594c0c71042b04b6a4e8f8ee022436755d03370da5de402e9525aaed589a2f49

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 05:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

295db01416b511e9a7e0823bad0c73db.exe
Size

184KB
MD5

295db01416b511e9a7e0823bad0c73db
SHA1

83268f0a0a2588a357f0c5e9168551db3256c492
SHA256

594c0c71042b04b6a4e8f8ee022436755d03370da5de402e9525aaed589a2f49
SHA512

b3d8c87234b4088812143ee5905a19073e501916a0b3e1adb43dcbd0a9ff7e0856ee45a8b289b1b9d90874ad8f7711bcf8273695812c1ff82be32e4295f79309
SSDEEP

3072:Xm1oom8g0DA8uOjzdTsKI8FbKZh60Ogi0DNxtMPHsNlPvpFw:Xmeoj88uIdoKI8p/SpNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2192	Unicorn-5882.exe
2668	Unicorn-15140.exe
2764	Unicorn-14818.exe
2956	Unicorn-35042.exe
1632	Unicorn-38742.exe
2844	Unicorn-47465.exe
2256	Unicorn-9214.exe
1508	Unicorn-51954.exe
2540	Unicorn-26703.exe
2832	Unicorn-18535.exe
2936	Unicorn-19281.exe
1936	Unicorn-46521.exe
1380	Unicorn-60480.exe
2812	Unicorn-30761.exe
1976	Unicorn-63625.exe
760	Unicorn-31507.exe
2080	Unicorn-31913.exe
2436	Unicorn-7216.exe
2348	Unicorn-56972.exe
620	Unicorn-9821.exe
2512	Unicorn-39348.exe
1544	Unicorn-30434.exe
2372	Unicorn-62914.exe
1784	Unicorn-26712.exe
2000	Unicorn-30782.exe
628	Unicorn-18338.exe
2948	Unicorn-23360.exe
3056	Unicorn-7346.exe
1732	Unicorn-53018.exe
2868	Unicorn-28727.exe
1528	Unicorn-33749.exe
2640	Unicorn-330.exe
2800	Unicorn-62167.exe
2664	Unicorn-1674.exe
2744	Unicorn-14481.exe
2648	Unicorn-35416.exe
2576	Unicorn-40438.exe
2732	Unicorn-30455.exe
1476	Unicorn-64367.exe
3068	Unicorn-18696.exe
344	Unicorn-51560.exe
1328	Unicorn-20402.exe
2888	Unicorn-48628.exe
3036	Unicorn-28186.exe
2356	Unicorn-19656.exe
1956	Unicorn-12639.exe
2164	Unicorn-61840.exe
2156	Unicorn-57735.exe
2500	Unicorn-29661.exe
2060	Unicorn-18923.exe
2392	Unicorn-43641.exe
2976	Unicorn-64253.exe
2496	Unicorn-39727.exe
1580	Unicorn-59593.exe
1484	Unicorn-35835.exe
2248	Unicorn-46210.exe
952	Unicorn-30428.exe
1892	Unicorn-41934.exe
2300	Unicorn-46018.exe
1672	Unicorn-41934.exe
2952	Unicorn-26558.exe
1504	Unicorn-19136.exe
2288	Unicorn-4445.exe
2172	Unicorn-24311.exe

Loads dropped DLL 64 IoCs

pid	Process
688	295db01416b511e9a7e0823bad0c73db.exe
688	295db01416b511e9a7e0823bad0c73db.exe
2192	Unicorn-5882.exe
2192	Unicorn-5882.exe
688	295db01416b511e9a7e0823bad0c73db.exe
688	295db01416b511e9a7e0823bad0c73db.exe
2668	Unicorn-15140.exe
2668	Unicorn-15140.exe
2764	Unicorn-14818.exe
2764	Unicorn-14818.exe
2192	Unicorn-5882.exe
2192	Unicorn-5882.exe
2956	Unicorn-35042.exe
2956	Unicorn-35042.exe
2668	Unicorn-15140.exe
2668	Unicorn-15140.exe
2844	Unicorn-47465.exe
2844	Unicorn-47465.exe
1632	Unicorn-38742.exe
1632	Unicorn-38742.exe
2764	Unicorn-14818.exe
2764	Unicorn-14818.exe
2256	Unicorn-9214.exe
2256	Unicorn-9214.exe
2956	Unicorn-35042.exe
2956	Unicorn-35042.exe
1508	Unicorn-51954.exe
1508	Unicorn-51954.exe
2540	Unicorn-26703.exe
2540	Unicorn-26703.exe
2844	Unicorn-47465.exe
2844	Unicorn-47465.exe
2832	Unicorn-18535.exe
2832	Unicorn-18535.exe
2936	Unicorn-19281.exe
2936	Unicorn-19281.exe
1632	Unicorn-38742.exe
1632	Unicorn-38742.exe
1936	Unicorn-46521.exe
1936	Unicorn-46521.exe
2256	Unicorn-9214.exe
2256	Unicorn-9214.exe
1380	Unicorn-60480.exe
1380	Unicorn-60480.exe
2812	Unicorn-30761.exe
2812	Unicorn-30761.exe
1508	Unicorn-51954.exe
1508	Unicorn-51954.exe
2436	Unicorn-7216.exe
2436	Unicorn-7216.exe
2080	Unicorn-31913.exe
2080	Unicorn-31913.exe
2936	Unicorn-19281.exe
2936	Unicorn-19281.exe
2832	Unicorn-18535.exe
2832	Unicorn-18535.exe
760	Unicorn-31507.exe
1976	Unicorn-63625.exe
1976	Unicorn-63625.exe
760	Unicorn-31507.exe
2540	Unicorn-26703.exe
2540	Unicorn-26703.exe
2348	Unicorn-56972.exe
2348	Unicorn-56972.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1880	1528	WerFault.exe	58
2724	2728	WerFault.exe	142
2084	1820	WerFault.exe	254
2348	2012	WerFault.exe	300

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
688	295db01416b511e9a7e0823bad0c73db.exe
2192	Unicorn-5882.exe
2668	Unicorn-15140.exe
2764	Unicorn-14818.exe
2956	Unicorn-35042.exe
1632	Unicorn-38742.exe
2844	Unicorn-47465.exe
2256	Unicorn-9214.exe
1508	Unicorn-51954.exe
2540	Unicorn-26703.exe
2832	Unicorn-18535.exe
2936	Unicorn-19281.exe
1936	Unicorn-46521.exe
1380	Unicorn-60480.exe
2812	Unicorn-30761.exe
1976	Unicorn-63625.exe
2436	Unicorn-7216.exe
2080	Unicorn-31913.exe
760	Unicorn-31507.exe
2348	Unicorn-56972.exe
2512	Unicorn-39348.exe
620	Unicorn-9821.exe
1544	Unicorn-30434.exe
2372	Unicorn-62914.exe
1784	Unicorn-26712.exe
628	Unicorn-18338.exe
2000	Unicorn-30782.exe
2948	Unicorn-23360.exe
3056	Unicorn-7346.exe
1732	Unicorn-53018.exe
2868	Unicorn-28727.exe
1528	Unicorn-33749.exe
2640	Unicorn-330.exe
2800	Unicorn-62167.exe
2648	Unicorn-35416.exe
2664	Unicorn-1674.exe
2744	Unicorn-14481.exe
2732	Unicorn-30455.exe
2576	Unicorn-40438.exe
1476	Unicorn-64367.exe
3068	Unicorn-18696.exe
344	Unicorn-51560.exe
1328	Unicorn-20402.exe
2888	Unicorn-48628.exe
3036	Unicorn-28186.exe
2356	Unicorn-19656.exe
1956	Unicorn-12639.exe
2156	Unicorn-57735.exe
2164	Unicorn-61840.exe
2500	Unicorn-29661.exe
2060	Unicorn-18923.exe
2976	Unicorn-64253.exe
1580	Unicorn-59593.exe
2248	Unicorn-46210.exe
2496	Unicorn-39727.exe
2300	Unicorn-46018.exe
1484	Unicorn-35835.exe
952	Unicorn-30428.exe
1892	Unicorn-41934.exe
2952	Unicorn-26558.exe
1504	Unicorn-19136.exe
1672	Unicorn-41934.exe
2172	Unicorn-24311.exe
1584	Unicorn-24311.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 688 wrote to memory of 2192	688	295db01416b511e9a7e0823bad0c73db.exe	28
PID 688 wrote to memory of 2192	688	295db01416b511e9a7e0823bad0c73db.exe	28
PID 688 wrote to memory of 2192	688	295db01416b511e9a7e0823bad0c73db.exe	28
PID 688 wrote to memory of 2192	688	295db01416b511e9a7e0823bad0c73db.exe	28
PID 2192 wrote to memory of 2668	2192	Unicorn-5882.exe	29
PID 2192 wrote to memory of 2668	2192	Unicorn-5882.exe	29
PID 2192 wrote to memory of 2668	2192	Unicorn-5882.exe	29
PID 2192 wrote to memory of 2668	2192	Unicorn-5882.exe	29
PID 688 wrote to memory of 2764	688	295db01416b511e9a7e0823bad0c73db.exe	30
PID 688 wrote to memory of 2764	688	295db01416b511e9a7e0823bad0c73db.exe	30
PID 688 wrote to memory of 2764	688	295db01416b511e9a7e0823bad0c73db.exe	30
PID 688 wrote to memory of 2764	688	295db01416b511e9a7e0823bad0c73db.exe	30
PID 2668 wrote to memory of 2956	2668	Unicorn-15140.exe	31
PID 2668 wrote to memory of 2956	2668	Unicorn-15140.exe	31
PID 2668 wrote to memory of 2956	2668	Unicorn-15140.exe	31
PID 2668 wrote to memory of 2956	2668	Unicorn-15140.exe	31
PID 2764 wrote to memory of 1632	2764	Unicorn-14818.exe	32
PID 2764 wrote to memory of 1632	2764	Unicorn-14818.exe	32
PID 2764 wrote to memory of 1632	2764	Unicorn-14818.exe	32
PID 2764 wrote to memory of 1632	2764	Unicorn-14818.exe	32
PID 2192 wrote to memory of 2844	2192	Unicorn-5882.exe	33
PID 2192 wrote to memory of 2844	2192	Unicorn-5882.exe	33
PID 2192 wrote to memory of 2844	2192	Unicorn-5882.exe	33
PID 2192 wrote to memory of 2844	2192	Unicorn-5882.exe	33
PID 2956 wrote to memory of 2256	2956	Unicorn-35042.exe	34
PID 2956 wrote to memory of 2256	2956	Unicorn-35042.exe	34
PID 2956 wrote to memory of 2256	2956	Unicorn-35042.exe	34
PID 2956 wrote to memory of 2256	2956	Unicorn-35042.exe	34
PID 2668 wrote to memory of 1508	2668	Unicorn-15140.exe	35
PID 2668 wrote to memory of 1508	2668	Unicorn-15140.exe	35
PID 2668 wrote to memory of 1508	2668	Unicorn-15140.exe	35
PID 2668 wrote to memory of 1508	2668	Unicorn-15140.exe	35
PID 2844 wrote to memory of 2540	2844	Unicorn-47465.exe	36
PID 2844 wrote to memory of 2540	2844	Unicorn-47465.exe	36
PID 2844 wrote to memory of 2540	2844	Unicorn-47465.exe	36
PID 2844 wrote to memory of 2540	2844	Unicorn-47465.exe	36
PID 1632 wrote to memory of 2832	1632	Unicorn-38742.exe	37
PID 1632 wrote to memory of 2832	1632	Unicorn-38742.exe	37
PID 1632 wrote to memory of 2832	1632	Unicorn-38742.exe	37
PID 1632 wrote to memory of 2832	1632	Unicorn-38742.exe	37
PID 2764 wrote to memory of 2936	2764	Unicorn-14818.exe	38
PID 2764 wrote to memory of 2936	2764	Unicorn-14818.exe	38
PID 2764 wrote to memory of 2936	2764	Unicorn-14818.exe	38
PID 2764 wrote to memory of 2936	2764	Unicorn-14818.exe	38
PID 2256 wrote to memory of 1936	2256	Unicorn-9214.exe	39
PID 2256 wrote to memory of 1936	2256	Unicorn-9214.exe	39
PID 2256 wrote to memory of 1936	2256	Unicorn-9214.exe	39
PID 2256 wrote to memory of 1936	2256	Unicorn-9214.exe	39
PID 2956 wrote to memory of 1380	2956	Unicorn-35042.exe	40
PID 2956 wrote to memory of 1380	2956	Unicorn-35042.exe	40
PID 2956 wrote to memory of 1380	2956	Unicorn-35042.exe	40
PID 2956 wrote to memory of 1380	2956	Unicorn-35042.exe	40
PID 1508 wrote to memory of 2812	1508	Unicorn-51954.exe	41
PID 1508 wrote to memory of 2812	1508	Unicorn-51954.exe	41
PID 1508 wrote to memory of 2812	1508	Unicorn-51954.exe	41
PID 1508 wrote to memory of 2812	1508	Unicorn-51954.exe	41
PID 2540 wrote to memory of 1976	2540	Unicorn-26703.exe	42
PID 2540 wrote to memory of 1976	2540	Unicorn-26703.exe	42
PID 2540 wrote to memory of 1976	2540	Unicorn-26703.exe	42
PID 2540 wrote to memory of 1976	2540	Unicorn-26703.exe	42
PID 2844 wrote to memory of 760	2844	Unicorn-47465.exe	43
PID 2844 wrote to memory of 760	2844	Unicorn-47465.exe	43
PID 2844 wrote to memory of 760	2844	Unicorn-47465.exe	43
PID 2844 wrote to memory of 760	2844	Unicorn-47465.exe	43

C:\Users\Admin\AppData\Local\Temp\295db01416b511e9a7e0823bad0c73db.exe
"C:\Users\Admin\AppData\Local\Temp\295db01416b511e9a7e0823bad0c73db.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:688
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19136.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43055.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
        11⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
        12⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60531.exe
        14⤵
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
        15⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62057.exe
        16⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60189.exe
        17⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37119.exe
        18⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49196.exe
        19⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
        20⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        21⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62907.exe
        9⤵
        
        PID:664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        11⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        12⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3731.exe
        13⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16517.exe
        10⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15585.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54236.exe
        13⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42363.exe
        14⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13001.exe
        15⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        16⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52496.exe
        17⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        18⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
        15⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
        16⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30286.exe
        12⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51663.exe
        13⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51733.exe
        13⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28760.exe
        14⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6668.exe
        14⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
        15⤵
        
        PID:2012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
        16⤵
        Program crash
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        10⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61584.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34309.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60671.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14670.exe
        15⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
        16⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
        17⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27135.exe
        16⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39348.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62167.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
        8⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18902.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44008.exe
        11⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65134.exe
        12⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        13⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54162.exe
        14⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
        15⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        16⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5388.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53510.exe
        12⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28617.exe
        13⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50711.exe
        14⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49803.exe
        15⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40670.exe
        16⤵
        
        PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7775.exe
        11⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4454.exe
        12⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
        13⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9348.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
        15⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        16⤵
        
        PID:1580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40438.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21156.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24833.exe
        10⤵
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
        11⤵
        Program crash
        
        PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62914.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30455.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43641.exe
        8⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39727.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23297.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
        9⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
        10⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23597.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12662.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30634.exe
        9⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15269.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58054.exe
        13⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41412.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30307.exe
        15⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64367.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36039.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
        9⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
        10⤵
        
        PID:896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26712.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46018.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25785.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29018.exe
        9⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        10⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
        11⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23230.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
        13⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8907.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31365.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        17⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
        18⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2746.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30059.exe
        10⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7213.exe
        12⤵
        
        PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        8⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24685.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47116.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        11⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
        12⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        13⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12854.exe
        14⤵
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 200
        6⤵
        Program crash
        
        PID:1880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12639.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29820.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
        11⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40132.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        13⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62052.exe
        14⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50908.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        12⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58101.exe
        14⤵
        
        PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57735.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25544.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35648.exe
        10⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
        11⤵
        
        PID:1820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
        12⤵
        Program crash
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42626.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1854.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        11⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5917.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
        12⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        13⤵
        
        PID:2648
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22853.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        9⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22879.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54184.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54361.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54418.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
        14⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6295.exe
        16⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
        17⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65170.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        13⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12278.exe
        14⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20402.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65289.exe
        8⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20744.exe
        9⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33567.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
        11⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56255.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe
        15⤵
        
        PID:976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61840.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe
        7⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7204.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7625.exe
        10⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14328.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52420.exe
        9⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
        10⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56409.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61448.exe
        12⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
        10⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-330.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18769.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6083.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
        10⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60676.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3375.exe
        12⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2446.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33275.exe
        14⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        15⤵
        
        PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18923.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61124.exe
        6⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
        7⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe
        8⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        9⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
        10⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        12⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
        13⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
        14⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
        12⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57776.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3700.exe
        14⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64231.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42533.exe
        14⤵
        
        PID:1552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48628.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43247.exe
        8⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33813.exe
        9⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30443.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41019.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        12⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56440.exe
        13⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        7⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
        8⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25104.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
        11⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
        6⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        7⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39109.exe
        8⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37459.exe
        9⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53655.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
        11⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35823.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10820.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21869.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54605.exe
        9⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11136.exe
        11⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51443.exe
        12⤵
        
        PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19656.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26558.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26221.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30148.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63290.exe
        13⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51412.exe
        14⤵
        
        PID:936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4445.exe
        5⤵
        Executes dropped EXE
        
        PID:2288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        6⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25965.exe
        7⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11730.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38464.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42865.exe
        11⤵
        
        PID:1952

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18001.exe

Filesize
184KB

MD5
9d2795085d1621c8c72b481263fa8eae

SHA1
f9c532018d189ce534f86e26b0090b66fdc90694

SHA256
10876a2a0729cf35de99dc8b3130a907e66e09331d80649b852160e37b29ac1e

SHA512
b9126bdf6019f2186daccf1d66632d8424befcf4f8c3c04a0ca9beba26fa0d219c36f73807c94eb8679873a24b38182ed6f0cb32660ae605e7d60b76691a48a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe

Filesize
184KB

MD5
f4485df73df0ed44019f9c6b822cabd6

SHA1
540b75d1351f36285b2aef214e5d2f2b856dcf5d

SHA256
fa96ab2e1b0f00701f5e1279a4fde08cd62bb1b2558f9fa1c297b0e2e84d4204

SHA512
123e8b9ca6c7abff4121dc6daaea1af62f0e7e21f20884d2cc06fb15182b0804ad4dde5a3f7e5abd9b5f917721734a0e007fcec1bcd7202c121f687d14057396

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35416.exe

Filesize
184KB

MD5
1158161f43881adefe1c904fa25759a1

SHA1
0dcdf5a17bae2c9bdd8cdd004002d45fca4c8ed8

SHA256
6717ee0f32a824302caedaef0d20b183c4439dc8afddb22765541f98d620824c

SHA512
97944d8b065ce7e2ae48baf36b4b11cb9109770a4c8efa8ec6f62c37feba48dfa54bac3d465343f51522298548616742dd90df3668b880713a37a2cea783e179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40878.exe

Filesize
184KB

MD5
52a2acdb2e21e78d2a8dc7db7ccf34d8

SHA1
9d7f6a77dfe3aa25e101b337967aab94e90e2086

SHA256
af295f5e41da12e12ddb9ad1d9df602f5e8907bfb233327f0a3a1d15415d4571

SHA512
814096d0dc14c49aa3af7433705b96de7f98d913ca8480a98d8b5e8cda913237d184021d2deb8b2c4945421f813af94f3a433c7bf401fe20b25bb9dcc3b072c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47465.exe

Filesize
184KB

MD5
cdffb32ba3050028eb40bb1b4cff9dd5

SHA1
1f11bcf21e400ff53212025cd61e68b9237aa047

SHA256
3c86330fcb0896f0ed2965406f6fba601114e6469f3937c296cd80bad8da0b82

SHA512
3e98078e47995e78978247cf155fc9542069d401cc2b50bcd11ed51239c08b28a03692bb275867b76f99fa7e39985ca942a20256b439782406df85943b4bf5a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe

Filesize
184KB

MD5
a6cfd1076450cab59ce9a69bfefee248

SHA1
2b42b46accf2b5efdc265921b3753641f9ea636f

SHA256
84bf4d79added9b3af7225a0ff308071fd8ab097f6b4e4b7e0a3e47dc9219b36

SHA512
e9abc339e7ffc6ba6212d6b55166b7a56275bbe4ccc0e1a4da8258ee5632e274d40618cd09fcf65bf345ff95d4363d4b4d5783731e755f9cd5221a6ab58117ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe

Filesize
184KB

MD5
03640cd667c467fbcd008bcb42eed2dd

SHA1
982ceb46651f149d5e91de71a1f1a62f21d63bb6

SHA256
edb206127d992836f89ba40f95c9941a2c9fcc15aa0a131ebb7b2f0d12256304

SHA512
fd8962fa2e76bc29e76d8b0bf9540865d918c597659b9ba6db49e6e30d7b8761b315aa284e3f438bd9384df855cf6a74759d57572e6b01c6f972b4206f6d0839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5973.exe

Filesize
184KB

MD5
97295acf588dbcd8780eda2f02841016

SHA1
3f2eb734360582f52237bb26d3b03c1745fb869f

SHA256
4466ed8590b06558bb4711db2db5cf21a6a354040bc01cf7f45d7c6f1673685f

SHA512
ab83e505e2a721f012aba3073e62cd387f56a593b91c51a3f8aaf19164f25a325fa63cba966c44bf6a9c865f68142be1ef0456f3fe77d1549f1ffc30dffd4bbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6820.exe

Filesize
184KB

MD5
727545a94ac7f7cd69aeb99583f5e249

SHA1
bb8f31628b928035af6c2c3c8b2f5b7db9ff15ad

SHA256
f3f2ec338571c5941a9dba2e135253798232c5326d8b147a4518b1aa60203716

SHA512
79b15157613171ff1cc12de9ee7b5e5993eb6c776259ea9c462bd7a2c393428a886dc891935c6c5e27abd3e645cc7495959ed83dd644a8f06230dad82a359f90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe

Filesize
184KB

MD5
100914b73fcf63312297b4657ba7695a

SHA1
2fdf511ad617882625c11bfc9827418f541f8471

SHA256
3be0aeec5d675df39edce8b9671a11cbd23a7d289a0f8275c5fba93dbd4ea8ba

SHA512
363a9d8f79c00d001745fca435671072173276978b315a41bf8a1b9bb94a4fc73da08d251857a98c867db840b31fe5b4dbe6457819bd8661c2e21842d0d5c803

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe

Filesize
184KB

MD5
f8cc442b5457e6b90083dea79512ff76

SHA1
29dcf882342c88909775d376343a95d4453792ad

SHA256
bfd1e14fe23e27d8a6e4b5881bc4076ca76d39df31e41c3bb2bdbe48053cf653

SHA512
c3707408b569bc9de695578789b66b6a28d5817330a8b6b1c479f359e31f975e5f60747b937f3e0f0a7023e198383d437d0dc471deebe7319c871ac58d606bc2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe

Filesize
184KB

MD5
80e47c89c6d915da8b6e0c04669e21ad

SHA1
aa13adcb975d25d1ae41d1e995db43fc89049554

SHA256
be814412a1b03138859d7779fc579cfadf8350adced2d559a3b0f388a854a43d

SHA512
2f2ceaed6afa41a56a7fe8584c07409261f75168ae5255568bc222f59ff42be9e15adf854caf9c8c62a29fe6bac637e89ce5ddb9d0e8f4ff195a80a817ac0519

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19281.exe

Filesize
184KB

MD5
8d16705fca17388d330d595d2f249ef8

SHA1
89eadbc424df67983d5cdea6de2d16711a6e7041

SHA256
4e98bb29da348793cc3a9eec3da1776775f4e300ebff4775d590d6a6442f72f4

SHA512
6667bc28bdab0105baf474c14f8dc6e25128dca23cae2631d18bbc8376fe736cc32ede7a0229406c94cf8c84c6dfe42ee31489686b18d2046868ae49ebc3d941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe

Filesize
184KB

MD5
d3e151dbe51aa9a388951c30a1b240c1

SHA1
29713dcca3850023f4ee996fe346e8d5ece01948

SHA256
e0e577885ecfa162f2fc52856351a3bb23c48d490b9b3fc5e1641d2ecafd3c22

SHA512
8e573dde553493393091ea9c6adac2506e0bb727541673fab1640cb0a028d0c49627de19d564699f84da3649b81ea8111c2ec1cc82fa614f3ce0ea3020f37393

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30761.exe

Filesize
184KB

MD5
ba350ac1e9aaba779d7e9500d42a7ca9

SHA1
1edc7b539edaf70391a0b670dc276cf7e500f6c7

SHA256
f4f9640be8b5702b86406e86edd6d474262bdf1c8c7762a56144e7c2e874a8fb

SHA512
de37da71dab751aa58b1c1585976e9f8ddb0b08d8c608a463242857e8ad45d944349e436cc1f779fc1cec29495be641a9b5e280754c141fbf360c63856011a71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31913.exe

Filesize
184KB

MD5
113cead85e61579b8ac833034d0364c8

SHA1
1d3ce50b8870e53cc083a364c5da4df2f7d21125

SHA256
d6ea445d329e92b716bb1ec120e5db43bb495167df32b7945a3b945f0044e8c1

SHA512
d15f7d114a6a5801a6ffc95e07045161dbef2b6f915227616cefc2d8884a9e323e500ea963804a7a0dabf161f1d81c976801fe92ea279b5536191a7f78ca5647

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe

Filesize
184KB

MD5
c837f0aba03ac85135659578fe2a68eb

SHA1
a7e0c996afe44ac60144cb6b387840f647b71569

SHA256
9be1cb1b506a1261cc4e2b6c9b2ba7be6fa5c0e410d1b1b8acbfcfc955f3af65

SHA512
85ebd65f241b218c16b424cca8b4fb7599e2a1cfb681bc2053193dddbe3c7cd21ee568e39631dbfeca56b948bed8b7c9bc563493f2677332d17eeaeac314df90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38742.exe

Filesize
184KB

MD5
6608d504a2fc558b3fc7aa6a29dd97eb

SHA1
92c92f8cd5ec52552f91ae772386a51155db1398

SHA256
402b3efa7ead1d1c5dedc584731f614d903abda04fe1bff00f8582801782e979

SHA512
a4c7c5dac9b16937fa74a11f69f2a22e7ca8a4b321fcb3379ca8189716cc3a91ef66d3b1781ae6a1dc5192b851524cabbb8b487fb3123eda5a961d61f83341f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46521.exe

Filesize
184KB

MD5
ff8e81e2bc060c5f0bcc5f370044cfe4

SHA1
1cfc9ef0abb64b0a66a8b3927bd9e09180d6b31f

SHA256
8c802bb41288a1dd2f6039c4a2b82e53aef555a4ba0a18b977586c97003dede6

SHA512
43d89d7ca8487e9faf8999e9023e9a6c1999112e89da9f50c508ea1f6a4310ec2f49cf5173538d4d1e971e9a50a6a875d0ccc43eebaada29ed2b6964e5e1f383

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe

Filesize
184KB

MD5
6c8e60ef617774cf1fab905a2be8784e

SHA1
d431d34879cf73a39c5881388ca0917124bfecd7

SHA256
518b887dce05f7898c5537b33d1f9a47c9476b2327fa7f4d91f8fa4d08c2b206

SHA512
b1e8e76cc36e1358c161c13945015ec304507746ef1b207ca0556c150f100950dce60a3e60d6750d0888e6d0a1c92d458ec36ef1e06db4f56a69df6266389dde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe

Filesize
184KB

MD5
07b0b42a1c408da192409cef602e6001

SHA1
e4a52043d961c14120cab79ed5a3f153461a15ca

SHA256
51cfd384395c79b970610537ff471ea212c650a7847a74e2804c5de50f16cefb

SHA512
90465cce14b57ddd1ff388ca3efc64309d7ac3362bb7b90dd2edf07d247003f618f9925212fcd1e95e10351dc6145f80c7d39198b923ccc9c3a129e456d4632c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe

Filesize
184KB

MD5
7bf45fe901cbaff757a4183e5f8b38af

SHA1
6acc66ee7f2ce3419ab4fde9589654b85d9e3872

SHA256
db9bbba4c37b2a1946f1a1b41a575593a7deb7b4290c664c5a630a71c12463c0

SHA512
fcbe2d6dff8a226ee8fefe2c00aaa7dd02c69179c3d84a23725cbbdcfbacf0d962f9b1f88aa39bb6fbb3e8736240e23656f40bb67173f441024552697016aa61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63625.exe

Filesize
184KB

MD5
217913f911e4e7f3b24c583be2101535

SHA1
45a13b961e64eacb9c72f32f5d0fc59a7fb8e64e

SHA256
70572e99de2a2c5284db8d0d478f2adb50af84dae0d4afc9b9f4ecf7045cf4be

SHA512
eaec11819b3d1cb89a6228b20f33b532b6b29f6eece446c60b50830c3ebce7274c651ef2f601449b105f31fcd0ff6b6cbe2210b47509fa0ba99bb1faf1e0875c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe

Filesize
184KB

MD5
18407b4a62d28553f69508132ab16418

SHA1
9a6c577eecded171ba7c8aa72fb1555f3d240401

SHA256
100daa036df4d4b4391e89a870dc37cf9c3b3af5cfbf73c5012c14a138d5e16c

SHA512
9820ff1e1cab947bbe48c0df1906c38d463ed2efdbc98798055c0f000ce432ac605be9ab68785fad34a54ea19856f66b29748ccaaadd676429a9a5dd12a487cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9214.exe

Filesize
184KB

MD5
e7002d0f7a0976cb7fc93ee6b000cd8b

SHA1
244c59f4de7d233ec57e5d9d3af2502cfbe99188

SHA256
fbb6ffb1fb6dca03faf1f0cc859266bb3eb360d547e23137171929d7df90081e

SHA512
a41a5cfde3e879a55e20f0ffab47d638f03e18d6a8a097a43952e1502fe318c9e75da84bf26fa8df08ecff427b1b4e6aeac9eb8aef1200323856266aa422f6ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads