c147dd749077d959f91482022dad4ab60a316601a4e5871af34dfc323df22387

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7554a11f37eccd2640b3324ae50e602f.exe
Size

184KB
MD5

7554a11f37eccd2640b3324ae50e602f
SHA1

4134da55da19c3e6e513818a29d63e2038097df8
SHA256

c147dd749077d959f91482022dad4ab60a316601a4e5871af34dfc323df22387
SHA512

fc7d0f0bfee49b0bb649ff8fa8fe9d5486749cdb5ba099896d244ba73c45d81484ee47188d5897f473ff56bbab1e9a3ea0e092028277d8b347d0cc0cad19c5f9
SSDEEP

3072:rXICo0PoO8yEklj9P7zk18dunJ96jJzJLkLxgZjBBNlPvpFf:rX1ocTEkPPPk18nNpZNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2488	Unicorn-38180.exe
1928	Unicorn-30095.exe
2020	Unicorn-14313.exe
2788	Unicorn-58766.exe
3044	Unicorn-34816.exe
2664	Unicorn-54682.exe
3012	Unicorn-18886.exe
2196	Unicorn-3104.exe
1268	Unicorn-40074.exe
2708	Unicorn-36544.exe
2860	Unicorn-21600.exe
2436	Unicorn-36037.exe
2220	Unicorn-40675.exe
1360	Unicorn-42067.exe
844	Unicorn-27677.exe
2336	Unicorn-9202.exe
2412	Unicorn-48097.exe
2440	Unicorn-54874.exe
2272	Unicorn-5673.exe
2208	Unicorn-48372.exe
1116	Unicorn-20338.exe
1500	Unicorn-46234.exe
860	Unicorn-52264.exe
1792	Unicorn-37250.exe
1684	Unicorn-48756.exe
588	Unicorn-38450.exe
1708	Unicorn-1501.exe
2972	Unicorn-32228.exe
2916	Unicorn-12362.exe
2024	Unicorn-7723.exe
2172	Unicorn-2056.exe
1664	Unicorn-20530.exe
1444	Unicorn-57692.exe
1656	Unicorn-58247.exe
2768	Unicorn-12575.exe
2660	Unicorn-18305.exe
2792	Unicorn-42486.exe
2572	Unicorn-56130.exe
2464	Unicorn-61283.exe
2648	Unicorn-8553.exe
1540	Unicorn-40671.exe
2508	Unicorn-61646.exe
2832	Unicorn-35025.exe
2468	Unicorn-54054.exe
2896	Unicorn-47277.exe
760	Unicorn-18497.exe
1900	Unicorn-64168.exe
2020	Unicorn-14412.exe
1856	Unicorn-34833.exe
1868	Unicorn-47640.exe
2868	Unicorn-34017.exe
2980	Unicorn-45715.exe
2016	Unicorn-12227.exe
2324	Unicorn-12227.exe
2816	Unicorn-32093.exe
1096	Unicorn-32093.exe
1924	Unicorn-9534.exe
364	Unicorn-3312.exe
2116	Unicorn-26425.exe
1548	Unicorn-60188.exe
936	Unicorn-53966.exe
740	Unicorn-34100.exe
2928	Unicorn-35300.exe
2960	Unicorn-44791.exe

Loads dropped DLL 64 IoCs

pid	Process
1988	7554a11f37eccd2640b3324ae50e602f.exe
1988	7554a11f37eccd2640b3324ae50e602f.exe
2488	Unicorn-38180.exe
2488	Unicorn-38180.exe
1988	7554a11f37eccd2640b3324ae50e602f.exe
1988	7554a11f37eccd2640b3324ae50e602f.exe
1928	Unicorn-30095.exe
1928	Unicorn-30095.exe
2488	Unicorn-38180.exe
2020	Unicorn-14313.exe
2488	Unicorn-38180.exe
2020	Unicorn-14313.exe
2788	Unicorn-58766.exe
1928	Unicorn-30095.exe
2788	Unicorn-58766.exe
1928	Unicorn-30095.exe
2664	Unicorn-54682.exe
2664	Unicorn-54682.exe
2020	Unicorn-14313.exe
3044	Unicorn-34816.exe
2020	Unicorn-14313.exe
3044	Unicorn-34816.exe
3012	Unicorn-18886.exe
3012	Unicorn-18886.exe
2788	Unicorn-58766.exe
2788	Unicorn-58766.exe
2196	Unicorn-3104.exe
2196	Unicorn-3104.exe
2708	Unicorn-36544.exe
2708	Unicorn-36544.exe
2860	Unicorn-21600.exe
1268	Unicorn-40074.exe
1268	Unicorn-40074.exe
2860	Unicorn-21600.exe
3044	Unicorn-34816.exe
3044	Unicorn-34816.exe
2664	Unicorn-54682.exe
2664	Unicorn-54682.exe
2436	Unicorn-36037.exe
2436	Unicorn-36037.exe
3012	Unicorn-18886.exe
3012	Unicorn-18886.exe
2220	Unicorn-40675.exe
2220	Unicorn-40675.exe
1360	Unicorn-42067.exe
1360	Unicorn-42067.exe
2196	Unicorn-3104.exe
2196	Unicorn-3104.exe
2440	Unicorn-54874.exe
2440	Unicorn-54874.exe
2272	Unicorn-5673.exe
2272	Unicorn-5673.exe
1268	Unicorn-40074.exe
1268	Unicorn-40074.exe
2412	Unicorn-48097.exe
2336	Unicorn-9202.exe
2412	Unicorn-48097.exe
844	Unicorn-27677.exe
2336	Unicorn-9202.exe
844	Unicorn-27677.exe
2860	Unicorn-21600.exe
2860	Unicorn-21600.exe
2708	Unicorn-36544.exe
2708	Unicorn-36544.exe

Program crash 50 IoCs

pid	pid_target	Process	procid_target
2076	2708	WerFault.exe	38
2732	844	WerFault.exe	42
1644	1664	WerFault.exe	59
2028	740	WerFault.exe	91
2220	2972	WerFault.exe	54
1932	2868	WerFault.exe	80
3044	484	WerFault.exe	78
744	2468	WerFault.exe	72
2676	2832	WerFault.exe	71
2096	932	WerFault.exe	138
1120	2352	WerFault.exe	118
432	2128	WerFault.exe	139
2736	1248	WerFault.exe	105
2184	1748	WerFault.exe	104
2916	1464	WerFault.exe	106
1720	2488	WerFault.exe	144
1136	1552	WerFault.exe	168
1848	292	WerFault.exe	141
808	2712	WerFault.exe	149
1988	2208	WerFault.exe	176
608	2816	WerFault.exe	198
1652	2056	WerFault.exe	173
1032	1760	WerFault.exe	178
2304	1492	WerFault.exe	216
2436	2192	WerFault.exe	217
3224	1592	WerFault.exe	208
3308	2940	WerFault.exe	193
3396	312	WerFault.exe	233
3644	2116	WerFault.exe	203
2872	2092	WerFault.exe	244
3284	1900	WerFault.exe	252
3240	3128	WerFault.exe	263
2768	2808	WerFault.exe	227
3492	3980	WerFault.exe	296
3360	3428	WerFault.exe	286
4036	3992	WerFault.exe	279
688	2728	WerFault.exe	323
4080	3620	WerFault.exe	322
3856	2668	WerFault.exe	321
760	4092	WerFault.exe	365
4060	3780	WerFault.exe	345
1520	3100	WerFault.exe	344
2168	2580	WerFault.exe	358
2680	3472	WerFault.exe	346
3892	4008	WerFault.exe	373
3484	4048	WerFault.exe	374
4260	3584	WerFault.exe	393
4464	3772	WerFault.exe	396
4572	3876	WerFault.exe	392
4628	1300	WerFault.exe	417

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1988	7554a11f37eccd2640b3324ae50e602f.exe
2488	Unicorn-38180.exe
1928	Unicorn-30095.exe
2020	Unicorn-14313.exe
2788	Unicorn-58766.exe
2664	Unicorn-54682.exe
3044	Unicorn-34816.exe
3012	Unicorn-18886.exe
2196	Unicorn-3104.exe
2708	Unicorn-36544.exe
1268	Unicorn-40074.exe
2860	Unicorn-21600.exe
2436	Unicorn-36037.exe
2220	Unicorn-40675.exe
1360	Unicorn-42067.exe
2412	Unicorn-48097.exe
2336	Unicorn-9202.exe
844	Unicorn-27677.exe
2440	Unicorn-54874.exe
2272	Unicorn-5673.exe
2208	Unicorn-48372.exe
1116	Unicorn-20338.exe
1500	Unicorn-46234.exe
860	Unicorn-52264.exe
1792	Unicorn-37250.exe
1684	Unicorn-48756.exe
588	Unicorn-38450.exe
2972	Unicorn-32228.exe
2024	Unicorn-7723.exe
2916	Unicorn-12362.exe
1708	Unicorn-1501.exe
2172	Unicorn-2056.exe
1444	Unicorn-57692.exe
1656	Unicorn-58247.exe
2768	Unicorn-12575.exe
2660	Unicorn-18305.exe
2792	Unicorn-42486.exe
2464	Unicorn-61283.exe
2572	Unicorn-56130.exe
2648	Unicorn-8553.exe
1540	Unicorn-40671.exe
2508	Unicorn-61646.exe
2832	Unicorn-35025.exe
1900	Unicorn-64168.exe
2468	Unicorn-54054.exe
2896	Unicorn-47277.exe
760	Unicorn-18497.exe
2020	Unicorn-14412.exe
1856	Unicorn-34833.exe
484	Unicorn-38917.exe
1868	Unicorn-47640.exe
2868	Unicorn-34017.exe
2980	Unicorn-45715.exe
2324	Unicorn-12227.exe
2816	Unicorn-32093.exe
2016	Unicorn-12227.exe
1096	Unicorn-32093.exe
1924	Unicorn-9534.exe
2116	Unicorn-26425.exe
364	Unicorn-3312.exe
1548	Unicorn-60188.exe
2928	Unicorn-35300.exe
740	Unicorn-34100.exe
936	Unicorn-53966.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2488	1988	7554a11f37eccd2640b3324ae50e602f.exe	28
PID 1988 wrote to memory of 2488	1988	7554a11f37eccd2640b3324ae50e602f.exe	28
PID 1988 wrote to memory of 2488	1988	7554a11f37eccd2640b3324ae50e602f.exe	28
PID 1988 wrote to memory of 2488	1988	7554a11f37eccd2640b3324ae50e602f.exe	28
PID 2488 wrote to memory of 1928	2488	Unicorn-38180.exe	29
PID 2488 wrote to memory of 1928	2488	Unicorn-38180.exe	29
PID 2488 wrote to memory of 1928	2488	Unicorn-38180.exe	29
PID 2488 wrote to memory of 1928	2488	Unicorn-38180.exe	29
PID 1988 wrote to memory of 2020	1988	7554a11f37eccd2640b3324ae50e602f.exe	30
PID 1988 wrote to memory of 2020	1988	7554a11f37eccd2640b3324ae50e602f.exe	30
PID 1988 wrote to memory of 2020	1988	7554a11f37eccd2640b3324ae50e602f.exe	30
PID 1988 wrote to memory of 2020	1988	7554a11f37eccd2640b3324ae50e602f.exe	30
PID 1928 wrote to memory of 2788	1928	Unicorn-30095.exe	31
PID 1928 wrote to memory of 2788	1928	Unicorn-30095.exe	31
PID 1928 wrote to memory of 2788	1928	Unicorn-30095.exe	31
PID 1928 wrote to memory of 2788	1928	Unicorn-30095.exe	31
PID 2488 wrote to memory of 3044	2488	Unicorn-38180.exe	33
PID 2488 wrote to memory of 3044	2488	Unicorn-38180.exe	33
PID 2488 wrote to memory of 3044	2488	Unicorn-38180.exe	33
PID 2488 wrote to memory of 3044	2488	Unicorn-38180.exe	33
PID 2020 wrote to memory of 2664	2020	Unicorn-14313.exe	32
PID 2020 wrote to memory of 2664	2020	Unicorn-14313.exe	32
PID 2020 wrote to memory of 2664	2020	Unicorn-14313.exe	32
PID 2020 wrote to memory of 2664	2020	Unicorn-14313.exe	32
PID 2788 wrote to memory of 3012	2788	Unicorn-58766.exe	34
PID 2788 wrote to memory of 3012	2788	Unicorn-58766.exe	34
PID 2788 wrote to memory of 3012	2788	Unicorn-58766.exe	34
PID 2788 wrote to memory of 3012	2788	Unicorn-58766.exe	34
PID 1928 wrote to memory of 2196	1928	Unicorn-30095.exe	35
PID 1928 wrote to memory of 2196	1928	Unicorn-30095.exe	35
PID 1928 wrote to memory of 2196	1928	Unicorn-30095.exe	35
PID 1928 wrote to memory of 2196	1928	Unicorn-30095.exe	35
PID 2664 wrote to memory of 1268	2664	Unicorn-54682.exe	36
PID 2664 wrote to memory of 1268	2664	Unicorn-54682.exe	36
PID 2664 wrote to memory of 1268	2664	Unicorn-54682.exe	36
PID 2664 wrote to memory of 1268	2664	Unicorn-54682.exe	36
PID 2020 wrote to memory of 2708	2020	Unicorn-14313.exe	38
PID 2020 wrote to memory of 2708	2020	Unicorn-14313.exe	38
PID 2020 wrote to memory of 2708	2020	Unicorn-14313.exe	38
PID 2020 wrote to memory of 2708	2020	Unicorn-14313.exe	38
PID 3044 wrote to memory of 2860	3044	Unicorn-34816.exe	37
PID 3044 wrote to memory of 2860	3044	Unicorn-34816.exe	37
PID 3044 wrote to memory of 2860	3044	Unicorn-34816.exe	37
PID 3044 wrote to memory of 2860	3044	Unicorn-34816.exe	37
PID 3012 wrote to memory of 2436	3012	Unicorn-18886.exe	39
PID 3012 wrote to memory of 2436	3012	Unicorn-18886.exe	39
PID 3012 wrote to memory of 2436	3012	Unicorn-18886.exe	39
PID 3012 wrote to memory of 2436	3012	Unicorn-18886.exe	39
PID 2788 wrote to memory of 2220	2788	Unicorn-58766.exe	40
PID 2788 wrote to memory of 2220	2788	Unicorn-58766.exe	40
PID 2788 wrote to memory of 2220	2788	Unicorn-58766.exe	40
PID 2788 wrote to memory of 2220	2788	Unicorn-58766.exe	40
PID 2196 wrote to memory of 1360	2196	Unicorn-3104.exe	41
PID 2196 wrote to memory of 1360	2196	Unicorn-3104.exe	41
PID 2196 wrote to memory of 1360	2196	Unicorn-3104.exe	41
PID 2196 wrote to memory of 1360	2196	Unicorn-3104.exe	41
PID 2708 wrote to memory of 844	2708	Unicorn-36544.exe	42
PID 2708 wrote to memory of 844	2708	Unicorn-36544.exe	42
PID 2708 wrote to memory of 844	2708	Unicorn-36544.exe	42
PID 2708 wrote to memory of 844	2708	Unicorn-36544.exe	42
PID 1268 wrote to memory of 2336	1268	Unicorn-40074.exe	45
PID 1268 wrote to memory of 2336	1268	Unicorn-40074.exe	45
PID 1268 wrote to memory of 2336	1268	Unicorn-40074.exe	45
PID 1268 wrote to memory of 2336	1268	Unicorn-40074.exe	45

C:\Users\Admin\AppData\Local\Temp\7554a11f37eccd2640b3324ae50e602f.exe
"C:\Users\Admin\AppData\Local\Temp\7554a11f37eccd2640b3324ae50e602f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48372.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57692.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        10⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        11⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41875.exe
        12⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19255.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
        14⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
        15⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
        16⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
        17⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        18⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35986.exe
        19⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        20⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
        21⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        10⤵
        
        PID:932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 300
        11⤵
        Program crash
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-629.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25041.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        13⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
        14⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
        15⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38155.exe
        16⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17408.exe
        17⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        18⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56943.exe
        19⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15981.exe
        15⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe
        16⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30615.exe
        17⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
        18⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        12⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35171.exe
        13⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64802.exe
        14⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7345.exe
        15⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
        16⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        17⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        18⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
        19⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20478.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
        10⤵
        
        PID:1552
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
        11⤵
        Program crash
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20338.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
        10⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43157.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21341.exe
        12⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        13⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4169.exe
        14⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
        15⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29904.exe
        16⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
        17⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20527.exe
        18⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43669.exe
        19⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        20⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55959.exe
        11⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
        12⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54304.exe
        13⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        15⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
        16⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        17⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe
        18⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        19⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61344.exe
        20⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54914.exe
        17⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4385.exe
        18⤵
        
        PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46234.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32093.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        9⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62897.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3769.exe
        12⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57734.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
        14⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54216.exe
        15⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32182.exe
        16⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
        17⤵
        
        PID:3584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        18⤵
        
        PID:3928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 376
        18⤵
        Program crash
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 376
        17⤵
        Program crash
        
        PID:2168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 376
        16⤵
        Program crash
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 376
        15⤵
        Program crash
        
        PID:4036
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 376
        14⤵
        Program crash
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 376
        13⤵
        Program crash
        
        PID:3308
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 380
        12⤵
        Program crash
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19290.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        12⤵
        
        PID:1492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 220
        13⤵
        Program crash
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 380
        12⤵
        Program crash
        
        PID:608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 368
        11⤵
        Program crash
        
        PID:808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 376
        10⤵
        Program crash
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50453.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51164.exe
        12⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
        13⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
        14⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
        15⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55726.exe
        16⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
        17⤵
        
        PID:3932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        18⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35257.exe
        19⤵
        
        PID:4164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3312.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25015.exe
        8⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46945.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
        10⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
        11⤵
        
        PID:2192
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
        12⤵
        Program crash
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52264.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60188.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9254.exe
        9⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        10⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
        12⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
        14⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
        15⤵
        
        PID:3468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1486.exe
        16⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33687.exe
        17⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
        18⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        19⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34100.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:740
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 244
        8⤵
        Program crash
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60443.exe
        13⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28897.exe
        14⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        15⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
        16⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35885.exe
        17⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31173.exe
        18⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54738.exe
        19⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        10⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31279.exe
        12⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39587.exe
        13⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
        14⤵
        
        PID:3080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
        15⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52680.exe
        16⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15391.exe
        17⤵
        
        PID:4124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37250.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64656.exe
        7⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49602.exe
        8⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        9⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49846.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        12⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38247.exe
        13⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        14⤵
        
        PID:3980
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 240
        15⤵
        Program crash
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        10⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43043.exe
        11⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30464.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48466.exe
        13⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
        15⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
        16⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
        17⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        18⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19721.exe
        13⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        14⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
        15⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28812.exe
        16⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16508.exe
        17⤵
        
        PID:2172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47277.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56727.exe
        9⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33842.exe
        10⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57682.exe
        11⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37210.exe
        12⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63463.exe
        13⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14283.exe
        14⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        15⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51839.exe
        16⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
        17⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9343.exe
        18⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29471.exe
        19⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60396.exe
        10⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51133.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56006.exe
        12⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62093.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        14⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27143.exe
        15⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        16⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
        17⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53508.exe
        18⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1925.exe
        19⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3399.exe
        20⤵
        
        PID:4728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32399.exe
        16⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
        17⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
        18⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
        19⤵
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44791.exe
        7⤵
        Executes dropped EXE
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58263.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51413.exe
        9⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
        10⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
        11⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65274.exe
        12⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
        14⤵
        
        PID:3536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
        15⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29663.exe
        17⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27904.exe
        18⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64168.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36068.exe
        7⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
        8⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58118.exe
        11⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
        12⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52441.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
        14⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31051.exe
        15⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
        16⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        17⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16224.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        8⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12129.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13904.exe
        11⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-256.exe
        12⤵
        
        PID:312
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
        13⤵
        Program crash
        
        PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48756.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40671.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36307.exe
        7⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65144.exe
        8⤵
        
        PID:2128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 244
        9⤵
        Program crash
        
        PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61646.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10157.exe
        6⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        8⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30028.exe
        9⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24019.exe
        10⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21528.exe
        11⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        12⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        13⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        14⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65233.exe
        15⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe
        16⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 376
        16⤵
        Program crash
        
        PID:4572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 376
        15⤵
        Program crash
        
        PID:2680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 376
        14⤵
        Program crash
        
        PID:4080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25290.exe
        9⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27724.exe
        10⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57246.exe
        11⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12337.exe
        14⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
        15⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55394.exe
        16⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
        17⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        18⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7021.exe
        19⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49071.exe
        20⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61152.exe
        21⤵
        
        PID:4884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
        15⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24533.exe
        16⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60817.exe
        17⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11097.exe
        18⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45231.exe
        19⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
        20⤵
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48403.exe
        8⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
        9⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42062.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33448.exe
        11⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28565.exe
        13⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39997.exe
        14⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
        15⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        16⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        17⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        18⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
        19⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
        20⤵
        
        PID:4640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 368
        19⤵
        Program crash
        
        PID:4464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 388
        18⤵
        Program crash
        
        PID:3892
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 376
        17⤵
        Program crash
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34017.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
        7⤵
        Program crash
        
        PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12362.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45435.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        9⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63572.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
        12⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24668.exe
        13⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24616.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
        15⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
        16⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58718.exe
        17⤵
        
        PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14412.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47106.exe
        7⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31512.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45622.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33126.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42716.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        14⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15898.exe
        15⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4963.exe
        16⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4766.exe
        17⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12942.exe
        18⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe
        19⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16420.exe
        20⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        12⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7241.exe
        13⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31035.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        15⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11564.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        17⤵
        
        PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22960.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20002.exe
        8⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25773.exe
        10⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64615.exe
        11⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27470.exe
        12⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63515.exe
        13⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13650.exe
        14⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64901.exe
        15⤵
        
        PID:4092
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 200
        16⤵
        Program crash
        
        PID:760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35025.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
        7⤵
        
        PID:2352
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
        8⤵
        Program crash
        
        PID:1120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 376
        7⤵
        Program crash
        
        PID:2676
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 380
        6⤵
        Program crash
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54054.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
        6⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
        7⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37537.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21450.exe
        9⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
        10⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14558.exe
        11⤵
        
        PID:3716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51455.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5591.exe
        13⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
        14⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49608.exe
        15⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38674.exe
        16⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58334.exe
        17⤵
        
        PID:3660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 376
        11⤵
        Program crash
        
        PID:3284
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 376
        10⤵
        Program crash
        
        PID:3644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 380
        9⤵
        Program crash
        
        PID:1652
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 376
        8⤵
        Program crash
        
        PID:1720
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 376
        7⤵
        Program crash
        
        PID:2736
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 368
        6⤵
        Program crash
        
        PID:744
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 380
        5⤵
        Program crash
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20530.exe
      4⤵
      Executes dropped EXE
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
        6⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
        7⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
        8⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
        9⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
        10⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59400.exe
        11⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44190.exe
        12⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52078.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        14⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14413.exe
        15⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57867.exe
        16⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9792.exe
        17⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62906.exe
        18⤵
        
        PID:5056
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 376
        17⤵
        Program crash
        
        PID:4628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 380
        16⤵
        Program crash
        
        PID:3484
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 376
        15⤵
        Program crash
        
        PID:1520
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 376
        14⤵
        Program crash
        
        PID:688
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 368
        13⤵
        Program crash
        
        PID:3360
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 380
        12⤵
        Program crash
        
        PID:3240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 376
        11⤵
        Program crash
        
        PID:2872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 380
        10⤵
        Program crash
        
        PID:3224
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 376
        9⤵
        Program crash
        
        PID:1032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 380
        8⤵
        Program crash
        
        PID:1848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 376
        7⤵
        Program crash
        
        PID:2184
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 380
        6⤵
        Program crash
        
        PID:3044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 372
        5⤵
        Program crash
        
        PID:1644
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 376
      4⤵
      Program crash
      PID:2076

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-27717.exe

Filesize
184KB

MD5
d56bc9ced782a8bf4ac2e2337eda1f77

SHA1
7e7e126bcfb3a5d04175ed70668cdb4cc09caa7f

SHA256
15bdf327cd2c23912405cd577a9bdcaed83342604ea5954207a21e230658c4dd

SHA512
0ef1a9879642c2c3220261523e7463c95e16f550c4d033ee39c6db3dbe02a5410654ffd72eed72a6dbbb426858f941308992d245848b3ea4db92233dd73e48fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36627.exe

Filesize
184KB

MD5
b5cd3dd66fd86be8609441939b6150bf

SHA1
90632191905ef8b9ae49479bb2985ac948ea98e9

SHA256
63e32fc38b1a9cada7382a66c5031ae3169e96c5397ca5b850b30229ab7c27d9

SHA512
bbdaa58face189011084a4218241811907fa00229d651068c174830f7a7f029e93feac294a9101420ea3748495e4cdb432dc39b6c0006bdd23f70356be3b3512

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36889.exe

Filesize
184KB

MD5
c8474919b7a662cae6ef1abfe6c5ab17

SHA1
ccc3f095e5d1103b9e5c219828054dd0f782cb07

SHA256
82f5d9037159f8537e24a4dcbe3a7df82bd26eef0c6e44d2e0162f17fae804bf

SHA512
a712e80c5858e64839ff4f12db24ddb1a6fc35606f130248aa40b3bee8c7ca460f42deed5f3c25708f45d10cea08a66a1f6b37109ab03e6a6b8126c11728a119

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe

Filesize
184KB

MD5
8b081904b744862597ce01d5cff6b5d3

SHA1
3bc61c3844b0253c7718303cffd214b0aae0d947

SHA256
bdc50153696a18de8029f8fdb3e50d2c75c4c550becb6f9e5589b003d06586a7

SHA512
3fea8860b1a423f48644b13878124d1481d12fab81fdeb9e2d84c13a43f420fdadc1d306e565ebfa0f1308b7f2fae45459b26a8e9cf29fe520e96889e86f5927

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5926.exe

Filesize
184KB

MD5
3310655c96e0d331a92c4df27d8588a9

SHA1
5ed1fd9b7b8ca3ff07cf1d7e5818bb26a9bec7d1

SHA256
ed50aaa80625e7150fe7c55281e27a9397ec3762f13a0f2ca7c28fa117d2a6f0

SHA512
ca892a735f497cac5f4607bc4b095b4747c40fd2597781c11f7ce8383582cb7a4bc955c1cdfe1eb188543c57a53a40d44488515d2f687465c1ee529c179d4775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe

Filesize
184KB

MD5
09426cc34423054d8fb6dbbfa1a105d4

SHA1
5cf2dae47ac64eadccd3da50e491058ff8ec50d0

SHA256
5beb5e3066d3fd2d1a0fa88b500c4e1be8e48b186b89f623e5dcff07c33304fc

SHA512
895ae6fbac7d38e7e0b66e7dc4facebf42081d856f995df85d60a2c8a4183d003729164a5930b67b0341d82a3d44b2728d57da2dab40489b9917419b08205bf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe

Filesize
184KB

MD5
299d51edf72b099d39e9cd660eb8d17b

SHA1
5c38d9d4a0420d12df226e2dfb46489cf89f5266

SHA256
1547c55745b89d81189ee3b9d294cc5fc35c6b123af9d2297ee5604d3232a222

SHA512
3a5c3973a8e13226a61f6ecc7c7e22357bd59ce56b4eece17d1462f567738fe0ba7a39123d5d9e01158108b31ccb1afcb0ab5485c4dbe01bd43802f7c17d38d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe

Filesize
184KB

MD5
14048fb37e974a1093ec441429515df5

SHA1
17c49eed9073387dd08e9789eb929c503e4dc382

SHA256
7c5b5039e3367583ec714fe1fe6d2d5e252c0b087b6987c485c4ebfbd119ca63

SHA512
88e4b225c97104a6e7dfda75b26f602ba437a451ec0e676bdf8522b1ca44f744e144b133108e3e6a1dc037470ed7e9c9a654588330fd38dd3c37495c879de9de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18886.exe

Filesize
184KB

MD5
e6eb13d5086cc975abe8d58fe53df496

SHA1
11dd0e01a1a4fbd015448fcfe51e0c4a3e6a44ae

SHA256
15ffa5a1576ccde00366fbe15e6dae476e14649b64098203171ed3886e7f4e0e

SHA512
f44b5b15d550570e4a88f14a66af4145ab47d152e84b7f303479c160826805edd88044184055552a226e45458f768e881d2dd0621db68666ebe8b56abff2d063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe

Filesize
184KB

MD5
e2c25b8e0ea40e4c7bbee535cdee0784

SHA1
26ea9338030589897ae98ef7ade18fd3e74815a5

SHA256
5e7e61dde88e4e9c14bcbcb26ffb1f2be9b009433bfdd1b9bcfd88b9f7ed12f2

SHA512
0e4aef6c47e3e1dc1925b66440bdf9cf4fd4a5e7f2f2f0f3a4d2ef4377e6e474d1d3e6910f55391b0c3450e85c6388c0e8541abfce0e55605e918dac809d9f6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27677.exe

Filesize
184KB

MD5
40e355a27087e71683c4854d49ff8ded

SHA1
5e695fc24b2f21fc2d88c319dd8af11e5b638f26

SHA256
a78ca115f359a688b60f35a58556ee9054e0570c8e771bbd269ea206b178596d

SHA512
6a09c9b42932403d9bb945472e4bee979ce00c62a6dc756e98dcf5cf79f02f48fee57d11f639fc04248b44176967570e069e0f1f56f0be14336071b3fcd7d0b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe

Filesize
184KB

MD5
cc2f3700d9ec5faf8c7de1fbf15b3622

SHA1
68d591f6555e4842c74fb24c3e6a4c5f97949ca1

SHA256
ae6f9c8b44690cb974ca3d750ed46cc3efad0ea74eae7a4ccd240b30e5c814ce

SHA512
e99624a35280b5a89726e20aebed7b008c4e9ac7c6c051b00cf26287a8fdc57392b7048f88479c9f128d53ccaccc693df204446436bdddcefff8eccd7c6cb959

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe

Filesize
184KB

MD5
b1b7bdf3a8595fc8c7b5035b2f1d97b8

SHA1
29ce9e42b815c5ef0048076245cd4bf761672efa

SHA256
e96237272306c2b5f038f991b79ba78bcf987c2172f22da985041faa1523f1b4

SHA512
b39f97a93a15188e7fff485a4fb225ca044cca72a64e6db15156625569bd81fdee8e9da4b3625687932f55ab69081e316f4f58b65c9b013d394aeb8c57df9f63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34816.exe

Filesize
184KB

MD5
0c46cf43daf246c7acdb78cb41e1560b

SHA1
c12d39ff677021d495054409a7b572a3fa02ed38

SHA256
86f498dcc2c3778d4a56eb809049d475bb6aea6bdccecf4186baffc10f23b7c3

SHA512
6597c83299b2c46e9c088cd12816b888399cc9bc0aa13e85e9e32dd6897678e30ce536afd8573058cb70c6549fd0537fdc3b514b28d31d269231f316bbc5b2d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36037.exe

Filesize
184KB

MD5
294a83b2c71eb24f9e54043305998b94

SHA1
c365ab975dfbee8d6d0856bfdc2d42d6c303c1a7

SHA256
fa94b47c9e74522d8938c74a298fcf96fbe93365e61b8d3bd9db1cbfd5ba978b

SHA512
5b7a50310080a2133e289a7c6fd1683f46cdc3fdf06b1eec5f18b3b59b2baa1b62c74ccebb1ff57503c384c1dd0f9fbd61eb8f97b83fc94191750eb7859dc391

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36544.exe

Filesize
184KB

MD5
07b3df545d4719386801247946484b1c

SHA1
4f56f7f0f28749232e20e7c7948702a5157a5e8a

SHA256
6ecf6eef3dac6716ce54f67ab0f098e853b6b2be0cb899f1c18bfc250a603dea

SHA512
07b81dec89a47c66767e842648ee0f1d70702a6f5efd1e2911dd5f808bf0291d133f16054ec046c9c3f6e51ae1cd7e5caf13113106c94af33aac526e561e0bc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe

Filesize
184KB

MD5
d6eb9e2ba7ee434e3461eabe60e82aa3

SHA1
ff386a4a5aaa9930dc12dfa76fe89c49b617efec

SHA256
caa495b1510cc4f3f2289c7802d0b653dc89604e58508917a12ca4af97032ff8

SHA512
e9e9a789c69ca4ef71d176acca3359f4554cdc73ab4e5d91036204ea9e89f2088ece05865755ac21e25c075b9126730debb7976b6d4d836e6771ef6df26cf205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe

Filesize
184KB

MD5
ceefafce79cde3f08cd94c96b7814613

SHA1
757f20e931f983a70ad4f902861f93339c7b3bb3

SHA256
7840c75d48bd53914028ac06eb7b0b52b56b2728165060afa1e41da6ec587383

SHA512
f6250032d018a7c61b6060f8f67ba3b267675b690a016c8843f44b046dca8d0e7a5e84684af5c1a24c9a17f0821810a8f10e56e10e201d76b6d04c23a2dac0ed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40675.exe

Filesize
184KB

MD5
ffe28bee257a3668b0066c5fd17aa081

SHA1
f6c29feae3a9a28fb2be72d8d27257303be579a9

SHA256
ce20bdb75c257cad3d1a2642ebb49c91151135321eb50401b3c77f369d97b9a4

SHA512
58f8bae49783ec7d7c30e90f2af4bd8bb18a233b5fe505bf5ea025ab473a34129d3c6cae35855be60b55ac0e707944f983079d046ec0e11822d47646422cb2dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe

Filesize
184KB

MD5
7d2460055a1d05a3531cd03dc986769c

SHA1
49fda6e1e04a9e99abebca3b9d122f4051ff159e

SHA256
8c916405afc5d0879e8e2e6ffc67b7d5b8163e8a6c3580073b81d7dc603dc4e7

SHA512
3915518e1b69683bdba8731cf56d1c39b145230c646756827e8d39add4618f772ab37802adcc8611dbf07d720272bda9327a4f3bfc9dac7a42243bfe8d7d27d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48097.exe

Filesize
184KB

MD5
0d00ae3bdfdc789d26201f642ab13340

SHA1
0d010c0edab13c5e3071bb83e0b28f06a1ebf1cb

SHA256
86e3811c5dc585518a303ce43c20554572bf48bc3886f20aec6fc22114478025

SHA512
0e41a6be7c9c323ffba865ba7a139e46a6a3e38fc38adced2db071af7e4bbaf806afd91e6a06708b24f054df9fabd7557cd67e67e08af8a51816c3c39eaf6c02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54682.exe

Filesize
184KB

MD5
ade9b2d81c7170a471c69dc1febfe251

SHA1
542e1874f57c3daf86d8fd85a5d7d27cdabc8d73

SHA256
0e7c4d5b032520098367df2a8b88eb6119f8812f54ed6f916bd831f5cb868401

SHA512
4643b1d5ba90d6e4a530d9c84e1329d5c7ce63aeb8913e767af287014a17729286930bf078170927e8f3730339382034ac92769aa641858c95eb99dc1248ece7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54874.exe

Filesize
184KB

MD5
e1b7d7ded9d86b1614b0f98169686c4f

SHA1
95debb5611ea1bebe824c4aad361aa9b801b65df

SHA256
c9f5ed660a083b60bcf212c905d6e713e284f4b0b047ebfeb5a501d259ea84a1

SHA512
e45ce91375de709d5523588687e718d426c06944472efa71a171dbe41da66eeebde446ae758a22b7ef98e3e156ec5897b9012ae205f6b96ba2ae0409422ddba0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe

Filesize
184KB

MD5
06533587cf94d60b8e231d5b6d421622

SHA1
eb04acaa5bdcfd6249deb003c4164ff251b70927

SHA256
2c101aa8786c29d89c7ab0ca12bc863fee76421f19058fb72db277cc9d0afc31

SHA512
baab6209d618a2c9e53fdd17494b926bddc9b6d141693b413ad74f4b385d3091b02083035a4e495448c562163ff92b954544bbce1409c7fb7532ae092f104b3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9202.exe

Filesize
184KB

MD5
c35a1eac4a98ba4726b2ffdc75f220e9

SHA1
7f710cda9dcd7705258fcac5a6955239fff5c5e3

SHA256
78b8cb8c3c2b42761adec49ae6aedf33bd969cb96554d1eb7b11def5c872ac6c

SHA512
d9f94b17ebed75fc7c441d0b6ca427f02ac9ed4b27eb23ee9cfe7580d2065a70e908a293f89b298465d1586cab371f1be006dc08969b0018dcff5dfcc422d31c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads