83ff3454e4b288348903255ded3021cbc69cd20e5347caaf67529bd32935241a

Analysis

max time kernel
148s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

78a7bfff39eef45dfb9ebab718d6832c.exe
Size

184KB
MD5

78a7bfff39eef45dfb9ebab718d6832c
SHA1

144011b2ea2cf8a9176a341eecf8bb0bcc7e4ef0
SHA256

83ff3454e4b288348903255ded3021cbc69cd20e5347caaf67529bd32935241a
SHA512

71efdbcc6b63e13041334e7c63c74c8c919644d2b7da73b2015a0577dc3c8a686af0cf2cd6cfa825bdc3747b4536d68886f48aa696d1445989b34fc5860668f7
SSDEEP

3072:bWWioiMFJWU8/oj2+TQ9SKya0/y6Vn5I+tpbxzOPGoAlPvpFQ:bWXoXX8//+s9SKwueUAlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1748	Unicorn-7813.exe
2744	Unicorn-16257.exe
2296	Unicorn-8643.exe
2560	Unicorn-24316.exe
2760	Unicorn-47429.exe
2692	Unicorn-14009.exe
2584	Unicorn-41804.exe
1964	Unicorn-64917.exe
2136	Unicorn-35774.exe
2936	Unicorn-54803.exe
312	Unicorn-50211.exe
2524	Unicorn-3703.exe
528	Unicorn-26091.exe
624	Unicorn-28229.exe
1472	Unicorn-9562.exe
1996	Unicorn-51150.exe
2456	Unicorn-24228.exe
2212	Unicorn-51425.exe
1852	Unicorn-18198.exe
1528	Unicorn-54762.exe
2452	Unicorn-4170.exe
1516	Unicorn-13729.exe
980	Unicorn-18560.exe
944	Unicorn-34342.exe
1140	Unicorn-35472.exe
1636	Unicorn-24612.exe
296	Unicorn-875.exe
2220	Unicorn-6713.exe
2180	Unicorn-21658.exe
1688	Unicorn-9920.exe
2516	Unicorn-14580.exe
2480	Unicorn-18665.exe
2328	Unicorn-14943.exe
2704	Unicorn-34809.exe
2784	Unicorn-35363.exe
2712	Unicorn-51145.exe
2768	Unicorn-36947.exe
2716	Unicorn-12997.exe
2556	Unicorn-10304.exe
2576	Unicorn-10304.exe
2724	Unicorn-49199.exe
2568	Unicorn-10859.exe
2320	Unicorn-31855.exe
2472	Unicorn-37715.exe
2104	Unicorn-13765.exe
2296	Unicorn-19241.exe
812	Unicorn-59266.exe
2620	Unicorn-52489.exe
660	Unicorn-3480.exe
1468	Unicorn-58711.exe
2800	Unicorn-65488.exe
1200	Unicorn-44684.exe
2728	Unicorn-64056.exe
2608	Unicorn-29246.exe
2032	Unicorn-38544.exe
2144	Unicorn-5125.exe
3024	Unicorn-42074.exe
1132	Unicorn-27492.exe
680	Unicorn-5680.exe
1376	Unicorn-37798.exe
1792	Unicorn-28452.exe
1860	Unicorn-48872.exe
2936	Unicorn-48680.exe
2484	Unicorn-65208.exe

Loads dropped DLL 64 IoCs

pid	Process
2848	78a7bfff39eef45dfb9ebab718d6832c.exe
2848	78a7bfff39eef45dfb9ebab718d6832c.exe
1748	Unicorn-7813.exe
2848	78a7bfff39eef45dfb9ebab718d6832c.exe
2848	78a7bfff39eef45dfb9ebab718d6832c.exe
1748	Unicorn-7813.exe
2744	Unicorn-16257.exe
2744	Unicorn-16257.exe
1748	Unicorn-7813.exe
1748	Unicorn-7813.exe
2296	Unicorn-8643.exe
2296	Unicorn-8643.exe
2560	Unicorn-24316.exe
2560	Unicorn-24316.exe
2744	Unicorn-16257.exe
2744	Unicorn-16257.exe
2692	Unicorn-14009.exe
2692	Unicorn-14009.exe
2296	Unicorn-8643.exe
2296	Unicorn-8643.exe
2584	Unicorn-41804.exe
2584	Unicorn-41804.exe
2560	Unicorn-24316.exe
2560	Unicorn-24316.exe
1964	Unicorn-64917.exe
1964	Unicorn-64917.exe
2936	Unicorn-54803.exe
2936	Unicorn-54803.exe
2136	Unicorn-35774.exe
2136	Unicorn-35774.exe
2692	Unicorn-14009.exe
2692	Unicorn-14009.exe
312	Unicorn-50211.exe
312	Unicorn-50211.exe
2584	Unicorn-41804.exe
2584	Unicorn-41804.exe
2524	Unicorn-3703.exe
2524	Unicorn-3703.exe
528	Unicorn-26091.exe
528	Unicorn-26091.exe
1964	Unicorn-64917.exe
1964	Unicorn-64917.exe
624	Unicorn-28229.exe
624	Unicorn-28229.exe
2936	Unicorn-54803.exe
2936	Unicorn-54803.exe
1472	Unicorn-9562.exe
1472	Unicorn-9562.exe
2136	Unicorn-35774.exe
2136	Unicorn-35774.exe
1996	Unicorn-51150.exe
1996	Unicorn-51150.exe
2760	Unicorn-47429.exe
2760	Unicorn-47429.exe
2456	Unicorn-24228.exe
2456	Unicorn-24228.exe
312	Unicorn-50211.exe
312	Unicorn-50211.exe
2212	Unicorn-51425.exe
2212	Unicorn-51425.exe
2452	Unicorn-4170.exe
2452	Unicorn-4170.exe
1516	Unicorn-13729.exe
1516	Unicorn-13729.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1648	2728	WerFault.exe	80
1800	1628	WerFault.exe	127
2888	2212	WerFault.exe	233

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2848	78a7bfff39eef45dfb9ebab718d6832c.exe
1748	Unicorn-7813.exe
2744	Unicorn-16257.exe
2296	Unicorn-8643.exe
2560	Unicorn-24316.exe
2692	Unicorn-14009.exe
2584	Unicorn-41804.exe
1964	Unicorn-64917.exe
2136	Unicorn-35774.exe
2936	Unicorn-54803.exe
312	Unicorn-50211.exe
2524	Unicorn-3703.exe
528	Unicorn-26091.exe
624	Unicorn-28229.exe
1472	Unicorn-9562.exe
1996	Unicorn-51150.exe
2760	Unicorn-47429.exe
2212	Unicorn-51425.exe
2456	Unicorn-24228.exe
1852	Unicorn-18198.exe
1528	Unicorn-54762.exe
2452	Unicorn-4170.exe
1516	Unicorn-13729.exe
944	Unicorn-34342.exe
980	Unicorn-18560.exe
1140	Unicorn-35472.exe
1636	Unicorn-24612.exe
296	Unicorn-875.exe
2220	Unicorn-6713.exe
2180	Unicorn-21658.exe
1688	Unicorn-9920.exe
2516	Unicorn-14580.exe
2480	Unicorn-18665.exe
2328	Unicorn-14943.exe
2768	Unicorn-36947.exe
2784	Unicorn-35363.exe
2716	Unicorn-12997.exe
2576	Unicorn-10304.exe
2712	Unicorn-51145.exe
2568	Unicorn-10859.exe
2556	Unicorn-10304.exe
2724	Unicorn-49199.exe
2320	Unicorn-31855.exe
2472	Unicorn-37715.exe
2104	Unicorn-13765.exe
2296	Unicorn-19241.exe
2620	Unicorn-52489.exe
2800	Unicorn-65488.exe
1200	Unicorn-44684.exe
660	Unicorn-3480.exe
812	Unicorn-59266.exe
1468	Unicorn-58711.exe
2608	Unicorn-29246.exe
2728	Unicorn-64056.exe
2144	Unicorn-5125.exe
2032	Unicorn-38544.exe
3024	Unicorn-42074.exe
1132	Unicorn-27492.exe
1376	Unicorn-37798.exe
680	Unicorn-5680.exe
1792	Unicorn-28452.exe
2936	Unicorn-48680.exe
2484	Unicorn-65208.exe
2632	Unicorn-22784.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 1748	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	28
PID 2848 wrote to memory of 1748	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	28
PID 2848 wrote to memory of 1748	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	28
PID 2848 wrote to memory of 1748	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	28
PID 2848 wrote to memory of 2296	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	30
PID 2848 wrote to memory of 2296	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	30
PID 2848 wrote to memory of 2296	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	30
PID 2848 wrote to memory of 2296	2848	78a7bfff39eef45dfb9ebab718d6832c.exe	30
PID 1748 wrote to memory of 2744	1748	Unicorn-7813.exe	29
PID 1748 wrote to memory of 2744	1748	Unicorn-7813.exe	29
PID 1748 wrote to memory of 2744	1748	Unicorn-7813.exe	29
PID 1748 wrote to memory of 2744	1748	Unicorn-7813.exe	29
PID 2744 wrote to memory of 2560	2744	Unicorn-16257.exe	31
PID 2744 wrote to memory of 2560	2744	Unicorn-16257.exe	31
PID 2744 wrote to memory of 2560	2744	Unicorn-16257.exe	31
PID 2744 wrote to memory of 2560	2744	Unicorn-16257.exe	31
PID 1748 wrote to memory of 2760	1748	Unicorn-7813.exe	32
PID 1748 wrote to memory of 2760	1748	Unicorn-7813.exe	32
PID 1748 wrote to memory of 2760	1748	Unicorn-7813.exe	32
PID 1748 wrote to memory of 2760	1748	Unicorn-7813.exe	32
PID 2296 wrote to memory of 2692	2296	Unicorn-8643.exe	33
PID 2296 wrote to memory of 2692	2296	Unicorn-8643.exe	33
PID 2296 wrote to memory of 2692	2296	Unicorn-8643.exe	33
PID 2296 wrote to memory of 2692	2296	Unicorn-8643.exe	33
PID 2560 wrote to memory of 2584	2560	Unicorn-24316.exe	34
PID 2560 wrote to memory of 2584	2560	Unicorn-24316.exe	34
PID 2560 wrote to memory of 2584	2560	Unicorn-24316.exe	34
PID 2560 wrote to memory of 2584	2560	Unicorn-24316.exe	34
PID 2744 wrote to memory of 1964	2744	Unicorn-16257.exe	35
PID 2744 wrote to memory of 1964	2744	Unicorn-16257.exe	35
PID 2744 wrote to memory of 1964	2744	Unicorn-16257.exe	35
PID 2744 wrote to memory of 1964	2744	Unicorn-16257.exe	35
PID 2692 wrote to memory of 2136	2692	Unicorn-14009.exe	36
PID 2692 wrote to memory of 2136	2692	Unicorn-14009.exe	36
PID 2692 wrote to memory of 2136	2692	Unicorn-14009.exe	36
PID 2692 wrote to memory of 2136	2692	Unicorn-14009.exe	36
PID 2296 wrote to memory of 2936	2296	Unicorn-8643.exe	37
PID 2296 wrote to memory of 2936	2296	Unicorn-8643.exe	37
PID 2296 wrote to memory of 2936	2296	Unicorn-8643.exe	37
PID 2296 wrote to memory of 2936	2296	Unicorn-8643.exe	37
PID 2584 wrote to memory of 312	2584	Unicorn-41804.exe	38
PID 2584 wrote to memory of 312	2584	Unicorn-41804.exe	38
PID 2584 wrote to memory of 312	2584	Unicorn-41804.exe	38
PID 2584 wrote to memory of 312	2584	Unicorn-41804.exe	38
PID 2560 wrote to memory of 2524	2560	Unicorn-24316.exe	39
PID 2560 wrote to memory of 2524	2560	Unicorn-24316.exe	39
PID 2560 wrote to memory of 2524	2560	Unicorn-24316.exe	39
PID 2560 wrote to memory of 2524	2560	Unicorn-24316.exe	39
PID 1964 wrote to memory of 528	1964	Unicorn-64917.exe	40
PID 1964 wrote to memory of 528	1964	Unicorn-64917.exe	40
PID 1964 wrote to memory of 528	1964	Unicorn-64917.exe	40
PID 1964 wrote to memory of 528	1964	Unicorn-64917.exe	40
PID 2936 wrote to memory of 624	2936	Unicorn-54803.exe	41
PID 2936 wrote to memory of 624	2936	Unicorn-54803.exe	41
PID 2936 wrote to memory of 624	2936	Unicorn-54803.exe	41
PID 2936 wrote to memory of 624	2936	Unicorn-54803.exe	41
PID 2136 wrote to memory of 1472	2136	Unicorn-35774.exe	42
PID 2136 wrote to memory of 1472	2136	Unicorn-35774.exe	42
PID 2136 wrote to memory of 1472	2136	Unicorn-35774.exe	42
PID 2136 wrote to memory of 1472	2136	Unicorn-35774.exe	42
PID 2692 wrote to memory of 1996	2692	Unicorn-14009.exe	43
PID 2692 wrote to memory of 1996	2692	Unicorn-14009.exe	43
PID 2692 wrote to memory of 1996	2692	Unicorn-14009.exe	43
PID 2692 wrote to memory of 1996	2692	Unicorn-14009.exe	43

C:\Users\Admin\AppData\Local\Temp\78a7bfff39eef45dfb9ebab718d6832c.exe
"C:\Users\Admin\AppData\Local\Temp\78a7bfff39eef45dfb9ebab718d6832c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19241.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65208.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        11⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
        12⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
        10⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30881.exe
        11⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61314.exe
        12⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        13⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59266.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26854.exe
        9⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
        11⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21317.exe
        12⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        13⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
        14⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50806.exe
        15⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        16⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38753.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21042.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
        14⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43562.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        16⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53426.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21658.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8688.exe
        13⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37428.exe
        14⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        15⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33678.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10551.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22784.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
        10⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50725.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46447.exe
        12⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        13⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9920.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3480.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
        9⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13885.exe
        10⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        12⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63418.exe
        8⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
        10⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
        12⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14902.exe
        13⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        14⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4438.exe
        10⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43448.exe
        12⤵
        
        PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51145.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 188
        9⤵
        Program crash
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12030.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        12⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46301.exe
        10⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
        11⤵
        
        PID:2212
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 200
        12⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42074.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19532.exe
        10⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
        11⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        12⤵
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28452.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57056.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
        13⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48409.exe
        14⤵
        
        PID:1292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5125.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56677.exe
        8⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
        9⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
        10⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11695.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        13⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
        10⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
        12⤵
        
        PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14580.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58711.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14876.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35245.exe
        9⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
        11⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41886.exe
        12⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4570.exe
        7⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39952.exe
        9⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
        10⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
        11⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10173.exe
        12⤵
        
        PID:2592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30999.exe
        6⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        7⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39376.exe
        8⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34773.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64931.exe
        10⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57646.exe
        13⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41602.exe
        6⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9396.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54534.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24174.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
        12⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56945.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11844.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
        10⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
        11⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50739.exe
        12⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32509.exe
        6⤵
        
        PID:1628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 188
        7⤵
        Program crash
        
        PID:1800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11726.exe
        5⤵
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
        6⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18245.exe
        7⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28416.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26219.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        11⤵
        
        PID:2816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24829.exe
        6⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46265.exe
        7⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31356.exe
        8⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58414.exe
        9⤵
        
        PID:1044
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        8⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        12⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
        14⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        15⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe
        13⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        14⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        13⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56011.exe
        14⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
        15⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1538.exe
        16⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32478.exe
        11⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        12⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe
        13⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        8⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55961.exe
        9⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39857.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5404.exe
        12⤵
        
        PID:2920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        8⤵
        
        PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35472.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49199.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        9⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52493.exe
        10⤵
        
        PID:3004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
        6⤵
        Executes dropped EXE
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
        7⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1688.exe
        8⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21575.exe
        9⤵
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35363.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10792.exe
        7⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47113.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33621.exe
        9⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
        10⤵
        
        PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18665.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27492.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
        10⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45637.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
        12⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        13⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
        8⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
        9⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
        10⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
        11⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
        7⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55193.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64404.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6566.exe
        11⤵
        
        PID:812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14943.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54409.exe
        7⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35410.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11838.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5129.exe
        11⤵
        
        PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18560.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10304.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48872.exe
        6⤵
        Executes dropped EXE
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61742.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25894.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        9⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18284.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54615.exe
        11⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
        12⤵
        
        PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14009.exe

Filesize
184KB

MD5
b6625459b460af9fa91c8d8eb9400c58

SHA1
1cbc57a224d50167a8707eda8a172cf0e62980e4

SHA256
48a3eb50b9aef6cfc528c4ad4f5b391fa994405c8352a56f800c6d966a82abc6

SHA512
41845af9ebfdab1f24c2f1bc8908b8f72cc5704971066f76d6342d9449e0256194eb9b40cbc179d926d46808d2a89cf03af5a855e9d14393966d218adc25c562

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe

Filesize
184KB

MD5
b34527e1dba91324772575ef84204e40

SHA1
76270d7e16fd344ec75af2ef9b654b15bf18e2b2

SHA256
6f4ee27a5618f6a456bfb3a3dc992d44a5c68650a410c512a524e9a58765aa39

SHA512
896d2e65107967c8c207588d083a65f028f436e7e2dd335ba1bbaf5fe1274dd25a62d65185073fb0e75ba298043a05adbc1770e83d43adf5bce969313b2bcb56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28229.exe

Filesize
184KB

MD5
8bb37598f08ae92e971bddf5618003a0

SHA1
dca812cd02b5e9cad660ef1e548c086650d000a0

SHA256
33d3863c6b78225f8af0e0cea80d632b458c1ac2d80967942afa870c01cdc562

SHA512
73b6bbd5a7a7607fc5f2e16c5380d071866c9e30ba42597dee6e24adefdca6037e0e36b3e6dc5af1121aa2e7e78a9b0ea43960254bba45610341c6609cbc076d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29262.exe

Filesize
184KB

MD5
dc8c3e5f93d70b8f2a79e1d059c484ad

SHA1
e00e7d8f7da581aa4a6c797dc725bd4590e98403

SHA256
64a59025d5bf93809a587030c38869cd49b9174df6cd53cfe7e6997d3f96b91c

SHA512
bd4494da6377650b2def51b744024be2074ea86084d7c3e7cd6472d35528f980eb4fef3e694b4c8cf745289f95f52b407565fa924315a578e10aa4b17781cbcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32486.exe

Filesize
184KB

MD5
c60541547c4b06225f3d3c3919aaa1f2

SHA1
a953e6ff6bc99f972f5b246767fd6f72ffbaacdb

SHA256
7732ff06b599da1cc85b3601af88c7cbad7087150edf3f881fc2d3308d4e10be

SHA512
6d3ddd0e4597e5bf441d77d0563b7c487b298a31707be715b83ed1fb2c1c2b10b7a76246e162cf8d7a47d36ef5c64f00713b20bfee6de5cf35f937744844991b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe

Filesize
184KB

MD5
1ccb3c9b62697e0e8734837ee94969e2

SHA1
034fe9dae4c896d4f9f003690362638c42cc7e7b

SHA256
23b6bb70577dde3b141032b40308d26517763523b6bdb13a605201ad120ad2f1

SHA512
4721fc1906e9585195d58b0f8b0d8fb761007be2c288d99070bd35dc51b4a5d368173a0823dc08bbfbba97aee8c46b1479e2a83a3242b7811a85cff20b36af48

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41804.exe

Filesize
184KB

MD5
487829339681d5135ea860e9d4417b9b

SHA1
24fd6ea9781eb7e531802a7024952ca44c72dc18

SHA256
c3105c1931856eec91bfa76a491606ca92cd8c0c932a08a859266c91b8a9ef31

SHA512
388c37fca036e8e5c3462fb86c3bbf2083bc2f9d340977c268984afa6dd7942c97baeb6d3a46e0a33929ef0f3f1a2920d7532291d3d87b71dd8514d4b7050780

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46079.exe

Filesize
184KB

MD5
82b6967cf823ed69253262fc59db8d88

SHA1
ab09a1d01aa4105c67e9f1e1fc1613cb9dea4873

SHA256
8ad36b588e278069be89669cefb6b4f7ff3b3b4ccc129a863b7daef8ed685cc6

SHA512
111c896df78d5991b05508c6394fe0849908383d9b2b064bbffdf3c975cf0e333fd74b2437271996400f902cb81a7dbe0abca5a943607f991ef197b5ab91483b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51425.exe

Filesize
184KB

MD5
49d69ddc9295a08dcaef516859e10b3a

SHA1
a4ba55c54165eb59d3bc43b43820517be6cd8e8f

SHA256
2fe0b59e881a320de96c416801e1227c9eadc4c1f19c0719f252b332462722fe

SHA512
e13cf88916d59b1426db1ce6cf84d7b57e1e5f8b5614ae3a25a3dfc5bce11a29604209057ebf6f27b0536070b8c9b103141b0f4aed92b5c65b4f5703952403f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6713.exe

Filesize
184KB

MD5
3e9f480789f01c938253a76265c5f269

SHA1
176727a3bd13295ae3595fd54ce6a7df103358a3

SHA256
08f03e474674c772269b387a94a12615dcee90b9a235d22be294bdbd7a3cc05c

SHA512
fcec3f1046374f5f2954a43f874be0360c2363ab4810d9fda8dbe0b72aef43868363d1e3db3afacfa4316c79900c62c32f036faf4f79606326b5c0a20f37cbcf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe

Filesize
184KB

MD5
e98719e045118547c2b1ab14d12d4072

SHA1
82e1d8494847543aa95dda7daf79f5e61d282147

SHA256
e08bde06c60a0429374ff61f7ced3cd175a7f9be14bb0b4cbc306de8c628e0b6

SHA512
cffd45f5b784aa1723130c9b1728e09a7e0c11092559a770e791e4c73791720b2d73caf1e155af301c8e525c98a593e019ab969e087df300ea9b8d0dcdbe7a79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24228.exe

Filesize
184KB

MD5
abf9d124dc848dd5776e3d74de711275

SHA1
d4ed6ff7ac464534f2b06a71e34920125bad7bf6

SHA256
c400eb701e9cb4ffd117fa925d92e0a78c23038f5f4479866531600748bf2cba

SHA512
47cd406b9ffd8e3f7bafac4e5d280e972627c7aa0bc480b60f4a309c4c4c476fa48ec7f7611a0f66ef9d5255298249a7ed1cce8d58d08e314ab1c11b846c544e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24316.exe

Filesize
184KB

MD5
b9412c9c0eb6c17b882e13c9d0b2b658

SHA1
c0b67ceaa03b5e3e93e048443351807da794cc49

SHA256
5d57773c3134891af63cc57fd5364e4c9b1f08903a160bd41f7cf91208afa189

SHA512
9a9c5376cef651d116f8e29dafb14622b9c6c7d2d39ac7da2c86d4276b09df70ef99e603d5f672ead87cc43814bd2175a064df71ff4b393aa41a06ddec47726e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26091.exe

Filesize
184KB

MD5
3d96f882b832a0b75e06ffe3d0abb95c

SHA1
53406bd4ee4f1d70a28d094c8c6cadb080330525

SHA256
1ffb68195a2b764adc35bc3bb8657d1138e7608b3eb5fb50086f47415fb05621

SHA512
d53baa12cc09663c447cb8b7c4e441a7bb9a914b77021348698c0320e9ed9ff5a85704f62a6b54894090247ebb515447d6a0f93a6fd4b29018207bdccf5ede9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe

Filesize
184KB

MD5
bf0906b5b5f619f7d04ebae4d3c76f5d

SHA1
325542ef854b1d0fae259a0d624098501015f319

SHA256
d7e1def072293aef4144b1e786de2c81dcde50fea843d43b23feacfa0073e317

SHA512
b920896bca2c14f5e9c07651243d2a781ee8338dbc740f73e6d1ba12ff6dc7d2a49a7159f2a044443cca518373f7d30a6779c3c29b68603a4ccc9ee8e05a4bfb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe

Filesize
184KB

MD5
c9b0e450a45a5bb3a2f4b51675743a76

SHA1
e724b916ab7ed6e5d2d58478e172a96278c90388

SHA256
02be34a4634acb8c6a82c01324c2af22b507b98960b22b36583c88c1603ef134

SHA512
a1cb6abcaff4a20cf87715efe5c54b5ca36ace31e55001507a07ba47b8b76e7f7fc0316967e2dd162f0525b2383c9b9093ca086e223aea56d8d6a641340d1b91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50211.exe

Filesize
184KB

MD5
f92afa468cf3709cf1b2a911153a9d64

SHA1
a0e9e1cea9e42a53a764687b576d6bb16075cf53

SHA256
0afc2d4c3d2a24243883e69aaa02960cb671bd075182db7740136ad58657b98b

SHA512
351244b392a06a0a62da6a5c8b2efa308a677639db297392bb04b109eaa233b83675ecbb5a9e0b14b83d3c54ca9997fdc1a0e8d7158f183ba1d276e89f43e8d5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51150.exe

Filesize
184KB

MD5
feff6ada5f2f6fc80ab806b57ca14025

SHA1
d381d451bf4019feb020f5ad0bff951520eca87b

SHA256
d72a1b4395b6d5e0ec825b04d6a00e9dad6062d5fdf06095fb7c5bf49cdd6905

SHA512
08adc039cc4d9920ccd787dad1650fb73251d4813ab764239659a9dca3be2430a69a12973bd25d0bde50fba77b126711e14c421e351e6c8590c947bf16a97eb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54803.exe

Filesize
184KB

MD5
214cf39b980339e2873545d938db76ca

SHA1
989a076afc0292df597198d2abdd571dc9b58f47

SHA256
deb82d0029802d09bb2dd2834996da24b4fc180b2005ac23d14c03626b0d639f

SHA512
2da5c9bc697f8d8f12bd40b974dbe08d4992971dd2987655ff44f944bba72a8215571f6948c4c3ca87171cb12bd292e2f8a3096e4eeea0198c3a773815916d54

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64917.exe

Filesize
184KB

MD5
728893407db1238e4ea4cea7a076469e

SHA1
375183eac19d15f191dd2960a4162c7458875b47

SHA256
153a1c8e12935eb2d94b092350d816732284ea60a25dc2c1b6255a9bcef53b8d

SHA512
8ed9ae32e251aac4ec95a1fab90451df982f71ba70efd8c840b04892e9f9191246cd1af5060272fe08e357820e314ff25c1f4668b0fd96a4cbef15c1dad4bf40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe

Filesize
184KB

MD5
b75ca25b852157a6abc9d5400babe20a

SHA1
90bd7ae75467fb43df8a75ce83e5529cc6949c80

SHA256
cba92a0a23bc1ddb748ec802ec81fd97c09439a5d188585dadc95f844e9f717e

SHA512
7860e483302cbbc02ecee6840a807c5d73838359dbc01e4c5596c04b76f186fa88582486bc69b05f101850bd9c9ed7f9269bd655a32340e79bd733fd06a5b180

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe

Filesize
184KB

MD5
b5528b298bdcf0de64dcc8a129d75e08

SHA1
c34b21aacbb0ea18ad6159687dc1661d78a62fe9

SHA256
6591da7e44259345d32db4f23b35a28c0d80d2c9eac8cd0f40b5fd6c588901a2

SHA512
5d5ebed7fe3ec0d662416ac323277b6ed2fb2299aedea4bfcdecff75989853c0d415d3f5fab318249653f57ce1764c052f119d6f8a91b1286ea70c2b60b49717

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe

Filesize
184KB

MD5
e5b7f1c13b048b778fef4893c88f4099

SHA1
0b6968f034ae75d106de936a9a381228af8415e9

SHA256
0ad85f288202892788ca808c66ca31d3debe05f6f741d6ed05363c6e0f2d27ee

SHA512
356eab09b42bb82e962e1bec2be0bcee1e4759da15fe94b4cd83c1df6c1aea8a0b9e3c8d8fc79cd3b7480d86ec91cb311296cb914fc85341715b9890b3804866

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads