4739cbd6f5f7aeace7a5c7c33f92fcc496a3d82588193096223f6e4fd9b87fb3

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

752286944275317b5c70e042c139a571.exe
Size

184KB
MD5

752286944275317b5c70e042c139a571
SHA1

cff7ee6face5a0f223ba09799dd07bb5fad2bd23
SHA256

4739cbd6f5f7aeace7a5c7c33f92fcc496a3d82588193096223f6e4fd9b87fb3
SHA512

6bd18ac3a637c650caf6b7d066c528cb4d8a6a802af699628e7571fdfd28d33669ca73bb6de0050028dced328cd23a04eeb1cc92b5cae22ce07424f54bba8e95
SSDEEP

3072:MKbao+UfRhilnjGd/GMG3zlbRbz6G/oIbyYxTle4b7l6dpF1:MKGoHXiladOMG3z3VVB7l6dpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2848	Unicorn-15630.exe
2808	Unicorn-56662.exe
2636	Unicorn-37524.exe
2624	Unicorn-21188.exe
1964	Unicorn-58691.exe
1580	Unicorn-54607.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
652	Unicorn-2173.exe
2044	Unicorn-9786.exe
1400	Unicorn-1618.exe
1920	Unicorn-58987.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1160	Unicorn-15577.exe
1524	Unicorn-31406.exe
1680	Unicorn-60741.exe
1380	Unicorn-35765.exe
1612	Unicorn-47633.exe
1820	Unicorn-35381.exe
956	Unicorn-52464.exe
616	Unicorn-64161.exe
2100	Unicorn-43741.exe
3032	Unicorn-43741.exe
2088	Unicorn-19791.exe
2004	Unicorn-43741.exe
2320	Unicorn-24835.exe
3036	Unicorn-28919.exe
2012	Unicorn-53253.exe
1720	Unicorn-28426.exe
2496	Unicorn-48292.exe
2796	Unicorn-49444.exe
1740	Unicorn-9158.exe
2884	Unicorn-57228.exe
2620	Unicorn-8774.exe
2812	Unicorn-12303.exe
1248	Unicorn-63019.exe
2488	Unicorn-37960.exe
2552	Unicorn-33300.exe
1952	Unicorn-37384.exe
1692	Unicorn-53590.exe
2016	Unicorn-65287.exe
892	Unicorn-43174.exe
1836	Unicorn-29299.exe
528	Unicorn-29299.exe
2440	Unicorn-29491.exe
3064	Unicorn-34129.exe
2180	Unicorn-33191.exe
1280	Unicorn-58442.exe
1476	Unicorn-38391.exe
2756	Unicorn-43221.exe
2872	Unicorn-17395.exe
2876	Unicorn-13502.exe
2988	Unicorn-34669.exe
1860	Unicorn-54535.exe
992	Unicorn-54535.exe
2264	Unicorn-51966.exe
1536	Unicorn-8925.exe
832	Unicorn-8925.exe
1552	Unicorn-46621.exe

Loads dropped DLL 64 IoCs

pid	Process
1740	752286944275317b5c70e042c139a571.exe
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
1292	Unicorn-35033.exe
1740	752286944275317b5c70e042c139a571.exe
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
1292	Unicorn-35033.exe
2440	Unicorn-48390.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2400	Unicorn-57217.exe
2808	Unicorn-56662.exe
2808	Unicorn-56662.exe
2440	Unicorn-48390.exe
2440	Unicorn-48390.exe
2848	Unicorn-15630.exe
2848	Unicorn-15630.exe
2836	Unicorn-19055.exe
2836	Unicorn-19055.exe
2624	Unicorn-21188.exe
2624	Unicorn-21188.exe
2808	Unicorn-56662.exe
2808	Unicorn-56662.exe
2636	Unicorn-37524.exe
2636	Unicorn-37524.exe
1580	Unicorn-54607.exe
1580	Unicorn-54607.exe
1964	Unicorn-58691.exe
1964	Unicorn-58691.exe
2400	Unicorn-57217.exe
2400	Unicorn-57217.exe
2848	Unicorn-15630.exe
2848	Unicorn-15630.exe
1100	Unicorn-17104.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
476	Unicorn-34867.exe
2624	Unicorn-21188.exe
2624	Unicorn-21188.exe
652	Unicorn-2173.exe
652	Unicorn-2173.exe
1160	Unicorn-15577.exe
1160	Unicorn-15577.exe
2044	Unicorn-9786.exe
2044	Unicorn-9786.exe
2636	Unicorn-37524.exe
2636	Unicorn-37524.exe
1920	Unicorn-58987.exe
1920	Unicorn-58987.exe
1556	Unicorn-51566.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1400	Unicorn-1618.exe
2248	Unicorn-35443.exe
1400	Unicorn-1618.exe
1964	Unicorn-58691.exe
1964	Unicorn-58691.exe
1580	Unicorn-54607.exe
1580	Unicorn-54607.exe
1100	Unicorn-17104.exe
1100	Unicorn-17104.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
2568	3064	WerFault.exe	77
2524	2016	WerFault.exe	73
2060	2560	WerFault.exe	109
2704	2508	WerFault.exe	220
1612	2668	WerFault.exe	173
1812	2188	WerFault.exe	265
436	1384	WerFault.exe	278
1628	2628	WerFault.exe	330
868	1484	WerFault.exe	366

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1740	752286944275317b5c70e042c139a571.exe
1292	Unicorn-35033.exe
2836	Unicorn-19055.exe
2440	Unicorn-48390.exe
2400	Unicorn-57217.exe
2808	Unicorn-56662.exe
2848	Unicorn-15630.exe
2624	Unicorn-21188.exe
2636	Unicorn-37524.exe
1580	Unicorn-54607.exe
1964	Unicorn-58691.exe
1100	Unicorn-17104.exe
476	Unicorn-34867.exe
2044	Unicorn-9786.exe
652	Unicorn-2173.exe
1920	Unicorn-58987.exe
1400	Unicorn-1618.exe
1160	Unicorn-15577.exe
1556	Unicorn-51566.exe
2248	Unicorn-35443.exe
1524	Unicorn-31406.exe
1680	Unicorn-60741.exe
1380	Unicorn-35765.exe
1612	Unicorn-47633.exe
1820	Unicorn-35381.exe
956	Unicorn-52464.exe
2004	Unicorn-43741.exe
2100	Unicorn-43741.exe
2320	Unicorn-24835.exe
2088	Unicorn-19791.exe
616	Unicorn-64161.exe
3032	Unicorn-43741.exe
3036	Unicorn-28919.exe
2496	Unicorn-48292.exe
1720	Unicorn-28426.exe
2012	Unicorn-53253.exe
2796	Unicorn-49444.exe
1740	Unicorn-9158.exe
2884	Unicorn-57228.exe
2620	Unicorn-8774.exe
2812	Unicorn-12303.exe
1248	Unicorn-63019.exe
2488	Unicorn-37960.exe
2552	Unicorn-33300.exe
1952	Unicorn-37384.exe
1692	Unicorn-53590.exe
2016	Unicorn-65287.exe
892	Unicorn-43174.exe
1836	Unicorn-29299.exe
528	Unicorn-29299.exe
3064	Unicorn-34129.exe
2440	Unicorn-29491.exe
1280	Unicorn-58442.exe
2180	Unicorn-33191.exe
2872	Unicorn-17395.exe
2756	Unicorn-43221.exe
1476	Unicorn-38391.exe
2876	Unicorn-13502.exe
1860	Unicorn-54535.exe
2264	Unicorn-51966.exe
832	Unicorn-8925.exe
2988	Unicorn-34669.exe
992	Unicorn-54535.exe
2072	Unicorn-2101.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	28
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	28
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	28
PID 1740 wrote to memory of 1292	1740	752286944275317b5c70e042c139a571.exe	28
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	29
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	29
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	29
PID 1292 wrote to memory of 2836	1292	Unicorn-35033.exe	29
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	30
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	30
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	30
PID 1740 wrote to memory of 2440	1740	752286944275317b5c70e042c139a571.exe	30
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	31
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	31
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	31
PID 1292 wrote to memory of 2400	1292	Unicorn-35033.exe	31
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	32
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	32
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	32
PID 2836 wrote to memory of 2848	2836	Unicorn-19055.exe	32
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	33
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	33
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	33
PID 2440 wrote to memory of 2808	2440	Unicorn-48390.exe	33
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	34
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	34
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	34
PID 2400 wrote to memory of 2636	2400	Unicorn-57217.exe	34
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	35
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	35
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	35
PID 2808 wrote to memory of 2624	2808	Unicorn-56662.exe	35
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	36
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	36
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	36
PID 2440 wrote to memory of 1964	2440	Unicorn-48390.exe	36
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	38
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	38
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	38
PID 2848 wrote to memory of 1100	2848	Unicorn-15630.exe	38
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	37
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	37
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	37
PID 2836 wrote to memory of 1580	2836	Unicorn-19055.exe	37
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	39
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	39
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	39
PID 2624 wrote to memory of 476	2624	Unicorn-21188.exe	39
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	40
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	40
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	40
PID 2808 wrote to memory of 652	2808	Unicorn-56662.exe	40
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	41
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	41
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	41
PID 2636 wrote to memory of 2044	2636	Unicorn-37524.exe	41
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	42
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	42
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	42
PID 1580 wrote to memory of 1400	1580	Unicorn-54607.exe	42
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	43
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	43
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	43
PID 1964 wrote to memory of 1920	1964	Unicorn-58691.exe	43

C:\Users\Admin\AppData\Local\Temp\752286944275317b5c70e042c139a571.exe
"C:\Users\Admin\AppData\Local\Temp\752286944275317b5c70e042c139a571.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35443.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 224
        9⤵
        Program crash
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
        9⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28874.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8435.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8622.exe
        12⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12369.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3885.exe
        14⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        15⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11039.exe
        16⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        17⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
        9⤵
        
        PID:2924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
        9⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22925.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
        12⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7756.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        14⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        15⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56185.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54450.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22827.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6843.exe
        13⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        14⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
        7⤵
        Executes dropped EXE
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33267.exe
        9⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        11⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34171.exe
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19021.exe
        13⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
        15⤵
        
        PID:1332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
        7⤵
        Executes dropped EXE
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61930.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64673.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        11⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
        12⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14030.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
        14⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        15⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55824.exe
        16⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29299.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
        8⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
        12⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        11⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
        12⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        13⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34129.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
        7⤵
        Program crash
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29491.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46035.exe
        8⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42501.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33885.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18440.exe
        12⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20547.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37897.exe
        9⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        10⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        12⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        13⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        14⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33738.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
        16⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9833.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        8⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        9⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
        10⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 224
        11⤵
        Program crash
        
        PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12303.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13777.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40916.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56344.exe
        10⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30927.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57170.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
        13⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
        14⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        15⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        16⤵
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2101.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20763.exe
        8⤵
        
        PID:652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56723.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        11⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7419.exe
        12⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        13⤵
        
        PID:1484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 200
        14⤵
        Program crash
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
        10⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17397.exe
        12⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52464.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
        7⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45035.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
        10⤵
        
        PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33191.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        7⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        8⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14269.exe
        12⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
        13⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
        14⤵
        
        PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58442.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3611.exe
        6⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53081.exe
        10⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58937.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        11⤵
        
        PID:932
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31406.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53253.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
        10⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47481.exe
        11⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26003.exe
        13⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        15⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25397.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25862.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        13⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        14⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        15⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        16⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        17⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
        12⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
        15⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
        16⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6764.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
        11⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
        12⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59584.exe
        8⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44284.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16594.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17072.exe
        12⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        13⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        14⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29592.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
        11⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40476.exe
        12⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        13⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
        12⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15357.exe
        13⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17395.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        11⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
        12⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59861.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22581.exe
        14⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62265.exe
        8⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        9⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13691.exe
        12⤵
        
        PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26518.exe
        8⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        9⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29235.exe
        10⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18649.exe
        11⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
        12⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39163.exe
        14⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        15⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        16⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15311.exe
        10⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62665.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57310.exe
        12⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
        13⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20173.exe
        14⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55637.exe
        15⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
        16⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7996.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25099.exe
        9⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36469.exe
        10⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3443.exe
        11⤵
        
        PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35765.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27924.exe
        8⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57763.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37984.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20500.exe
        13⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58953.exe
        14⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        15⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47476.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        10⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31844.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56343.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        13⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
        11⤵
        Program crash
        
        PID:436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
        10⤵
        Program crash
        
        PID:1812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
        9⤵
        Program crash
        
        PID:1612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
        8⤵
        Program crash
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9158.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        7⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        8⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2649.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21643.exe
        11⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51705.exe
        12⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43136.exe
        14⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
        15⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1940.exe
        7⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56313.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38026.exe
        10⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
        13⤵
        
        PID:2660
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37384.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10461.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20706.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22059.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
        13⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        15⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37570.exe
        7⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52252.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        10⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        11⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
        12⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58818.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        8⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52784.exe
        9⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36277.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        11⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        12⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42245.exe
        13⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        14⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
        16⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        17⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
        10⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35011.exe
        11⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        12⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50629.exe
        13⤵
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
        6⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
        7⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35677.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40275.exe
        9⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1938.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
        11⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37393.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        13⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe
        14⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        15⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45234.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11285.exe
        13⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43242.exe
        14⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23484.exe
        15⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65326.exe
        16⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        8⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42561.exe
        9⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23096.exe
        10⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51607.exe
        12⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
        13⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49519.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
        7⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30309.exe
        8⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49131.exe
        9⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24999.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27428.exe
        13⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
        14⤵
        
        PID:2080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
        6⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55521.exe
        7⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42203.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9141.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43631.exe
        12⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        13⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58761.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34828.exe
        15⤵
        
        PID:644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26414.exe
        6⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7009.exe
        11⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7388.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40754.exe
        13⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31896.exe
        14⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
        10⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        11⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
        12⤵
        
        PID:2504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57835.exe
        6⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        7⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        8⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41918.exe
        9⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19272.exe
        10⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
        12⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54158.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31699.exe
        13⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45660.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65364.exe
        11⤵
        
        PID:2628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
        12⤵
        Program crash
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        5⤵
        
        PID:564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        6⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1077.exe
        7⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31711.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14786.exe
        11⤵
        
        PID:544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe

Filesize
184KB

MD5
5f00a6db13ce4ead4149209e28c74933

SHA1
ec15ab6481f08e839b25f6088d368d168e6c5af0

SHA256
fb2fc855c57d11a47feb18002d08dd102f40e7a8ebb2db1b71ed20f4c0ddc708

SHA512
95dbfd2af2e40272f4c1f098441951b2471e3cda15a727265899f7c2b45014f862c2308c1edf477682df5f0143bc2d28b0c577c9f99247ac94406f94df39b1c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14471.exe

Filesize
184KB

MD5
f3a036f866e36880044a682e1e892937

SHA1
639c3d1fb22891642edc2e7ddb5b0f0f0a8ece5f

SHA256
2334f9e7c42139bac02105d3e7e903fddc820ac79484f106b0dc8aa1cf05aafd

SHA512
991557e9216c33e1bf740ec5a94148e82b8fd91faaa5857e5700f457d44e69914aa8f5dfb51b72f565614079946d5b3302a83c6b676e1e65e663ecb49b7fdb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1618.exe

Filesize
184KB

MD5
4f18c83445adad9aff47c28b9d795016

SHA1
4ac0ff2deecacb426cf274a78f5cc14800a4366b

SHA256
41d6fb6d112d392e4f8b68eca1ffbcb5adf646f5e653c8f630ce4c45ef7db990

SHA512
7f04786707cd8cb7a695d7409cf142cae1c5c3e74d49cba6400a648798c11994aada6e0736de642026e73b802dd7cf4c254a695113cdc4eda7b0bb37beb0ecf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17104.exe

Filesize
184KB

MD5
687b2c91356debb3c77fba2d4d39894f

SHA1
5a2caf1f7d2c612a1b33fbb68a3ba655f9eba212

SHA256
50901a59dac29406388d5beba619bd861931b5bb529cf985869f652f447fee0c

SHA512
ee966edbecbe24ac8f504531fb2a02feeedfc33607872e0adc818f5f8f2d51cd0a7f929843024510e043c075cb7698f43c4f9cd244369b374792afe4724e68f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21188.exe

Filesize
184KB

MD5
a29cb3f15e0fd512aa4a0a3422c37553

SHA1
0104743eaa4b7ef01da8bbc545297063d00d5298

SHA256
37789feb5d708e55416afcccb3a0a98792c75dc2e19526bca25223668d2aa3d6

SHA512
c9276f0e3f070d8ec51b90258d99e8393055a7d53d2bd2f6e6c6dd8d02222c51da7911dd00c63205991437354ffda196e85aa103d1a122774647855e6fcedba1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe

Filesize
184KB

MD5
0d4c3ae4199477a8dd1a4ca9a1652b8a

SHA1
0cc5cd884c98d556540f8b4bff875c0b3d4b527f

SHA256
50dbee84e9402158d02b53d065b5ee1d9c25ddbaa5cf96b4f28562a56928bf94

SHA512
ca49cd6a1fde5b0dda8c95df9a21ffa1a35d6f16bb50d462f5a4f7c72f3c258a1f3d37485a4b0f5bfa6aad181391c8ffb6be9960995f845ad72ab544fdd0424b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe

Filesize
184KB

MD5
edd692bdc7439009a3afa908f4e2c832

SHA1
7b107a3c320c9df8c44636fc8a0859d1a83ce22e

SHA256
319d3fb0f2cc95cb22f7da8f1417e77ce513d1c841ae5419fd5e00409a504cb0

SHA512
f15b063cc8677773f7fad874e7da6b39ce562cb23dd546e1d2879ba42735fe719add78b64a289a61ccfa78eee6d8bdcc429463266e9f0b2164ebee986b406c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe

Filesize
184KB

MD5
d7f33d016fe3406aafbe8d5e6c44f806

SHA1
d876661aa0058c7cc1948e44665e89af4623b7a1

SHA256
9ca1913aecd003eccf7f6204956595acde82267c4a4c98debb4fb8c44feb0f88

SHA512
b9efd5fcaeb1d712402f328650bf6a7bb228455047a2b62d8db9be0eb5582e291a1b1486e9155b4ab1b8e5f01e4fc8ed08bb86524408e91bcbc4f8dac9b66fa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe

Filesize
184KB

MD5
804e7e44f4015e6853b01d2156e515ab

SHA1
405b4a695dff3e6bfcb382ead251ee5ec9f7dc00

SHA256
8739c2e0681de7ca1a6cc541be9389d3feee3d2554bf9ea878ab092d7b769f55

SHA512
d7909e8384964fe39b3af08afaab7c0e2bff1fab393e93c0c3c1d1df211bbb48c00925e89ddcd4932b6e897c2ab25278057405eb73f0289b2e6676f683b9a494

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48390.exe

Filesize
184KB

MD5
41f35de6bfd42aff3ac4b233deab0ec0

SHA1
b5e0324985c09a22f36eae47779ba50bfe75d26e

SHA256
e27815edc7bfedbcb1d34a9f2e0b569dfa1f6fd4d358e48a310acc4322baf245

SHA512
5f75e240c462a2e898b779c73d0a9022736922a0f4ed05755ca109000409781d3379a03d51d64e97a56d5bd7df806bd626b00e967bc6ba60d047a3ad8f45a923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56197.exe

Filesize
184KB

MD5
7b512ce3fdc9f1b34c6b6b057c326194

SHA1
50feb94be6b372f4610c5be8d126f6456af138d4

SHA256
4f8503078d40ca54ad170682267e1946cb33a3a9b12cb6b6766c807cd1700172

SHA512
6f56ca26f27e3e850f98fd20227d7065f4a9ee620ef6f146a1f15150902e1a5935803ba76e68c9a7c329199f7efdde3194b915cde1ad8dbc1fded14caa5e943a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56662.exe

Filesize
184KB

MD5
7041a05d7eb762d323a2b85176c34b09

SHA1
a18838ad82b5e6c9f4fda720172b59ea075b0000

SHA256
77eda1e29152bc66214c6ee0888d15153a2403839fb2ded9aca28d41e879bfa9

SHA512
925ae1a391384b867175f40492d5df9fd57de300707a8e75325bdd147d2af51b0a10c6435a19927eea2cada4f5dd063544726538a11c5f3a727ec77c1eae1465

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58987.exe

Filesize
184KB

MD5
b11440f48f60e01cbce90c91ea17fb12

SHA1
bc73fac7f2b7379f0ac54d5e003728b935483807

SHA256
6726b3173e95e77f69b0c9ca34713c900842a422b8e2673488bbe2f15c3642a8

SHA512
c17624e96eef10e82d2ebcf913ec53200d59e2d636b45e2ad386a870a3f978f3cf8292b103a20c9014ac40cc4ff892755687b09748c19d4a79410925c173dcd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe

Filesize
184KB

MD5
eab078b4cf5a271ba07dd0572e714df2

SHA1
e4f56372266124a8adafffcc261042cf920ed9f7

SHA256
14e61dd3c2ed69e353bd714870ac255e611b35035795ba1ea454ffade528df2d

SHA512
e9050e9f2561c3ae98e898599940b805b0b0a663294e3d7fc5cb978d98e3b3909b4b3bfc19c031a727d36e103578d27f650516abb690edeef227eb406f9c809c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe

Filesize
184KB

MD5
f340950ed8a68dc73c064c5fae179436

SHA1
54afc08d2a660df0e3ba1e5809b35153c916c833

SHA256
8510e9b04c91641527c0662d9203f5d1ea24f0bd737635c086035c58b54856fc

SHA512
809995f3cb2f969214c38e4ac3a8445b0d86146fad826e86268ed55cb01107bfa19edfb2a348c0be8242d872604e385ad2401bd57eb9277ef0c237b5898bd7df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6735.exe

Filesize
184KB

MD5
c0f5e9a6fe0326c527c2a9f77ac41d6c

SHA1
5a83445f57c08d1446fc9c288cadebe96f5520d6

SHA256
362361b515127256e7f6b075c1d6210e58fb1507c4d093c988c87f726ec37899

SHA512
42866bc6d22583cad192a4736903238d9e86c0cd994c0f749ff42c39b5dac3cb0f42cc04437b2806199fc450b27cffc2b38fe9f8590bf9a2b25d1ed9f50e468c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
60aae5570984283bfa2a5104d44e1b65

SHA1
726667166cf61b8d8e5e09525bfe7f3c72272f0a

SHA256
504f2875db3d3b5c653bf57ae621c55fde189d71f0beeff21c9d5700000b1983

SHA512
002f34980220d83e1287c5754eb1dd66990d2c4ea91c04c60d8a798c65046370174790e1947f9b06142709316c09aea2aabc2a6c52ecc84fdbfa6fe3a846f524

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15577.exe

Filesize
184KB

MD5
f802d47b99fc6f96ab1a668947eddabb

SHA1
10132ca45d8d54ead0a94be96faa1b20d5c6a0f8

SHA256
8e37bb38e098f0b09b21bc9a4865cceced640ae4cdfb5651b76b6874b58fe3c8

SHA512
e1f6dbb4828aa324aa94a06e1b930fc1ac6a73c8b19ad5c0388846996ee391e5235d4126e82bc532567381ba549b619b1e90dbb73f9c064debd9754f9a82e8db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe

Filesize
184KB

MD5
f34c689796b60fef780fc3170048d539

SHA1
01457ee34e500ca4718f0ce5e24d5bfc57664d16

SHA256
d2a9a65b28460011a424eb4ead91db89d8fa96da7647095bcf6d61b4ba6fcd45

SHA512
166b258980b38e8e4900d9d7dc6e53fc3541959cdddfd022327ab4d3e2955c0135b6df3170d204cbc0ce51b09190506108115ba2314ca45525ea8ca9aca0611c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19055.exe

Filesize
184KB

MD5
b25d5ee456d23a8ffe735cfbb386be7b

SHA1
aa72726489f30eab33d8dc8a99e76ad0ddfd1873

SHA256
afa56c097770f2a0ff3a3f63f6c53f80cd7b57faa73ddf63b71a043ec56f582a

SHA512
aee4a2cfc01a4f8fba566216120c4dfb82f1caa06b451d87157229d67b1ec2e07f5bfc2e1fbedfc3c1efce81546f7f39d549acde3accf872a935bd52dfd51bad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2173.exe

Filesize
184KB

MD5
52de4f6491c10920145ed8c5fa8228b1

SHA1
94d01804a18327fe352595bfdb2180f84b325509

SHA256
a1d91a59c27739df38fa1f04fcbc6ca216d339fcf35b0e6753a28fca1a9c16ec

SHA512
bc771500f84779118c8a6ffb845a6d29e90a8a95c7461dfc746c2cc4b47f5cf6c7c182c48f47597be68b2ef28df9ff0511f7ef93bb470eab5c9cc7f6dcd3ded9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34867.exe

Filesize
184KB

MD5
56e6177e839ce312ff4c4f7758c117f4

SHA1
08e810f7a108096f169aab9387d4c340e754cfa2

SHA256
1fa5d4f191d160e2ed81d8670e764f5adf304a9d78c2dd43f3658066b03a409d

SHA512
255cbd03c2233ac208d9733152673f452b0b898e1067bd63112e5bb00e038040d5a80fdb93eaa45447215cd088baa64f936d2bc9eddd4b9daf5592a0d8cbb014

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35033.exe

Filesize
184KB

MD5
bb068220bc381bcdebeae8c77d40be72

SHA1
44690708fc0f1018475e17be0738fe9a7fa3daa2

SHA256
41ea3629d7a0814446656d32d3199027f66203a4d4eb69c325c550f6ae8c033c

SHA512
4cfbd73660883f3fed9ec9cda900eedaa75fca8ab948a5c240a29824b3e13d1f34b226642e37346e8516f2f3f79d98e4cd846f02a9c069cd76de56bd831ed2a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe

Filesize
184KB

MD5
f00d66f2fa4956d19b524cff285d9f57

SHA1
c4add1899fdd17d76dd6f43b94e3438ed737a57b

SHA256
6d5244f9e619a3637061b4a389a9255623400e45dd16bfda4f21ac2b4652e966

SHA512
852753f9aa6203dfbd86d68cd5f8cb1f63058c9b6f9a77056b4003d3c4d4270e45c16fe684eff423042f4c44913009b0ee963856badee7c1772e4df97151555f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51566.exe

Filesize
184KB

MD5
e52c65589867d8b07bf36d0da2aef4fe

SHA1
969d9947d8c161cc63227a8bb3f0e9eede4a45cc

SHA256
d2cba3be7e90ace290b7410953c29b3f4034b09fc888a25c1275dec336ca0550

SHA512
6c0a8875bf8a4cb367364a2f97040589165608a63583c332b20256514e1a4adda36219270ec4ea3b91b3e9aa4ab3f6f7eb7ecab0f663a80585b0c1c0beabe682

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54607.exe

Filesize
184KB

MD5
7bb1a78139526ebd4bf766aeb1b26a4d

SHA1
b4752ff08a04be9800d72e1bd5b9b4e71c0e5dc3

SHA256
bdaf5a06c2bf86feaa04bfdc37ff47486a7f623d1728f6809de6d327ac01a0aa

SHA512
c5026231f605c1c38d193b62e6c55d536d7c04a13ab794c6f2bac6e1fc759477407d64ebd9f184ce92e22398f52f8e728449ac35fd6215c0e66fb9657b98ee5e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57217.exe

Filesize
184KB

MD5
843621fa0012a829d3dda467e2a49aa0

SHA1
20ebc88c7dcc3d9ed7c46927d998e178a1e937d5

SHA256
6ca071a489004f3becc870af013133a96191fea5e5a5f97d77e7f8cb78fa0e7c

SHA512
44b91814c8f4ad83812a6ed906109b33e55dedcacd8c169f3a445c98db108f238b94d0fb1a08f68bd7e8538ac9e975e8bd43cc74aa624d44f482aaa1af6bd037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe

Filesize
184KB

MD5
de5b7e46d0d0e9fd827318777eddb5fb

SHA1
28b5f8290834491a963bde10104fef00c113591c

SHA256
f47493ce2806de987ca12548d2f7df639c810fc05fdb24cd3514d1c92d340008

SHA512
b52e909f94b7ccb7c62ba42564f0bf33e5727ccb8e582f125f9120bf1b8e41df117d255fb3c7fe9a315d11dd55fddb023a60c14aefe5f34e89d2016578adff43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9786.exe

Filesize
184KB

MD5
0efe6df21f15e97b6fd21bbdc5c13515

SHA1
9e5a684e999e23e07fc470bc03a2f433f6bd9db8

SHA256
ccef020dd4a3c1c9437fab5d9711ffd37d57791bbabf67e8256a8b5c2507a264

SHA512
59d26f1d04aae9db2b353d2e5ff472343d7e3ea4ef972733f6d993de621549cd584ba71c58ae68bbd7ee28c6964258bb049585a1bca8dd66e539714d184aec70

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads