de6c2810293b3ede1214b0e1a9a7f2f02ea88d2e5d9bf88a0003d6c7646388dd

Analysis

max time kernel
148s
max time network
130s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 07:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79ada838450f442359d406e278ef2046.exe
Size

184KB
MD5

79ada838450f442359d406e278ef2046
SHA1

ae669c2f2887a98d56ab34dc884d44052f09b7a2
SHA256

de6c2810293b3ede1214b0e1a9a7f2f02ea88d2e5d9bf88a0003d6c7646388dd
SHA512

29f7bd250d7b422b6fdf6890b53a8f564bfdd61ab2995fe8d7e453bc88095720558123aa6d1ac4b20fd96ffdbd2233f42e34e5c0468cd9e6e41d9b67313cba2f
SSDEEP

3072:jUtsomAB4VfQ+ajPo3dKvJ0LDeIMMD1f740xz3FCuslPvpFU:jU+oyVQ+0otKvJONn7slPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2476	Unicorn-16873.exe
2656	Unicorn-7246.exe
2688	Unicorn-28605.exe
2744	Unicorn-13079.exe
2572	Unicorn-41070.exe
2812	Unicorn-52768.exe
2372	Unicorn-2301.exe
2128	Unicorn-9400.exe
2904	Unicorn-58793.exe
2648	Unicorn-48165.exe
2036	Unicorn-22783.exe
484	Unicorn-36951.exe
1916	Unicorn-749.exe
2908	Unicorn-26583.exe
1968	Unicorn-2078.exe
1656	Unicorn-47750.exe
1044	Unicorn-23053.exe
2068	Unicorn-25514.exe
2236	Unicorn-2270.exe
436	Unicorn-19624.exe
2436	Unicorn-32814.exe
1868	Unicorn-11647.exe
1376	Unicorn-18555.exe
2040	Unicorn-18555.exe
916	Unicorn-64226.exe
772	Unicorn-18555.exe
1812	Unicorn-8967.exe
2268	Unicorn-45402.exe
612	Unicorn-65267.exe
2136	Unicorn-62122.exe
1668	Unicorn-8282.exe
2156	Unicorn-62314.exe
1048	Unicorn-18454.exe
2172	Unicorn-6948.exe
2260	Unicorn-41505.exe
2640	Unicorn-56808.exe
3004	Unicorn-50633.exe
2712	Unicorn-55656.exe
2568	Unicorn-25252.exe
2552	Unicorn-63139.exe
2592	Unicorn-47940.exe
1480	Unicorn-23436.exe
2532	Unicorn-23436.exe
2200	Unicorn-61131.exe
2884	Unicorn-36818.exe
2244	Unicorn-15652.exe
2984	Unicorn-2610.exe
2860	Unicorn-22476.exe
2784	Unicorn-63892.exe
1700	Unicorn-64084.exe
1396	Unicorn-53238.exe
636	Unicorn-47831.exe
2304	Unicorn-48023.exe
3028	Unicorn-28157.exe
1588	Unicorn-48874.exe
836	Unicorn-13056.exe
1336	Unicorn-61572.exe
692	Unicorn-15901.exe
1144	Unicorn-15901.exe
1060	Unicorn-45620.exe
2316	Unicorn-5916.exe
1952	Unicorn-34483.exe
240	Unicorn-29653.exe
880	Unicorn-33798.exe

Loads dropped DLL 64 IoCs

pid	Process
2132	79ada838450f442359d406e278ef2046.exe
2132	79ada838450f442359d406e278ef2046.exe
2476	Unicorn-16873.exe
2476	Unicorn-16873.exe
2132	79ada838450f442359d406e278ef2046.exe
2132	79ada838450f442359d406e278ef2046.exe
2656	Unicorn-7246.exe
2656	Unicorn-7246.exe
2476	Unicorn-16873.exe
2476	Unicorn-16873.exe
2688	Unicorn-28605.exe
2688	Unicorn-28605.exe
2572	Unicorn-41070.exe
2572	Unicorn-41070.exe
2812	Unicorn-52768.exe
2812	Unicorn-52768.exe
2744	Unicorn-13079.exe
2744	Unicorn-13079.exe
2688	Unicorn-28605.exe
2688	Unicorn-28605.exe
2656	Unicorn-7246.exe
2656	Unicorn-7246.exe
2372	Unicorn-2301.exe
2572	Unicorn-41070.exe
2372	Unicorn-2301.exe
2572	Unicorn-41070.exe
2904	Unicorn-58793.exe
2904	Unicorn-58793.exe
2128	Unicorn-9400.exe
2744	Unicorn-13079.exe
2128	Unicorn-9400.exe
2744	Unicorn-13079.exe
2812	Unicorn-52768.exe
2812	Unicorn-52768.exe
2036	Unicorn-22783.exe
2648	Unicorn-48165.exe
2036	Unicorn-22783.exe
2648	Unicorn-48165.exe
484	Unicorn-36951.exe
484	Unicorn-36951.exe
2372	Unicorn-2301.exe
2372	Unicorn-2301.exe
1916	Unicorn-749.exe
1916	Unicorn-749.exe
2908	Unicorn-26583.exe
1044	Unicorn-23053.exe
1656	Unicorn-47750.exe
2908	Unicorn-26583.exe
1044	Unicorn-23053.exe
1656	Unicorn-47750.exe
2904	Unicorn-58793.exe
2904	Unicorn-58793.exe
2236	Unicorn-2270.exe
2236	Unicorn-2270.exe
2648	Unicorn-48165.exe
2068	Unicorn-25514.exe
2648	Unicorn-48165.exe
2068	Unicorn-25514.exe
2036	Unicorn-22783.exe
2036	Unicorn-22783.exe
1968	Unicorn-2078.exe
1968	Unicorn-2078.exe
2128	Unicorn-9400.exe
2128	Unicorn-9400.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2088	612	WerFault.exe	56
2252	872	WerFault.exe	103
1568	844	WerFault.exe	257

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2132	79ada838450f442359d406e278ef2046.exe
2476	Unicorn-16873.exe
2656	Unicorn-7246.exe
2688	Unicorn-28605.exe
2744	Unicorn-13079.exe
2572	Unicorn-41070.exe
2812	Unicorn-52768.exe
2372	Unicorn-2301.exe
2904	Unicorn-58793.exe
2648	Unicorn-48165.exe
2128	Unicorn-9400.exe
2036	Unicorn-22783.exe
484	Unicorn-36951.exe
1916	Unicorn-749.exe
1656	Unicorn-47750.exe
2908	Unicorn-26583.exe
1968	Unicorn-2078.exe
2236	Unicorn-2270.exe
1044	Unicorn-23053.exe
2068	Unicorn-25514.exe
436	Unicorn-19624.exe
2436	Unicorn-32814.exe
1868	Unicorn-11647.exe
916	Unicorn-64226.exe
1376	Unicorn-18555.exe
772	Unicorn-18555.exe
2040	Unicorn-18555.exe
612	Unicorn-65267.exe
2136	Unicorn-62122.exe
1812	Unicorn-8967.exe
2268	Unicorn-45402.exe
1668	Unicorn-8282.exe
2156	Unicorn-62314.exe
1048	Unicorn-18454.exe
2172	Unicorn-6948.exe
2260	Unicorn-41505.exe
2640	Unicorn-56808.exe
3004	Unicorn-50633.exe
2712	Unicorn-55656.exe
2568	Unicorn-25252.exe
2592	Unicorn-47940.exe
2552	Unicorn-63139.exe
2532	Unicorn-23436.exe
1480	Unicorn-23436.exe
2244	Unicorn-15652.exe
2200	Unicorn-61131.exe
2884	Unicorn-36818.exe
2984	Unicorn-2610.exe
2784	Unicorn-63892.exe
2860	Unicorn-22476.exe
1700	Unicorn-64084.exe
1396	Unicorn-53238.exe
636	Unicorn-47831.exe
2304	Unicorn-48023.exe
3028	Unicorn-28157.exe
1588	Unicorn-48874.exe
836	Unicorn-13056.exe
1336	Unicorn-61572.exe
692	Unicorn-15901.exe
1144	Unicorn-15901.exe
1060	Unicorn-45620.exe
2316	Unicorn-5916.exe
240	Unicorn-29653.exe
1952	Unicorn-34483.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2476	2132	79ada838450f442359d406e278ef2046.exe	28
PID 2132 wrote to memory of 2476	2132	79ada838450f442359d406e278ef2046.exe	28
PID 2132 wrote to memory of 2476	2132	79ada838450f442359d406e278ef2046.exe	28
PID 2132 wrote to memory of 2476	2132	79ada838450f442359d406e278ef2046.exe	28
PID 2476 wrote to memory of 2656	2476	Unicorn-16873.exe	29
PID 2476 wrote to memory of 2656	2476	Unicorn-16873.exe	29
PID 2476 wrote to memory of 2656	2476	Unicorn-16873.exe	29
PID 2476 wrote to memory of 2656	2476	Unicorn-16873.exe	29
PID 2132 wrote to memory of 2688	2132	79ada838450f442359d406e278ef2046.exe	30
PID 2132 wrote to memory of 2688	2132	79ada838450f442359d406e278ef2046.exe	30
PID 2132 wrote to memory of 2688	2132	79ada838450f442359d406e278ef2046.exe	30
PID 2132 wrote to memory of 2688	2132	79ada838450f442359d406e278ef2046.exe	30
PID 2656 wrote to memory of 2744	2656	Unicorn-7246.exe	31
PID 2656 wrote to memory of 2744	2656	Unicorn-7246.exe	31
PID 2656 wrote to memory of 2744	2656	Unicorn-7246.exe	31
PID 2656 wrote to memory of 2744	2656	Unicorn-7246.exe	31
PID 2476 wrote to memory of 2572	2476	Unicorn-16873.exe	32
PID 2476 wrote to memory of 2572	2476	Unicorn-16873.exe	32
PID 2476 wrote to memory of 2572	2476	Unicorn-16873.exe	32
PID 2476 wrote to memory of 2572	2476	Unicorn-16873.exe	32
PID 2688 wrote to memory of 2812	2688	Unicorn-28605.exe	33
PID 2688 wrote to memory of 2812	2688	Unicorn-28605.exe	33
PID 2688 wrote to memory of 2812	2688	Unicorn-28605.exe	33
PID 2688 wrote to memory of 2812	2688	Unicorn-28605.exe	33
PID 2572 wrote to memory of 2372	2572	Unicorn-41070.exe	34
PID 2572 wrote to memory of 2372	2572	Unicorn-41070.exe	34
PID 2572 wrote to memory of 2372	2572	Unicorn-41070.exe	34
PID 2572 wrote to memory of 2372	2572	Unicorn-41070.exe	34
PID 2812 wrote to memory of 2128	2812	Unicorn-52768.exe	35
PID 2812 wrote to memory of 2128	2812	Unicorn-52768.exe	35
PID 2812 wrote to memory of 2128	2812	Unicorn-52768.exe	35
PID 2812 wrote to memory of 2128	2812	Unicorn-52768.exe	35
PID 2744 wrote to memory of 2904	2744	Unicorn-13079.exe	36
PID 2744 wrote to memory of 2904	2744	Unicorn-13079.exe	36
PID 2744 wrote to memory of 2904	2744	Unicorn-13079.exe	36
PID 2744 wrote to memory of 2904	2744	Unicorn-13079.exe	36
PID 2688 wrote to memory of 2648	2688	Unicorn-28605.exe	37
PID 2688 wrote to memory of 2648	2688	Unicorn-28605.exe	37
PID 2688 wrote to memory of 2648	2688	Unicorn-28605.exe	37
PID 2688 wrote to memory of 2648	2688	Unicorn-28605.exe	37
PID 2656 wrote to memory of 2036	2656	Unicorn-7246.exe	38
PID 2656 wrote to memory of 2036	2656	Unicorn-7246.exe	38
PID 2656 wrote to memory of 2036	2656	Unicorn-7246.exe	38
PID 2656 wrote to memory of 2036	2656	Unicorn-7246.exe	38
PID 2372 wrote to memory of 484	2372	Unicorn-2301.exe	39
PID 2372 wrote to memory of 484	2372	Unicorn-2301.exe	39
PID 2372 wrote to memory of 484	2372	Unicorn-2301.exe	39
PID 2372 wrote to memory of 484	2372	Unicorn-2301.exe	39
PID 2572 wrote to memory of 1916	2572	Unicorn-41070.exe	40
PID 2572 wrote to memory of 1916	2572	Unicorn-41070.exe	40
PID 2572 wrote to memory of 1916	2572	Unicorn-41070.exe	40
PID 2572 wrote to memory of 1916	2572	Unicorn-41070.exe	40
PID 2904 wrote to memory of 2908	2904	Unicorn-58793.exe	41
PID 2904 wrote to memory of 2908	2904	Unicorn-58793.exe	41
PID 2904 wrote to memory of 2908	2904	Unicorn-58793.exe	41
PID 2904 wrote to memory of 2908	2904	Unicorn-58793.exe	41
PID 2128 wrote to memory of 1968	2128	Unicorn-9400.exe	46
PID 2128 wrote to memory of 1968	2128	Unicorn-9400.exe	46
PID 2128 wrote to memory of 1968	2128	Unicorn-9400.exe	46
PID 2128 wrote to memory of 1968	2128	Unicorn-9400.exe	46
PID 2744 wrote to memory of 1656	2744	Unicorn-13079.exe	45
PID 2744 wrote to memory of 1656	2744	Unicorn-13079.exe	45
PID 2744 wrote to memory of 1656	2744	Unicorn-13079.exe	45
PID 2744 wrote to memory of 1656	2744	Unicorn-13079.exe	45

C:\Users\Admin\AppData\Local\Temp\79ada838450f442359d406e278ef2046.exe
"C:\Users\Admin\AppData\Local\Temp\79ada838450f442359d406e278ef2046.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2476
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15652.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
        9⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        10⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
        11⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1794.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        13⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
        14⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7862.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        10⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63631.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
        12⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        13⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        14⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2610.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18377.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
        10⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
        12⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64226.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3939.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        9⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
        10⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
        12⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        13⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50633.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61085.exe
        9⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11552.exe
        10⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        13⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        10⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5271.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16627.exe
        13⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64027.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        9⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9248.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39319.exe
        11⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        13⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
        14⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15864.exe
        8⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49304.exe
        11⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61632.exe
        12⤵
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55656.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        8⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17535.exe
        10⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8409.exe
        12⤵
        
        PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
        7⤵
        Program crash
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63139.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25917.exe
        7⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7074.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        10⤵
        
        PID:288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        7⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61059.exe
        8⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
        11⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
        12⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
        13⤵
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45620.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        7⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34215.exe
        8⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31754.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        11⤵
        
        PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19624.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18454.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        9⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64868.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
        12⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56263.exe
        13⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55931.exe
        14⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
        13⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1196.exe
        14⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
        15⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33982.exe
        14⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28157.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        8⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42331.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        10⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21674.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
        13⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64686.exe
        8⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
        9⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22376.exe
        11⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34670.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-366.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
        9⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62474.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe
        12⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61406.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53324.exe
        14⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58920.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32847.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35884.exe
        7⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        8⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
        9⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        10⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34369.exe
        11⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        12⤵
        
        PID:1056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32814.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11647.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48874.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
        9⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51461.exe
        12⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
        7⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        8⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64784.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        12⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20577.exe
        7⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10457.exe
        8⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23551.exe
        9⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50762.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15693.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53516.exe
        12⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15574.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
        10⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        12⤵
        
        PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56808.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15901.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        7⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        8⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        9⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36325.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
        11⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60831.exe
        8⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6729.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51696.exe
        11⤵
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33539.exe
        12⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10832.exe
        13⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41451.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13798.exe
        11⤵
        
        PID:2080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2128
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8282.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
        11⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34991.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52504.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50636.exe
        14⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36818.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13093.exe
        7⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
        8⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
        9⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54747.exe
        10⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
        11⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57389.exe
        12⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63294.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16544.exe
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        12⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25511.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7907.exe
        9⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42978.exe
        10⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
        11⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-745.exe
        12⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63892.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
        7⤵
        
        PID:872
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 220
        8⤵
        Program crash
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
        7⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58143.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48766.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56564.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39071.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47157.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47072.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33295.exe
        10⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15365.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        10⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27149.exe
        11⤵
        
        PID:808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18555.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64084.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62268.exe
        7⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35398.exe
        8⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32264.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54908.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
        11⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39162.exe
        12⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        11⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33776.exe
        12⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62024.exe
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        7⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39704.exe
        10⤵
        
        PID:2840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6710.exe
        8⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63932.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37389.exe
        11⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
        12⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
        7⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
        8⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12749.exe
        9⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31536.exe
        10⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
        11⤵
        
        PID:2588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61131.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24422.exe
        6⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20935.exe
        7⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49399.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23904.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46361.exe
        10⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42319.exe
        11⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41762.exe
        9⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43310.exe
        10⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13166.exe
        8⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11597.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33352.exe
        10⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
        11⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
        13⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55232.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
        8⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
        10⤵
        
        PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45402.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29653.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13451.exe
        7⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59601.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46553.exe
        9⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26066.exe
        10⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
        11⤵
        
        PID:844
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 200
        12⤵
        Program crash
        
        PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
        5⤵
        Executes dropped EXE
        
        PID:880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62434.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16670.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21884.exe
        10⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
        11⤵
        
        PID:924

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22476.exe

Filesize
184KB

MD5
13ef208b10cbe5fee490faf9defeab17

SHA1
63198d5a21a20b35ef6c861907451afeb617f532

SHA256
c0631747e5fa86463bd8a9dc629948adde574968b0f2bc366bd030af35bf95c4

SHA512
c15d764876f98f69e633f4748f0346bdb9eb7a3ccc94b2624b0dfa512abfe6eb03ff99e595e958b9a081fdfcc2edd1594bfebb22d3b89c96577c2f3dca3fb634

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe

Filesize
184KB

MD5
a16d82aeb060809f5345ff4a4e1a9a8b

SHA1
4978221ef479535e69a9043995482fe7261d8ab8

SHA256
c67892f140d63100746db3ac72f173306fd4305f6778cbcf82c60f9640cb35ff

SHA512
0d3fa59f9e4bcf8456cc05238a0279275a05d2a31a4c8c953f3c12b1750e6d2f8848262c5f6dc6e87a112b61099f8452f0abb2f484dac8fb893528b778eccab1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31112.exe

Filesize
184KB

MD5
698a619b8047e321a20f376328612361

SHA1
2ceec5941481845ed49b050fe43325ee3f1e8fa5

SHA256
2f5d7497a9807895a1a3375d760b70cf6f442260477b53832cdb5f2ec1ff5792

SHA512
4260897a384c7503c1a2116e747488a8a14c6bfc841b7205e4860f3be79c79c7f6ae462eb4b9a05db7f13fccb6d26433884931b5baab22cada57243d57e9f933

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe

Filesize
184KB

MD5
727e3e52973dd3d1f6bc7b227b6926f6

SHA1
a3e9c99ef410cd8113147a5db9102ec68c15b293

SHA256
0db9710a1d44eb995f694a46bfa86f8dd4add95cf1a45a067d892ffaff314098

SHA512
798a690b07cd41f8c3970b52c879152e5aa4f87c287e90c55d65d135e70abaabc8232db38f1e09e7eae67b2c226c953f814a8b82244aed85da311dba50cc16b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe

Filesize
184KB

MD5
95da39cc38e7e18e5c9e79c25670655a

SHA1
b361fe199fe32e1ecef0da39b667fe65c982180e

SHA256
f2e169dcb4a0f78007c38d39dbb4a235bfb8328628c11a7d6941cc862c837604

SHA512
1d9379ff5083770709d29f5f7356af5feb0ea8b4be9ac8a4d85d31866240fa593a058368e9a8d8b14f80e625f433ef7bdd7fba486de70ae4f38bd5c1711e94f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48729.exe

Filesize
184KB

MD5
64e802dcb985e537a63407367cf5017e

SHA1
4446c8a329cc3882f75ea6a79370072ef2ae933f

SHA256
aa217e4326b604e96a26adb52783625c78e9ba50f1eb1a930b6ed971b5a55b7a

SHA512
8cc03abcd1c992784f5c0b67f544c5ff79519d6ae8c5aed9be42856200b5005b4cc41b24b95915083c57a4ed89f4bed8f307fc4952f20d101d5dc932e6b115f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52768.exe

Filesize
184KB

MD5
9e2549c46ac55f5653e0bbdf872b10c0

SHA1
4762ddd233fde05ed7336c19c80d5f2a6c4adf8c

SHA256
20cfee1cfff1933248751fb423a9d41683a256555df74c348b58a2a5ae663330

SHA512
20fb1fd30498084253ada41b4241eb3bd03b977f4f33710979e4e05d480ec2dcff1fdca2bb3df00f76c58d7719bb96bae2272e123f74b811ddcfa0c6580c36b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5916.exe

Filesize
184KB

MD5
3ff1755fd4a12e9cb2fdb8e522108858

SHA1
2c639c838d5e659abb272dd5f323ade3e201265d

SHA256
98b64eca613d654c8ca62d924cc548cd223793212ce46e80bbc573d4f0223aa1

SHA512
c17f0c7b86db44a7e7fe6fdcdcd36b21dac7caff6cd2d00eb195e43177a78fe145f2b389d80987ca35d734532d339aaa1ee2cf7e29d9bf1a277ceed5be0379cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6180.exe

Filesize
184KB

MD5
8f060e174787bce20b911247d2b82a5e

SHA1
6e1081300249a692ea97ee31edfe24a9b19d68e5

SHA256
679375b90eb055480cef43d6fe50beaaf25db31d05deacaf831713a9b279dcda

SHA512
e21c2d518ce09bda93c411dbbd3ce6aa8cf3d56bbd9fe5efd67ee21806c2969dbf264ede4ee7f5b3cee8f0e60dea0738038f66ce225dd3bdc36674ba50735f6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13079.exe

Filesize
184KB

MD5
add55bcfb8c3bd8410c7254a48d25c60

SHA1
a4c81dda204d02cfc383873dbf194c671585ddb7

SHA256
0567291eb99848510c30b8daf93dcab17255e27b0f8ee80155b5456e94d39526

SHA512
463d5af7aa8e416f673a2c5adda4def43470ecef77090a4f86473ea2114272ddf93fb4830bc18e376f3449030c26378eb64815f7a88564ede3fc6f0eab27411b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16873.exe

Filesize
184KB

MD5
8a780ece0f88f47db26b612d3abdb771

SHA1
3a9553b8e995e30075400cf41e6924c6f240233f

SHA256
efb93d3fd40a76615d0a71d97311987a71fd5e6a968b4fca15b4812d59831739

SHA512
ea59c2df3b4dfdf0af9c6a31c4bc652a4322b999042e18540f8f78fdcbf616f892a222386b979af31953f0daedcf2837e88ec5186c7a92623d227934075a9baf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe

Filesize
184KB

MD5
48cf45bc0ffb59f062455c9a750ce911

SHA1
d34f11b65b508e71c4753e2d2c8c9885a6ef4c55

SHA256
a73108706ded6051ddf2b5a3d598d39d052cc07ad23aefe8d193343b2580e8e9

SHA512
6ef58b4c42b0942215ab1b37cb7479833d6275dde87b4a8dbfbf57359aed4925a879044d12cb19c210d3ab575904f30f72fe674e722094e2c2220a7bcc72662e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2270.exe

Filesize
184KB

MD5
f30859cadfa673a60c1fe9c86e4be051

SHA1
164f4e9ca0b7206e5a8d2a38fa73a4784394ebb7

SHA256
344d26f519b21492c4c27f1b9c2c9523dfd6cea2a6eb79eda741a97d9921e9b8

SHA512
301d6a8e09dba9451706398ccd246a15f8087f29c5a13c7a7cdd59deec7b54b84fc53d6b633d3ed5a32127ca9119b14b10076c3c3bd962639fe74b07eb74732d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22783.exe

Filesize
184KB

MD5
64be0ad39764491af008d9b2486ec3b5

SHA1
f96a118f2439fd99976e3c11b8e868e7c70cfd3a

SHA256
0699e4e09ad3e753b54b0a5620abc78aa5823e597f19823bee0cf2914ae4741a

SHA512
4d236d96b007be3371efd45a30d0147361055e0b160bef47d44c1af7d120c7a522995366ed0815d06346354459147255d6da75307c6427538cb8914a60cda013

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2301.exe

Filesize
184KB

MD5
09e445b0d2b3486e298ef4dec2cc0ff5

SHA1
1bfcc0073d951f923ad8f9cbb6397ee2ed992792

SHA256
2b6ddbbcb6eb366125cdd61e5f88c385deac1662637d036cecee03f89d55b438

SHA512
c6ba8b4deba0d0aa6778428c8042d0f0f6e869eb4a1d7f5d880016c8bacdc271b04dd68b33e4a7196e154b1f232dcaaf1325ba06908e4e54e600b6689e6d260f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25514.exe

Filesize
184KB

MD5
ec87ca7207879c11b9af57765497d02e

SHA1
1dc957c189597642da2e81ed3e55b82c7299c670

SHA256
d55e35127acf8e94d98d7a2798f4c3d5dcf05e3b6ff100516a768d7fff084a34

SHA512
b7caf17baac0b83c573b68f958b2682124b0198fb197b974add45593a7de06ce0fea485909c5de54b3c7ee084492cbd2ca769b1eabae44003ac1d583e0ee894e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26583.exe

Filesize
184KB

MD5
95af6469112c732395d46407980f1b00

SHA1
e674b87f0bb2ed2b6813a93df4ade31a37af6b2f

SHA256
619603ccdbae939a0c4ac0ffd2c0644fdef47e4c586c765012f632d706ce45d8

SHA512
bd1f9f16afc1c9ee2085faca3346fde519d52b29a19b229959a0a1af58c49e37013df9ba97cc01623781a5abd2cd28045c09b36d53539166ff289ccff48b7c6b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28605.exe

Filesize
184KB

MD5
b2ac206f7d31e040cd69566f0fafa77a

SHA1
78f09c3ed4893dfd5008c06c20df10441a82b823

SHA256
43db6c6b7fca94f2a588cf5216784117e488372ba6a1f5e5009b62ef99818f73

SHA512
e338ef049a5d7743952ff9e0858aaa2c01ef3deb996150130759908bff82a963e57e2bb52aae262d210c4250ee677e4082ed6b46d62bb8759097eadad8a740fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36951.exe

Filesize
184KB

MD5
dd67eb2c9d29384a5ca1bdbf865c0850

SHA1
093ddcfc361007c8dc639f01ed59d58c7a90e842

SHA256
bb857e3d3e43e90f8dd3c092ab349b96351b08719e902e3b0caaf4695b65e1dc

SHA512
8c969c4b559184b233233f827ac6ed6f77698aeab06377cc51aa8d568fdf4e36908e44cc89494543ef4d79b39ac94d642fe6d3b0e65b4e3640fdaab08f3f3f78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe

Filesize
184KB

MD5
8c9a5f204936ef53edcc8979a70ebd72

SHA1
a9373dc280a9bd0189f4c30c2cd069273ca4839c

SHA256
9d8f284a61afe89d9a284d69cbb54e6b20f833796dc306403751be9e1958db52

SHA512
f6bea8fcb28e2fb716560efc58c306af0163677246551633202790e993152ac2c5894c319e8e47bbd043a1c164b98b0d30e7f4561bd4177f87ceae087f3e54ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe

Filesize
184KB

MD5
0df308c8275dac3ce1da907b38fbbd7b

SHA1
7c779777b6ed4aeebb0efb31cbedbb45fd78638c

SHA256
348daf67e48b78d143475492383b1f151a2b653f0cbedbe93cfb6221a3282b05

SHA512
0ddc96aaa8355ff70094ae1eb7c302bb9f00329850007e5a2b045c230f09e19f41ce147ad014542091446fe63745de122e056cb80938665465cb2b12f468b136

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe

Filesize
184KB

MD5
a033ad3ac869d3b5e52458795f7ab78b

SHA1
9818f440578e5131c7a61b010510a97ec134369d

SHA256
0fd943621bff56c29e2f405f9e2a740acbeb03186a8c5c852cf435f9a07058db

SHA512
f52a57fb72471c63508e6dcda32e89fdf89303cfd910b2eef74935fcbfdbfc74acb119bec20441cd317295355cb7de502c8c45c1e5fd81928f75254615b1466e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe

Filesize
184KB

MD5
05ffe44ee9ac278b1b03560524dbbf41

SHA1
9dfa3827a4d5089d2d93aa1ab8fb0d2aa5d2000f

SHA256
82aa2fb8d5f072676a9ac40406e78fe03b9579968bbdb8bedd5fd00ee4409cf5

SHA512
4ab02fde022c8595788c733efc3920a1fe518bb57f3a89403cd4a630c5da3a84e2214108b0f582d5f40860270fe99c140007e638229f463369c4c292be13c69d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-749.exe

Filesize
184KB

MD5
67712cfae40d8a599e30397a3b832a86

SHA1
d25f35c31ffaa381d56c16f635215f49fbcf8830

SHA256
4f1de19075adab2d40b532b6ad3e443033f0c0e892ece15dca90c9e3a5ad601e

SHA512
ea58d48887ef04348ba1ec0fcba55a93af36474539848a6d411c286514ca606df2d73c97a0582205c9693c95dd668ecf71533217267268e60cf713e8c9056074

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9400.exe

Filesize
184KB

MD5
4d606f8863d1596228032b91e62cf736

SHA1
069fe546a30ef0a656b74dbdb657fbd0fd37fe39

SHA256
b858362e3341c5989ff337c3cf0bb0bb83fa9d85cbb490f74bc8d68e718e7d1b

SHA512
a643aa2ad139131766817335cca24ecfae532fa41c2f4dfb2be308e0352fa8b30267a72ee2518f5374151dcf3cadb7c6a2633dec25f8a1f7cdbdabed628b47a6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads