62d3e95ea15834c22587c1cf791070e1951c83d084265b49fbe376fcd0ac5f0c

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 13:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

40faf51e002566a20d4efc04ed42e8e0.exe
Size

184KB
MD5

40faf51e002566a20d4efc04ed42e8e0
SHA1

a3727a44e9c3db5e20661e00d985bf0c96c68338
SHA256

62d3e95ea15834c22587c1cf791070e1951c83d084265b49fbe376fcd0ac5f0c
SHA512

7c571e282544609daec7bad09e6d53875f87c21d3abeaf595002dbae79b423e287f3fa72eddcb04bb373958963901fe85449e99b88060f764afb33ead9427afd
SSDEEP

3072:TeJboc2AWA0JOjgdJRcozubObn6NMVIBDzx4HPFO7lPdpFu:TepoM70JTdTcozzSYo7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1120	Unicorn-4156.exe
2104	Unicorn-58484.exe
2280	Unicorn-26366.exe
2868	Unicorn-1281.exe
2572	Unicorn-46398.exe
2564	Unicorn-34700.exe
2444	Unicorn-28329.exe
2932	Unicorn-48557.exe
2120	Unicorn-12355.exe
860	Unicorn-61556.exe
292	Unicorn-11800.exe
1696	Unicorn-24027.exe
940	Unicorn-53362.exe
1636	Unicorn-60975.exe
2432	Unicorn-5505.exe
1308	Unicorn-25179.exe
2624	Unicorn-29071.exe
1112	Unicorn-8650.exe
268	Unicorn-17181.exe
788	Unicorn-46798.exe
1508	Unicorn-26932.exe
516	Unicorn-5573.exe
780	Unicorn-56673.exe
1960	Unicorn-6917.exe
1220	Unicorn-31614.exe
2260	Unicorn-64649.exe
2312	Unicorn-39590.exe
2232	Unicorn-38329.exe
1688	Unicorn-42775.exe
1888	Unicorn-54473.exe
1520	Unicorn-13632.exe
1948	Unicorn-23699.exe
2596	Unicorn-23337.exe
2616	Unicorn-3746.exe
2468	Unicorn-56476.exe
2584	Unicorn-43840.exe
2488	Unicorn-36226.exe
2976	Unicorn-52968.exe
1536	Unicorn-19912.exe
2656	Unicorn-28442.exe
2644	Unicorn-56811.exe
1600	Unicorn-56619.exe
936	Unicorn-56619.exe
1620	Unicorn-62519.exe
1564	Unicorn-17210.exe
1464	Unicorn-28908.exe
1552	Unicorn-54564.exe
2124	Unicorn-54564.exe
1440	Unicorn-42482.exe
2812	Unicorn-8871.exe
2704	Unicorn-26146.exe
1100	Unicorn-51248.exe
2296	Unicorn-50864.exe
1556	Unicorn-15731.exe
2840	Unicorn-14792.exe
1448	Unicorn-4439.exe
1188	Unicorn-65145.exe
1048	Unicorn-29733.exe
2252	Unicorn-31762.exe
1684	Unicorn-11149.exe
2556	Unicorn-61118.exe
2748	Unicorn-3557.exe
2728	Unicorn-30801.exe
2476	Unicorn-34139.exe

Loads dropped DLL 64 IoCs

pid	Process
2288	40faf51e002566a20d4efc04ed42e8e0.exe
2288	40faf51e002566a20d4efc04ed42e8e0.exe
1120	Unicorn-4156.exe
2288	40faf51e002566a20d4efc04ed42e8e0.exe
1120	Unicorn-4156.exe
2288	40faf51e002566a20d4efc04ed42e8e0.exe
2104	Unicorn-58484.exe
2104	Unicorn-58484.exe
2280	Unicorn-26366.exe
2280	Unicorn-26366.exe
1120	Unicorn-4156.exe
1120	Unicorn-4156.exe
2572	Unicorn-46398.exe
2572	Unicorn-46398.exe
2868	Unicorn-1281.exe
2868	Unicorn-1281.exe
2280	Unicorn-26366.exe
2280	Unicorn-26366.exe
2104	Unicorn-58484.exe
2104	Unicorn-58484.exe
2564	Unicorn-34700.exe
2564	Unicorn-34700.exe
2932	Unicorn-48557.exe
2932	Unicorn-48557.exe
2868	Unicorn-1281.exe
2868	Unicorn-1281.exe
2444	Unicorn-28329.exe
2444	Unicorn-28329.exe
2572	Unicorn-46398.exe
2572	Unicorn-46398.exe
860	Unicorn-61556.exe
860	Unicorn-61556.exe
2120	Unicorn-12355.exe
2120	Unicorn-12355.exe
292	Unicorn-11800.exe
292	Unicorn-11800.exe
2564	Unicorn-34700.exe
2564	Unicorn-34700.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2932	Unicorn-48557.exe
1696	Unicorn-24027.exe
1696	Unicorn-24027.exe
2932	Unicorn-48557.exe
1636	Unicorn-60975.exe
1636	Unicorn-60975.exe
2444	Unicorn-28329.exe
2444	Unicorn-28329.exe
1308	Unicorn-25179.exe
1308	Unicorn-25179.exe
2432	Unicorn-5505.exe
2432	Unicorn-5505.exe
860	Unicorn-61556.exe
860	Unicorn-61556.exe
940	Unicorn-53362.exe
940	Unicorn-53362.exe
1112	Unicorn-8650.exe
1112	Unicorn-8650.exe
292	Unicorn-11800.exe
292	Unicorn-11800.exe
268	Unicorn-17181.exe

Program crash 46 IoCs

pid	pid_target	Process	procid_target
2872	2564	WerFault.exe	33
2004	1960	WerFault.exe	52
2772	292	WerFault.exe	37
1560	1688	WerFault.exe	60
2180	1888	WerFault.exe	59
2440	268	WerFault.exe	46
948	1112	WerFault.exe	45
1108	2232	WerFault.exe	58
1160	2644	WerFault.exe	73
2788	936	WerFault.exe	74
1080	1620	WerFault.exe	76
432	2704	WerFault.exe	82
2432	1684	WerFault.exe	94
1776	928	WerFault.exe	100
1052	1076	WerFault.exe	106
2728	1852	WerFault.exe	130
1712	1600	WerFault.exe	75
2588	748	WerFault.exe	140
1448	2236	WerFault.exe	118
2504	1716	WerFault.exe	136
2932	1552	WerFault.exe	141
2736	860	WerFault.exe	121
2580	2512	WerFault.exe	155
2740	2296	WerFault.exe	170
1544	960	WerFault.exe	137
2200	2864	WerFault.exe	182
1308	2640	WerFault.exe	178
2820	2492	WerFault.exe	149
1268	1088	WerFault.exe	190
2448	888	WerFault.exe	192
1764	2744	WerFault.exe	222
2316	2460	WerFault.exe	194
1444	1624	WerFault.exe	165
3100	2488	WerFault.exe	193
3200	2548	WerFault.exe	191
3192	1768	WerFault.exe	214
3324	2876	WerFault.exe	107
3384	864	WerFault.exe	212
3524	3064	WerFault.exe	217
3772	2028	WerFault.exe	203
3648	668	WerFault.exe	229
1360	2276	WerFault.exe	213
524	1648	WerFault.exe	233
3860	1048	WerFault.exe	243
3756	1952	WerFault.exe	235
3488	1532	WerFault.exe	234

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2288	40faf51e002566a20d4efc04ed42e8e0.exe
1120	Unicorn-4156.exe
2280	Unicorn-26366.exe
2104	Unicorn-58484.exe
2868	Unicorn-1281.exe
2572	Unicorn-46398.exe
2564	Unicorn-34700.exe
2444	Unicorn-28329.exe
2932	Unicorn-48557.exe
2120	Unicorn-12355.exe
292	Unicorn-11800.exe
860	Unicorn-61556.exe
1696	Unicorn-24027.exe
1636	Unicorn-60975.exe
940	Unicorn-53362.exe
2432	Unicorn-5505.exe
1308	Unicorn-25179.exe
2624	Unicorn-29071.exe
1112	Unicorn-8650.exe
268	Unicorn-17181.exe
1508	Unicorn-26932.exe
788	Unicorn-46798.exe
516	Unicorn-5573.exe
780	Unicorn-56673.exe
1220	Unicorn-31614.exe
1960	Unicorn-6917.exe
2312	Unicorn-39590.exe
1888	Unicorn-54473.exe
2260	Unicorn-64649.exe
2232	Unicorn-38329.exe
1688	Unicorn-42775.exe
1520	Unicorn-13632.exe
1948	Unicorn-23699.exe
2596	Unicorn-23337.exe
2584	Unicorn-43840.exe
2468	Unicorn-56476.exe
2616	Unicorn-3746.exe
2488	Unicorn-36226.exe
2976	Unicorn-52968.exe
1536	Unicorn-19912.exe
2644	Unicorn-56811.exe
2656	Unicorn-28442.exe
936	Unicorn-56619.exe
1552	Unicorn-54564.exe
1620	Unicorn-62519.exe
2124	Unicorn-54564.exe
1564	Unicorn-17210.exe
2704	Unicorn-26146.exe
1464	Unicorn-28908.exe
2296	Unicorn-50864.exe
1440	Unicorn-42482.exe
2812	Unicorn-8871.exe
1600	Unicorn-56619.exe
1188	Unicorn-65145.exe
2840	Unicorn-14792.exe
1100	Unicorn-51248.exe
1556	Unicorn-15731.exe
1448	Unicorn-4439.exe
1048	Unicorn-29733.exe
2252	Unicorn-31762.exe
1684	Unicorn-11149.exe
2556	Unicorn-61118.exe
2728	Unicorn-30801.exe
2748	Unicorn-3557.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1120	2288	40faf51e002566a20d4efc04ed42e8e0.exe	28
PID 2288 wrote to memory of 1120	2288	40faf51e002566a20d4efc04ed42e8e0.exe	28
PID 2288 wrote to memory of 1120	2288	40faf51e002566a20d4efc04ed42e8e0.exe	28
PID 2288 wrote to memory of 1120	2288	40faf51e002566a20d4efc04ed42e8e0.exe	28
PID 1120 wrote to memory of 2104	1120	Unicorn-4156.exe	29
PID 1120 wrote to memory of 2104	1120	Unicorn-4156.exe	29
PID 1120 wrote to memory of 2104	1120	Unicorn-4156.exe	29
PID 1120 wrote to memory of 2104	1120	Unicorn-4156.exe	29
PID 2288 wrote to memory of 2280	2288	40faf51e002566a20d4efc04ed42e8e0.exe	30
PID 2288 wrote to memory of 2280	2288	40faf51e002566a20d4efc04ed42e8e0.exe	30
PID 2288 wrote to memory of 2280	2288	40faf51e002566a20d4efc04ed42e8e0.exe	30
PID 2288 wrote to memory of 2280	2288	40faf51e002566a20d4efc04ed42e8e0.exe	30
PID 2104 wrote to memory of 2868	2104	Unicorn-58484.exe	31
PID 2104 wrote to memory of 2868	2104	Unicorn-58484.exe	31
PID 2104 wrote to memory of 2868	2104	Unicorn-58484.exe	31
PID 2104 wrote to memory of 2868	2104	Unicorn-58484.exe	31
PID 2280 wrote to memory of 2572	2280	Unicorn-26366.exe	32
PID 2280 wrote to memory of 2572	2280	Unicorn-26366.exe	32
PID 2280 wrote to memory of 2572	2280	Unicorn-26366.exe	32
PID 2280 wrote to memory of 2572	2280	Unicorn-26366.exe	32
PID 1120 wrote to memory of 2564	1120	Unicorn-4156.exe	33
PID 1120 wrote to memory of 2564	1120	Unicorn-4156.exe	33
PID 1120 wrote to memory of 2564	1120	Unicorn-4156.exe	33
PID 1120 wrote to memory of 2564	1120	Unicorn-4156.exe	33
PID 2572 wrote to memory of 2444	2572	Unicorn-46398.exe	34
PID 2572 wrote to memory of 2444	2572	Unicorn-46398.exe	34
PID 2572 wrote to memory of 2444	2572	Unicorn-46398.exe	34
PID 2572 wrote to memory of 2444	2572	Unicorn-46398.exe	34
PID 2868 wrote to memory of 2932	2868	Unicorn-1281.exe	35
PID 2868 wrote to memory of 2932	2868	Unicorn-1281.exe	35
PID 2868 wrote to memory of 2932	2868	Unicorn-1281.exe	35
PID 2868 wrote to memory of 2932	2868	Unicorn-1281.exe	35
PID 2280 wrote to memory of 2120	2280	Unicorn-26366.exe	36
PID 2280 wrote to memory of 2120	2280	Unicorn-26366.exe	36
PID 2280 wrote to memory of 2120	2280	Unicorn-26366.exe	36
PID 2280 wrote to memory of 2120	2280	Unicorn-26366.exe	36
PID 2104 wrote to memory of 860	2104	Unicorn-58484.exe	38
PID 2104 wrote to memory of 860	2104	Unicorn-58484.exe	38
PID 2104 wrote to memory of 860	2104	Unicorn-58484.exe	38
PID 2104 wrote to memory of 860	2104	Unicorn-58484.exe	38
PID 2564 wrote to memory of 292	2564	Unicorn-34700.exe	37
PID 2564 wrote to memory of 292	2564	Unicorn-34700.exe	37
PID 2564 wrote to memory of 292	2564	Unicorn-34700.exe	37
PID 2564 wrote to memory of 292	2564	Unicorn-34700.exe	37
PID 2932 wrote to memory of 1696	2932	Unicorn-48557.exe	39
PID 2932 wrote to memory of 1696	2932	Unicorn-48557.exe	39
PID 2932 wrote to memory of 1696	2932	Unicorn-48557.exe	39
PID 2932 wrote to memory of 1696	2932	Unicorn-48557.exe	39
PID 2868 wrote to memory of 940	2868	Unicorn-1281.exe	41
PID 2868 wrote to memory of 940	2868	Unicorn-1281.exe	41
PID 2868 wrote to memory of 940	2868	Unicorn-1281.exe	41
PID 2868 wrote to memory of 940	2868	Unicorn-1281.exe	41
PID 2444 wrote to memory of 1636	2444	Unicorn-28329.exe	40
PID 2444 wrote to memory of 1636	2444	Unicorn-28329.exe	40
PID 2444 wrote to memory of 1636	2444	Unicorn-28329.exe	40
PID 2444 wrote to memory of 1636	2444	Unicorn-28329.exe	40
PID 2572 wrote to memory of 2432	2572	Unicorn-46398.exe	42
PID 2572 wrote to memory of 2432	2572	Unicorn-46398.exe	42
PID 2572 wrote to memory of 2432	2572	Unicorn-46398.exe	42
PID 2572 wrote to memory of 2432	2572	Unicorn-46398.exe	42
PID 860 wrote to memory of 1308	860	Unicorn-61556.exe	43
PID 860 wrote to memory of 1308	860	Unicorn-61556.exe	43
PID 860 wrote to memory of 1308	860	Unicorn-61556.exe	43
PID 860 wrote to memory of 1308	860	Unicorn-61556.exe	43

C:\Users\Admin\AppData\Local\Temp\40faf51e002566a20d4efc04ed42e8e0.exe
"C:\Users\Admin\AppData\Local\Temp\40faf51e002566a20d4efc04ed42e8e0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23337.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50864.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
        11⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        12⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38701.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8221.exe
        14⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
        15⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        16⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30801.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30797.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5405.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        12⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
        13⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
        14⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14137.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        16⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15731.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59448.exe
        11⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
        12⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60380.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42436.exe
        14⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        15⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3746.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
        9⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
        10⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        11⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
        12⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
        14⤵
        
        PID:3336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
        14⤵
        Program crash
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26932.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        10⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        11⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8296.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        13⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        14⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49312.exe
        15⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19912.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8389.exe
        11⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7476.exe
        12⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64106.exe
        13⤵
        
        PID:2744
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 188
        14⤵
        Program crash
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
        9⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
        10⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
        12⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        13⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7537.exe
        14⤵
        
        PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6917.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 188
        7⤵
        Program crash
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51082.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24726.exe
        8⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64710.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
        10⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
        11⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        12⤵
        
        PID:2348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18597.exe
        8⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11424.exe
        12⤵
        
        PID:3940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
        7⤵
        Program crash
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
        9⤵
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
        9⤵
        Program crash
        
        PID:3488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
        8⤵
        Program crash
        
        PID:3324
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
        7⤵
        Program crash
        
        PID:432
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
        6⤵
        Program crash
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42775.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11149.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32717.exe
        8⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        9⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35909.exe
        10⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37549.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45053.exe
        12⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        13⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13463.exe
        14⤵
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
        14⤵
        Program crash
        
        PID:3860
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
        10⤵
        Program crash
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16043.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9334.exe
        11⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23240.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46894.exe
        13⤵
        
        PID:4048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
        12⤵
        Program crash
        
        PID:3200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
        11⤵
        Program crash
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55006.exe
        10⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        11⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
        12⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
        13⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        14⤵
        
        PID:1172
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
        13⤵
        Program crash
        
        PID:524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
        12⤵
        Program crash
        
        PID:3384
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 216
        11⤵
        Program crash
        
        PID:1268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        10⤵
        Program crash
        
        PID:2820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
        9⤵
        Program crash
        
        PID:1448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
        8⤵
        Program crash
        
        PID:2432
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
        7⤵
        Program crash
        
        PID:1160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
        6⤵
        Program crash
        
        PID:1560
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
        5⤵
        Program crash
        
        PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
        7⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18950.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
        9⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        10⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65232.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        12⤵
        
        PID:3584
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
        10⤵
        Program crash
        
        PID:2740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
        9⤵
        Program crash
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
        8⤵
        Program crash
        
        PID:1776
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
        7⤵
        Program crash
        
        PID:2788
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
        6⤵
        Program crash
        
        PID:2180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62519.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
        6⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53686.exe
        10⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
        10⤵
        Program crash
        
        PID:3524
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
        9⤵
        Program crash
        
        PID:1444
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
        8⤵
        Program crash
        
        PID:2932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
        7⤵
        Program crash
        
        PID:1052
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
        6⤵
        Program crash
        
        PID:1080
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        5⤵
        Program crash
        
        PID:2440
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32852.exe
        9⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12286.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13049.exe
        11⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        12⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        13⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
        14⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4439.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52214.exe
        9⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54978.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29037.exe
        11⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
        8⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33278.exe
        9⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
        10⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4682.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        12⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        13⤵
        
        PID:3220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36656.exe
        9⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4689.exe
        10⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32887.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48938.exe
        11⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19785.exe
        12⤵
        
        PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56619.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        7⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43885.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
        12⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
        13⤵
        
        PID:3232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
        12⤵
        Program crash
        
        PID:3772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
        11⤵
        Program crash
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        10⤵
        Program crash
        
        PID:2580
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
        9⤵
        Program crash
        
        PID:2504
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
        8⤵
        Program crash
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
        7⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        8⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54451.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9347.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62243.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        12⤵
        
        PID:3348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
        12⤵
        Program crash
        
        PID:3756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
        11⤵
        Program crash
        
        PID:3192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
        10⤵
        Program crash
        
        PID:2448
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
        9⤵
        Program crash
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26417.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4298.exe
        9⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
        10⤵
        
        PID:3716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
        10⤵
        Program crash
        
        PID:3648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
        9⤵
        Program crash
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
        8⤵
        Program crash
        
        PID:1544
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
        7⤵
        Program crash
        
        PID:1712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40828.exe
        6⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        7⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29978.exe
        8⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
        9⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45954.exe
        10⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        11⤵
        
        PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
        7⤵
        Executes dropped EXE
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28825.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
        9⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45912.exe
        11⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
        12⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40578.exe
        13⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        14⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19313.exe
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-605.exe
        8⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
        9⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
        10⤵
        
        PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16278.exe
        9⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
        11⤵
        
        PID:3260

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe

Filesize
184KB

MD5
af3db3a38571b38cd95ed184856a1f14

SHA1
6f57472e1173956919e71d26109104a3ce39489c

SHA256
f9a014ce88ef64ac1b487915f5bc54fd7a9366dff425327bf3f5dba2328eeab0

SHA512
26f97b08e9e1cb86bd8801f73fe413dcb9119cecc2386df22428017488df8e26832b81484ffa400b1a1f0dea485b45453a52aac03c370356f99fa93ca0bb6db8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12355.exe

Filesize
184KB

MD5
52ac151ca3a5b76846befc29f78a2910

SHA1
be87f1889d459da5ce71de3e8c649828fab9e333

SHA256
a883dbf2879206d1cb1fe12bd62158cb6b6758360dcf86900634937b80dee337

SHA512
0f37b8236dd64d14dffd44a5346ca3366668ef4445050133705b75eeef4cfcf0835fe7f74a6af0ef0b96dd17eaff6fc9bad0fd0d4c5fb5cad0ff9cfd3241a874

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25179.exe

Filesize
184KB

MD5
193713917dfd1131d2a4846cd87129ee

SHA1
06af93662cdcc9d4d6979bdf2d2fd49bfb435f4f

SHA256
84e624eeceb36c5774344aff1c107f885d0730195ad87e5ad2f320984f02ec42

SHA512
7092eca4618283bbd716ec33b6d34ffc52631b4c0397964994d609cd69e59ddbe09ea7812030d5c28f8d6fd8a303c23a89a8856988d9ecd0b5dc0bd1fa2233b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34700.exe

Filesize
184KB

MD5
39cc05ecdc802f29f6f27e9b43d9224b

SHA1
6a74c1a0ed5534dc0261b1aef1b03d3e7bed4f26

SHA256
3371917f1d2fc02211d13f0c7f2f4172d5bf39d2c4fabcc525717a6216bf10a0

SHA512
e1388ae6090808a0da46db159d17faca5ab4b8225682d12279a18b9ebbbeb733e74ed1a1a46e5d227d8415d2766ea9fbf30603822932c68f0351e3c78dc9f669

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe

Filesize
184KB

MD5
ed6c82c7f086c73d973e149119505776

SHA1
70f09f3ca3a5757f055f405c9f1dc98c2c93f1e6

SHA256
e3978dc935b41256bc35ad16530091c223fc2a24192d4ed407fa87a5a7235ac1

SHA512
cc8b31bc981017ed7b056c6da0fe78e937bd991175538d3be1dbc5aced00b6685daa99a182e62b2a7a1458c6b3b823d9862a986efe0e09c5fb9967db4ea30d37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48557.exe

Filesize
184KB

MD5
0251ba78bfcc951ce8ca4151a60bfd11

SHA1
a3a44844c68b598f63c7ab0f92b0fa7a878e6a5c

SHA256
3584351d09a445b750826dc991009767e26d94f67b344195c9f8e700c1dedce1

SHA512
9e47018f7878f2b31cf2772a03d9b07992f969f5a012ea60deb84f6244dccf91874f6a08360625fc4c4320e19cb1389c59466a601e47448d08a0212eb2612488

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53362.exe

Filesize
184KB

MD5
ad2cf07fbc86949f61d8fccf3fe794a0

SHA1
f9764e50af8c9a8a21977dc8e8c28767a649628c

SHA256
90d3a51b569ed1f20057d55163346ce59fe7726bc9f1f5db80135f826189bf56

SHA512
557bf572f777c7dde3003e17dcc9518ed007c1a770d1d6b8afe1bb07b4de6eae87157a7cf3c7783ccf2a5e9c8a0e3f12ce643b2952aa517f7d836d992684e8c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5505.exe

Filesize
184KB

MD5
b8af958181e6c8de16cf348461be1950

SHA1
38c6956d8589fc893bcb1a52f5e1cab1bf0921f8

SHA256
031bbe58eba02674c73860c6d07358c239da78583d92a72f2be50a96bad5ae21

SHA512
e748bd2be0dadbca9f0d7ccab248b955c7b4d3a96fabe020995897f20debc55c0876919dc5f83185c77e39ab5037eda8ef57e5c41ceb8676c2393f3c0c16168f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5573.exe

Filesize
184KB

MD5
068a99eee28706ba02896927b1c2663d

SHA1
79ef793ef511c5ba11bfd578415f9ae2f726e9e9

SHA256
0ee3e2e2ff18aac8fb979d7711ee5b9a509133c9ef55fe642de91771f3a1ce61

SHA512
9303cf281b76f22c1936d956e7af3a4bfe8fbb03f708b288617d37bd5e2b45e6b82adf58d9bb013c4b28197c809e5602be93288f00c5ca974c2479670a62767d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60975.exe

Filesize
184KB

MD5
d34e31dd94633fe23c79829b22d8f502

SHA1
41f8553bc374e489c712e58eacbada317d13243b

SHA256
d134a2a7fc9fd7aa184c78a6282946ea80db51bbcefe7a23b00cfa2b9820d0de

SHA512
ba3dc05f9794061d330fc46ad6741284fcbb07ee24db9bc4769ea42e0da105b995357795e7e86d44d7b064753727e0aed5a0cc9dbf23842c59b0d2b002d7189f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe

Filesize
64KB

MD5
a4128728ac2191ba434a0a6684e6c9c6

SHA1
86862708e534fea14cbcf20fd27fb34ccb67ce7e

SHA256
cbb6d91f6f097b4bbc73341c88a96cd03b41c9d75641e6f2fb835d07a0f3d296

SHA512
d6193a3b94bcb24371c67eeb4c472d58b33e8baccd71ef3069a5a358422da71c6dd449df4b0b1cd7e25cc7ba0e6d7bc9a412b852e6fbadd6dfdcdc4f1e7f1f5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1281.exe

Filesize
184KB

MD5
696f2ec941a413dca587e1c32f6e7fab

SHA1
018891695011f191cca6e123fa1b16c9e6d82376

SHA256
144957dbec1f8fbf7078567b8d07afcd128922520b135f916d7fb58e1df7b584

SHA512
07c5e6d713061c5bc528ee5d7cb5b4efba13c0d0031586b17effb1826acdf3d6058a386ce6def1ed22e42253850467aca723e4b53cf3647e2dadfb18b9def58a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24027.exe

Filesize
184KB

MD5
3868fade77e7b9004a55803c39639c91

SHA1
08cdf5a4d4d0abc27d27bb4424f91a59800d99d1

SHA256
48f7e8e31cbf19eba59c9012c4eba2dd73a84960ea053f55c724b41851e9e846

SHA512
b58cbab4d60434ab8e6c759775f9a4d60b39a7d60c3784c7d63369a88eb33eb6ed851796e557f4d093a1bf66cca16d94f37784e00859b97f15984c879d14113f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26366.exe

Filesize
184KB

MD5
3d54adbc61786b89aabf122c1bc12149

SHA1
eb3d1fc56d409a1c50f1611d1b79c727851471bf

SHA256
a40b36299036f89def35953d29badecd260d5cc8dc04973ae53c9599939b7fd9

SHA512
b9a8182359b39d71b8eca0b3a81f6e8bcd0eb0edf8a989a5554bde12e5abfa9bfee1938c560b0732399692aa833bedcc1005c4d292cf6115b0dda0d87e55e066

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28329.exe

Filesize
184KB

MD5
eacb902fab1bc2649440629dcf23738a

SHA1
055853635a15b1c52ad298e9e5d5084354d3a53a

SHA256
bc59e6635295390d76a9485dddfe967f6ca91ec0d89c4f661b4abd3160f38469

SHA512
e578f2116ce7bc17577c3f6f385db2b346f13636a69e3af393548ba3099605550bab700852b8c31a8d19d51ef1076aad8379ea02b2d829378a5de2307b1c46a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe

Filesize
184KB

MD5
183ea4de942ec5b345a026243ea824b6

SHA1
64336bd32cd654d4ff25b53a9ad0cc2a9f09a2de

SHA256
bd56dce791397853691196b302183b82008e903960b8a6ab8a59e5e4709366ae

SHA512
a7b2599468cac6c949c4fdd1360679c0f2880988894fc9ca60967374b9ba2b5e96b62f1955f215bad4d8d4d9f0464961b471a24afbbefc8f8942c632e3129a95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4156.exe

Filesize
184KB

MD5
4a59f5214bd65215d50eeed99197bfb3

SHA1
507eb6e542124dd34cd3f839b47989b7a188feb1

SHA256
9f0f0f90313dd26b960148ad1c4f01fbebb12389fb1002957838aa7e9dfb7320

SHA512
3df72621c74280bd9756b842105f64fae1f92f2863315e00a178fb2d732d605abfc563bc7e7674c193c37ae6b16217ae78e68ac4cfaee3a9b91bdf4ff300e90a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe

Filesize
184KB

MD5
b33b6b4beaaf296bbbd29846b288da7f

SHA1
38964a3efba766cacd55f1d19c07e0ab1139ee6a

SHA256
f0fc1021ec423c4843b3d931d0e5b6f20b48cf1aa9b95883bb3fdf9861016c88

SHA512
dddd3ed25a8d8bd9600ed69a9e4d3433c26ade9459e4e6c8b3e0212ea2db1df935bd1b8698332157e177090619f31fb43ee472d29e5384e7414442dadb63ff4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61556.exe

Filesize
184KB

MD5
dae475d814dcf7c258d0c1e363559101

SHA1
03f96faf9113d8946b8d3415403d11cbd634b1af

SHA256
3eb39767770d29f4bf1c81e6e86843e289afcb684b8b891e4420a2a9d9e4ac75

SHA512
b9c462fb738f4388ed784c05b1ee219318274b6e5f6b8df7bbb895319c35de3ff9997b856ca6c0399b09a4181accc88e125e71b4759414b32e392cdcbd452e4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8650.exe

Filesize
184KB

MD5
478ff61c7f9c2d36b03be84131c54c13

SHA1
2be6894e1b3183e050915fb5d1121bab535bffb3

SHA256
c258b12e552b4160eb1e29e71a392f87e1ccf8aa98c6efbfbe659056fc4f1a0e

SHA512
096aabce8d04004a901c69f104fbb8e3253c70d1994a7759c9f908cbc9aa88f7c72e5ab3aa952b856e97443e6b3ea38dd1cdb042a400d29eefebb210e0fb0ea3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads