be35484f8a08a03c3e9d7a02c632d6fea7f306dd6ea46d7bd24edbbab882d180

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

577f879183cce1b12d06e6341af46f49.exe
Size

184KB
MD5

577f879183cce1b12d06e6341af46f49
SHA1

56a770f8da1acd93e85dd6d4ab19b52494d0116f
SHA256

be35484f8a08a03c3e9d7a02c632d6fea7f306dd6ea46d7bd24edbbab882d180
SHA512

09abbd6b4e8954ca440c1d7dda32911d8ceccb7e2e00574283a34e64bfb8463fbe0dccba14d8a2aa7ba38d16798aa81563b13c2b0f4ad6bfe7c1dd1cd31b8226
SSDEEP

3072:s/v5octFPgbyEjldTAUozzbU7d6TxLIHRTxW64ZG0lP7pFv:s/xoC4bykd0UozLkao0lP7pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2664	Unicorn-19558.exe
2788	Unicorn-40429.exe
3004	Unicorn-14943.exe
2740	Unicorn-33768.exe
2620	Unicorn-8282.exe
2644	Unicorn-2678.exe
2240	Unicorn-54639.exe
2860	Unicorn-31055.exe
2880	Unicorn-2042.exe
1264	Unicorn-16219.exe
2164	Unicorn-36085.exe
1744	Unicorn-31341.exe
1500	Unicorn-43618.exe
2876	Unicorn-36235.exe
1608	Unicorn-64657.exe
2364	Unicorn-64657.exe
2752	Unicorn-49787.exe
2068	Unicorn-4639.exe
2360	Unicorn-49787.exe
400	Unicorn-35313.exe
1980	Unicorn-6231.exe
924	Unicorn-17405.exe
348	Unicorn-55692.exe
1344	Unicorn-29682.exe
1840	Unicorn-50197.exe
1748	Unicorn-50197.exe
948	Unicorn-4356.exe
588	Unicorn-24222.exe
2196	Unicorn-27211.exe
1476	Unicorn-37791.exe
1752	Unicorn-57657.exe
2156	Unicorn-53033.exe
2856	Unicorn-25842.exe
2148	Unicorn-28254.exe
1784	Unicorn-51192.exe
2832	Unicorn-57479.exe
2800	Unicorn-59892.exe
2508	Unicorn-63504.exe
2636	Unicorn-34422.exe
2488	Unicorn-2456.exe
2096	Unicorn-33064.exe
2664	Unicorn-64423.exe
548	Unicorn-30397.exe
2868	Unicorn-35881.exe
1936	Unicorn-27325.exe
1956	Unicorn-11214.exe
2020	Unicorn-5054.exe
1716	Unicorn-58438.exe
572	Unicorn-41983.exe
640	Unicorn-45100.exe
1632	Unicorn-48172.exe
2340	Unicorn-24239.exe
1796	Unicorn-35343.exe
820	Unicorn-55209.exe
2684	Unicorn-19924.exe
2620	Unicorn-39790.exe
1548	Unicorn-39790.exe
1136	Unicorn-39790.exe
1556	Unicorn-58575.exe
276	Unicorn-13941.exe
824	Unicorn-3324.exe
2136	Unicorn-24905.exe
2724	Unicorn-50677.exe
2580	Unicorn-32644.exe

Loads dropped DLL 64 IoCs

pid	Process
2508	577f879183cce1b12d06e6341af46f49.exe
2508	577f879183cce1b12d06e6341af46f49.exe
2664	Unicorn-19558.exe
2508	577f879183cce1b12d06e6341af46f49.exe
2664	Unicorn-19558.exe
2508	577f879183cce1b12d06e6341af46f49.exe
2788	Unicorn-40429.exe
2788	Unicorn-40429.exe
2664	Unicorn-19558.exe
2664	Unicorn-19558.exe
3004	Unicorn-14943.exe
3004	Unicorn-14943.exe
2740	Unicorn-33768.exe
2740	Unicorn-33768.exe
2788	Unicorn-40429.exe
2788	Unicorn-40429.exe
2644	Unicorn-2678.exe
3004	Unicorn-14943.exe
2644	Unicorn-2678.exe
2620	Unicorn-8282.exe
2620	Unicorn-8282.exe
3004	Unicorn-14943.exe
2240	Unicorn-54639.exe
2240	Unicorn-54639.exe
2740	Unicorn-33768.exe
2740	Unicorn-33768.exe
2860	Unicorn-31055.exe
2860	Unicorn-31055.exe
2164	Unicorn-36085.exe
2164	Unicorn-36085.exe
2880	Unicorn-2042.exe
2880	Unicorn-2042.exe
2644	Unicorn-2678.exe
2620	Unicorn-8282.exe
1264	Unicorn-16219.exe
1264	Unicorn-16219.exe
2644	Unicorn-2678.exe
2620	Unicorn-8282.exe
1744	Unicorn-31341.exe
1744	Unicorn-31341.exe
2240	Unicorn-54639.exe
2240	Unicorn-54639.exe
1500	Unicorn-43618.exe
1500	Unicorn-43618.exe
2876	Unicorn-36235.exe
2876	Unicorn-36235.exe
2860	Unicorn-31055.exe
2860	Unicorn-31055.exe
2360	Unicorn-49787.exe
2364	Unicorn-64657.exe
2364	Unicorn-64657.exe
2360	Unicorn-49787.exe
2752	Unicorn-49787.exe
2880	Unicorn-2042.exe
2752	Unicorn-49787.exe
2880	Unicorn-2042.exe
1608	Unicorn-64657.exe
1608	Unicorn-64657.exe
2164	Unicorn-36085.exe
2068	Unicorn-4639.exe
2164	Unicorn-36085.exe
2068	Unicorn-4639.exe
1264	Unicorn-16219.exe
1264	Unicorn-16219.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
2904	1784	WerFault.exe	62
1560	268	WerFault.exe	97
2840	336	WerFault.exe	98
2516	1104	WerFault.exe	198
1000	3020	WerFault.exe	315
1848	2752	WerFault.exe	310
2692	2120	WerFault.exe	316
2096	2020	WerFault.exe	367
684	1944	WerFault.exe	381

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2508	577f879183cce1b12d06e6341af46f49.exe
2664	Unicorn-19558.exe
2788	Unicorn-40429.exe
3004	Unicorn-14943.exe
2740	Unicorn-33768.exe
2620	Unicorn-8282.exe
2644	Unicorn-2678.exe
2240	Unicorn-54639.exe
2860	Unicorn-31055.exe
2164	Unicorn-36085.exe
2880	Unicorn-2042.exe
1264	Unicorn-16219.exe
1744	Unicorn-31341.exe
1500	Unicorn-43618.exe
2876	Unicorn-36235.exe
1608	Unicorn-64657.exe
2068	Unicorn-4639.exe
2360	Unicorn-49787.exe
2364	Unicorn-64657.exe
2752	Unicorn-49787.exe
400	Unicorn-35313.exe
1980	Unicorn-6231.exe
924	Unicorn-17405.exe
348	Unicorn-55692.exe
1344	Unicorn-29682.exe
1840	Unicorn-50197.exe
1748	Unicorn-50197.exe
948	Unicorn-4356.exe
588	Unicorn-24222.exe
2196	Unicorn-27211.exe
1476	Unicorn-37791.exe
2156	Unicorn-53033.exe
1752	Unicorn-57657.exe
2856	Unicorn-25842.exe
2148	Unicorn-28254.exe
2832	Unicorn-57479.exe
1784	Unicorn-51192.exe
2508	Unicorn-63504.exe
2800	Unicorn-59892.exe
2636	Unicorn-34422.exe
2488	Unicorn-2456.exe
2096	Unicorn-33064.exe
2664	Unicorn-64423.exe
548	Unicorn-30397.exe
2868	Unicorn-35881.exe
2020	Unicorn-5054.exe
1936	Unicorn-27325.exe
1956	Unicorn-11214.exe
1716	Unicorn-58438.exe
572	Unicorn-41983.exe
1632	Unicorn-48172.exe
640	Unicorn-45100.exe
1796	Unicorn-35343.exe
2340	Unicorn-24239.exe
820	Unicorn-55209.exe
1136	Unicorn-39790.exe
2620	Unicorn-39790.exe
2684	Unicorn-19924.exe
1548	Unicorn-39790.exe
1556	Unicorn-58575.exe
276	Unicorn-13941.exe
824	Unicorn-3324.exe
2136	Unicorn-24905.exe
2724	Unicorn-50677.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 2664	2508	577f879183cce1b12d06e6341af46f49.exe	28
PID 2508 wrote to memory of 2664	2508	577f879183cce1b12d06e6341af46f49.exe	28
PID 2508 wrote to memory of 2664	2508	577f879183cce1b12d06e6341af46f49.exe	28
PID 2508 wrote to memory of 2664	2508	577f879183cce1b12d06e6341af46f49.exe	28
PID 2664 wrote to memory of 2788	2664	Unicorn-19558.exe	29
PID 2664 wrote to memory of 2788	2664	Unicorn-19558.exe	29
PID 2664 wrote to memory of 2788	2664	Unicorn-19558.exe	29
PID 2664 wrote to memory of 2788	2664	Unicorn-19558.exe	29
PID 2508 wrote to memory of 3004	2508	577f879183cce1b12d06e6341af46f49.exe	30
PID 2508 wrote to memory of 3004	2508	577f879183cce1b12d06e6341af46f49.exe	30
PID 2508 wrote to memory of 3004	2508	577f879183cce1b12d06e6341af46f49.exe	30
PID 2508 wrote to memory of 3004	2508	577f879183cce1b12d06e6341af46f49.exe	30
PID 2788 wrote to memory of 2740	2788	Unicorn-40429.exe	31
PID 2788 wrote to memory of 2740	2788	Unicorn-40429.exe	31
PID 2788 wrote to memory of 2740	2788	Unicorn-40429.exe	31
PID 2788 wrote to memory of 2740	2788	Unicorn-40429.exe	31
PID 2664 wrote to memory of 2620	2664	Unicorn-19558.exe	32
PID 2664 wrote to memory of 2620	2664	Unicorn-19558.exe	32
PID 2664 wrote to memory of 2620	2664	Unicorn-19558.exe	32
PID 2664 wrote to memory of 2620	2664	Unicorn-19558.exe	32
PID 3004 wrote to memory of 2644	3004	Unicorn-14943.exe	33
PID 3004 wrote to memory of 2644	3004	Unicorn-14943.exe	33
PID 3004 wrote to memory of 2644	3004	Unicorn-14943.exe	33
PID 3004 wrote to memory of 2644	3004	Unicorn-14943.exe	33
PID 2740 wrote to memory of 2240	2740	Unicorn-33768.exe	34
PID 2740 wrote to memory of 2240	2740	Unicorn-33768.exe	34
PID 2740 wrote to memory of 2240	2740	Unicorn-33768.exe	34
PID 2740 wrote to memory of 2240	2740	Unicorn-33768.exe	34
PID 2788 wrote to memory of 2860	2788	Unicorn-40429.exe	35
PID 2788 wrote to memory of 2860	2788	Unicorn-40429.exe	35
PID 2788 wrote to memory of 2860	2788	Unicorn-40429.exe	35
PID 2788 wrote to memory of 2860	2788	Unicorn-40429.exe	35
PID 2644 wrote to memory of 2880	2644	Unicorn-2678.exe	38
PID 2644 wrote to memory of 2880	2644	Unicorn-2678.exe	38
PID 2644 wrote to memory of 2880	2644	Unicorn-2678.exe	38
PID 2644 wrote to memory of 2880	2644	Unicorn-2678.exe	38
PID 2620 wrote to memory of 2164	2620	Unicorn-8282.exe	36
PID 2620 wrote to memory of 2164	2620	Unicorn-8282.exe	36
PID 2620 wrote to memory of 2164	2620	Unicorn-8282.exe	36
PID 2620 wrote to memory of 2164	2620	Unicorn-8282.exe	36
PID 3004 wrote to memory of 1264	3004	Unicorn-14943.exe	37
PID 3004 wrote to memory of 1264	3004	Unicorn-14943.exe	37
PID 3004 wrote to memory of 1264	3004	Unicorn-14943.exe	37
PID 3004 wrote to memory of 1264	3004	Unicorn-14943.exe	37
PID 2240 wrote to memory of 1744	2240	Unicorn-54639.exe	39
PID 2240 wrote to memory of 1744	2240	Unicorn-54639.exe	39
PID 2240 wrote to memory of 1744	2240	Unicorn-54639.exe	39
PID 2240 wrote to memory of 1744	2240	Unicorn-54639.exe	39
PID 2740 wrote to memory of 1500	2740	Unicorn-33768.exe	40
PID 2740 wrote to memory of 1500	2740	Unicorn-33768.exe	40
PID 2740 wrote to memory of 1500	2740	Unicorn-33768.exe	40
PID 2740 wrote to memory of 1500	2740	Unicorn-33768.exe	40
PID 2860 wrote to memory of 2876	2860	Unicorn-31055.exe	41
PID 2860 wrote to memory of 2876	2860	Unicorn-31055.exe	41
PID 2860 wrote to memory of 2876	2860	Unicorn-31055.exe	41
PID 2860 wrote to memory of 2876	2860	Unicorn-31055.exe	41
PID 2164 wrote to memory of 1608	2164	Unicorn-36085.exe	43
PID 2164 wrote to memory of 1608	2164	Unicorn-36085.exe	43
PID 2164 wrote to memory of 1608	2164	Unicorn-36085.exe	43
PID 2164 wrote to memory of 1608	2164	Unicorn-36085.exe	43
PID 2880 wrote to memory of 2364	2880	Unicorn-2042.exe	42
PID 2880 wrote to memory of 2364	2880	Unicorn-2042.exe	42
PID 2880 wrote to memory of 2364	2880	Unicorn-2042.exe	42
PID 2880 wrote to memory of 2364	2880	Unicorn-2042.exe	42

C:\Users\Admin\AppData\Local\Temp\577f879183cce1b12d06e6341af46f49.exe
"C:\Users\Admin\AppData\Local\Temp\577f879183cce1b12d06e6341af46f49.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35313.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25842.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42934.exe
        10⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56261.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        13⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8049.exe
        14⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
        15⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24367.exe
        16⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56042.exe
        17⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17172.exe
        9⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4498.exe
        10⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53307.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24656.exe
        12⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        13⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52269.exe
        14⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8437.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
        17⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49831.exe
        18⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-461.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59795.exe
        15⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32944.exe
        17⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        18⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13509.exe
        19⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10817.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58750.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        14⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
        15⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33398.exe
        17⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9787.exe
        18⤵
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6231.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1784
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 200
        8⤵
        Program crash
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24239.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
        9⤵
        Executes dropped EXE
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32851.exe
        10⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        12⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27039.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20417.exe
        14⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
        15⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
        16⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
        17⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
        18⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50277.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
        13⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
        14⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61931.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        16⤵
        
        PID:2120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
        17⤵
        Program crash
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43123.exe
        8⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        9⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        11⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25952.exe
        13⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64995.exe
        14⤵
        
        PID:2752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 200
        15⤵
        Program crash
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50750.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27220.exe
        9⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40323.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12169.exe
        12⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38764.exe
        13⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37870.exe
        14⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19534.exe
        15⤵
        
        PID:1120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3324.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
        8⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15428.exe
        9⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe
        12⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54592.exe
        13⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2786.exe
        14⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        15⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
        16⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44363.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60080.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        9⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20893.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
        12⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23988.exe
        14⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58022.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63032.exe
        17⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
        10⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46868.exe
        13⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31569.exe
        14⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
        15⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26447.exe
        16⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
        8⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42990.exe
        9⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        11⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27793.exe
        13⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59807.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3720.exe
        15⤵
        
        PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55692.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63504.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        10⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        11⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30900.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        13⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27182.exe
        14⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12668.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
        16⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7544.exe
        8⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53674.exe
        9⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36944.exe
        11⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5343.exe
        12⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48760.exe
        13⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
        14⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21832.exe
        15⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59413.exe
        16⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
        17⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48328.exe
        18⤵
        
        PID:2056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        9⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        10⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
        12⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        13⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60198.exe
        15⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64691.exe
        17⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29692.exe
        18⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13023.exe
        17⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42641.exe
        7⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48459.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39186.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45888.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20327.exe
        12⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
        13⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        14⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22135.exe
        15⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5078.exe
        14⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59991.exe
        15⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
        16⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
        17⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53758.exe
        16⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        17⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2456.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24905.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37811.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4982.exe
        9⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28658.exe
        10⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
        11⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
        12⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28710.exe
        14⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
        15⤵
        
        PID:788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
        7⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
        8⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32665.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30372.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11806.exe
        11⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63391.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
        13⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39156.exe
        14⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52903.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41007.exe
        16⤵
        
        PID:2532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45100.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40448.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36447.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
        11⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        13⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3772.exe
        14⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51050.exe
        15⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        16⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        17⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38397.exe
        18⤵
        
        PID:1944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 200
        19⤵
        Program crash
        
        PID:684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58438.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19434.exe
        7⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16186.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3352.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        11⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
        12⤵
        Program crash
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14440.exe
        11⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
        13⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
        14⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46810.exe
        15⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-195.exe
        16⤵
        
        PID:2020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
        17⤵
        Program crash
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9687.exe
        13⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        14⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10515.exe
        15⤵
        
        PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24222.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30650.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43117.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
        9⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
        10⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
        11⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe
        12⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60073.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        14⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
        15⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14473.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44913.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42992.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19076.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44573.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        13⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
        14⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2818.exe
        15⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
        6⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8400.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41087.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        9⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe
        10⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24357.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14646.exe
        12⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2388.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        14⤵
        
        PID:1136
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39391.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28528.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        12⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58167.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58418.exe
        14⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39601.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        16⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
        17⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54545.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
        11⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43342.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9145.exe
        13⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        14⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
        15⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
        16⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56306.exe
        17⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        7⤵
        
        PID:268
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
        8⤵
        Program crash
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42.exe
        7⤵
        
        PID:336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 220
        8⤵
        Program crash
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44082.exe
        7⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
        8⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61084.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        10⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59409.exe
        11⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58158.exe
        12⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
        14⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8122.exe
        15⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        16⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
        17⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
        18⤵
        
        PID:1052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
        7⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        8⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe
        9⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
        11⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36514.exe
        12⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        13⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65222.exe
        14⤵
        
        PID:3020
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
        15⤵
        Program crash
        
        PID:1000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48172.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39611.exe
        10⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60385.exe
        11⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
        12⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10661.exe
        13⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23237.exe
        14⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59109.exe
        15⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
        16⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17207.exe
        17⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17078.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56572.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57575.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
        12⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43312.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12766.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60280.exe
        15⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32777.exe
        16⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
        7⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16643.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        9⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29732.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
        12⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        13⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
        14⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49205.exe
        15⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7296.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58051.exe
        10⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54766.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        12⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        13⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
        14⤵
        
        PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53033.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41983.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65105.exe
        6⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56103.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38015.exe
        8⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11333.exe
        10⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29834.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21288.exe
        13⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32253.exe
        14⤵
        
        PID:536

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2678.exe

Filesize
184KB

MD5
0b8956e0791e0d4ac960ef0c67a74880

SHA1
2b37bdc2c177374c9241c867e53f5fbd6ae34127

SHA256
eda8b37af326cbcfb55ef580cf29c134ab6f061ad2068012ae21fee540cfa65d

SHA512
e6fec9cf75007a4caf48569ea2ec8fdd03c0534db5f734095a2d69643c226385ba74444aa8ba27d104073c673299508ddbb6f4f81aee123ed36686a0db3365a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe

Filesize
184KB

MD5
6d1819bf50c0b4588eafaac19539a15f

SHA1
baa4cbf8b0aa69095e8b4a07d26408616a89af23

SHA256
138b8acd4c728fb7f9ff0a1382d2f128119510203f12657cd3ca273c3f1f40ad

SHA512
fbf0bdcd2d5977c690d5823299e868333040b56d10925443f73de38a392369384a9eee677ea33e4214e66e446647d193b62565821e7c210e2f93689807182cb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe

Filesize
184KB

MD5
358f8271a6813ff1a0fe69d81d94cd98

SHA1
c73709efa3b311195d47691d8e6947c1162bc432

SHA256
10e3ddcd103f8d3716886bff9a188edbd34853e46b1e593a4b456db13988dd5f

SHA512
724e8f89c3ff51609866c8a16880370e875cbb5e2ef18981aee946a578c4408067019968c0f278be019bdfa3054c4ae634171a232a7475017fbda8b0199eba03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52220.exe

Filesize
184KB

MD5
852ee7fbbd20136714879c905a6facbf

SHA1
a8fb9d5ae0bcf124f88fc9ca286f6c335dcd0f39

SHA256
c62ae98e2906bc2ff02a112cd60fdd214097f6efe366ac5c385e514ce44251da

SHA512
6f8a6e6f029385e0be0412de89459326314db332dbcdfffa77b01b836f9c9cf33a4ca2f32790bc36b16bf3b1afecbcd3b77b2279f5b84327ed2129554a271da5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5499.exe

Filesize
184KB

MD5
6ed0f8b2260e3bf661c8de5b9c9c2748

SHA1
c52a3d080acbe4dfd6232ddfcd59c8bb1cb4a91a

SHA256
c96c3057a5bbde24906cac7bdcd6466d1a75db5d92c22c275f9053999496e006

SHA512
6ada017382a1cdcd45d653c24ea1336d6628d22046bccdc140cd9fd19bf3dadd595e90d6f6eac0d14e4e2fc433f68a8b9c1bc492139d34bf126b7369c30a48df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe

Filesize
184KB

MD5
5fd221a05851943daee1e7e36bfbefd8

SHA1
befe2df72755a2a52ab9d809cdeb5723ba14e2c5

SHA256
e0e3be0d10744734f761a9b9ea476b51da09db556f556ad11ca997dd7557bb1a

SHA512
df240d4498644f04d32f1a96a330fd04093e1d9a9bee864a7f3e955f15b2b5d49082b70d10129d60f525a15d4278e441e3a5ce421b3a832293eb39d5e8f34f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5733.exe

Filesize
184KB

MD5
06ea3d9494c124fd3e961d5ab45c3f0b

SHA1
d212b5f69420d6db583973b147a53768d439f4c8

SHA256
ffbc5464952bdb7a04b6fd3540f0e87074b9803dc90777b3e834b2349d34908e

SHA512
36bbb7f0d007253c34b60f01b48f36f0d2d095b603bbe72188d26fe56bb1bd69b4e9ac57cd7305186a9981419e8a2abe155b269b40573728c731d41c1765a94a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe

Filesize
184KB

MD5
26fc00760458a20324cd8b8660ae0c78

SHA1
d658af177da241938f001ee1eb40f07918de6938

SHA256
fbf56b24ee26221a9b24273b801fb52a148c978b757145eb58db1597fb877faa

SHA512
d88a774ab95f1f6a7f69992033d0a55f2144422656c0d256fa4b3194d4ac394af9948428db7c94d0e505ebf632fe815271c12bc261737b9d2293419bcf5859ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6557.exe

Filesize
184KB

MD5
50b5375f7cc3c5cfb85131e25c285802

SHA1
fbfc740b86f467d5956d86e9352eee59144b8cdc

SHA256
3e76c2eb82058fc670e3a76bc31c265bf43728a70dfe6b3455450b26f303ef81

SHA512
3d7b9124e9961d0238eb91704e38f56b28d539688d31cf3690a45386067fa0caf33c3c00744cd0b31939966afad04396d3daaa159413bbc76d610bd5067ffc0f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe

Filesize
184KB

MD5
392c48935d492c60052dfb03f36854b2

SHA1
37f35f0c172a7b31856a8aef100041cd929ce15f

SHA256
99b6485c61b2125fd95f317846cee469648725b48480e61ae87a64f0780faa75

SHA512
38c5d4df2127d2d071498d8f858c788daab6eda87b5c41858756c2d761999fc8912f7279bc215714b7878ab83882535d2c37b5874ca1abaf00022c968d57aea1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe

Filesize
184KB

MD5
65a2c24367efa0e9acc617727cc16e6d

SHA1
e88303e4bdbd609e2a3308b46625b93b3713b9ab

SHA256
cf67dd40ec28c4b834765f4398552ccf9ae5b5833ca937f53ae2134b7f229f6e

SHA512
735b5ccc0856b173b35b88bba18ad4d46e089802f596a86466ecea7226a0fb4237e9b7b16d942cc7e1c7103866102d6c7f61ae053e565290a425eec49f47d315

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19558.exe

Filesize
184KB

MD5
d9b88b630bd157d71949b31f5180de9e

SHA1
5dae751cf1e6bf9368cb23caa1669715c5567bc9

SHA256
7c114fec802e111c9dd4c0007418ce0d6cefa86c95a0283953752190c4115a98

SHA512
a57049cd04e20d55a0873dbc3036792bd1512c8733dbc7301afe14ede7b94e94fd5990a9949d3e5e9c4d2750555aad12a25c93673799ea3a4f8078f0cc927d1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe

Filesize
184KB

MD5
fec786b3cca38f003cae9cb44660ae00

SHA1
cad52156e2c6ba1e16ae31528087e65715e0f985

SHA256
464050dded0914e9a67ad516841e05a66bfa594b78d33edb989b290df962f528

SHA512
7f8fcdcb2a6c2aad3cfad01d1ef6800c3292829b5bcab499093b937c05b1a3f1dea10ee7bf655994953394ea43044b80ea5d3ad7d9e92a50da9b1bdec0028d9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe

Filesize
184KB

MD5
b30f6dc786dbbfad8cc03ffcf19960a4

SHA1
6b7afca46cf54af8826561ea3c9adc79abbf18c5

SHA256
8532c131f948ca4d89b170bd75f27f9d79ed0e9edb444a62a1f013bb40a10d22

SHA512
127dd9178767b73724c18986c892c085f1659695477a336043b9ba3709793b1e8e6417e3532e6fc1f713dbc2cc899e97946b96b67263149a36d249ea0e2a4543

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe

Filesize
184KB

MD5
f61442b406e90befcfa1dac4c2bcad2f

SHA1
c200374d15deae02d263817450bc3899fe6e5464

SHA256
5927e4e3b094b3e5949092edf6464e6ab5a4413018419dce8db4e79f5c1730c7

SHA512
c2766ca563f79314d9b1f898a6de2ce0e48fe5246cbadb7cd6b776251e04589261e66a736d7028457bf75633753f4ab68224090171ad731e2c4910c4bc031cc5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33768.exe

Filesize
184KB

MD5
db9f885247c063d06a14d5c975b2ce55

SHA1
48c8e6d3ee2e27f715a6537215d9e3601944377c

SHA256
8fb61656f4604d169451d6bd8e1252ee072655691c38c777bcfcfa256942a1a5

SHA512
db7d72f07ac1f203e5bca1254e919aff99da17d2d85f37f798ceeeae6df14cd42daf56b5c28047c098d3d9545c1081d5374d20951e0e37292f31e14dac3d6380

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40429.exe

Filesize
184KB

MD5
478d53d0034191d1370b15458af35c99

SHA1
2b0387421754698d43442a4dd330cb19a5c31536

SHA256
7096fa144509a5b77107b024d1183ced9fa071ff3389538a5a62c60314c7b237

SHA512
bb022f7c0be23b7da190862c9f005d0e74e9931a93092c456e3ab7a33635f226c39c6ecd9bffb2ba1949e993f46cd8f3c11318e8884e805e9c9491f6abf0e780

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43618.exe

Filesize
184KB

MD5
44535b723985bf90918f1bfa9b631e80

SHA1
26e782bfb9e772e414e7078cb6c62c2e9fe60bba

SHA256
bf00b0676219304eec66111ee9aaf77a72883a4e2e23e8f628ccd9a3b36d0337

SHA512
07d71605ec0647518a8b5324cf184e1413a255fa4606f0f9c22f1105b76d7e30f32c6b88458b5ad240b8a156437f29f1e8231f9bee09bbef988e8fe7ed854dd7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4639.exe

Filesize
184KB

MD5
796fa9a14f3f4ff848f0d81883f664e4

SHA1
e0081cca801b57dc6a998c265c8afe20e085ec57

SHA256
2fd3757260d9f88a710990ad594e0ad03b8e3f2657cb9e2c4e273d7b43d61097

SHA512
bc2edb7884110a68f391ba2faaae802815568ad7f45d55e6c3c998dfa4826034d0f390dc57090f81fc527dcb0eb5207b1839a1845ad63104dff9d8e32e850552

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe

Filesize
184KB

MD5
953a005764ff070be8dbf35b68559a26

SHA1
95c8b583592e3c308c53f7f6c024a1a4073deaa7

SHA256
793f905e7de688d19679c0b1c0c89fbcfde3dc888fbe9f6753ccc1c83b50d89e

SHA512
cd4f8d4437fab77577e6ea071a8ea5f382ce4726ddec282da6d89b9793f16853f80e22dfc594fb4bd938f8e651fa3fced8ac9bfbc8ea8f8c4a5ed54d4e98519f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54639.exe

Filesize
184KB

MD5
d205d36155c3a9c5a6d88f2d2f743529

SHA1
8445a720dfef1639a07066e0091a497ac43dbb3f

SHA256
8adeddcbd1f2e31516ecef70a7b5b959e7ed051241930747f01e5631aa1be896

SHA512
c1d2804ee49c0201363b4e08f3109158a9ff22d7459cc55debfbebd3cc68d55acd41926c9e55864799a89c2cdae3d8703644590a632bd7278a25c018e98923e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64657.exe

Filesize
184KB

MD5
46fae0ef8ca907b63e493c9c314421c2

SHA1
062905069635ade129a35cc52647ceb2cc5f981a

SHA256
fa58d157a53a8fb15d7b0e79ff15bb8ef845a9a581564be00ae836f10f5e8e5a

SHA512
1dfe6c1aec15bed5c12e5846259067cf3cec81cd112e7b819ccfc216d3cfc2367b84a9ddb580cf45de7a46b466c9b4c085c14b668bcb46a0b8731f94be9c38d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe

Filesize
184KB

MD5
8dc33d2286ac778c0691dec445878456

SHA1
d55fe42d24d06fcafaeac8994036e3b6bda42cb8

SHA256
96c6715d65403c4d0153011e996c87477efca85abd9d5bf6ee47bbe217cb675d

SHA512
9a6962ebdbfff3140a2c8f81d6b3ee7b2aa2b7f675c6ba880811a041e1bf51383be8e7498501272781e4952911868748c4e1f5e3cb61a480d9fcb8f6b90bb3b9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads