d1f58c0939681c35b600a9de008b2cf1dce0748aece5db53ef43f09f4a88701c

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 16:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bf0c79beb09232678539462693b3edbd.exe
Size

184KB
MD5

bf0c79beb09232678539462693b3edbd
SHA1

b9306c30be8b88a19e5681a0f2875892a23da2ed
SHA256

d1f58c0939681c35b600a9de008b2cf1dce0748aece5db53ef43f09f4a88701c
SHA512

5f9806a577f2817d1448f2dbac222b64f5c7f9cd0f05d96e456e6680d61fdb8599c73dda79ab16c7b7b0b158ec75d0a116796567ee2473e29bb63c4c2121b98a
SSDEEP

3072:yokMo/oUPkf0QOUKM3sH3e01ssLFEtln4SxK9aSSNlPMpFc:yoXoXS0QqMcH3etPwCNlPMpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3036	Unicorn-17146.exe
2876	Unicorn-21588.exe
2696	Unicorn-57446.exe
2436	Unicorn-28433.exe
2424	Unicorn-41431.exe
3016	Unicorn-44961.exe
2784	Unicorn-44250.exe
2836	Unicorn-4924.exe
592	Unicorn-41126.exe
2980	Unicorn-41872.exe
1656	Unicorn-61738.exe
340	Unicorn-39214.exe
1108	Unicorn-22555.exe
568	Unicorn-54865.exe
1252	Unicorn-9364.exe
856	Unicorn-1751.exe
1688	Unicorn-21617.exe
2112	Unicorn-43743.exe
2172	Unicorn-56100.exe
436	Unicorn-3562.exe
1148	Unicorn-23428.exe
1548	Unicorn-18768.exe
1400	Unicorn-23406.exe
2016	Unicorn-64631.exe
904	Unicorn-60952.exe
564	Unicorn-16582.exe
1940	Unicorn-40532.exe
2224	Unicorn-64460.exe
1720	Unicorn-16006.exe
2208	Unicorn-44507.exe
1320	Unicorn-57506.exe
2632	Unicorn-61035.exe
2664	Unicorn-329.exe
2548	Unicorn-41575.exe
2576	Unicorn-8902.exe
2700	Unicorn-4818.exe
1800	Unicorn-926.exe
2412	Unicorn-42321.exe
2072	Unicorn-12088.exe
1276	Unicorn-41191.exe
2800	Unicorn-12280.exe
528	Unicorn-48482.exe
2712	Unicorn-65010.exe
1996	Unicorn-50153.exe
1844	Unicorn-397.exe
1888	Unicorn-17480.exe
2668	Unicorn-33262.exe
1036	Unicorn-21394.exe
2732	Unicorn-17864.exe
548	Unicorn-61933.exe
2888	Unicorn-1632.exe
1728	Unicorn-18715.exe
2592	Unicorn-39327.exe
988	Unicorn-9992.exe
1560	Unicorn-18161.exe
1824	Unicorn-18161.exe
1628	Unicorn-38943.exe
576	Unicorn-6271.exe
1576	Unicorn-2400.exe
948	Unicorn-51601.exe
2044	Unicorn-15591.exe
1556	Unicorn-22437.exe
1632	Unicorn-2016.exe
1508	Unicorn-13583.exe

Loads dropped DLL 64 IoCs

pid	Process
3040	bf0c79beb09232678539462693b3edbd.exe
3040	bf0c79beb09232678539462693b3edbd.exe
3036	Unicorn-17146.exe
3040	bf0c79beb09232678539462693b3edbd.exe
3036	Unicorn-17146.exe
3040	bf0c79beb09232678539462693b3edbd.exe
2696	Unicorn-57446.exe
2696	Unicorn-57446.exe
3036	Unicorn-17146.exe
3036	Unicorn-17146.exe
2876	Unicorn-21588.exe
2876	Unicorn-21588.exe
2436	Unicorn-28433.exe
2436	Unicorn-28433.exe
2696	Unicorn-57446.exe
2696	Unicorn-57446.exe
3016	Unicorn-44961.exe
3016	Unicorn-44961.exe
2876	Unicorn-21588.exe
2424	Unicorn-41431.exe
2876	Unicorn-21588.exe
2424	Unicorn-41431.exe
2784	Unicorn-44250.exe
2784	Unicorn-44250.exe
2436	Unicorn-28433.exe
2436	Unicorn-28433.exe
2836	Unicorn-4924.exe
2836	Unicorn-4924.exe
592	Unicorn-41126.exe
592	Unicorn-41126.exe
3016	Unicorn-44961.exe
3016	Unicorn-44961.exe
2980	Unicorn-41872.exe
2980	Unicorn-41872.exe
2424	Unicorn-41431.exe
2424	Unicorn-41431.exe
340	Unicorn-39214.exe
340	Unicorn-39214.exe
2784	Unicorn-44250.exe
1108	Unicorn-22555.exe
1108	Unicorn-22555.exe
2784	Unicorn-44250.exe
568	Unicorn-54865.exe
568	Unicorn-54865.exe
2836	Unicorn-4924.exe
2836	Unicorn-4924.exe
1656	Unicorn-61738.exe
1656	Unicorn-61738.exe
856	Unicorn-1751.exe
856	Unicorn-1751.exe
592	Unicorn-41126.exe
592	Unicorn-41126.exe
2112	Unicorn-43743.exe
2112	Unicorn-43743.exe
1688	Unicorn-21617.exe
1688	Unicorn-21617.exe
2980	Unicorn-41872.exe
2980	Unicorn-41872.exe
2172	Unicorn-56100.exe
2172	Unicorn-56100.exe
340	Unicorn-39214.exe
340	Unicorn-39214.exe
1148	Unicorn-23428.exe
1148	Unicorn-23428.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
1816	1052	WerFault.exe	173
2456	1672	WerFault.exe	212
2644	2624	WerFault.exe	205
328	2492	WerFault.exe	204
2856	2156	WerFault.exe	203
1180	1328	WerFault.exe	221
240	2764	WerFault.exe	222
1460	436	WerFault.exe	250
2476	2516	WerFault.exe	272
984	2628	WerFault.exe	323
2640	2892	WerFault.exe	299
1232	2148	WerFault.exe	339
2980	1028	WerFault.exe	324
2952	1576	WerFault.exe	348
2488	676	WerFault.exe	366

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3040	bf0c79beb09232678539462693b3edbd.exe
3036	Unicorn-17146.exe
2696	Unicorn-57446.exe
2876	Unicorn-21588.exe
2436	Unicorn-28433.exe
3016	Unicorn-44961.exe
2424	Unicorn-41431.exe
2784	Unicorn-44250.exe
2836	Unicorn-4924.exe
592	Unicorn-41126.exe
1656	Unicorn-61738.exe
2980	Unicorn-41872.exe
340	Unicorn-39214.exe
1108	Unicorn-22555.exe
568	Unicorn-54865.exe
856	Unicorn-1751.exe
1252	Unicorn-9364.exe
1688	Unicorn-21617.exe
2112	Unicorn-43743.exe
2172	Unicorn-56100.exe
436	Unicorn-3562.exe
1148	Unicorn-23428.exe
1548	Unicorn-18768.exe
1400	Unicorn-23406.exe
2016	Unicorn-64631.exe
904	Unicorn-60952.exe
564	Unicorn-16582.exe
1940	Unicorn-40532.exe
2224	Unicorn-64460.exe
1720	Unicorn-16006.exe
2208	Unicorn-44507.exe
1320	Unicorn-57506.exe
2632	Unicorn-61035.exe
2700	Unicorn-4818.exe
1800	Unicorn-926.exe
2576	Unicorn-8902.exe
2548	Unicorn-41575.exe
2664	Unicorn-329.exe
2412	Unicorn-42321.exe
1276	Unicorn-41191.exe
2800	Unicorn-12280.exe
2072	Unicorn-12088.exe
528	Unicorn-48482.exe
2712	Unicorn-65010.exe
1996	Unicorn-50153.exe
1844	Unicorn-397.exe
1888	Unicorn-17480.exe
2668	Unicorn-33262.exe
1036	Unicorn-21394.exe
2732	Unicorn-17864.exe
548	Unicorn-61933.exe
2888	Unicorn-1632.exe
1824	Unicorn-18161.exe
1728	Unicorn-18715.exe
988	Unicorn-9992.exe
2592	Unicorn-39327.exe
1560	Unicorn-18161.exe
1628	Unicorn-38943.exe
1576	Unicorn-2400.exe
576	Unicorn-6271.exe
948	Unicorn-51601.exe
2044	Unicorn-15591.exe
1556	Unicorn-22437.exe
1632	Unicorn-2016.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 3036	3040	bf0c79beb09232678539462693b3edbd.exe	28
PID 3040 wrote to memory of 3036	3040	bf0c79beb09232678539462693b3edbd.exe	28
PID 3040 wrote to memory of 3036	3040	bf0c79beb09232678539462693b3edbd.exe	28
PID 3040 wrote to memory of 3036	3040	bf0c79beb09232678539462693b3edbd.exe	28
PID 3036 wrote to memory of 2876	3036	Unicorn-17146.exe	29
PID 3036 wrote to memory of 2876	3036	Unicorn-17146.exe	29
PID 3036 wrote to memory of 2876	3036	Unicorn-17146.exe	29
PID 3036 wrote to memory of 2876	3036	Unicorn-17146.exe	29
PID 3040 wrote to memory of 2696	3040	bf0c79beb09232678539462693b3edbd.exe	30
PID 3040 wrote to memory of 2696	3040	bf0c79beb09232678539462693b3edbd.exe	30
PID 3040 wrote to memory of 2696	3040	bf0c79beb09232678539462693b3edbd.exe	30
PID 3040 wrote to memory of 2696	3040	bf0c79beb09232678539462693b3edbd.exe	30
PID 2696 wrote to memory of 2436	2696	Unicorn-57446.exe	31
PID 2696 wrote to memory of 2436	2696	Unicorn-57446.exe	31
PID 2696 wrote to memory of 2436	2696	Unicorn-57446.exe	31
PID 2696 wrote to memory of 2436	2696	Unicorn-57446.exe	31
PID 3036 wrote to memory of 2424	3036	Unicorn-17146.exe	32
PID 3036 wrote to memory of 2424	3036	Unicorn-17146.exe	32
PID 3036 wrote to memory of 2424	3036	Unicorn-17146.exe	32
PID 3036 wrote to memory of 2424	3036	Unicorn-17146.exe	32
PID 2876 wrote to memory of 3016	2876	Unicorn-21588.exe	33
PID 2876 wrote to memory of 3016	2876	Unicorn-21588.exe	33
PID 2876 wrote to memory of 3016	2876	Unicorn-21588.exe	33
PID 2876 wrote to memory of 3016	2876	Unicorn-21588.exe	33
PID 2436 wrote to memory of 2784	2436	Unicorn-28433.exe	34
PID 2436 wrote to memory of 2784	2436	Unicorn-28433.exe	34
PID 2436 wrote to memory of 2784	2436	Unicorn-28433.exe	34
PID 2436 wrote to memory of 2784	2436	Unicorn-28433.exe	34
PID 2696 wrote to memory of 2836	2696	Unicorn-57446.exe	35
PID 2696 wrote to memory of 2836	2696	Unicorn-57446.exe	35
PID 2696 wrote to memory of 2836	2696	Unicorn-57446.exe	35
PID 2696 wrote to memory of 2836	2696	Unicorn-57446.exe	35
PID 3016 wrote to memory of 592	3016	Unicorn-44961.exe	36
PID 3016 wrote to memory of 592	3016	Unicorn-44961.exe	36
PID 3016 wrote to memory of 592	3016	Unicorn-44961.exe	36
PID 3016 wrote to memory of 592	3016	Unicorn-44961.exe	36
PID 2876 wrote to memory of 2980	2876	Unicorn-21588.exe	37
PID 2876 wrote to memory of 2980	2876	Unicorn-21588.exe	37
PID 2876 wrote to memory of 2980	2876	Unicorn-21588.exe	37
PID 2876 wrote to memory of 2980	2876	Unicorn-21588.exe	37
PID 2424 wrote to memory of 1656	2424	Unicorn-41431.exe	38
PID 2424 wrote to memory of 1656	2424	Unicorn-41431.exe	38
PID 2424 wrote to memory of 1656	2424	Unicorn-41431.exe	38
PID 2424 wrote to memory of 1656	2424	Unicorn-41431.exe	38
PID 2784 wrote to memory of 340	2784	Unicorn-44250.exe	39
PID 2784 wrote to memory of 340	2784	Unicorn-44250.exe	39
PID 2784 wrote to memory of 340	2784	Unicorn-44250.exe	39
PID 2784 wrote to memory of 340	2784	Unicorn-44250.exe	39
PID 2436 wrote to memory of 1108	2436	Unicorn-28433.exe	40
PID 2436 wrote to memory of 1108	2436	Unicorn-28433.exe	40
PID 2436 wrote to memory of 1108	2436	Unicorn-28433.exe	40
PID 2436 wrote to memory of 1108	2436	Unicorn-28433.exe	40
PID 2836 wrote to memory of 568	2836	Unicorn-4924.exe	41
PID 2836 wrote to memory of 568	2836	Unicorn-4924.exe	41
PID 2836 wrote to memory of 568	2836	Unicorn-4924.exe	41
PID 2836 wrote to memory of 568	2836	Unicorn-4924.exe	41
PID 592 wrote to memory of 1252	592	Unicorn-41126.exe	42
PID 592 wrote to memory of 1252	592	Unicorn-41126.exe	42
PID 592 wrote to memory of 1252	592	Unicorn-41126.exe	42
PID 592 wrote to memory of 1252	592	Unicorn-41126.exe	42
PID 3016 wrote to memory of 856	3016	Unicorn-44961.exe	43
PID 3016 wrote to memory of 856	3016	Unicorn-44961.exe	43
PID 3016 wrote to memory of 856	3016	Unicorn-44961.exe	43
PID 3016 wrote to memory of 856	3016	Unicorn-44961.exe	43

C:\Users\Admin\AppData\Local\Temp\bf0c79beb09232678539462693b3edbd.exe
"C:\Users\Admin\AppData\Local\Temp\bf0c79beb09232678539462693b3edbd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
        8⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
        9⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        10⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22339.exe
        11⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
        12⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9500.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
        14⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22109.exe
        15⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        16⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        17⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60382.exe
        13⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
        14⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39047.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
        17⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        18⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
        19⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12893.exe
        9⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15218.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        12⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        13⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54617.exe
        14⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
        15⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23894.exe
        16⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31860.exe
        17⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        18⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
        19⤵
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
        18⤵
        Program crash
        
        PID:2952
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
        17⤵
        Program crash
        
        PID:2640
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
        16⤵
        Program crash
        
        PID:2476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
        15⤵
        Program crash
        
        PID:240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
        14⤵
        Program crash
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
        13⤵
        Program crash
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53179.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58523.exe
        13⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        14⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60952.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41191.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18161.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48752.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13501.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        12⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31393.exe
        14⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
        15⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
        16⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        9⤵
        
        PID:308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11523.exe
        12⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe
        13⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25551.exe
        14⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        15⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57795.exe
        14⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23950.exe
        15⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53191.exe
        16⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6271.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21145.exe
        8⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28300.exe
        9⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8415.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        13⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51762.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13008.exe
        9⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44703.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33930.exe
        12⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
        13⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57890.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46681.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        16⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16997.exe
        15⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63764.exe
        14⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12280.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64019.exe
        7⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
        8⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        9⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        11⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42835.exe
        12⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        13⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
        14⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
        15⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
        16⤵
        
        PID:1736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-397.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2016.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37673.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18810.exe
        10⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        12⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
        13⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45363.exe
        14⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        7⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
        8⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
        9⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        10⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5564.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3764.exe
        13⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17480.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57901.exe
        8⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10693.exe
        9⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52297.exe
        10⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5087.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        13⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52540.exe
        14⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16006.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14019.exe
        8⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-683.exe
        9⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        10⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        11⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
        12⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60889.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42446.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
        15⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64439.exe
        16⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        17⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18274.exe
        7⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25795.exe
        8⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        9⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34969.exe
        10⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
        11⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62933.exe
        12⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
        13⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65118.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        16⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33194.exe
        17⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        18⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36566.exe
        17⤵
        
        PID:2208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44274.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
        10⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
        11⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63169.exe
        12⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        13⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
        15⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
        16⤵
        
        PID:2736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        16⤵
        Program crash
        
        PID:1232
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
        15⤵
        Program crash
        
        PID:984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 220
        14⤵
        Program crash
        
        PID:1460
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
        13⤵
        Program crash
        
        PID:1180
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
        12⤵
        Program crash
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28835.exe
        10⤵
        
        PID:2492
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
        11⤵
        Program crash
        
        PID:328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37782.exe
        7⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26895.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
        9⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57528.exe
        10⤵
        
        PID:1672
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
        11⤵
        Program crash
        
        PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65010.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35239.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        8⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38623.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49360.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12648.exe
        11⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
        12⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9125.exe
        13⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2400.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13635.exe
        7⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24197.exe
        8⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41169.exe
        9⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
        10⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17293.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23749.exe
        12⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64916.exe
        13⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
        14⤵
        
        PID:768
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56100.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39816.exe
        9⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12400.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34236.exe
        12⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        14⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
        15⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
        16⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26017.exe
        17⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52763.exe
        18⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41938.exe
        19⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10012.exe
        18⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        19⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        17⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
        15⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        16⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        17⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60122.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26480.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55525.exe
        13⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22477.exe
        14⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55227.exe
        15⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45321.exe
        16⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        17⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26510.exe
        18⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
        19⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4273.exe
        20⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
        8⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
        9⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        8⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54201.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55950.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        12⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41745.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20817.exe
        14⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        15⤵
        
        PID:2284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
        8⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
        9⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20334.exe
        11⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
        12⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3297.exe
        13⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47890.exe
        14⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60085.exe
        15⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7589.exe
        7⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        8⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65068.exe
        10⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        11⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28601.exe
        12⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56390.exe
        13⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64034.exe
        14⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
        15⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19950.exe
        7⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29121.exe
        8⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59884.exe
        11⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        13⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
        14⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        15⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        14⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29111.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53200.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        11⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29784.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
        14⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        16⤵
        
        PID:2752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        7⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        8⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35048.exe
        12⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38196.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10941.exe
        14⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64928.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
        11⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46789.exe
        12⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33313.exe
        13⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        14⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30841.exe
        15⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
        7⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10859.exe
        8⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
        9⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        10⤵
        
        PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61035.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5384.exe
        8⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36288.exe
        9⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18821.exe
        10⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
        11⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
        12⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
        13⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38943.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7024.exe
        7⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21940.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49444.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        11⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24943.exe
        14⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3001.exe
        15⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63941.exe
        16⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-329.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47216.exe
        6⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28696.exe
        8⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62632.exe
        9⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3178.exe
        11⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51149.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27391.exe
        11⤵
        
        PID:2132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18768.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-926.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42333.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        9⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59785.exe
        10⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46376.exe
        11⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49363.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5647.exe
        13⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-489.exe
        14⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
        15⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
        16⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13805.exe
        17⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
        18⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63832.exe
        19⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21713.exe
        20⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
        15⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53557.exe
        16⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20241.exe
        11⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7381.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14587.exe
        13⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
        8⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35115.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
        11⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6571.exe
        13⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8740.exe
        14⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56758.exe
        15⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
        16⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57750.exe
        17⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
        7⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
        8⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46267.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
        10⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51496.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42472.exe
        12⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
        13⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2908.exe
        14⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
        15⤵
        
        PID:2200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
        14⤵
        Program crash
        
        PID:2488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
        13⤵
        Program crash
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
        6⤵
        Executes dropped EXE
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2048.exe
        8⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
        9⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42897.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-396.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
        12⤵
        
        PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18436.exe
        6⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        7⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60527.exe
        8⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
        9⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        11⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57573.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54439.exe
        13⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61123.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27221.exe
        15⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33163.exe
        16⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13297.exe
        15⤵
        
        PID:2104

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe

Filesize
184KB

MD5
5875bb3c43de79b3f86d6bc34d0d9ff0

SHA1
72f2059ed8aa2f6a04bcb0aad68048ebc083c40b

SHA256
39300fc16ea19e757550384abdda77fa1a70fbc9c505850c82c2d2b01f374b56

SHA512
96929bb00341deeb33ce32a76dd259280b218057c438f1bba59fa9612e0ae4b98b356cc4c9ce892af72d293b68b5515284449b2d166ba9f6060fa408b3e739ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21617.exe

Filesize
184KB

MD5
8b44e3539d2df87d970eea617e7dd0bc

SHA1
f2dda7a579f1fd4ece7a1d614ce0c1484a6856e2

SHA256
6695281908e493594e5c0b8beadcdede1a2a5ab98c2115edc2faba3f23bc673e

SHA512
fcc1d2f9b3d524311a4726637e1b85e61b56de37f73e4496b9fdc83a8fb161774e55f7421139697d5c5545c7166f24928fb5306f286181c45952fd0e168a3962

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe

Filesize
184KB

MD5
10442b1ccdec47a5fcf7863d15e284b0

SHA1
5851eec3c3217d46e6a01f1041a46b2edc131340

SHA256
66fd0b621fe34972b832ea09c84fab46255bcd36027e5470a30c351d140e42f3

SHA512
762e17b3f3aa195e6feeef9078786655c8d11a8753ff4382b9520dd1729034c03cc66b3c4f4612046b39ed7ed124485b0e6aab49fbdd0844af391bda2fada050

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe

Filesize
128KB

MD5
212b7df951f05d0d1f310dd2131f4bdb

SHA1
e6b713c777eda54e6116eb2b178ca0c80d69ba02

SHA256
07038be3ad93859e49178a9e3ed7404f200490f0fd86e10395e980c5e3afd3b5

SHA512
f8fc7e8e8c132a67d5b66acfabeffba7dfa37a3b35cb504c51bfb6a0ee76c7ffffa106cc9bd76b9a44f1023ec031f4a5bdaf48f3f35e1ea0ef5f6c99a8e05168

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44961.exe

Filesize
184KB

MD5
003e23da5cb1cb7053d0762214104df2

SHA1
4d1598b0c0eb988aa5063bfbfce03c544e5c5519

SHA256
6bcdf94468d887c41829eea983505b7d657b05da936753893262cf284119132c

SHA512
eba9c0dcbd443fb5f1cabfa8ba019689d9a8ea250266243efac943735e1771ac1f3519c52ed01612484c755b2a8edcaa487d37b1dd810a9992d49ea71b583902

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54750.exe

Filesize
184KB

MD5
f652e79a611191014b89e34fe8647f20

SHA1
24b445385328bc47560413b80873de2307bffaf1

SHA256
6346b3d014d546972ad3a667307e259f8ad6f692de0f56e117b5ff5676e8a25c

SHA512
22a2ef90e6d81dcc482feef56068a73493c94bf2ea7b6b9a2a40f9686adaea7864b90622065c192703e61cbf97ccd114b7f784b47260780b38843a6789749669

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54865.exe

Filesize
184KB

MD5
ca1f75f6b2bd227744180c79d4bd794e

SHA1
1b1070d41959990632aac9e31a3553cfc09e2d29

SHA256
097c5084b0830b233c95b57759709c0161a4a2b3d15292034c982a5340b2e155

SHA512
8f016083e4a91d9e2d670adef44132f1f4cb8c8a3fcec312c1ce3cf1c9e6ca51c6314b1c555cb6e7a0ae24ace59987cab3bcdb44f9d4ff6e5881fe3fdfe3c74f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe

Filesize
184KB

MD5
884eb01627aa03fbee97bac1119f8c96

SHA1
8e13a0ea2223bf0a354eeceb65c847d386ab7160

SHA256
7933022040b4b4cc754bd46b04b17b0ada0088a0ae655aa204e162b29c245dd2

SHA512
99e3d1727541c0e7398c2f73ec359c6ff2e9875b90e0da24ab0f6c16bb2a1d10305b53a622368b345bf27cd79ca7f6485a58dcb8d01ff5df76c46e0f44c38aee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe

Filesize
184KB

MD5
fe9c6564309bd9ee29dd66c576193ab4

SHA1
68ae349644185ead36ef9cc1349cdfab1c7bdc56

SHA256
5cc3596c70f5b1b99fb24a02872e646fe1fea28e48698bb75cd0254bcf842630

SHA512
358cf9d80774431263e3260539d078c91104003326972b1904ac49a741cb7f948c3e2f64fbf8567fd80a2b160f1580fbc04694e42addc83901921da7a3db4558

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe

Filesize
184KB

MD5
ba3fa86e8402c744299e5acf7c293bf4

SHA1
753546300021c9d540c2b9e3e3efc548de0d09bd

SHA256
69a4c847c2ec4f1c48cbc7df404d5e65cb4137552e0b4b2786d440d37a82e87e

SHA512
e0566a210e0a40db89805e4db8f4d312c936f98c56ce00d94c671e4e124f6ff52e6b0041517df1f59819b20208735ed9f061a0d39d6cf7b55a1831220ca75311

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
26ece65cca798a98b2661f729908e16f

SHA1
1cd35959e5ae6d34525dcb7582664ee438fcf165

SHA256
b17eddfeb2045a9d5e0cffb15da91decfd46df44639d747428f35a00d1bbc150

SHA512
e0cfa3c0b2218e6d6e38c2c8c1bfda9642fc0f1f2c9ee09c0be551bfc78fc08283e7ab25166530c692c60c8753a40714583aed044272e88f6f40781239803316

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17146.exe

Filesize
184KB

MD5
f97230a6256d95d76a98afd777ee5794

SHA1
b419c0df8d47f3c3789911c60f3213685d81c22e

SHA256
e0ad61b69f99c524a5e8f0d0582f67509acb2564d649c710b193def6cfb37cfe

SHA512
fcd5ca7e6acc1ec8ba78aa257a0134fa3b93fde97df0206f34f603b2ef22b76ed2c478d3926b2279aef732f4c21ded7bdd4f2ae382999eedf2c7754fd475de02

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21588.exe

Filesize
184KB

MD5
b919d8c60c19c6b9d9b23be9d99e3ef4

SHA1
90f2b09e59c8495b74f744c8cb67e0f1ff69d76a

SHA256
921bbbd29efa09b923fd3f9f3231e03e540a3a6ed9ea0f799a8178456c831d28

SHA512
8f7485de1ce094ec8dcb95fd3659fdabbdfe9fc22fc2bb1d5cb3808e33bc8aa8154c5cdaed36bff9044b9ec11726aafe2f766c9b9eac4ef2d30c85adf40550ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe

Filesize
184KB

MD5
726c7dbd523effae90ee95940dc2e4c6

SHA1
50b6b95713ae9cb472e050a69dd6c2ac24584863

SHA256
36a79073b7a10821a3f818424635311c3f7d309ebabd07e4c2cdfb5f78390216

SHA512
d5d3d8c43ae0ee93377f1632e50c8eab4ca1bb81a83b653a10da8e4b36c596231f820975d62d1f13ca716a77ae027f0b8189d0607692d2339bf4752a8a72c822

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28433.exe

Filesize
184KB

MD5
5f568b3bd57c6568939e8446d8d6708d

SHA1
37ae89e59489c1d993db2676b93d931bcba33352

SHA256
c760d5e761a448656b8d6403c4a386bfce137e39d738cba7c74b034365ad212f

SHA512
9411fa5eba75632aa4e5fb6d75346adf9fc4309eb11edbb27debbf25fa8ca8cccc32a0f63387d5b4d2d59ac391ef7cbe107b4321cc68dcf9ab5a359c888a76ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39214.exe

Filesize
184KB

MD5
953922dfafb67542c7d7ab1ca5c012cb

SHA1
b1b31a2cc9f0c0cadba2f6f27cba7ddad21ec59d

SHA256
cb73e166bcbf8fac7a95221929f873714fe659ce6335937c424bc7d8cf909872

SHA512
2f2ef4887b9467381a25d3c332d036ff48bb2e5a61a43f7cb4cf5acad27b13328ddf7f7743773c7050d6ea64716170982dce9d0aa5e34f75911d0fe56a49ee81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41126.exe

Filesize
184KB

MD5
a1d59685fb4ff4b78fdf7baf83773585

SHA1
89e3a46bdcd4547777a09d8c03a3a5076806feaa

SHA256
419c94bcd29e48f6ab1a0a03f892b4389dace7474c69507abc8db337594dd8e6

SHA512
d399bddc5036d3ab4995c357ee43b719014a01945194f3e4cbf2ef2ff233ae56b79f66f1ae007cdef843ae7bedec608ceb93f3561e317852017720cd6403a096

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe

Filesize
184KB

MD5
8181c1bc7130aa3682d009ac2d1e44c8

SHA1
5bf1027b58f20f800a71906eb035df337bdc1147

SHA256
091b3801f3799f82abc2eb0c54e582de9518af04a282767f7d612e25967fd742

SHA512
9182c890de1f699388465e1de00de70ebc1c35393f3774c18d40efd24bad6af7e8414f09bbde67580a2c47dd38ad688e7a3070ac301f6331e0ffc7883640b21d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe

Filesize
184KB

MD5
913239d9f0e34a6d87575a14c743498a

SHA1
3f6db8ba57207d8e1465d8063d4b1a49049b0b01

SHA256
a07803ce7169978712afd5c65190d6697eb509751b54ced2eea3745e8a91dac4

SHA512
6702646ff8ff5ff186fab6a9cc698cafbbc6a90aa0b627e322711d38abba823834f84d53e97620de9a593489bb888323d54da04f51e0645e29dab53748dd2eb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe

Filesize
184KB

MD5
b5503a51e76ff8a4e91619499188b5d1

SHA1
ba2d91f05482adaec0b54a8c8fdb1e11b3bfd07c

SHA256
382963b59334f9cc67f7548b300f8a8508ad04cfd1fe31d35fe05dd8eab8eda1

SHA512
c25c90a9bffbeaf47fcc7fbfdb1340c796cf80e9ab4d46f186b0e1a05ac0972f5f23204b6a4e7831e7326b3c3f41e1086d385cbe66409234dafeb975e0d14586

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe

Filesize
184KB

MD5
2ea648896205eba48873b81210049aad

SHA1
56123a9f64daf10cf02246193c73595966cfc934

SHA256
ebf9127058aa4e5fe4a09509371859da49a7969023605f1448b1fa95035d46ea

SHA512
16f68a3fadf4d080f8590fe5149f6f49d69881cb960ad98fdda5e6ac3466f5eee9cdd1ecb65648804ada02af5782753489541b669a5f6a25ee17dc0a08882035

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4924.exe

Filesize
184KB

MD5
33eb383bf66888381fb9082c263b767e

SHA1
0a0df87a1461353eb9f9271e9264ddbf124f8114

SHA256
e7a56d55707259477188fbefd143dca8bbda4a2443473a6ba7c4455943a5caa2

SHA512
0041c4bd144ee69cb79c3ee13c0881b85e3101a3e147cfafaeffee54cf39b554d0ecef532e6d01fc7456e38e687288ec3c5af497a92dbc77a9d3418657a51d92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe

Filesize
184KB

MD5
3f569a4ccf48c2a72895ad280a0ad214

SHA1
50401ff9dc3614644b4c5dec46e2631ffdd4d55a

SHA256
ad65d9ba9f2c7d8dd22d8bf6ac90877b9bff583f92fd3bb8901b10fd6e1d5156

SHA512
9a834d5665e978008ba9d04ab2188232c656df39101de65b3e09ae059767f843c0245abb13c598846453485978913125dcd3ec112b894ad659a0b8b8e1fe73e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe

Filesize
184KB

MD5
54b2ddd8e08193a096c267e23cf8a7c9

SHA1
7f61bc244ed54d1e70786bd561e9295125fd9fdd

SHA256
110e7329b28d15462ae2c357b2b5d9736bb63f217003e26960071fa97c4144c7

SHA512
0db27417b95952bfc12d46786384834e26f3eee28ae44b3015f9af61dce25ec7098076724bba900218af315f6ea819d2f10a6fc4ad0e042f31635d5fc4b5b969

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads