f4aa0605bfb7ae217b357df8f2d3151492c4c24e9cd370b61a23057e16d08423

Analysis

max time kernel
136s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28-02-2024 13:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abf4b0fe2fa1ebb075df1aac694f57d1.exe
Size

184KB
MD5

abf4b0fe2fa1ebb075df1aac694f57d1
SHA1

8ee69fbbb94f2e8ce4067327e805db32077730f3
SHA256

f4aa0605bfb7ae217b357df8f2d3151492c4c24e9cd370b61a23057e16d08423
SHA512

165ad685210a35fb6f9834e6cd95ec69622e48a2bf5687691af554f96692e4b5d6ad17585da841af3a243ee7f2b05a0614c5df7e43692238a01107ac9e9bb0ef
SSDEEP

3072:S6Heoz/PfYA01OjddTsWI8Fbtsn6ODfI0DEx89PpQNlPvpF+:S6+oj501SdoWI8yQAUNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2992	Unicorn-15251.exe
2552	Unicorn-18301.exe
2720	Unicorn-43551.exe
2260	Unicorn-45986.exe
2580	Unicorn-9784.exe
2420	Unicorn-17398.exe
2388	Unicorn-4434.exe
476	Unicorn-23702.exe
2712	Unicorn-19064.exe
2788	Unicorn-26525.exe
2704	Unicorn-51544.exe
1744	Unicorn-26521.exe
1632	Unicorn-26883.exe
1972	Unicorn-58809.exe
344	Unicorn-21669.exe
2292	Unicorn-62701.exe
828	Unicorn-38197.exe
2632	Unicorn-18331.exe
3056	Unicorn-56432.exe
1536	Unicorn-38424.exe
1688	Unicorn-15181.exe
284	Unicorn-34554.exe
2068	Unicorn-10734.exe
2020	Unicorn-9089.exe
872	Unicorn-38254.exe
1152	Unicorn-23733.exe
836	Unicorn-31347.exe
1512	Unicorn-1689.exe
2200	Unicorn-44346.exe
916	Unicorn-51383.exe
2820	Unicorn-17066.exe
2488	Unicorn-23541.exe
2856	Unicorn-43812.exe
2416	Unicorn-63848.exe
2696	Unicorn-27454.exe
2456	Unicorn-6479.exe
2484	Unicorn-40496.exe
2440	Unicorn-20630.exe
3048	Unicorn-56640.exe
1948	Unicorn-3547.exe
268	Unicorn-3547.exe
1224	Unicorn-49219.exe
2644	Unicorn-33013.exe
2796	Unicorn-57325.exe
2792	Unicorn-57325.exe
1964	Unicorn-59224.exe
336	Unicorn-24653.exe
2248	Unicorn-2047.exe
1028	Unicorn-46780.exe
2836	Unicorn-21721.exe
1640	Unicorn-62369.exe
3064	Unicorn-30849.exe
2872	Unicorn-43463.exe
2264	Unicorn-42717.exe
2380	Unicorn-3116.exe
900	Unicorn-39510.exe
2420	Unicorn-32302.exe
2288	Unicorn-45301.exe
1136	Unicorn-53646.exe
972	Unicorn-45286.exe
2492	Unicorn-5960.exe
692	Unicorn-55161.exe
320	Unicorn-54606.exe
2148	Unicorn-42354.exe

Loads dropped DLL 64 IoCs

pid	Process
2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe
2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe
2992	Unicorn-15251.exe
2992	Unicorn-15251.exe
2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe
2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe
2552	Unicorn-18301.exe
2552	Unicorn-18301.exe
2992	Unicorn-15251.exe
2992	Unicorn-15251.exe
2720	Unicorn-43551.exe
2720	Unicorn-43551.exe
2260	Unicorn-45986.exe
2260	Unicorn-45986.exe
2552	Unicorn-18301.exe
2552	Unicorn-18301.exe
2420	Unicorn-17398.exe
2420	Unicorn-17398.exe
2720	Unicorn-43551.exe
2720	Unicorn-43551.exe
2580	Unicorn-9784.exe
2580	Unicorn-9784.exe
2388	Unicorn-4434.exe
2388	Unicorn-4434.exe
2260	Unicorn-45986.exe
2260	Unicorn-45986.exe
476	Unicorn-23702.exe
476	Unicorn-23702.exe
2704	Unicorn-51544.exe
2704	Unicorn-51544.exe
2788	Unicorn-26525.exe
2788	Unicorn-26525.exe
2712	Unicorn-19064.exe
2712	Unicorn-19064.exe
2580	Unicorn-9784.exe
2580	Unicorn-9784.exe
2420	Unicorn-17398.exe
2420	Unicorn-17398.exe
2388	Unicorn-4434.exe
1972	Unicorn-58809.exe
2704	Unicorn-51544.exe
1972	Unicorn-58809.exe
2388	Unicorn-4434.exe
2704	Unicorn-51544.exe
1744	Unicorn-26521.exe
2632	Unicorn-18331.exe
1744	Unicorn-26521.exe
2632	Unicorn-18331.exe
3056	Unicorn-56432.exe
3056	Unicorn-56432.exe
344	Unicorn-21669.exe
2712	Unicorn-19064.exe
344	Unicorn-21669.exe
476	Unicorn-23702.exe
476	Unicorn-23702.exe
2712	Unicorn-19064.exe
828	Unicorn-38197.exe
828	Unicorn-38197.exe
1632	Unicorn-26883.exe
1632	Unicorn-26883.exe
2292	Unicorn-62701.exe
2292	Unicorn-62701.exe
2788	Unicorn-26525.exe
2788	Unicorn-26525.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1192	680	WerFault.exe	102
3012	2492	WerFault.exe	176
2464	3000	WerFault.exe	177

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe
2992	Unicorn-15251.exe
2552	Unicorn-18301.exe
2720	Unicorn-43551.exe
2260	Unicorn-45986.exe
2420	Unicorn-17398.exe
2580	Unicorn-9784.exe
2388	Unicorn-4434.exe
476	Unicorn-23702.exe
2704	Unicorn-51544.exe
2788	Unicorn-26525.exe
2712	Unicorn-19064.exe
1744	Unicorn-26521.exe
1632	Unicorn-26883.exe
1972	Unicorn-58809.exe
344	Unicorn-21669.exe
828	Unicorn-38197.exe
2292	Unicorn-62701.exe
2632	Unicorn-18331.exe
3056	Unicorn-56432.exe
1536	Unicorn-38424.exe
284	Unicorn-34554.exe
2200	Unicorn-44346.exe
2020	Unicorn-9089.exe
1688	Unicorn-15181.exe
836	Unicorn-31347.exe
2488	Unicorn-23541.exe
2820	Unicorn-17066.exe
2068	Unicorn-10734.exe
872	Unicorn-38254.exe
916	Unicorn-51383.exe
1152	Unicorn-23733.exe
1512	Unicorn-1689.exe
2856	Unicorn-43812.exe
2416	Unicorn-63848.exe
2696	Unicorn-27454.exe
2456	Unicorn-6479.exe
2484	Unicorn-40496.exe
3048	Unicorn-56640.exe
268	Unicorn-3547.exe
2440	Unicorn-20630.exe
1948	Unicorn-3547.exe
1224	Unicorn-49219.exe
2644	Unicorn-33013.exe
2248	Unicorn-2047.exe
2792	Unicorn-57325.exe
2796	Unicorn-57325.exe
1964	Unicorn-59224.exe
336	Unicorn-24653.exe
1028	Unicorn-46780.exe
2836	Unicorn-21721.exe
1640	Unicorn-62369.exe
3064	Unicorn-30849.exe
2872	Unicorn-43463.exe
2264	Unicorn-42717.exe
2380	Unicorn-3116.exe
900	Unicorn-39510.exe
2420	Unicorn-32302.exe
2288	Unicorn-45301.exe
1136	Unicorn-53646.exe
972	Unicorn-45286.exe
2492	Unicorn-5960.exe
692	Unicorn-55161.exe
320	Unicorn-54606.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2992	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	28
PID 2172 wrote to memory of 2992	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	28
PID 2172 wrote to memory of 2992	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	28
PID 2172 wrote to memory of 2992	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	28
PID 2992 wrote to memory of 2552	2992	Unicorn-15251.exe	29
PID 2992 wrote to memory of 2552	2992	Unicorn-15251.exe	29
PID 2992 wrote to memory of 2552	2992	Unicorn-15251.exe	29
PID 2992 wrote to memory of 2552	2992	Unicorn-15251.exe	29
PID 2172 wrote to memory of 2720	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	30
PID 2172 wrote to memory of 2720	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	30
PID 2172 wrote to memory of 2720	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	30
PID 2172 wrote to memory of 2720	2172	abf4b0fe2fa1ebb075df1aac694f57d1.exe	30
PID 2552 wrote to memory of 2260	2552	Unicorn-18301.exe	31
PID 2552 wrote to memory of 2260	2552	Unicorn-18301.exe	31
PID 2552 wrote to memory of 2260	2552	Unicorn-18301.exe	31
PID 2552 wrote to memory of 2260	2552	Unicorn-18301.exe	31
PID 2992 wrote to memory of 2580	2992	Unicorn-15251.exe	32
PID 2992 wrote to memory of 2580	2992	Unicorn-15251.exe	32
PID 2992 wrote to memory of 2580	2992	Unicorn-15251.exe	32
PID 2992 wrote to memory of 2580	2992	Unicorn-15251.exe	32
PID 2720 wrote to memory of 2420	2720	Unicorn-43551.exe	33
PID 2720 wrote to memory of 2420	2720	Unicorn-43551.exe	33
PID 2720 wrote to memory of 2420	2720	Unicorn-43551.exe	33
PID 2720 wrote to memory of 2420	2720	Unicorn-43551.exe	33
PID 2260 wrote to memory of 2388	2260	Unicorn-45986.exe	34
PID 2260 wrote to memory of 2388	2260	Unicorn-45986.exe	34
PID 2260 wrote to memory of 2388	2260	Unicorn-45986.exe	34
PID 2260 wrote to memory of 2388	2260	Unicorn-45986.exe	34
PID 2552 wrote to memory of 476	2552	Unicorn-18301.exe	35
PID 2552 wrote to memory of 476	2552	Unicorn-18301.exe	35
PID 2552 wrote to memory of 476	2552	Unicorn-18301.exe	35
PID 2552 wrote to memory of 476	2552	Unicorn-18301.exe	35
PID 2420 wrote to memory of 2712	2420	Unicorn-17398.exe	37
PID 2420 wrote to memory of 2712	2420	Unicorn-17398.exe	37
PID 2420 wrote to memory of 2712	2420	Unicorn-17398.exe	37
PID 2420 wrote to memory of 2712	2420	Unicorn-17398.exe	37
PID 2720 wrote to memory of 2788	2720	Unicorn-43551.exe	36
PID 2720 wrote to memory of 2788	2720	Unicorn-43551.exe	36
PID 2720 wrote to memory of 2788	2720	Unicorn-43551.exe	36
PID 2720 wrote to memory of 2788	2720	Unicorn-43551.exe	36
PID 2580 wrote to memory of 2704	2580	Unicorn-9784.exe	38
PID 2580 wrote to memory of 2704	2580	Unicorn-9784.exe	38
PID 2580 wrote to memory of 2704	2580	Unicorn-9784.exe	38
PID 2580 wrote to memory of 2704	2580	Unicorn-9784.exe	38
PID 2388 wrote to memory of 1744	2388	Unicorn-4434.exe	39
PID 2388 wrote to memory of 1744	2388	Unicorn-4434.exe	39
PID 2388 wrote to memory of 1744	2388	Unicorn-4434.exe	39
PID 2388 wrote to memory of 1744	2388	Unicorn-4434.exe	39
PID 2260 wrote to memory of 1632	2260	Unicorn-45986.exe	40
PID 2260 wrote to memory of 1632	2260	Unicorn-45986.exe	40
PID 2260 wrote to memory of 1632	2260	Unicorn-45986.exe	40
PID 2260 wrote to memory of 1632	2260	Unicorn-45986.exe	40
PID 476 wrote to memory of 1972	476	Unicorn-23702.exe	41
PID 476 wrote to memory of 1972	476	Unicorn-23702.exe	41
PID 476 wrote to memory of 1972	476	Unicorn-23702.exe	41
PID 476 wrote to memory of 1972	476	Unicorn-23702.exe	41
PID 2704 wrote to memory of 344	2704	Unicorn-51544.exe	42
PID 2704 wrote to memory of 344	2704	Unicorn-51544.exe	42
PID 2704 wrote to memory of 344	2704	Unicorn-51544.exe	42
PID 2704 wrote to memory of 344	2704	Unicorn-51544.exe	42
PID 2788 wrote to memory of 2292	2788	Unicorn-26525.exe	43
PID 2788 wrote to memory of 2292	2788	Unicorn-26525.exe	43
PID 2788 wrote to memory of 2292	2788	Unicorn-26525.exe	43
PID 2788 wrote to memory of 2292	2788	Unicorn-26525.exe	43

C:\Users\Admin\AppData\Local\Temp\abf4b0fe2fa1ebb075df1aac694f57d1.exe
"C:\Users\Admin\AppData\Local\Temp\abf4b0fe2fa1ebb075df1aac694f57d1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54606.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
        10⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
        12⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9941.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63893.exe
        14⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45223.exe
        15⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31533.exe
        8⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22282.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6900.exe
        11⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        12⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        13⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63558.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47985.exe
        12⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        13⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        14⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        10⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        11⤵
        
        PID:1144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38424.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43615.exe
        9⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        11⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
        12⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41139.exe
        13⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49598.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6142.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        10⤵
        
        PID:3000
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 200
        11⤵
        Program crash
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
        8⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58695.exe
        9⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
        10⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47990.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
        12⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15211.exe
        13⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        16⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58763.exe
        11⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7370.exe
        12⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2716.exe
        14⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56640.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53490.exe
        8⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44617.exe
        11⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39084.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9517.exe
        13⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5960.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33449.exe
        8⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63537.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        13⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
        7⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6889.exe
        8⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50372.exe
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27316.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23956.exe
        11⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10453.exe
        12⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52472.exe
        13⤵
        
        PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34554.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63848.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51311.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42456.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6738.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24901.exe
        8⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16714.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53304.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8986.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26086.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5756.exe
        12⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27454.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40299.exe
        8⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28800.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
        10⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
        11⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        12⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50283.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10034.exe
        8⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10086.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36011.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30724.exe
        14⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23733.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62369.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        7⤵
        
        PID:680
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
        8⤵
        Program crash
        
        PID:1192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24653.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28924.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1539.exe
        9⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
        10⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26278.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45031.exe
        12⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46780.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51264.exe
        7⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3402.exe
        8⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        10⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43857.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        13⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28594.exe
        14⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
        13⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56280.exe
        11⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33355.exe
        13⤵
        
        PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15181.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20813.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60740.exe
        9⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
        10⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
        11⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
        12⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
        11⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2660.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
        10⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        12⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        13⤵
        
        PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10734.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26428.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39822.exe
        10⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46732.exe
        11⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23998.exe
        13⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45581.exe
        14⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        7⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        8⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62598.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        10⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7946.exe
        11⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13737.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44542.exe
        11⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        12⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
        13⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
        11⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
        8⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
        9⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        10⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
        11⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52104.exe
        12⤵
        
        PID:2656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31347.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        10⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9894.exe
        11⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10081.exe
        12⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47409.exe
        13⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
        14⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-712.exe
        15⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21879.exe
        14⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52020.exe
        15⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17821.exe
        13⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6898.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40272.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53496.exe
        10⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49307.exe
        13⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
        8⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15624.exe
        9⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        10⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
        11⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
        12⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42618.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23132.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16862.exe
        13⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        7⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57014.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
        9⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 200
        10⤵
        Program crash
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39915.exe
        7⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17871.exe
        9⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38499.exe
        10⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14025.exe
        11⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
        12⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4574.exe
        13⤵
        
        PID:1600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44346.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45286.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15213.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
        9⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55161.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33257.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        8⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34036.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
        10⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28943.exe
        11⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8918.exe
        7⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23242.exe
        8⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36641.exe
        9⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13091.exe
        10⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63888.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19764.exe
        12⤵
        
        PID:1628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33013.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        7⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50491.exe
        8⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10797.exe
        9⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
        10⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15640.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13641.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21985.exe
        14⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50952.exe
        15⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
        10⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46217.exe
        11⤵
        
        PID:2188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56251.exe
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19350.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
        9⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50014.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
        11⤵
        
        PID:2124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1689.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21721.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
        9⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10224.exe
        11⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
        12⤵
        
        PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
        6⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34212.exe
        7⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38862.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6851.exe
        9⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
        11⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
        12⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        13⤵
        
        PID:796

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe

Filesize
184KB

MD5
5515df9289b5682e0520bdf62c158f21

SHA1
58493100d2ec138579c93fbcfc52aef1b806a5fc

SHA256
d9d73256da69d45a77bad907deab4a199dfcbd45b73685a3655d6cffcc3e5bdb

SHA512
7678eb27ab4da9c1beb8ea95dea641e08582b9f75b91b4c82c6707ab056912b94fc52d5b3115834a71f498cdeca5b25fc40deaac3d1de94e8c4ebff78f775de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23702.exe

Filesize
184KB

MD5
7add8e049b8f71e8748a588a4b30dbb8

SHA1
0fb468f1c714acc2db33a34742ade3e11b6b1abc

SHA256
267390c6b4957f7f3ec24984bd63da8861a9fb2331be9b8c91fc784a6ce5f37d

SHA512
3ea11f6367e7fb02b37be5e85576a0198ddf9871b7db93292726ec5357069a17f0241a5c80114b61690ebd897be9238f9c1d963a2f852250781a1e578d60adeb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38197.exe

Filesize
184KB

MD5
043ad98cc1e8fe056f0665530b0dcdcf

SHA1
7d2cf5bfe16dfd1e1a6980cade14a617833b58c9

SHA256
fffb426650d6d0774cc28f25dfa7e0db1aebfbc3019c5e692059095bb6041438

SHA512
fb3baec13a6fa0079ebc8ae14960e006e5628fea1b6c6afd9e68a3b13666af27a14ba7dd25b5316a1d0847e731aa982f709eccdab9641820f555274b815330bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe

Filesize
184KB

MD5
3ab5e1f7c7f77bb34c9c545cef09b07a

SHA1
b26a7c1a33e7485211a95643c7ac878f4da1860a

SHA256
0d3bdc46ad5d99c49e980b1ec87dd2045da0838cd8313dbea7306b7f6b38391e

SHA512
d398d6aa6fa78c41685f040294d61584edc6eeb7a23004335a7e54b5a0784f8ad76bcfddeb13f2079d0ac9833f6a99a6f29d422e8fe7e7e79b88b3abf79ef350

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43551.exe

Filesize
184KB

MD5
9990425f01a07f2523bd013a8b398057

SHA1
481b4d304d44378f329046e6b1ad6f230b3fcd5f

SHA256
5a69762150a1a2bdd220f8c593035107e4b85b98ac9432e18e4abcac8cd5894a

SHA512
d382ea3afdb59c48c41fcc2831e7df9b9c7f81c59cd1c3a586b0e838f986c0619dd0aaf8d859746bf79e680b85f24308c57b8476913fdc62cfe8077f71aa65fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe

Filesize
184KB

MD5
30d5b368a1f9d536643f404b4b576729

SHA1
a422cff01aa5fa1ea5b689ec1dd34a7d0a88d191

SHA256
dba901f7e8831d68360aa41cbc5999d8189ca41a70eb29b187f7b43fc38f8548

SHA512
73e7cdd0efd1649fc176227c9bfdadf7e392000c8fe9fda233b34513ca997816efab9e1cdf3b46b1d40c943bdf4c7a14b132c940e508722586f77da80c6702b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58809.exe

Filesize
184KB

MD5
f85a27bfb958cdd9b5ca41bc1bf76bbd

SHA1
87d4b55902546b019151ac822825b2564caf3aa5

SHA256
c7633311a75c074ff4d0b99064d1ff4920f6310e58c802704e88d7d436f68ad5

SHA512
40fcfcb9312e361a523f859545538f02ec4043e615783f378a38682099f617f2e4d6da7b4f0e7b01cc9dbc90482503f8c62f4fd507660a222528fb22cca2ce3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62701.exe

Filesize
184KB

MD5
266caf3883c7fe0a0ec4aefe4e872396

SHA1
dedcb5fc1a2ac179904098567721666d2d6d659f

SHA256
29a10d4d8444eb2da59c70c1c2de7671786c1d47f91ce234e46243da1d5b122a

SHA512
81096765adbd5682dbceaead4a788e9c4533c925453eb9762999f9f20a82239681795999affb1966a9caa5908b5d7bdcbf1975e9bb1c4040aadede211f0c02ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe

Filesize
184KB

MD5
eb8b6e93d19a6b72bac8e67591b3de3f

SHA1
26989d4b68adad060b51c801b498deeca628ef10

SHA256
90a650fbe85a239893ef6f4a11316a0cf82a3ef750db5a07b0d398148d2b90d5

SHA512
0014d97331bf507166182a651e5d61074a99b3761e7859a7e834033aa15c935539c70db0faed8aaaaf3524b6b4a0697ec72d963e023dd1cd877f9df070f97f41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe

Filesize
184KB

MD5
cdd8b8d38102e46917b0b61c31ab8f04

SHA1
377f4d6bc5a99878e6fb982854f9d1fab0a451ef

SHA256
f21cb606e1d15a45b910e234527657452fdc98c25a9035138e0ce34c7e590dba

SHA512
379e74ac44ecc26c7549075992db0f5969a6df1c3142fa755e6de006ca9b72d5603d28312ae049eb432e966992ec99f8d85f077ff690d62415f884b12c9351de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe

Filesize
184KB

MD5
40bae0ba1e825b472949cabd71290d56

SHA1
d6475943dec70ef201061f3db70ebe8c71a0ec03

SHA256
22822052f90d74a6bfdf6a3f9a45641bec9c4fa76f8181624e797020b235ad91

SHA512
6a59b6e892c0469734a1513bdf70de8ac83c1485be1ed375427250c0770578a8152214257c520cd90a8e3d151f226e0deff6efefe7686f8c54a991f5b9ebe04d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe

Filesize
184KB

MD5
f2be8ae19ca8d6858a255f14b6d73633

SHA1
955c05952ee5b9a3127ebed58179e12e9c29766e

SHA256
930326e2c03165dab13fcf9e9c91d3c1b9a0768304e6feddee74850bfb4a63de

SHA512
34349a67aaf0260f0e340ecaa4bdf077a2d98a622cf4ad0442ee7eeabcbf8b0156d15908b872e46e99bc624267ca1d8b432e01287eb5c9ef0e03d6001c8e3f58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe

Filesize
184KB

MD5
d55de6e333cbf367af26156b34f1a913

SHA1
c97ff4ef885106c667ff08f7215640c21fa267ff

SHA256
6c04f8e1b7f9af7525a2c797da2dc3739a89305ecc2a4086ce6feadcfee9d89d

SHA512
4bdad11b6aa9a4bf70373bb71958b944dc66be00de0f186052420649dc8efc3564cba9bfa54d89d568c4b25d869babc500fc6763abc0ce2da64e4567817c181f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe

Filesize
184KB

MD5
36c559ac27a37fa40e8468d4dbe91120

SHA1
0c7e5f8e047460cc8c62f63393831f8d492c5371

SHA256
821e3cc83f74753f48cc5232ad2d131f381429053481e4577a220399da9dcf81

SHA512
cf7aa05cc019d1786a2c9dd1f66185a063dd7e8c64031b75fa3f74bba0c53f706bf3adae88bfbf81225cffa675c3650b7e33bbf4b57ea68f201828a05e17aaba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26521.exe

Filesize
184KB

MD5
e068566e87290370bd7b6f556aa049ef

SHA1
e03ef1a384437ac6da0fa4189e570f8b80ac86a1

SHA256
0b2f987e642c4b6ea9d7cc26c2314477100ee1621a8c7fd9e282cd1a540e2be8

SHA512
c734a40662055fbbc9169c350c851eb8fe6b5b2f65c116bc42bdb48892220fdd4c86edd81dc21302b96f1f5e3aa6c0a17363b5a2afe73edf331485bd1a66aaa0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe

Filesize
184KB

MD5
072d49a2f9eaeef807033a278935c789

SHA1
bf3c4169ef0e0142012131385304c06e1fd4126f

SHA256
df876e3a0a41f9c80a3765950eb5951ac9e0a190b5796ab59c0e23e3e7aa327c

SHA512
70744049c3cf307e4dc3f12c93bcbaf3c84762da15567a3419c42c78e4b7576ad67883c091aac2fd7a57d2e718864d41815a80955e4f0f263f9c8d3401903b7d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe

Filesize
184KB

MD5
ac7c5d13bd17360167fe56e3672a9fa1

SHA1
2a1a55c8d2f5ac3e8622de3bb007cc0ab903fd74

SHA256
be708898777c6670e079fdc0002052f2e8ee05b48fa75c9b1697faab5819c7d3

SHA512
5766cefd6d616b8930fb2986fd3ab580e867f08e8ab31ded1adbc0b45a9a02e0ee6c3fda698794bff720f215619413a45bef72f1e3fafa4e935c5e83f0d7fc47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4434.exe

Filesize
184KB

MD5
98d53ff2ca1c0a7da87a64d05ffaee03

SHA1
afc38da61d4b9b88f5d11cc7576dd6175386ab20

SHA256
39b6c29e37a8a4f96d3e2b160e433fd5c5ab3522985fe9936dff8571fb7293d0

SHA512
1a48120baf2eab3d8a6ef3c47d9406e709838b42a29c65b50a70caf8d600885abc7c6a1175aefc4ca51cae55d17403f66699f7a96bd6c5d4cc7341cb88f3fae3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe

Filesize
184KB

MD5
210e02df4fa48a0a1a9ff8fd906e1b5d

SHA1
af3d0d0fc05f0387abeae895b0bde94d30939e01

SHA256
27731565f5f4b64d4f3502ebb4cd6e765edf311fe9f45b0295cdb67c1e995df5

SHA512
b86046e93107c6ee3625d7c30f13dad894ef80ea23305afdcdeb46566b2eaa9ddf02e29a2f2441b1d72476b34c37ad30e6d5414f9921e4ce4aa3ae6cb64b4531

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe

Filesize
184KB

MD5
87d8c30513177bdc2bc39a247d363ea4

SHA1
c0f6d3735f8a396a6c9d69dd397d4d150e8c6a1c

SHA256
2d09b57ef42f9d76293a5b13abf4800398fdf1a5a4e4673ac5d8ce797ffa8e45

SHA512
abde57757996cefdec13dc2119de49866c02ab018b954e52eb91590a6aab5a3ff112c72bd8d6d922ee7a80bf1a75ee89a7a02116be8830edd8d23f9c721f6fb5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe

Filesize
184KB

MD5
da59b06e9a2d1560a87eb342240c53ef

SHA1
3b06b4877ffeea0e1d08f997dd59b8c9fa5f5ecd

SHA256
4ab9c6d55b3cf29569eec0afa6c7aa60a8459a13daa2b63b08f45c7c6be3dea1

SHA512
2cf0b113500cd2bda77309feb285c24fc2d6176d128cd64e72cf7163a6cd7da1dab299b3dd7a33fcd5b17b182508b5e1d4d7bb6ffb1ec05b7b1748425e911eaf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads