorn-17137.exe
2580	Unicorn-37003.exe
1860	Unicorn-10189.exe
2296	Unicorn-57818.exe
2840	Unicorn-27947.exe
1584	Unicorn-15083.exe
1784	Unicorn-60755.exe
1224	Unicorn-38610.exe
1292	Unicorn-7569.exe
2320	Unicorn-47097.exe
2488	Unicorn-34562.exe
2684	Unicorn-12463.exe
1604	Unicorn-6843.exe

Loads dropped DLL 64 IoCs

pid	Process
2152	441175ec219a83b3055c50519761f6ef.exe
2152	441175ec219a83b3055c50519761f6ef.exe
2152	441175ec219a83b3055c50519761f6ef.exe
2152	441175ec219a83b3055c50519761f6ef.exe
1620	Unicorn-9673.exe
1620	Unicorn-9673.exe
2876	Unicorn-29923.exe
2876	Unicorn-29923.exe
2420	Unicorn-49789.exe
2420	Unicorn-49789.exe
1620	Unicorn-9673.exe
1620	Unicorn-9673.exe
2728	Unicorn-36080.exe
2728	Unicorn-36080.exe
2876	Unicorn-29923.exe
2876	Unicorn-29923.exe
2076	Unicorn-38628.exe
2076	Unicorn-38628.exe
2420	Unicorn-49789.exe
2420	Unicorn-49789.exe
2840	Unicorn-27947.exe
2840	Unicorn-27947.exe
2672	Unicorn-34208.exe
2672	Unicorn-34208.exe
2728	Unicorn-36080.exe
2728	Unicorn-36080.exe
2008	Unicorn-50409.exe
2008	Unicorn-50409.exe
1932	Unicorn-17997.exe
1932	Unicorn-17997.exe
3052	Unicorn-36620.exe
3052	Unicorn-36620.exe
2840	Unicorn-27947.exe
2840	Unicorn-27947.exe
2700	Unicorn-30612.exe
2700	Unicorn-30612.exe
2076	Unicorn-38628.exe
2076	Unicorn-38628.exe
2256	Unicorn-51350.exe
2256	Unicorn-51350.exe
2928	Process not Found
2672	Unicorn-34208.exe
2928	Process not Found
2672	Unicorn-34208.exe
1444	Unicorn-45045.exe
1444	Unicorn-45045.exe
2008	Unicorn-50409.exe
2008	Unicorn-50409.exe
1820	Unicorn-39949.exe
1820	Unicorn-39949.exe
1932	Unicorn-17997.exe
1932	Unicorn-17997.exe
2984	Unicorn-56064.exe
2984	Unicorn-56064.exe
1060	Unicorn-64775.exe
1060	Unicorn-64775.exe
2700	Unicorn-30612.exe
2252	Unicorn-36353.exe
2700	Unicorn-30612.exe
2252	Unicorn-36353.exe
3052	Unicorn-36620.exe
444	Unicorn-53602.exe
3052	Unicorn-36620.exe
444	Unicorn-53602.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2660	2256	WerFault.exe	113
2108	556	WerFault.exe	159
964	2912	WerFault.exe	212

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2152	441175ec219a83b3055c50519761f6ef.exe
1620	Unicorn-9673.exe
2876	Unicorn-29923.exe
2420	Unicorn-49789.exe
2728	Unicorn-36080.exe
2076	Unicorn-38628.exe
2840	Unicorn-27947.exe
2672	Unicorn-34208.exe
2008	Unicorn-50409.exe
2700	Unicorn-30612.exe
1932	Unicorn-17997.exe
3052	Unicorn-36620.exe
2256	Unicorn-51350.exe
2928	Unicorn-57198.exe
1444	Unicorn-45045.exe
1820	Unicorn-39949.exe
2252	Unicorn-36353.exe
2984	Unicorn-56064.exe
444	Unicorn-53602.exe
1060	Unicorn-64775.exe
1856	Unicorn-4314.exe
2564	Unicorn-35062.exe
2364	Unicorn-15196.exe
1392	Unicorn-2555.exe
1628	Unicorn-3957.exe
1160	Unicorn-18913.exe
356	Unicorn-42082.exe
1760	Unicorn-44730.exe
1996	Unicorn-4769.exe
2200	Unicorn-27084.exe
2224	Unicorn-7218.exe
1972	Unicorn-19118.exe
832	Unicorn-61401.exe
2408	Unicorn-13537.exe
2344	Unicorn-28660.exe
2100	Unicorn-10164.exe
2052	Unicorn-14938.exe
2860	Unicorn-55836.exe
2716	Unicorn-65076.exe
2820	Unicorn-34804.exe
2772	Unicorn-28660.exe
2628	Unicorn-57531.exe
2060	Unicorn-54340.exe
1028	Unicorn-18881.exe
2912	Unicorn-26425.exe
2664	Unicorn-58408.exe
1968	Unicorn-28383.exe
2668	Unicorn-14137.exe
2904	Unicorn-22929.exe
2000	Unicorn-16785.exe
632	Unicorn-62456.exe
2080	Unicorn-16785.exe
3048	Unicorn-17137.exe
2580	Unicorn-37003.exe
1860	Unicorn-10189.exe
2296	Unicorn-57818.exe
2840	Unicorn-27947.exe
1584	Unicorn-15083.exe
1784	Unicorn-60755.exe
1292	Unicorn-7569.exe
1224	Unicorn-38610.exe
2320	Unicorn-9708.exe
2488	Unicorn-34562.exe
2684	Unicorn-12463.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2152 wrote to memory of 1620	2152	441175ec219a83b3055c50519761f6ef.exe	28
PID 2152 wrote to memory of 1620	2152	441175ec219a83b3055c50519761f6ef.exe	28
PID 2152 wrote to memory of 1620	2152	441175ec219a83b3055c50519761f6ef.exe	28
PID 2152 wrote to memory of 1620	2152	441175ec219a83b3055c50519761f6ef.exe	28
PID 2152 wrote to memory of 2876	2152	441175ec219a83b3055c50519761f6ef.exe	30
PID 2152 wrote to memory of 2876	2152	441175ec219a83b3055c50519761f6ef.exe	30
PID 2152 wrote to memory of 2876	2152	441175ec219a83b3055c50519761f6ef.exe	30
PID 2152 wrote to memory of 2876	2152	441175ec219a83b3055c50519761f6ef.exe	30
PID 1620 wrote to memory of 2420	1620	Unicorn-9673.exe	29
PID 1620 wrote to memory of 2420	1620	Unicorn-9673.exe	29
PID 1620 wrote to memory of 2420	1620	Unicorn-9673.exe	29
PID 1620 wrote to memory of 2420	1620	Unicorn-9673.exe	29
PID 2876 wrote to memory of 2728	2876	Unicorn-29923.exe	33
PID 2876 wrote to memory of 2728	2876	Unicorn-29923.exe	33
PID 2876 wrote to memory of 2728	2876	Unicorn-29923.exe	33
PID 2876 wrote to memory of 2728	2876	Unicorn-29923.exe	33
PID 2420 wrote to memory of 2076	2420	Unicorn-49789.exe	32
PID 2420 wrote to memory of 2076	2420	Unicorn-49789.exe	32
PID 2420 wrote to memory of 2076	2420	Unicorn-49789.exe	32
PID 2420 wrote to memory of 2076	2420	Unicorn-49789.exe	32
PID 1620 wrote to memory of 2840	1620	Unicorn-9673.exe	82
PID 1620 wrote to memory of 2840	1620	Unicorn-9673.exe	82
PID 1620 wrote to memory of 2840	1620	Unicorn-9673.exe	82
PID 1620 wrote to memory of 2840	1620	Unicorn-9673.exe	82
PID 2728 wrote to memory of 2672	2728	Unicorn-36080.exe	38
PID 2728 wrote to memory of 2672	2728	Unicorn-36080.exe	38
PID 2728 wrote to memory of 2672	2728	Unicorn-36080.exe	38
PID 2728 wrote to memory of 2672	2728	Unicorn-36080.exe	38
PID 2876 wrote to memory of 2008	2876	Unicorn-29923.exe	37
PID 2876 wrote to memory of 2008	2876	Unicorn-29923.exe	37
PID 2876 wrote to memory of 2008	2876	Unicorn-29923.exe	37
PID 2876 wrote to memory of 2008	2876	Unicorn-29923.exe	37
PID 2076 wrote to memory of 2700	2076	Unicorn-38628.exe	36
PID 2076 wrote to memory of 2700	2076	Unicorn-38628.exe	36
PID 2076 wrote to memory of 2700	2076	Unicorn-38628.exe	36
PID 2076 wrote to memory of 2700	2076	Unicorn-38628.exe	36
PID 2420 wrote to memory of 3052	2420	Unicorn-49789.exe	35
PID 2420 wrote to memory of 3052	2420	Unicorn-49789.exe	35
PID 2420 wrote to memory of 3052	2420	Unicorn-49789.exe	35
PID 2420 wrote to memory of 3052	2420	Unicorn-49789.exe	35
PID 2840 wrote to memory of 1932	2840	Unicorn-27947.exe	156
PID 2840 wrote to memory of 1932	2840	Unicorn-27947.exe	156
PID 2840 wrote to memory of 1932	2840	Unicorn-27947.exe	156
PID 2840 wrote to memory of 1932	2840	Unicorn-27947.exe	156
PID 2672 wrote to memory of 2256	2672	Unicorn-34208.exe	113
PID 2672 wrote to memory of 2256	2672	Unicorn-34208.exe	113
PID 2672 wrote to memory of 2256	2672	Unicorn-34208.exe	113
PID 2672 wrote to memory of 2256	2672	Unicorn-34208.exe	113
PID 2728 wrote to memory of 2928	2728	Unicorn-36080.exe	45
PID 2728 wrote to memory of 2928	2728	Unicorn-36080.exe	45
PID 2728 wrote to memory of 2928	2728	Unicorn-36080.exe	45
PID 2728 wrote to memory of 2928	2728	Unicorn-36080.exe	45
PID 2008 wrote to memory of 1444	2008	Unicorn-50409.exe	44
PID 2008 wrote to memory of 1444	2008	Unicorn-50409.exe	44
PID 2008 wrote to memory of 1444	2008	Unicorn-50409.exe	44
PID 2008 wrote to memory of 1444	2008	Unicorn-50409.exe	44
PID 1932 wrote to memory of 1820	1932	Unicorn-17997.exe	43
PID 1932 wrote to memory of 1820	1932	Unicorn-17997.exe	43
PID 1932 wrote to memory of 1820	1932	Unicorn-17997.exe	43
PID 1932 wrote to memory of 1820	1932	Unicorn-17997.exe	43
PID 3052 wrote to memory of 2252	3052	Unicorn-36620.exe	42
PID 3052 wrote to memory of 2252	3052	Unicorn-36620.exe	42
PID 3052 wrote to memory of 2252	3052	Unicorn-36620.exe	42
PID 3052 wrote to memory of 2252	3052	Unicorn-36620.exe	42

C:\Users\Admin\AppData\Local\Temp\441175ec219a83b3055c50519761f6ef.exe
"C:\Users\Admin\AppData\Local\Temp\441175ec219a83b3055c50519761f6ef.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64775.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4769.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        9⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        12⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        13⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
        10⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        12⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        13⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        14⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47097.exe
        8⤵
        Executes dropped EXE
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51907.exe
        9⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        10⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
        11⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        12⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16443.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15016.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
        11⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
        12⤵
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7218.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8232.exe
        12⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16579.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10062.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52196.exe
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51350.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
        8⤵
        Program crash
        
        PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        6⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14644.exe
        8⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        10⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23756.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54108.exe
        12⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
        13⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14131.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17997.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52066.exe
        13⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
        14⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5293.exe
        7⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
        8⤵
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5585.exe
        9⤵
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
        10⤵
        Program crash
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7989.exe
        7⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30495.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        10⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11577.exe
        11⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
        12⤵
        
        PID:1332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36620.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36353.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
        8⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
        9⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18662.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        11⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
        9⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42770.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35916.exe
        13⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31716.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        7⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3262.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        11⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19702.exe
        12⤵
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17137.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        7⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11852.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        9⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
        11⤵
        
        PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61401.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16785.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        7⤵
        Executes dropped EXE
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        10⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
        6⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        8⤵
        
        PID:2576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15166.exe
    3⤵
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65178.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65178.exe
      4⤵
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18913.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
        7⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37794.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10532.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55966.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38664.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14685.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        13⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48518.exe
        14⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1339.exe
        15⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21088.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
        8⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48935.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56088.exe
        12⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
        12⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60755.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        8⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        9⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        10⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47018.exe
        11⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51033.exe
        7⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54028.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48016.exe
        10⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56401.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        7⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        9⤵
        
        PID:848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42082.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57531.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40038.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
        9⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        11⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        12⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        13⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30162.exe
        7⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        8⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64693.exe
        9⤵
        
        PID:2836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28071.exe
        6⤵
        
        PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19035.exe
      4⤵
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14189.exe
        7⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
        11⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38607.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43975.exe
        13⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61259.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
        10⤵
        
        PID:1164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53193.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38610.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23177.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45976.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
        10⤵
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
        6⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29928.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        8⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        9⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        10⤵
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4966.exe
        6⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        7⤵
        
        PID:2912
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 200
        8⤵
        Program crash
        
        PID:964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
        5⤵
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25159.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
        9⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-94.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-94.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55291.exe
        13⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        7⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18583.exe
        9⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        8⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15587.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25321.exe
        12⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22822.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31706.exe
        9⤵
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10164.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10189.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42206.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51572.exe
        9⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27947.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2950.exe
        7⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        8⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39954.exe
        9⤵
        
        PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35062.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25228.exe
        7⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36004.exe
        9⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
        10⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        10⤵
        
        PID:2764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        6⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14125.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25271.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
        10⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27518.exe
        11⤵
        
        PID:1188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55836.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26452.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2874.exe
        8⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59330.exe
        9⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62918.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15629.exe
        12⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20172.exe
        6⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55727.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
        8⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14951.exe
        9⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        7⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
        8⤵
        
        PID:1288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50409.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45045.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
        7⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
        10⤵
        
        PID:1004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        6⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45926.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45518.exe
        9⤵
        
        PID:320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33896.exe
        6⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59573.exe
        7⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60336.exe
        8⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34562.exe
        10⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9732.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        12⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        9⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15322.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16884.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63323.exe
        10⤵
        
        PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9052.exe
      4⤵
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28660.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7569.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        8⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        5⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31187.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
        9⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
        10⤵
        
        PID:3580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe

Filesize
184KB

MD5
b872a2d7a6dd87601f92affcb96209e7

SHA1
1deb37bc853211ef4e20e18634d30267c15bbdc4

SHA256
bf9e3562bafc6ba7adc810493d93f1b2e2346e5235ec9b14cf15657222985f39

SHA512
827e4cb022f89dc9e21647aaa90a4558eb26ce8d8399060faf271597cb3a16df553a5039644c561dd3f714e8fd061e2ab588ce6f6645be298fd5005a63344cbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe

Filesize
184KB

MD5
ab6b1ebc8d8d861bf5fb21bed9366be1

SHA1
da664efad6657ab0e8d8c3445db6934bc654026e

SHA256
88133d779683d88513bbb783954c3c6c0845bfee516a5d935d8998ffb4239de3

SHA512
886d6931246cd5e686ce34cfffa57a49b275be3495b445ba0ddf5604e9fbfd812797c7295cf97eb006a96b74e840eaa21c455998f289acbe014f3cb847906cab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe

Filesize
92KB

MD5
bed262b4b5966a2e61bbab71691131fb

SHA1
45b9206c6fca3d845ea0c196f2d71047decd55fe

SHA256
d6429db5115d5b4b686cd3d9962f11fef36048bafd9f3aeb9374e70f4b4177fa

SHA512
40292e0b109128097b1a7e35451df3b5ed28dd57b63da75fbfd57b67dcc20a4e489428e3a24488e88e8b9770274e2f9a772bb2427093f2217eb6944643a68b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe

Filesize
93KB

MD5
7958404e61ffc37d1ac64a4f7c588a8e

SHA1
855f6df800d20204edb73cb73b8519032f7a3971

SHA256
2201aefef20d60367477a16c7ea13882a92203b577cb263651917b395748f044

SHA512
36dcf10ed91a933a2879ddc1786ef082feaffc9a15dfc5364f8a1e6bd82d6ba0218e93a6102e0f99e482141a28ccce41051d3de0c013d388b864dcc995596db1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe

Filesize
102KB

MD5
b45bd7fe1d061e389a884d3a3f59aa4d

SHA1
fed34b82dd7af548f6053b82839dceef74cb08ac

SHA256
a245c0a352fe2708d1024543bebc31bc8e5630952a5dd701f38f20e6bf9b6ae7

SHA512
36f6d0a76226edab6321b36d6721360c84b7ef7e2f6b7fb79230d31c8600bdb28bec69bb7075e03711828052333ffda1a7a5b9532160e9a1c7664fe33c0b11d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe

Filesize
184KB

MD5
577533ac49e7c965f3546bd665c4b5de

SHA1
8a94ff60caf8bc65119637f74e23bad407b6d0e2

SHA256
6b5c7accad5644eea3e8dd36625528ffffffa2c94278640350522f53736c6848

SHA512
65488f3375bca93449ccaaa601132c7fd57503a529011ea85e50f8bd2e7dbac118b126b74433639d51d3fc65cd768729a1581eabd8050b24306141de345a5788

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe

Filesize
184KB

MD5
bc35a9b0434a0d8fc9d89a808131915b

SHA1
5dda214d7822f246b29e496a9e27f28462744537

SHA256
fde35e4f4925cf90c55af2d4daa58db212a62281547c119691620ddcabc9fb71

SHA512
4e6e072e5d058075adb8ead9f2adcd826a9e23976c4e14fd747bc96af0a07e5fc1e8fa1fffea01305210f2c088133c206c6da76cf5845147d1e794c51f004e4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe

Filesize
184KB

MD5
9e58c8f4552982a9e52ed01d3e363789

SHA1
c146d1a818edb6dcf6a03994ee064d4e480d6d31

SHA256
cc55d8aac0beeca76c6bb693af2baee1ae401b6d75c5db70e630146fef8f2a34

SHA512
dc079c632bdda5e3d5194aad3bda1f83501ccad1d3bbe5b9086d0f52a5dd5664c05c227adea7409bd0fe736d8a65268a3053f1ef68ad0e31f1a33ae07211d714

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36080.exe

Filesize
103KB

MD5
c19699d5f0f611cc0ffdd10ae8aeaddd

SHA1
fa23d1cffcf664504b2e138230c8fa734b5fc9c3

SHA256
8f5995c5636cea5b00b31bfb077a792236e267c77bd142a106250e48163c1d24

SHA512
3a3106a2f1d8da2b3609779d5a85410af497b97af57fea50aad472b685b3b902ad38f9e1dd447f0b24b2f8d8a8ec99744b05febf2af658dfe70b3062f4d95162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38628.exe

Filesize
92KB

MD5
75b5d6db726b07938e6e6b05f26853c1

SHA1
3736bb30898520f7d77592c615b96990fa133859

SHA256
019d2f12e1367133b445fe5c7e318975a18143f945f57ccf8a520332d47cc0ed

SHA512
d07fd4607c5c7d4e33e120f17b549babec7b4b7178d5c77e0f92fc875fc18c1b6db53da0f9bccf1ff6a887ee18d2b371cd0517536073e589ee7881503c701025

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads