0dd87d863b56d3852bd17737a451aa101e2823b27d09d06ff9c998e045a30ed9

Analysis

max time kernel
91s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

726923533435ba5fd9b9aa4ff1d1bd7a.exe
Size

184KB
MD5

726923533435ba5fd9b9aa4ff1d1bd7a
SHA1

ca827d93307a43f51884efbb11ac350ea56e37c1
SHA256

0dd87d863b56d3852bd17737a451aa101e2823b27d09d06ff9c998e045a30ed9
SHA512

fc63ef2a325e90860fee7e9df09517ab4367fbdb001cf1844fe80dd9cd67fa9c7f3203db43d57dc904ac5f6738b1df5d92eb78533f5a6ec59650324da7edc771
SSDEEP

3072:SPIHozE4f9A07OjCdTsWA8FbqtI6ODfIf6Exg9PPQNlPvpFl:SPEoTq07tdoWA8tQ6eNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3016	Unicorn-38500.exe
2708	Unicorn-56419.exe
2884	Unicorn-44722.exe
1704	Unicorn-57078.exe
2752	Unicorn-40227.exe
2692	Unicorn-47841.exe
1876	Unicorn-44175.exe
2912	Unicorn-36561.exe
3064	Unicorn-4294.exe
2440	Unicorn-24715.exe
1348	Unicorn-4849.exe
472	Unicorn-56676.exe
2652	Unicorn-64844.exe
1980	Unicorn-246.exe
1616	Unicorn-11751.exe
2076	Unicorn-44595.exe
2016	Unicorn-64460.exe
1892	Unicorn-2872.exe
2484	Unicorn-16748.exe
2320	Unicorn-32146.exe
1848	Unicorn-41622.exe
1808	Unicorn-53874.exe
2032	Unicorn-49214.exe
932	Unicorn-62597.exe
1648	Unicorn-29178.exe
732	Unicorn-45685.exe
928	Unicorn-25264.exe
1952	Unicorn-35291.exe
2888	Unicorn-27123.exe
1592	Unicorn-64818.exe
1212	Unicorn-11938.exe
1948	Unicorn-24745.exe
2728	Unicorn-28467.exe
2340	Unicorn-33105.exe
2828	Unicorn-27891.exe
2584	Unicorn-28083.exe
2648	Unicorn-18414.exe
3048	Unicorn-29597.exe
2052	Unicorn-58892.exe
2564	Unicorn-37896.exe
1964	Unicorn-21752.exe
3032	Unicorn-54424.exe
3056	Unicorn-11014.exe
1128	Unicorn-55192.exe
1412	Unicorn-11782.exe
364	Unicorn-19588.exe
2672	Unicorn-56515.exe
1228	Unicorn-27180.exe
2096	Unicorn-36609.exe
2968	Unicorn-29593.exe
2380	Unicorn-50568.exe
2792	Unicorn-33101.exe
2824	Unicorn-49437.exe
1956	Unicorn-53713.exe
396	Unicorn-33847.exe
1540	Unicorn-12680.exe
2324	Unicorn-2291.exe
1800	Unicorn-22157.exe
884	Unicorn-47216.exe
2004	Unicorn-54253.exe
1200	Unicorn-58892.exe
840	Unicorn-17689.exe
860	Unicorn-59084.exe
1604	Unicorn-23610.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe
1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe
3016	Unicorn-38500.exe
3016	Unicorn-38500.exe
1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe
1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe
2884	Unicorn-44722.exe
2884	Unicorn-44722.exe
2708	Unicorn-56419.exe
3016	Unicorn-38500.exe
2708	Unicorn-56419.exe
3016	Unicorn-38500.exe
1704	Unicorn-57078.exe
1704	Unicorn-57078.exe
2884	Unicorn-44722.exe
2884	Unicorn-44722.exe
2692	Unicorn-47841.exe
2692	Unicorn-47841.exe
2752	Unicorn-40227.exe
2708	Unicorn-56419.exe
2752	Unicorn-40227.exe
2708	Unicorn-56419.exe
2912	Unicorn-36561.exe
2912	Unicorn-36561.exe
1876	Unicorn-44175.exe
1876	Unicorn-44175.exe
1704	Unicorn-57078.exe
1704	Unicorn-57078.exe
1348	Unicorn-4849.exe
1348	Unicorn-4849.exe
2752	Unicorn-40227.exe
2752	Unicorn-40227.exe
2440	Unicorn-24715.exe
2440	Unicorn-24715.exe
472	Unicorn-56676.exe
472	Unicorn-56676.exe
2912	Unicorn-36561.exe
2912	Unicorn-36561.exe
1980	Unicorn-246.exe
1980	Unicorn-246.exe
2076	Unicorn-44595.exe
2076	Unicorn-44595.exe
1616	Unicorn-11751.exe
1616	Unicorn-11751.exe
1348	Unicorn-4849.exe
1348	Unicorn-4849.exe
2016	Unicorn-64460.exe
2016	Unicorn-64460.exe
2652	Unicorn-64844.exe
2652	Unicorn-64844.exe
2440	Unicorn-24715.exe
1876	Unicorn-44175.exe
2440	Unicorn-24715.exe
1876	Unicorn-44175.exe
2484	Unicorn-16748.exe
1892	Unicorn-2872.exe
1892	Unicorn-2872.exe
2484	Unicorn-16748.exe
472	Unicorn-56676.exe
472	Unicorn-56676.exe
2320	Unicorn-32146.exe
2320	Unicorn-32146.exe
1980	Unicorn-246.exe
1980	Unicorn-246.exe

Program crash 19 IoCs

pid	pid_target	Process	procid_target
2036	2652	WerFault.exe	40
1064	396	WerFault.exe	82
1652	1752	WerFault.exe	99
1440	3032	WerFault.exe	69
1732	3056	WerFault.exe	70
1664	1648	WerFault.exe	51
812	2440	WerFault.exe	93
668	2720	WerFault.exe	94
2944	2244	WerFault.exe	118
2328	1632	WerFault.exe	193
2132	2144	WerFault.exe	144
840	1688	WerFault.exe	140
1112	1964	WerFault.exe	219
1948	1916	WerFault.exe	237
3124	1212	WerFault.exe	251
3416	2708	WerFault.exe	231
3612	1636	WerFault.exe	261
3604	2056	WerFault.exe	235
3668	3028	WerFault.exe	263

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe
3016	Unicorn-38500.exe
2708	Unicorn-56419.exe
2884	Unicorn-44722.exe
2752	Unicorn-40227.exe
1704	Unicorn-57078.exe
2692	Unicorn-47841.exe
1876	Unicorn-44175.exe
2912	Unicorn-36561.exe
3064	Unicorn-4294.exe
1348	Unicorn-4849.exe
2440	Unicorn-24715.exe
472	Unicorn-56676.exe
1980	Unicorn-246.exe
2652	Unicorn-64844.exe
2076	Unicorn-44595.exe
1616	Unicorn-11751.exe
2016	Unicorn-64460.exe
1892	Unicorn-2872.exe
2484	Unicorn-16748.exe
2320	Unicorn-32146.exe
1848	Unicorn-41622.exe
1808	Unicorn-53874.exe
2032	Unicorn-49214.exe
732	Unicorn-45685.exe
932	Unicorn-62597.exe
1648	Unicorn-29178.exe
928	Unicorn-25264.exe
1952	Unicorn-35291.exe
2888	Unicorn-27123.exe
1592	Unicorn-64818.exe
1948	Unicorn-24745.exe
1212	Unicorn-11938.exe
2728	Unicorn-28467.exe
2340	Unicorn-33105.exe
2828	Unicorn-27891.exe
2584	Unicorn-28083.exe
2648	Unicorn-18414.exe
3048	Unicorn-29597.exe
2052	Unicorn-58892.exe
2564	Unicorn-37896.exe
1964	Unicorn-21752.exe
3032	Unicorn-54424.exe
3056	Unicorn-11014.exe
1128	Unicorn-55192.exe
1412	Unicorn-11782.exe
364	Unicorn-19588.exe
2672	Unicorn-56515.exe
1228	Unicorn-27180.exe
2096	Unicorn-36609.exe
2968	Unicorn-29593.exe
2380	Unicorn-50568.exe
2792	Unicorn-33101.exe
2824	Unicorn-49437.exe
396	Unicorn-33847.exe
1956	Unicorn-53713.exe
2324	Unicorn-2291.exe
1540	Unicorn-12680.exe
1800	Unicorn-22157.exe
884	Unicorn-47216.exe
840	Unicorn-17689.exe
2004	Unicorn-54253.exe
1200	Unicorn-58892.exe
860	Unicorn-59084.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 3016	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	28
PID 1740 wrote to memory of 3016	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	28
PID 1740 wrote to memory of 3016	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	28
PID 1740 wrote to memory of 3016	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	28
PID 3016 wrote to memory of 2708	3016	Unicorn-38500.exe	29
PID 3016 wrote to memory of 2708	3016	Unicorn-38500.exe	29
PID 3016 wrote to memory of 2708	3016	Unicorn-38500.exe	29
PID 3016 wrote to memory of 2708	3016	Unicorn-38500.exe	29
PID 1740 wrote to memory of 2884	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	30
PID 1740 wrote to memory of 2884	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	30
PID 1740 wrote to memory of 2884	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	30
PID 1740 wrote to memory of 2884	1740	726923533435ba5fd9b9aa4ff1d1bd7a.exe	30
PID 2884 wrote to memory of 1704	2884	Unicorn-44722.exe	31
PID 2884 wrote to memory of 1704	2884	Unicorn-44722.exe	31
PID 2884 wrote to memory of 1704	2884	Unicorn-44722.exe	31
PID 2884 wrote to memory of 1704	2884	Unicorn-44722.exe	31
PID 2708 wrote to memory of 2692	2708	Unicorn-56419.exe	32
PID 2708 wrote to memory of 2692	2708	Unicorn-56419.exe	32
PID 2708 wrote to memory of 2692	2708	Unicorn-56419.exe	32
PID 2708 wrote to memory of 2692	2708	Unicorn-56419.exe	32
PID 3016 wrote to memory of 2752	3016	Unicorn-38500.exe	33
PID 3016 wrote to memory of 2752	3016	Unicorn-38500.exe	33
PID 3016 wrote to memory of 2752	3016	Unicorn-38500.exe	33
PID 3016 wrote to memory of 2752	3016	Unicorn-38500.exe	33
PID 1704 wrote to memory of 1876	1704	Unicorn-57078.exe	34
PID 1704 wrote to memory of 1876	1704	Unicorn-57078.exe	34
PID 1704 wrote to memory of 1876	1704	Unicorn-57078.exe	34
PID 1704 wrote to memory of 1876	1704	Unicorn-57078.exe	34
PID 2884 wrote to memory of 2912	2884	Unicorn-44722.exe	35
PID 2884 wrote to memory of 2912	2884	Unicorn-44722.exe	35
PID 2884 wrote to memory of 2912	2884	Unicorn-44722.exe	35
PID 2884 wrote to memory of 2912	2884	Unicorn-44722.exe	35
PID 2692 wrote to memory of 3064	2692	Unicorn-47841.exe	36
PID 2692 wrote to memory of 3064	2692	Unicorn-47841.exe	36
PID 2692 wrote to memory of 3064	2692	Unicorn-47841.exe	36
PID 2692 wrote to memory of 3064	2692	Unicorn-47841.exe	36
PID 2752 wrote to memory of 2440	2752	Unicorn-40227.exe	38
PID 2752 wrote to memory of 2440	2752	Unicorn-40227.exe	38
PID 2752 wrote to memory of 2440	2752	Unicorn-40227.exe	38
PID 2752 wrote to memory of 2440	2752	Unicorn-40227.exe	38
PID 2708 wrote to memory of 1348	2708	Unicorn-56419.exe	37
PID 2708 wrote to memory of 1348	2708	Unicorn-56419.exe	37
PID 2708 wrote to memory of 1348	2708	Unicorn-56419.exe	37
PID 2708 wrote to memory of 1348	2708	Unicorn-56419.exe	37
PID 2912 wrote to memory of 472	2912	Unicorn-36561.exe	39
PID 2912 wrote to memory of 472	2912	Unicorn-36561.exe	39
PID 2912 wrote to memory of 472	2912	Unicorn-36561.exe	39
PID 2912 wrote to memory of 472	2912	Unicorn-36561.exe	39
PID 1876 wrote to memory of 2652	1876	Unicorn-44175.exe	40
PID 1876 wrote to memory of 2652	1876	Unicorn-44175.exe	40
PID 1876 wrote to memory of 2652	1876	Unicorn-44175.exe	40
PID 1876 wrote to memory of 2652	1876	Unicorn-44175.exe	40
PID 1704 wrote to memory of 1980	1704	Unicorn-57078.exe	41
PID 1704 wrote to memory of 1980	1704	Unicorn-57078.exe	41
PID 1704 wrote to memory of 1980	1704	Unicorn-57078.exe	41
PID 1704 wrote to memory of 1980	1704	Unicorn-57078.exe	41
PID 1348 wrote to memory of 1616	1348	Unicorn-4849.exe	42
PID 1348 wrote to memory of 1616	1348	Unicorn-4849.exe	42
PID 1348 wrote to memory of 1616	1348	Unicorn-4849.exe	42
PID 1348 wrote to memory of 1616	1348	Unicorn-4849.exe	42
PID 2752 wrote to memory of 2076	2752	Unicorn-40227.exe	43
PID 2752 wrote to memory of 2076	2752	Unicorn-40227.exe	43
PID 2752 wrote to memory of 2076	2752	Unicorn-40227.exe	43
PID 2752 wrote to memory of 2076	2752	Unicorn-40227.exe	43

C:\Users\Admin\AppData\Local\Temp\726923533435ba5fd9b9aa4ff1d1bd7a.exe
"C:\Users\Admin\AppData\Local\Temp\726923533435ba5fd9b9aa4ff1d1bd7a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8825.exe
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
        9⤵
        
        PID:1632
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 148
        10⤵
        Program crash
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32618.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62702.exe
        9⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60193.exe
        10⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        11⤵
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11201.exe
        6⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15681.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        10⤵
        
        PID:2072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27891.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45608.exe
        10⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12738.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
        12⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12691.exe
        9⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        11⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        12⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18414.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52966.exe
        7⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8991.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
        10⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        11⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55753.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
        10⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57336.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37194.exe
        12⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        13⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44454.exe
        14⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        15⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        14⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28864.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
        14⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30706.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        13⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28824.exe
        6⤵
        
        PID:1752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
        7⤵
        Program crash
        
        PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28083.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        9⤵
        
        PID:432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45271.exe
        11⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62082.exe
        12⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33847.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
        8⤵
        Program crash
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29597.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27310.exe
        7⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        8⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15208.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        10⤵
        
        PID:2552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22157.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52868.exe
        9⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        10⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
        11⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30338.exe
        10⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2286.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
        9⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10377.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50759.exe
        12⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5333.exe
        10⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        11⤵
        
        PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41622.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29593.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43553.exe
        9⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50568.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60615.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49448.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
        9⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36992.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        9⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40702.exe
        10⤵
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51304.exe
        11⤵
        
        PID:2864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        7⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2157.exe
        8⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1612.exe
        9⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56322.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6251.exe
        8⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28551.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37002.exe
        10⤵
        
        PID:1676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29178.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31093.exe
        8⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
        9⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        10⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63016.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
        13⤵
        
        PID:516
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 380
        13⤵
        Program crash
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17707.exe
        12⤵
        
        PID:1040
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 380
        12⤵
        Program crash
        
        PID:3416
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 376
        11⤵
        Program crash
        
        PID:2132
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 376
        10⤵
        Program crash
        
        PID:2944
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 376
        9⤵
        Program crash
        
        PID:812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 376
        8⤵
        Program crash
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28317.exe
        8⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41989.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
        11⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        12⤵
        
        PID:2876
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 380
        12⤵
        Program crash
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        11⤵
        
        PID:320
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 380
        11⤵
        Program crash
        
        PID:3604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 376
        10⤵
        Program crash
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14147.exe
        9⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        11⤵
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 380
        11⤵
        Program crash
        
        PID:3612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 380
        10⤵
        Program crash
        
        PID:1948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 368
        9⤵
        Program crash
        
        PID:840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 376
        8⤵
        Program crash
        
        PID:668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 368
        7⤵
        Program crash
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23610.exe
        7⤵
        Executes dropped EXE
        
        PID:1604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 376
        7⤵
        Program crash
        
        PID:1732
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 376
        6⤵
        Program crash
        
        PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17689.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        8⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1207.exe
        9⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63210.exe
        10⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
        11⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
        12⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27626.exe
        13⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32037.exe
        12⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55597.exe
        9⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        10⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55852.exe
        11⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        12⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20418.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        11⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        7⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
        8⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3143.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
        10⤵
        
        PID:2092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-246.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32146.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11938.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54253.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        8⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50569.exe
        9⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63994.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        12⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31144.exe
        12⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51721.exe
        9⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        7⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6936.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
        13⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
        13⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65296.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
        11⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63278.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44248.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
        11⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34262.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10543.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48922.exe
        13⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
        12⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13106.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17954.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43.exe
        9⤵
        
        PID:1996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27123.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19588.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60989.exe
        9⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
        10⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
        11⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56515.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
        9⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        7⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
        8⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20917.exe
        9⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64731.exe
        10⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30505.exe
        11⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42233.exe
        13⤵
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
        6⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50979.exe
        8⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60411.exe
        9⤵
        
        PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35172.exe
        7⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33496.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55234.exe
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20575.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28258.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20469.exe
        12⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28694.exe
        13⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8828.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53776.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62824.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        11⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11782.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40906.exe
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9349.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57274.exe
        9⤵
        
        PID:3012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe

Filesize
184KB

MD5
c7493d26d5bc6e50adef6baca880e17c

SHA1
3dd8045632ba6f6618e169f407a02d478235a4f1

SHA256
7e89e0fb3f91adbe9a3abd7a60fa06ae526204b67d8ad7fa4dcaa96abbe53199

SHA512
a305940a15612477fdc3a4d800e1e7e7fbb24c2d87f4f58632bc17cb1e088982245aba5daccd19759ecf7566bcf44b6ffa0b083b39ad963b91bea37efdd403b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe

Filesize
184KB

MD5
9fcc9d882b2cd070e5ffd59adfb2113c

SHA1
6fce244d8b4502950dc82f2d6fe536d8cbca4e9b

SHA256
d89e7ff116d0aabd640000abc0ea5a2f5bad1663636ee0d2292f54579945d9f5

SHA512
d4988faddcd051436655a2872c33e53d70da20b6fe6e91f0f8fc0d9908d69fe3ae416ca40852559bb29cd3239d6a93a2c353925b60a8e12c1ccde76793c7b483

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe

Filesize
184KB

MD5
7adb32a60d7555e88348b963d9ced957

SHA1
f90bfab6352175352f5d5841379f7b69c583c287

SHA256
910a26048e2328dc26017ee3a3b0d3aff66d35440023266a1d56dc3aaa30e51b

SHA512
4bebbf7c308892be652313ea59a6ac19b657cdbd48ded470eabfd54d56239f4734c5458467c396607ea4764a295e993ffa0ec8c2ac4448390a73e6bebf521c41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe

Filesize
184KB

MD5
f00f08143122511db81b71cbbe036925

SHA1
181accc4c7fc612d9008ba21a5959ca6d61cc194

SHA256
d1738d7cdc549598ef4827b39aa0c2f4714592932a1ba366d5db661b938b80c2

SHA512
f5baf283831e1f3d19c8a443672b6f4b33f9b2747beb6aabe2e5df164cc4f470710ec516cb09ebbdbb92c472b547d5c7797b5030ce8ca914be0b9664f597cf52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64844.exe

Filesize
184KB

MD5
bbeb1a7db4c2767937951b6eac06bf0b

SHA1
c00495d66baac539c0d32094bd8bb5c6f5a45bd8

SHA256
1cb40f2d7e753c93ffab4d859673a1d6031831ee7665701fb7682e9a24e0a0e9

SHA512
06be1926e680e6e2f556058219e10a7c76bb0c26a02c1b44f4b8b0b625911702a0c4cf027b24ddf2d4ff7486f37151b77386134feb7e619ba12a3d1c0f49a5e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe

Filesize
184KB

MD5
3e4cb2b749e2c7728e500d484a2f9003

SHA1
146f74100fda995a89ddfcc770f74134577ef655

SHA256
8f0eceda410a640064efcd985621ed61d577a9ea6cd47bbb4593947af8dc78f0

SHA512
d14a321fab293a113ae174342aca2cac49755bdf2b527c22592636e131b9cf97a8631770ceb7c0132a1230158725cd9d30e822a32a959e0c2a102a9f919b7e3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11751.exe

Filesize
184KB

MD5
2dea37b9511d293b0a31c7a0947aa92f

SHA1
f7af9266682e5517fa62513a91acf59d5fd0a528

SHA256
5b60ff9a452fac01bc05171531add0bb695a121df9e11589ccc7e62c11d53fc4

SHA512
6ad1aa027114f9c859ea233766d080e740b3ad4a558092704eefe170439ee14125a46dbb81188f902a6072cc18ac016220c4084b74e2c53ca45d9f663db1c069

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-246.exe

Filesize
184KB

MD5
67fd03e2ad0ad37a97d451b95c5f06c2

SHA1
d7739388bd88b69c09ac7deca6431098f35f8954

SHA256
036c0152cff3141fb5f5b85f1822b97b9ae1a45aa9a9485be063426aeaf17a80

SHA512
1236e39cd530957e19851e6bddee11d273207da92379201fea8859a3299378d1342398cddc8b9143cd61d5527acf379248451e09389b70729d83e0d36a48b725

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24715.exe

Filesize
184KB

MD5
abd0b3c74c711675c2ede8ab70728815

SHA1
db2bf1e29fecc1d4adef178648304a7e26d2205d

SHA256
08c24b8cef05f8447ed81f9b4f618f583a4caaff12d511eb4d70022655180e46

SHA512
a26918ee812e59c967b39d2d901f6c14f5647cbe7ce483dd7f727898b98bc1bb7c290ad573fcbd82d9b5ab8fca801e5f24d93823b7be906271a461968963eb2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe

Filesize
184KB

MD5
c51da35fb5b6dca85900d7af5641083c

SHA1
f9d1046bc5c9c0ccf96a0d1ca1716714ae1ca677

SHA256
8e68bc3f9c8a7f05a53008f52a0a9bd220a0ef8999f6a937da565b486dc44c53

SHA512
1813c30a3ea2c8bd22225d5759275bc2689f05df46137f7c617aa7e51d1ea140f70ad590fcbf91ae60f6bb88b8057c22eb3865ea9eabcf83a4228fc8e0e9c2a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe

Filesize
184KB

MD5
845ef41b4bfd9146d3d072cbcb053a18

SHA1
015e49ebd151aa4e79261f355e6f59e35845d14a

SHA256
0ff644e20bc6e8ebb782d7225cc0abf9be9df67e1a462fcab8fbb840cc6ef709

SHA512
77491c70cf409f33f9ce3206bc8ac4c9fe988b89a9219f4237d001d57738548c0fdda563d5a79c546eb869be9b21c6d92ff0786d360221c061280c8a05495219

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe

Filesize
184KB

MD5
ca852e8d81872875284cddcac84b6e7b

SHA1
c125c9e97ef0febf208cd61ab11feead3b912a83

SHA256
1850cd1f8df1f44e09df1583d50e3094f80dd175fde3fbf1f0bedf0034347276

SHA512
50f90c47617f8e6d636d4408a267b9f0a613baa1f7194d4c7586a59c9935df3d134a9db0d4e03a2ee0449d13838dd4f13607988a17a422bb7d30371664652f77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe

Filesize
184KB

MD5
821efc4786dc4428fde879a0330eb485

SHA1
f6fdb12f98f4bfd919802c993ae74534d6cfb031

SHA256
9c5c57d0af66c1312f39989fdfec9455ebabaebaa5061e89b3f39bed0de062f3

SHA512
5d6002efab0a1c50dd8e63e738be645e91141987e574b4e7ebe7ec6de9b9df2d11059f12a94068150168774362d9ff9bd8935fe2c8da71d5cb26eb72038c203f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44175.exe

Filesize
184KB

MD5
db3a551fb7b788e0720e8a948a1c23a9

SHA1
0ed2f696ae7e077f2302ec3f25e41289ddcc5b5a

SHA256
7f4a2997f86c48dc83c722eeaf2d4aef5c7e225a292770ca8e871afaf72fa323

SHA512
e7d78f021ea680f902ee7e90d1b8ee4fab59ef2b0ada704d25aa0b390b409d5879c1b8dd9b4bc9919ab49a0da74853169ea4ae1b2eb722e091751b692bc9aee4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44595.exe

Filesize
184KB

MD5
ecd04eda63868d5bc524673e4bfe30fd

SHA1
65b395ca816870337348796483233c1eed9e6296

SHA256
e80a0dc2d7f60fd728afcb38a95d99727928b7f8a24d5bfcd26caab9770f832f

SHA512
0457d86b157c472078ea673d39a296d622c883eb4a32c9b0096f614faa76c78509e834a48500cb03e34a6107ef0ca22cb4fc14a1ad69cf74d9b98d7ddbb044db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44722.exe

Filesize
184KB

MD5
efcfadc3ae74c42068e6515bda88635b

SHA1
bb62eeb80449ddccd6201a5e3a16a8278d3001f5

SHA256
005edd6f3d8bd5439128d8bbe6f0840aecadba0da47f0d9b787a741a18c09296

SHA512
46b6ddb424eeb9e288d22284c38e4227317e3ab4a6001caf37bdcf0691d9fc2fbbbbd915b6cf2925a5996640e3f5a8dbe50649d2f174a5b08eb0887986b2a625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe

Filesize
184KB

MD5
f6b3640df6e5e906e451c3373cab4a86

SHA1
cc6a5f8714dc697b0c3f8f307dc72426dcd4bca1

SHA256
973486c6d737b6a3e07ccbe5cfdb512e4a5e157739dba25ce68b3966e5efcd2e

SHA512
8b9a34af409e0772cc25bca7e71bdb10b7082ceefe8bb263495fdd74dfb55d631c0b5756541533e91c8bf616d2fef5360a68ee9064b1753eb707c9b1a9e47298

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4849.exe

Filesize
184KB

MD5
ea659a3762dff1e34c28743ba0702018

SHA1
6d14facbc2915fe88b171a13fef8dd62f9775ace

SHA256
d5c99005dd7af39de785d3ac90b8a69a2a3ccf1c3e21cf38dc0d7fbe67b9417e

SHA512
927edcdc79bf3067041c101ee97055a11457e2b91818164abfc77f6aea151e4d10e63ed04f8faabef221da6e51ab638c5f27575c402146a8a9ed244bd285d948

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56419.exe

Filesize
184KB

MD5
ee85ba1087903449b304865972e49930

SHA1
46b33f1a300be9774b28c608d68a7f814fbc1e20

SHA256
396b7340a25baf5ebf54649b705bc9aa602cb936a76eb8ffd458d4660863a8c9

SHA512
ba1cc93353d1ce30a3e1624a31d4885f06a7bd2e7030a761f6d89df99ccbd1e2a5817bf6271b7c3b60ece7f8adfbe53f0bf337ce6540d7b3dff5b37b20155d93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe

Filesize
184KB

MD5
4edf7843fbd6f241e9ccbe4f07843420

SHA1
d9e101f4c63b8295ad4fd3bd82cf20fc9d098995

SHA256
1c4b680d2c79deb5746e9585ddacc6ba613f294b1ac54c66d5eaa0d181bff574

SHA512
0235fa29e35f1cea26ff3fb863fbd6eb3adae7eef2ea15ae643be6605818d5be672c0e193a43539c324e8e81b9799fcad82e6936855a081ff1596025dbe65076

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe

Filesize
184KB

MD5
2391abe670715ea875e8ab6a7f0ef480

SHA1
2561b63a0216d72584793c4e87ed1e73ee148a5b

SHA256
2c03aab02e2a1d572fa1f911df588e6acaa110d8555bcb1dc8df691f22fa49b1

SHA512
bf6286376c3f4983fdc5779b1302834813bffd1f9a382770fb75c18a6230e74bdc7f21b2d83e8f1aedac316f56a67671340afbe85ed79e037da72461e3ea0891

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads