7c4a82500bf08971cec2bb903f5d5660659976c5311ad1e9be2392c32624a509

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 18:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8fddb484d72cb46c76f8a4361c648ce6.exe
Size

184KB
MD5

8fddb484d72cb46c76f8a4361c648ce6
SHA1

e799fb9c9ab043da2b9060c9281e1150144e4464
SHA256

7c4a82500bf08971cec2bb903f5d5660659976c5311ad1e9be2392c32624a509
SHA512

45722be497e39fd02cbe985ff19b064f4a0edb22d055951214361d80202b76001fa76719d05ee936758e529b4cad3b0fbbf09b54555d22fae75502d6499eda33
SSDEEP

3072:RGxFoJITETA7SOjSdx5Xzz1ee9Y6pfyknDVx4w2DY7lXvpLc:RG3oZM7Spd7Xzzzn8E7lXvpL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2484	Unicorn-24897.exe
2636	Unicorn-6552.exe
3060	Unicorn-8176.exe
2896	Unicorn-33832.exe
2804	Unicorn-61866.exe
2928	Unicorn-49614.exe
2244	Unicorn-39775.exe
1680	Unicorn-64279.exe
336	Unicorn-48498.exe
2176	Unicorn-60195.exe
1916	Unicorn-25939.exe
2756	Unicorn-36890.exe
2236	Unicorn-6910.exe
2420	Unicorn-4772.exe
2324	Unicorn-43666.exe
2428	Unicorn-6355.exe
2964	Unicorn-55364.exe
1800	Unicorn-16470.exe
1544	Unicorn-49142.exe
2644	Unicorn-39495.exe
2276	Unicorn-31881.exe
2880	Unicorn-25105.exe
552	Unicorn-22967.exe
1692	Unicorn-18067.exe
2360	Unicorn-46848.exe
2296	Unicorn-15545.exe
2960	Unicorn-62053.exe
2188	Unicorn-52323.exe
1156	Unicorn-24289.exe
1648	Unicorn-49609.exe
2164	Unicorn-42017.exe
992	Unicorn-53693.exe
640	Unicorn-1342.exe
1928	Unicorn-21571.exe
312	Unicorn-59095.exe
572	Unicorn-5810.exe
2496	Unicorn-48789.exe
1256	Unicorn-57341.exe
2012	Unicorn-17269.exe
2488	Unicorn-43527.exe
2312	Unicorn-43143.exe
2996	Unicorn-24093.exe
1404	Unicorn-16501.exe
1976	Unicorn-59287.exe
2108	Unicorn-18639.exe
2336	Unicorn-40381.exe
2492	Unicorn-11025.exe
1728	Unicorn-15130.exe
1948	Unicorn-43719.exe
396	Unicorn-50496.exe
744	Unicorn-13547.exe
872	Unicorn-36344.exe
2068	Unicorn-52126.exe
2876	Unicorn-42780.exe
2624	Unicorn-1747.exe
2708	Unicorn-26252.exe
3052	Unicorn-46672.exe
3056	Unicorn-51311.exe
1708	Unicorn-5639.exe
764	Unicorn-10278.exe
660	Unicorn-38011.exe
3028	Unicorn-24175.exe
2176	Unicorn-35873.exe
1944	Unicorn-23429.exe

Loads dropped DLL 64 IoCs

pid	Process
2676	8fddb484d72cb46c76f8a4361c648ce6.exe
2676	8fddb484d72cb46c76f8a4361c648ce6.exe
2484	Unicorn-24897.exe
2484	Unicorn-24897.exe
2676	8fddb484d72cb46c76f8a4361c648ce6.exe
2676	8fddb484d72cb46c76f8a4361c648ce6.exe
3060	Unicorn-8176.exe
2484	Unicorn-24897.exe
3060	Unicorn-8176.exe
2484	Unicorn-24897.exe
2636	Unicorn-6552.exe
2636	Unicorn-6552.exe
2896	Unicorn-33832.exe
2804	Unicorn-61866.exe
2928	Unicorn-49614.exe
2636	Unicorn-6552.exe
3060	Unicorn-8176.exe
2804	Unicorn-61866.exe
2896	Unicorn-33832.exe
2928	Unicorn-49614.exe
2636	Unicorn-6552.exe
3060	Unicorn-8176.exe
2244	Unicorn-39775.exe
336	Unicorn-48498.exe
2896	Unicorn-33832.exe
336	Unicorn-48498.exe
2244	Unicorn-39775.exe
2896	Unicorn-33832.exe
2928	Unicorn-49614.exe
2928	Unicorn-49614.exe
2804	Unicorn-61866.exe
1680	Unicorn-64279.exe
2804	Unicorn-61866.exe
1680	Unicorn-64279.exe
2176	Unicorn-60195.exe
2176	Unicorn-60195.exe
1916	Unicorn-25939.exe
1916	Unicorn-25939.exe
336	Unicorn-48498.exe
2324	Unicorn-43666.exe
2756	Unicorn-36890.exe
2428	Unicorn-6355.exe
2244	Unicorn-39775.exe
1544	Unicorn-49142.exe
2324	Unicorn-43666.exe
2756	Unicorn-36890.exe
336	Unicorn-48498.exe
1680	Unicorn-64279.exe
2176	Unicorn-60195.exe
1544	Unicorn-49142.exe
2244	Unicorn-39775.exe
2428	Unicorn-6355.exe
1800	Unicorn-16470.exe
1680	Unicorn-64279.exe
2176	Unicorn-60195.exe
1800	Unicorn-16470.exe
2236	Unicorn-6910.exe
2236	Unicorn-6910.exe
1916	Unicorn-25939.exe
1916	Unicorn-25939.exe
2964	Unicorn-55364.exe
2964	Unicorn-55364.exe
2420	Unicorn-4772.exe
2420	Unicorn-4772.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2240	2708	WerFault.exe	84
2020	2928	WerFault.exe	279

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2676	8fddb484d72cb46c76f8a4361c648ce6.exe
2484	Unicorn-24897.exe
2636	Unicorn-6552.exe
3060	Unicorn-8176.exe
2896	Unicorn-33832.exe
2804	Unicorn-61866.exe
2928	Unicorn-49614.exe
1680	Unicorn-64279.exe
2244	Unicorn-39775.exe
2176	Unicorn-60195.exe
336	Unicorn-48498.exe
1916	Unicorn-25939.exe
2420	Unicorn-4772.exe
2756	Unicorn-36890.exe
2964	Unicorn-55364.exe
1800	Unicorn-16470.exe
2324	Unicorn-43666.exe
2236	Unicorn-6910.exe
2428	Unicorn-6355.exe
1544	Unicorn-49142.exe
2880	Unicorn-25105.exe
552	Unicorn-22967.exe
2296	Unicorn-15545.exe
2188	Unicorn-52323.exe
2164	Unicorn-42017.exe
2644	Unicorn-39495.exe
2360	Unicorn-46848.exe
1648	Unicorn-49609.exe
1692	Unicorn-18067.exe
1156	Unicorn-24289.exe
992	Unicorn-53693.exe
2960	Unicorn-62053.exe
640	Unicorn-1342.exe
1928	Unicorn-21571.exe
312	Unicorn-59095.exe
572	Unicorn-5810.exe
2496	Unicorn-48789.exe
2108	Unicorn-18639.exe
1976	Unicorn-59287.exe
1256	Unicorn-57341.exe
2012	Unicorn-17269.exe
2312	Unicorn-43143.exe
2996	Unicorn-24093.exe
1728	Unicorn-15130.exe
2336	Unicorn-40381.exe
1404	Unicorn-16501.exe
2488	Unicorn-43527.exe
396	Unicorn-50496.exe
1948	Unicorn-43719.exe
2492	Unicorn-11025.exe
744	Unicorn-13547.exe
2068	Unicorn-52126.exe
872	Unicorn-36344.exe
2876	Unicorn-42780.exe
2624	Unicorn-1747.exe
2708	Unicorn-26252.exe
3052	Unicorn-46672.exe
3056	Unicorn-51311.exe
764	Unicorn-10278.exe
1708	Unicorn-5639.exe
3028	Unicorn-24175.exe
2380	Unicorn-3584.exe
2800	Unicorn-44425.exe
2352	Unicorn-42457.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2484	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	29
PID 2676 wrote to memory of 2484	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	29
PID 2676 wrote to memory of 2484	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	29
PID 2676 wrote to memory of 2484	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	29
PID 2484 wrote to memory of 2636	2484	Unicorn-24897.exe	30
PID 2484 wrote to memory of 2636	2484	Unicorn-24897.exe	30
PID 2484 wrote to memory of 2636	2484	Unicorn-24897.exe	30
PID 2484 wrote to memory of 2636	2484	Unicorn-24897.exe	30
PID 2676 wrote to memory of 3060	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	31
PID 2676 wrote to memory of 3060	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	31
PID 2676 wrote to memory of 3060	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	31
PID 2676 wrote to memory of 3060	2676	8fddb484d72cb46c76f8a4361c648ce6.exe	31
PID 3060 wrote to memory of 2804	3060	Unicorn-8176.exe	32
PID 3060 wrote to memory of 2804	3060	Unicorn-8176.exe	32
PID 3060 wrote to memory of 2804	3060	Unicorn-8176.exe	32
PID 3060 wrote to memory of 2804	3060	Unicorn-8176.exe	32
PID 2484 wrote to memory of 2896	2484	Unicorn-24897.exe	34
PID 2484 wrote to memory of 2896	2484	Unicorn-24897.exe	34
PID 2484 wrote to memory of 2896	2484	Unicorn-24897.exe	34
PID 2484 wrote to memory of 2896	2484	Unicorn-24897.exe	34
PID 2636 wrote to memory of 2928	2636	Unicorn-6552.exe	33
PID 2636 wrote to memory of 2928	2636	Unicorn-6552.exe	33
PID 2636 wrote to memory of 2928	2636	Unicorn-6552.exe	33
PID 2636 wrote to memory of 2928	2636	Unicorn-6552.exe	33
PID 2804 wrote to memory of 1680	2804	Unicorn-61866.exe	35
PID 2804 wrote to memory of 1680	2804	Unicorn-61866.exe	35
PID 2804 wrote to memory of 1680	2804	Unicorn-61866.exe	35
PID 2804 wrote to memory of 1680	2804	Unicorn-61866.exe	35
PID 2896 wrote to memory of 2244	2896	Unicorn-33832.exe	39
PID 2928 wrote to memory of 2176	2928	Unicorn-49614.exe	38
PID 2928 wrote to memory of 2176	2928	Unicorn-49614.exe	38
PID 2896 wrote to memory of 2244	2896	Unicorn-33832.exe	39
PID 2928 wrote to memory of 2176	2928	Unicorn-49614.exe	38
PID 2896 wrote to memory of 2244	2896	Unicorn-33832.exe	39
PID 2928 wrote to memory of 2176	2928	Unicorn-49614.exe	38
PID 2896 wrote to memory of 2244	2896	Unicorn-33832.exe	39
PID 2636 wrote to memory of 336	2636	Unicorn-6552.exe	36
PID 2636 wrote to memory of 336	2636	Unicorn-6552.exe	36
PID 2636 wrote to memory of 336	2636	Unicorn-6552.exe	36
PID 2636 wrote to memory of 336	2636	Unicorn-6552.exe	36
PID 3060 wrote to memory of 1916	3060	Unicorn-8176.exe	37
PID 3060 wrote to memory of 1916	3060	Unicorn-8176.exe	37
PID 3060 wrote to memory of 1916	3060	Unicorn-8176.exe	37
PID 3060 wrote to memory of 1916	3060	Unicorn-8176.exe	37
PID 336 wrote to memory of 2756	336	Unicorn-48498.exe	42
PID 336 wrote to memory of 2756	336	Unicorn-48498.exe	42
PID 336 wrote to memory of 2756	336	Unicorn-48498.exe	42
PID 336 wrote to memory of 2756	336	Unicorn-48498.exe	42
PID 2244 wrote to memory of 2428	2244	Unicorn-39775.exe	40
PID 2244 wrote to memory of 2428	2244	Unicorn-39775.exe	40
PID 2244 wrote to memory of 2428	2244	Unicorn-39775.exe	40
PID 2244 wrote to memory of 2428	2244	Unicorn-39775.exe	40
PID 2896 wrote to memory of 2236	2896	Unicorn-33832.exe	41
PID 2896 wrote to memory of 2236	2896	Unicorn-33832.exe	41
PID 2896 wrote to memory of 2236	2896	Unicorn-33832.exe	41
PID 2896 wrote to memory of 2236	2896	Unicorn-33832.exe	41
PID 2928 wrote to memory of 2420	2928	Unicorn-49614.exe	47
PID 2928 wrote to memory of 2420	2928	Unicorn-49614.exe	47
PID 2928 wrote to memory of 2420	2928	Unicorn-49614.exe	47
PID 2928 wrote to memory of 2420	2928	Unicorn-49614.exe	47
PID 2804 wrote to memory of 2324	2804	Unicorn-61866.exe	45
PID 2804 wrote to memory of 2324	2804	Unicorn-61866.exe	45
PID 2804 wrote to memory of 2324	2804	Unicorn-61866.exe	45
PID 2804 wrote to memory of 2324	2804	Unicorn-61866.exe	45

C:\Users\Admin\AppData\Local\Temp\8fddb484d72cb46c76f8a4361c648ce6.exe
"C:\Users\Admin\AppData\Local\Temp\8fddb484d72cb46c76f8a4361c648ce6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52323.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48789.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31597.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58810.exe
        12⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59778.exe
        13⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3810.exe
        14⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        15⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7142.exe
        16⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38537.exe
        14⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
        15⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7512.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
        11⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23865.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        13⤵
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        11⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43945.exe
        12⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        13⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
        9⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8156.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
        11⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        12⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7609.exe
        13⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        14⤵
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59287.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
        11⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21513.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        11⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35873.exe
        9⤵
        Executes dropped EXE
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46044.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26631.exe
        11⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
        12⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37251.exe
        13⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        14⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        13⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14933.exe
        10⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45655.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        12⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19400.exe
        13⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
        14⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23185.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
        11⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        12⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11532.exe
        13⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26281.exe
        14⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27563.exe
        15⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-738.exe
        12⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        13⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1257.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52892.exe
        15⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32353.exe
        16⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46298.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10761.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43325.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44648.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5203.exe
        8⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48888.exe
        9⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        12⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26001.exe
        13⤵
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39495.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43527.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1742.exe
        10⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55878.exe
        11⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        12⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26474.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17651.exe
        11⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        12⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        13⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8652.exe
        14⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54191.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32360.exe
        10⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
        12⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48735.exe
        13⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        14⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9472.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3909.exe
        16⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3281.exe
        17⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41121.exe
        12⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59557.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59142.exe
        10⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16167.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
        12⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31881.exe
        5⤵
        Executes dropped EXE
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        6⤵
        
        PID:1084
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62053.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50891.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21351.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        11⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15545.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1342.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18639.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53932.exe
        10⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25487.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42234.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30562.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10278.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5421.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7196.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27957.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30754.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37682.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        15⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
        14⤵
        
        PID:2928
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 208
        15⤵
        Program crash
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11025.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
        7⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        9⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12554.exe
        11⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41953.exe
        12⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54262.exe
        13⤵
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24093.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59199.exe
        7⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61532.exe
        9⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59342.exe
        10⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
        11⤵
        
        PID:1528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57341.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30523.exe
        10⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65172.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15310.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
        14⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23235.exe
        11⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21571.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17269.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        9⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35082.exe
        10⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34070.exe
        11⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1693.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41709.exe
        13⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54575.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58343.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39166.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
        11⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        12⤵
        
        PID:1896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
        8⤵
        Program crash
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37963.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42614.exe
        8⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        10⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15130.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60481.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        10⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21123.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
        8⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53356.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16738.exe
        12⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
        13⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        12⤵
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23429.exe
        7⤵
        Executes dropped EXE
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27378.exe
        8⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
        9⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10608.exe
        10⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36499.exe
        12⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53494.exe
        13⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
        12⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7666.exe
        13⤵
        
        PID:1684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22967.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16501.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38011.exe
        7⤵
        Executes dropped EXE
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        8⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38774.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
        11⤵
        
        PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43143.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
        7⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11041.exe
        8⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40668.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44760.exe
        10⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
        11⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8280.exe
        7⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20409.exe
        8⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31540.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38429.exe
        10⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        11⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45191.exe
        12⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
        6⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35738.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46475.exe
        8⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45388.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60427.exe
        12⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59799.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36204.exe
        8⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3828.exe
        9⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        10⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26764.exe
        11⤵
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4051.exe
        7⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4713.exe
        9⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18113.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12570.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58346.exe
        12⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49145.exe
        12⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10769.exe
        11⤵
        
        PID:2328

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe

Filesize
184KB

MD5
14005e2fe59f3c74b44f8bfdca305b3a

SHA1
dd81304d6dfe650046658099216c27025aa301ea

SHA256
a8c67369984a127b16d6a9e1dc4d3b8f8b6ff4724b72af3089609dd2a6b8abd3

SHA512
14f53cdb5bb5b6b7d98a85ea9f67d2be691607c2c3725f641933ae8924a6b8b960b645862f0e1d4c6294d847423a8bfe8efdb466cfefd8c487ffdf1b2e0a446f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36890.exe

Filesize
184KB

MD5
59d8f7d3a990257d897131fdc1011b0e

SHA1
416bdd19dacd9858fd33deebe2581f9d630cf927

SHA256
95908110ca361d09e14f5d24b3df8f7e89cc43cae6ff832c207ab2131b491327

SHA512
661a4ae4498f806f95c15a6c366d1f09535ec23472bc702a1746f9ab23cbb3c5589ee1c3183f181bfeff8da58912951394d8d0f99533da6b2ec1abe9ffe75bb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe

Filesize
184KB

MD5
25c6903c7d0fd21f55066c49918e0140

SHA1
d79f48006859520618f3eb17bfab2db83fe63644

SHA256
6f1a9611a4ae477a7b6b673a88cfd51201337550f0e0e9067c4c09e225895cb3

SHA512
4bd894a2956f0fd19387b5ce34f60c5297a2e1c609133e5785de1879e06b31db8250bec28aad1536955e81f9fc8f1cf5b26b75dd65c10eced7442db33ad05caa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39992.exe

Filesize
184KB

MD5
65956ac3e4ece60e5a6ece1479898e0c

SHA1
32a0253c818fe64808364977c54637dc30c05cd0

SHA256
773dcadc1d07ada243f9589694a041bc4c689f5f99f145a8de2aa1732ebab3ee

SHA512
d22b6de6b3fe7ddd55f75073885d50d3ef4fc2f8ba94e9b7ceda3aedea909fa738cb1e67d03e68479ea7154c3aaf472150a4b913af8874ad31bb67a0c0817f1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40381.exe

Filesize
184KB

MD5
ff0a530bd556c20f2f6476f073c0cf85

SHA1
19c0c005fb11691f0dff5ee45b2fe45f16d9cc3a

SHA256
f7d0026bd1ed4943a0a5812bbb03279edd76bc17687bb187de9d256ed668d4ef

SHA512
b170ab94c7bf6134595a2161ae742a6bbe81ab3bed98b3c671f158ffeaa21447cec8994d22144c87cd2d3842f4547a12cbe2ad05370c757f632905a5dfde94d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe

Filesize
8KB

MD5
5f91ff84753d62721c683bb38771ae18

SHA1
2c423fb77fb3db6b4d0c98e4731d5fe70ee158d9

SHA256
0d71d870e474bfde88a6c0ff6cb39ee50684b519dde36e72ec385c283e3300ce

SHA512
f30b83298bcc77dadbeb3fe66e21e294ef8decb335d416d709433ecbe6fd8a98e96b37f8c042f701fee0d57a5d74ef5c5fafa0822810af175cb2d73062a3022b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe

Filesize
184KB

MD5
f6ca82df0d37f3e4f5fc79ee472f6636

SHA1
57877469ec5ccc2ae1f5324269e4d1bfb095c19e

SHA256
bbb159d3e52326b70e5d6e1958821fe5f7dd38d39c0beeb0195ef32c387d40c3

SHA512
56ce1a9e5eae5a62dd81d86396f608c645b664efd53481e6b20d805a2c901126a5d2e8e95deaac81e8d2b118bb6f6a12d6abd28375e94ac6681d013e262d499f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe

Filesize
184KB

MD5
1dba7aa69c87dc293b8b80a824babc27

SHA1
d0992ab797b84d90426f42dbc9924361fb4d4c3a

SHA256
05dfa8af3440af5d56a4b530de77aaeed8a6156f38117ddab9fc7cb3b696617f

SHA512
3572b8bd539548825301cf6dad590fd8d22b2564463a15842e94e78c2111cb2de90e1b3147425d4b7d8f8752e77b1b5c323feb64ac57a99e8cd1c9ca83bafb64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5805.exe

Filesize
184KB

MD5
81a99a6d27a60879246a1befc49e3785

SHA1
95cb613ef023c0fd321d37680949149f7c39fe2a

SHA256
52ad927c4bac5c21ca5104dbfd6f741fd1c3c4168c27eee99dd8e87f28ddc751

SHA512
fab68ee36565c0e09cbb2d6ca66a8551ccdb5ef621fb41e6ed44ed49e14bb26152309eb281ef7d2af5bc92afd03b9ee2f5f239497f1b9abfe6a797ec4846482a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5810.exe

Filesize
184KB

MD5
dbc82624b41864dc5ba23efd2d9d528d

SHA1
8e1b0513b8d0741cddb99335dc083e44e7340636

SHA256
e447158672471746cf751dce91ae8e1d0198e55e2be0e5156fb30a93ca8234a5

SHA512
5bf422f3af355471574252ee441ff2243caf15883f1e2239817b25196293674bee282f377a94bdd32000bbac255ca24ce4efec96831c9a2914bd2882311d5b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe

Filesize
184KB

MD5
bc9094086c8d9565b1bf834780a20b1c

SHA1
f46566d55d4dd236153c16056d6db5d5399f9383

SHA256
eed9dc620e244bd019203d00f17abffa12528ed99308b31097b6f04a88c48118

SHA512
65fe335243d83a67a0cd29a9729ccd97c9a9a967bce39a4a32abe4b9b292993d4a57c08a08b31745241e57d7ea4ae980bb85108d2a4e9ae68f0847f3b8ffad41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6677.exe

Filesize
184KB

MD5
836774003325d5ba5a6fa940648324c0

SHA1
bd7f7a83637e8b14652ecaf8969f1866d6ea7286

SHA256
7b56c35f2c56af2890d3eda0371b6eed312e04c0c3834b6d63b7322ff4ffef69

SHA512
5ecd203279aea5c59bc2efad21983b88be9bd02cb48cd3eb5d9bdff7ea753ae63ec67e88b7c44078382b20057203a02dfc0f1f68103162b71cf913333e2a2a84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe

Filesize
184KB

MD5
5927542e522d2c3bcd2b0b4ec71fa55c

SHA1
554e9662a643db5cb42c7ec47fe5ad31210ce011

SHA256
b82be379ce2d585ec21ac1db9944c7278e7fb1f36ea48e06db7f60e848d5bff3

SHA512
47f1501b17cdd4a6890bcf79cd7eb8c5a8c62093be8b22044591b662b35d1b02787496634027259e3be657aba8263fb0ba31bd7ed1f9232d86330e7ac2ee5745

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe

Filesize
184KB

MD5
1cb48985bcca12ccc8622828962fc07b

SHA1
740de9050a6f86a9c963ec1fcd35bc9f33089fe2

SHA256
40e1d5ba7ee05b142cd98bdbd676b793192d3e2fcf55d4598ae017c637f793f0

SHA512
1931422f214619b90c7397cf4321cb013479ef42bf6bc740912fc131c4ae4343c197bca74e1e4fb882bbb3142c50e21dbe02a60cc3c20e6bc792ef09d9e8b1a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe

Filesize
184KB

MD5
6ee745ef49f8fdff1bcef731b05206a6

SHA1
ce660d2610f06bfd23df937e1463adbebf997546

SHA256
07f05a04e4543243eaf232ae85db390b888469998f50f88e488726ae23809ec7

SHA512
082b79d784b46b2cacbb2183bbf2b91284259ae78d00f76fafd296406f99f39000ef3141f1f98d2276a156a0d64a17020cd0a3ab7fc736a52fc2e2cbba4fa73f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe

Filesize
184KB

MD5
89529ef4d9f7a7d009671eddf2b13cce

SHA1
802b1064c389e6aac84260495c97229edcbc4fda

SHA256
5613be3d259cff30ce786a6a81cb41acdf81f1722a879bf7a6884e5601cbbcc6

SHA512
2c2c6c8ae1b4c6b4dde69c12435777cb95c62f11e04724b85df1482c48ac34c8543f79eb37aa54646b9f98ee3cd227f9b0c8a0b12060964ac6dc8941832e7d78

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33832.exe

Filesize
184KB

MD5
f6f55cf9bad91f8ee9051f628173da95

SHA1
ef60ce1e3f27f1ea8fe9856f3fce398b106a589b

SHA256
54d2813aed85ce32974f489b0b6cf2478484c3d0875828e5e16a0314dc51a961

SHA512
ba9816cd3be56a46226c96df54fcc43bd00c4b20afce64fa2f4402573f29b52b3ca66e6f97169058c92a6e144b5a847a2ff96730659eeba3c6d68b7c65a80589

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39775.exe

Filesize
184KB

MD5
4bc0209b443ff22d448d92e45171bda4

SHA1
cd073ffbdd6c31413ae46d65867d238b1f0024a8

SHA256
4b0b724d25bf5c47a251a633e354ed57c3e95407ec7b602e7caf0b90bf03e090

SHA512
a48c0dfc6232eaccc6da95d01e786b0f258555dd5cf677629843478626ab4991ebaafeaf32aafea4883d2e1b645e08231ad276072c7a190e15960814de1c8835

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43666.exe

Filesize
184KB

MD5
972e7791cdcb53bf8622d79f3f3de934

SHA1
4ba40e5ce6d88db087f29be1ac3610e110fdff23

SHA256
3d9418234b6d5169efd9f85a198f8b0bcd2d1e7bf14384999a8072532a7f11ed

SHA512
66bd7ebb3e368b81ab88cd5c7fde767d4c8b85c53f3f07cd5dc3e24d5e8a5c9d0809afc2587c78c255a36f4113cdd5d196a3ed10509df8cdcca49a75c612aefe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe

Filesize
19KB

MD5
3a07a44032de440df010aa257aafddf7

SHA1
c19e72a9d6952a19916b7ed222b01a11e4809b38

SHA256
5c15674d10641ef2f32cf8643a118637c5586e186ebab8e1be9691a6e097d32a

SHA512
2087955c89174508db6fe9f6683ec6be1a551d21c05cd188633239d5fe1b4f4bcbdf6219b7b5298d352ec44265af3d5e302d3232d7414a620cebb20588719d45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe

Filesize
184KB

MD5
d325c7efc99de6f815ac832b85d25588

SHA1
1ea3a6783e3af0e62366dfd7ab7ea9b3dac289e4

SHA256
d7a2f2b7bae328c6e71fe5acc77bf89432deff81d61c5cfd7ba6bbe2e4d82a68

SHA512
415b52b5fd2d9f2c9b6ef8a37ac4491f08afea73898c399f80257ae3bda90b6aadaeab421c106184dc38adafe98e66c197996a1cf285bfa5c19e3e9229a6d95a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe

Filesize
184KB

MD5
ac3faf10bc2af937b776665f0fb3b207

SHA1
8d2646f9308ef16b2326f68108c29fc0517f4622

SHA256
97752b1fa59180bb43a2fae3c326bafa75eac609967195585abc280cfa2b1af3

SHA512
4aa7b94535a6a0159eb584c66a0ec529f052ba1299b04d99656b9c144ea4820bf1f95cc5d171546ed3080a7a9388513a5c5c53d83c1330d84f276d429a0da09e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe

Filesize
184KB

MD5
739e60a87d2be0283f2fee53978a61c1

SHA1
0feeb9ab8cf6320739c7d07d0f4364914614589c

SHA256
27fb7e7bd3adfec13ccbc317c6218bde89abcdf1e300a06d8f18cfb148645993

SHA512
202a52dc8f3f3c53cfd0d16cf9ec04dc27db8f42a3ff41ebf3ac66d9e1b0da0db84a8e5a48871b87e4996f9b6985e77895d08f2d46d4249db1c8e2e6727645ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe

Filesize
8KB

MD5
dc5e286bff12685d58383b20e36640cf

SHA1
b939ffe07f77637a680752a19e0cb1625bded4c4

SHA256
39a2f071ea73bedef2a9cc1d6e463161ba2b693b3c2434e1d7863f1983197743

SHA512
aeaea18445383bd2c80fafcc6f8d3b66cf197c94f1a58ce0aaa73ff75956b7864ae800ef12caea9df6acec0c069e35125bd2db12b4c4946caccf971e9dde2063

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60195.exe

Filesize
184KB

MD5
14149422225f292d1f3f9f735c8eb8ea

SHA1
56f043f998144d3117e1e89e5aaef213bb6237d1

SHA256
b649e1a9cfe846250bb6b6370cb8c844be7f5d6f569995fdf2fb3b18111a7b79

SHA512
5551e5df6e54b160e925dcc05e42a94c4af3a108227a12a1ac1d7cd564dc64ad8a0c5d4ebf97d91342ded8da9b9f585167122e6b7a189cc4be386abddf9e0eab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61866.exe

Filesize
184KB

MD5
e3904bd60ed468df19d0373e820586b1

SHA1
3a4d1aad17d0e6f5999c59424beb2a542e70a52c

SHA256
0a81fc5a879e80338b1bd1895698ad3f502d9f616d0f2b1917ef59a9c14cc0a8

SHA512
fb1be1182138abd0355a267e0bb80fbe904e88c8eab0feb8c3720eb2beec5f5abeb291051790893154810878af7c330e71e762f7b038b260b3de3565def299e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe

Filesize
184KB

MD5
a7451b31b7c8d274385dc6f7d66c6d11

SHA1
d8801ac385931be446cf8fddcc4ba6078e0de6d1

SHA256
6f3af384572ef3889fcf2d597a11249a5b85f1db29240403b67c39fea09364fd

SHA512
216c7ebaa0644575647c01752a1d543d42a20edbd90d6bbfb90004810257f3bd3089a64043fb37c994543cd22e153e5a9b8eb646d4eec0209f92c72488826857

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64279.exe

Filesize
184KB

MD5
80c611ff45f0741117419fe11c9b2bbd

SHA1
108c2c75fbb9abf39a5d06694c9f18eab0fd45b7

SHA256
6786f24cc4ae94c5a70e434b41dad78bd2dadf9ff939c119fcc8813005a83e84

SHA512
49d0a87d42094ea028ad1a7bb01efb3d176e52f513e350d1a4f1648bd35b7c9b1478e980f7f763533334f43257b92f1c895ded4c90e0d40bab569321179580ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6552.exe

Filesize
184KB

MD5
6efc4662e1606304e66ea97365f6319a

SHA1
c063457cfc2a4a99e2bed282c46791c1fbf7c12a

SHA256
419800a8201db50694ca35cad63d210b2f032a9b8c2039be49b8b86cf231e0d9

SHA512
bd3a7d780c214d2ee4165dcb9e1f954f1e6564846097942af053f230699446c6cb4f4535388436591115201cbcba5606edff9406a19768f101edb17d42360952

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6910.exe

Filesize
37KB

MD5
c087ffc4ae232b2660ba7989fdc4bbc7

SHA1
4f66f137607b07c6307b9680b03e1d5e0bf90a6a

SHA256
5945a36c2bad421f91ef335479177acdf32197283fd03e8789c519a40dbde6a5

SHA512
165d63826c0bcd59b5c302a0890615387be0b84bb88e6805ee332056ab35ff8833b93cc04311517144dd25ce372aa3ce7150abeb2fa81f2747efc9843cca5bfa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe

Filesize
184KB

MD5
31c654368cccf362e80ad30dbd2327e9

SHA1
b7a55238f6b657efb420b7be84240fd32d5c0a3b

SHA256
a9d2097179875654b5ee93b921de9d34e899f38355bc3d4705d6bc8480a0b7dd

SHA512
c7f186278eb5d109e823e49098a9c37f3f86b674ca2333b45e3cb21486281da6179bba7c48397005d737c80bcfe60f54ece381e8130f6a5937d1c0143d445582

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads