07f89d105f9298f284ffc7957d646852663230a6ea097b320e89d3e44f3a08c7

Analysis

max time kernel
102s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-03-2024 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c8a7a44d9d337666658aec2838463f15.exe
Size

184KB
MD5

c8a7a44d9d337666658aec2838463f15
SHA1

3f851f8cdbc80c952ae7f688338cace65f3b6800
SHA256

07f89d105f9298f284ffc7957d646852663230a6ea097b320e89d3e44f3a08c7
SHA512

82ca7aed4111e86108f3674efaf6836d2ab4d303b0725747af4f7ae7e0555fb56f7b26f5be2d77e18e2196996e599c566952624a978f6ee7878b71caa2429ceb
SSDEEP

3072:yLkMomAUPXf0QOj4M3+H3e01FX0ME8ln8SxK9a1SNlPvpF3:yLXoAP0Q7MOH3ebMc3NlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2712	Unicorn-21038.exe
2568	Unicorn-45023.exe
2808	Unicorn-37409.exe
2724	Unicorn-3051.exe
2616	Unicorn-56891.exe
2440	Unicorn-56336.exe
2228	Unicorn-34821.exe
2736	Unicorn-16622.exe
2852	Unicorn-50041.exe
1952	Unicorn-4369.exe
2872	Unicorn-33704.exe
268	Unicorn-43490.exe
1096	Unicorn-44237.exe
772	Unicorn-22878.exe
368	Unicorn-27708.exe
792	Unicorn-18602.exe
1744	Unicorn-10433.exe
1268	Unicorn-59634.exe
2192	Unicorn-47745.exe
2356	Unicorn-40833.exe
2352	Unicorn-49364.exe
1160	Unicorn-65145.exe
2020	Unicorn-7584.exe
1824	Unicorn-40449.exe
2008	Unicorn-36727.exe
2264	Unicorn-57937.exe
840	Unicorn-57231.exe
2136	Unicorn-11559.exe
2280	Unicorn-46048.exe
1696	Unicorn-19920.exe
2376	Unicorn-57039.exe
2188	Unicorn-50044.exe
1956	Unicorn-50407.exe
2996	Unicorn-41684.exe
2600	Unicorn-3666.exe
2972	Unicorn-4221.exe
2488	Unicorn-17817.exe
2452	Unicorn-33599.exe
1768	Unicorn-58850.exe
2964	Unicorn-13178.exe
2420	Unicorn-17625.exe
2688	Unicorn-33215.exe
1384	Unicorn-21325.exe
1664	Unicorn-46583.exe
2268	Unicorn-1658.exe
1944	Unicorn-1658.exe
616	Unicorn-59582.exe
520	Unicorn-63474.exe
2884	Unicorn-42115.exe
1200	Unicorn-21394.exe
332	Unicorn-30116.exe
3028	Unicorn-14953.exe
2176	Unicorn-30221.exe
1432	Unicorn-38751.exe
2848	Unicorn-54533.exe
768	Unicorn-54533.exe
2836	Unicorn-39903.exe
1332	Unicorn-63661.exe
2360	Unicorn-55493.exe
3008	Unicorn-10931.exe
2368	Unicorn-32141.exe
2480	Unicorn-32202.exe
1600	Unicorn-19204.exe
2692	Unicorn-44860.exe

Loads dropped DLL 64 IoCs

pid	Process
1556	c8a7a44d9d337666658aec2838463f15.exe
1556	c8a7a44d9d337666658aec2838463f15.exe
2712	Unicorn-21038.exe
2712	Unicorn-21038.exe
1556	c8a7a44d9d337666658aec2838463f15.exe
1556	c8a7a44d9d337666658aec2838463f15.exe
2568	Unicorn-45023.exe
2712	Unicorn-21038.exe
2568	Unicorn-45023.exe
2712	Unicorn-21038.exe
2808	Unicorn-37409.exe
2808	Unicorn-37409.exe
2616	Unicorn-56891.exe
2616	Unicorn-56891.exe
2724	Unicorn-3051.exe
2724	Unicorn-3051.exe
2568	Unicorn-45023.exe
2568	Unicorn-45023.exe
2808	Unicorn-37409.exe
2808	Unicorn-37409.exe
2440	Unicorn-56336.exe
2440	Unicorn-56336.exe
2228	Unicorn-34821.exe
2228	Unicorn-34821.exe
2616	Unicorn-56891.exe
2616	Unicorn-56891.exe
2736	Unicorn-16622.exe
2736	Unicorn-16622.exe
2724	Unicorn-3051.exe
2724	Unicorn-3051.exe
2852	Unicorn-50041.exe
2852	Unicorn-50041.exe
2872	Unicorn-33704.exe
1952	Unicorn-4369.exe
1952	Unicorn-4369.exe
2872	Unicorn-33704.exe
2440	Unicorn-56336.exe
2440	Unicorn-56336.exe
268	Unicorn-43490.exe
268	Unicorn-43490.exe
2228	Unicorn-34821.exe
2228	Unicorn-34821.exe
1096	Unicorn-44237.exe
1096	Unicorn-44237.exe
772	Unicorn-22878.exe
772	Unicorn-22878.exe
368	Unicorn-27708.exe
368	Unicorn-27708.exe
2736	Unicorn-16622.exe
2736	Unicorn-16622.exe
1744	Unicorn-10433.exe
1744	Unicorn-10433.exe
2872	Unicorn-33704.exe
2192	Unicorn-47745.exe
2872	Unicorn-33704.exe
2852	Unicorn-50041.exe
2192	Unicorn-47745.exe
2852	Unicorn-50041.exe
1268	Unicorn-59634.exe
1268	Unicorn-59634.exe
1952	Unicorn-4369.exe
1952	Unicorn-4369.exe
2356	Unicorn-40833.exe
2356	Unicorn-40833.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2620	1160	WerFault.exe	49
3044	1768	WerFault.exe	67
1948	2124	WerFault.exe	114
2208	816	WerFault.exe	151
2684	1396	WerFault.exe	185
2056	2660	WerFault.exe	287
1468	3040	WerFault.exe	254
1012	1900	WerFault.exe	279

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1556	c8a7a44d9d337666658aec2838463f15.exe
2712	Unicorn-21038.exe
2568	Unicorn-45023.exe
2808	Unicorn-37409.exe
2724	Unicorn-3051.exe
2616	Unicorn-56891.exe
2440	Unicorn-56336.exe
2228	Unicorn-34821.exe
2736	Unicorn-16622.exe
2852	Unicorn-50041.exe
2872	Unicorn-33704.exe
1952	Unicorn-4369.exe
268	Unicorn-43490.exe
1096	Unicorn-44237.exe
772	Unicorn-22878.exe
368	Unicorn-27708.exe
1744	Unicorn-10433.exe
1268	Unicorn-59634.exe
792	Unicorn-18602.exe
2192	Unicorn-47745.exe
2356	Unicorn-40833.exe
2352	Unicorn-49364.exe
1160	Unicorn-65145.exe
2020	Unicorn-7584.exe
1824	Unicorn-40449.exe
2008	Unicorn-36727.exe
2264	Unicorn-57937.exe
2280	Unicorn-46048.exe
840	Unicorn-57231.exe
2136	Unicorn-11559.exe
1696	Unicorn-19920.exe
2188	Unicorn-50044.exe
1956	Unicorn-50407.exe
2996	Unicorn-41684.exe
2600	Unicorn-3666.exe
2972	Unicorn-4221.exe
2488	Unicorn-17817.exe
2452	Unicorn-33599.exe
2964	Unicorn-13178.exe
2420	Unicorn-17625.exe
1768	Unicorn-58850.exe
2688	Unicorn-33215.exe
1384	Unicorn-21325.exe
1980	Unicorn-28939.exe
1664	Unicorn-46583.exe
616	Unicorn-59582.exe
2268	Unicorn-1658.exe
1944	Unicorn-1658.exe
520	Unicorn-63474.exe
2884	Unicorn-42115.exe
1200	Unicorn-21394.exe
332	Unicorn-30116.exe
3028	Unicorn-14953.exe
2176	Unicorn-30221.exe
1432	Unicorn-38751.exe
768	Unicorn-54533.exe
2848	Unicorn-54533.exe
2836	Unicorn-39903.exe
1332	Unicorn-63661.exe
2360	Unicorn-55493.exe
3008	Unicorn-10931.exe
2368	Unicorn-32141.exe
2480	Unicorn-32202.exe
1600	Unicorn-19204.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 2712	1556	c8a7a44d9d337666658aec2838463f15.exe	28
PID 1556 wrote to memory of 2712	1556	c8a7a44d9d337666658aec2838463f15.exe	28
PID 1556 wrote to memory of 2712	1556	c8a7a44d9d337666658aec2838463f15.exe	28
PID 1556 wrote to memory of 2712	1556	c8a7a44d9d337666658aec2838463f15.exe	28
PID 2712 wrote to memory of 2568	2712	Unicorn-21038.exe	29
PID 2712 wrote to memory of 2568	2712	Unicorn-21038.exe	29
PID 2712 wrote to memory of 2568	2712	Unicorn-21038.exe	29
PID 2712 wrote to memory of 2568	2712	Unicorn-21038.exe	29
PID 1556 wrote to memory of 2808	1556	c8a7a44d9d337666658aec2838463f15.exe	30
PID 1556 wrote to memory of 2808	1556	c8a7a44d9d337666658aec2838463f15.exe	30
PID 1556 wrote to memory of 2808	1556	c8a7a44d9d337666658aec2838463f15.exe	30
PID 1556 wrote to memory of 2808	1556	c8a7a44d9d337666658aec2838463f15.exe	30
PID 2568 wrote to memory of 2724	2568	Unicorn-45023.exe	31
PID 2568 wrote to memory of 2724	2568	Unicorn-45023.exe	31
PID 2568 wrote to memory of 2724	2568	Unicorn-45023.exe	31
PID 2568 wrote to memory of 2724	2568	Unicorn-45023.exe	31
PID 2712 wrote to memory of 2616	2712	Unicorn-21038.exe	32
PID 2712 wrote to memory of 2616	2712	Unicorn-21038.exe	32
PID 2712 wrote to memory of 2616	2712	Unicorn-21038.exe	32
PID 2712 wrote to memory of 2616	2712	Unicorn-21038.exe	32
PID 2808 wrote to memory of 2440	2808	Unicorn-37409.exe	33
PID 2808 wrote to memory of 2440	2808	Unicorn-37409.exe	33
PID 2808 wrote to memory of 2440	2808	Unicorn-37409.exe	33
PID 2808 wrote to memory of 2440	2808	Unicorn-37409.exe	33
PID 2616 wrote to memory of 2228	2616	Unicorn-56891.exe	34
PID 2616 wrote to memory of 2228	2616	Unicorn-56891.exe	34
PID 2616 wrote to memory of 2228	2616	Unicorn-56891.exe	34
PID 2616 wrote to memory of 2228	2616	Unicorn-56891.exe	34
PID 2724 wrote to memory of 2736	2724	Unicorn-3051.exe	35
PID 2724 wrote to memory of 2736	2724	Unicorn-3051.exe	35
PID 2724 wrote to memory of 2736	2724	Unicorn-3051.exe	35
PID 2724 wrote to memory of 2736	2724	Unicorn-3051.exe	35
PID 2568 wrote to memory of 2852	2568	Unicorn-45023.exe	36
PID 2568 wrote to memory of 2852	2568	Unicorn-45023.exe	36
PID 2568 wrote to memory of 2852	2568	Unicorn-45023.exe	36
PID 2568 wrote to memory of 2852	2568	Unicorn-45023.exe	36
PID 2808 wrote to memory of 2872	2808	Unicorn-37409.exe	37
PID 2808 wrote to memory of 2872	2808	Unicorn-37409.exe	37
PID 2808 wrote to memory of 2872	2808	Unicorn-37409.exe	37
PID 2808 wrote to memory of 2872	2808	Unicorn-37409.exe	37
PID 2440 wrote to memory of 1952	2440	Unicorn-56336.exe	38
PID 2440 wrote to memory of 1952	2440	Unicorn-56336.exe	38
PID 2440 wrote to memory of 1952	2440	Unicorn-56336.exe	38
PID 2440 wrote to memory of 1952	2440	Unicorn-56336.exe	38
PID 2228 wrote to memory of 268	2228	Unicorn-34821.exe	39
PID 2228 wrote to memory of 268	2228	Unicorn-34821.exe	39
PID 2228 wrote to memory of 268	2228	Unicorn-34821.exe	39
PID 2228 wrote to memory of 268	2228	Unicorn-34821.exe	39
PID 2616 wrote to memory of 1096	2616	Unicorn-56891.exe	40
PID 2616 wrote to memory of 1096	2616	Unicorn-56891.exe	40
PID 2616 wrote to memory of 1096	2616	Unicorn-56891.exe	40
PID 2616 wrote to memory of 1096	2616	Unicorn-56891.exe	40
PID 2736 wrote to memory of 772	2736	Unicorn-16622.exe	41
PID 2736 wrote to memory of 772	2736	Unicorn-16622.exe	41
PID 2736 wrote to memory of 772	2736	Unicorn-16622.exe	41
PID 2736 wrote to memory of 772	2736	Unicorn-16622.exe	41
PID 2724 wrote to memory of 368	2724	Unicorn-3051.exe	42
PID 2724 wrote to memory of 368	2724	Unicorn-3051.exe	42
PID 2724 wrote to memory of 368	2724	Unicorn-3051.exe	42
PID 2724 wrote to memory of 368	2724	Unicorn-3051.exe	42
PID 2852 wrote to memory of 792	2852	Unicorn-50041.exe	43
PID 2852 wrote to memory of 792	2852	Unicorn-50041.exe	43
PID 2852 wrote to memory of 792	2852	Unicorn-50041.exe	43
PID 2852 wrote to memory of 792	2852	Unicorn-50041.exe	43

C:\Users\Admin\AppData\Local\Temp\c8a7a44d9d337666658aec2838463f15.exe
"C:\Users\Admin\AppData\Local\Temp\c8a7a44d9d337666658aec2838463f15.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7584.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3666.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30221.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        10⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        11⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8254.exe
        12⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40559.exe
        13⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4736.exe
        14⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12380.exe
        15⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
        16⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41855.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19561.exe
        14⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38166.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18919.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51503.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38115.exe
        13⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43271.exe
        14⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17817.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
        9⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29573.exe
        11⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        14⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        15⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36727.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27948.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13936.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37082.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53444.exe
        12⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47562.exe
        13⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        8⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51794.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10931.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48467.exe
        9⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        10⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28224.exe
        11⤵
        
        PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32141.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46049.exe
        10⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
        11⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
        12⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64760.exe
        13⤵
        
        PID:1200
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
        13⤵
        Program crash
        
        PID:1468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 216
        12⤵
        Program crash
        
        PID:2684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 236
        11⤵
        Program crash
        
        PID:2208
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
        10⤵
        Program crash
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
        7⤵
        Program crash
        
        PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
        8⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        10⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
        11⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23673.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        13⤵
        
        PID:2660
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
        14⤵
        Program crash
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42115.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32224.exe
        7⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22297.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44575.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2292.exe
        11⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59908.exe
        13⤵
        
        PID:392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30938.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39437.exe
        11⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        12⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14407.exe
        13⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50972.exe
        11⤵
        
        PID:2724
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50044.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        9⤵
        Executes dropped EXE
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        10⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19054.exe
        12⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
        13⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
        14⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57775.exe
        15⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4424.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2494.exe
        12⤵
        
        PID:520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25157.exe
        13⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8714.exe
        14⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22000.exe
        15⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46132.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        13⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35432.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9757.exe
        15⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        16⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
        17⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
        18⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27214.exe
        16⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15374.exe
        13⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        14⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57667.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50610.exe
        9⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64845.exe
        10⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59469.exe
        11⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
        8⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11477.exe
        11⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        12⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24584.exe
        13⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        14⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        10⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50323.exe
        11⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        12⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57251.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20940.exe
        13⤵
        
        PID:2392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32202.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53018.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22012.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
        13⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37466.exe
        10⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35222.exe
        12⤵
        
        PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
        8⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50175.exe
        10⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
        11⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3734.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43584.exe
        9⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
        10⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
        11⤵
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39903.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        7⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6858.exe
        8⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        9⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28914.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe
        11⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
        12⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        13⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
        14⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
        15⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        16⤵
        
        PID:1756
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 380
        16⤵
        Program crash
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13405.exe
        15⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
        16⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4718.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
        12⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        13⤵
        
        PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65145.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1160
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
        6⤵
        Program crash
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4221.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14953.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52774.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14736.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63345.exe
        8⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39474.exe
        9⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35541.exe
        10⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
        11⤵
        
        PID:756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46583.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35779.exe
        8⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29505.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17958.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20082.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10791.exe
        8⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65379.exe
        9⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        12⤵
        
        PID:1056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59582.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12042.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
        9⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39116.exe
        10⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        12⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1496.exe
        13⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50273.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        12⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23481.exe
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-681.exe
        14⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        11⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29244.exe
        12⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45030.exe
        13⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
        14⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2134.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13941.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55826.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
        10⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37630.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56208.exe
        12⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
        11⤵
        
        PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
        5⤵
        Executes dropped EXE
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45291.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43999.exe
        8⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12686.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38647.exe
        11⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37054.exe
        12⤵
        
        PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47745.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11559.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19204.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        8⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
        9⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
        10⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
        11⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47080.exe
        13⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36259.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34346.exe
        9⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
        10⤵
        
        PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
        6⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52551.exe
        7⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
        8⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21274.exe
        9⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19428.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37137.exe
        11⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
        12⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        11⤵
        
        PID:2596
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57937.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48607.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51570.exe
        8⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
        9⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37345.exe
        8⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
        9⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53255.exe
        11⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18191.exe
        7⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1290.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40969.exe
        9⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
        10⤵
        
        PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21325.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3106.exe
        6⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        8⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
        9⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22685.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58441.exe
        8⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23107.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        11⤵
        
        PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57231.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1658.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21555.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
        7⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
        8⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59121.exe
        9⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16989.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53390.exe
        12⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18674.exe
        7⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        8⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9181.exe
        9⤵
        
        PID:868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26039.exe

Filesize
184KB

MD5
7ca4da75bb521ba0e1da9f603af2cefc

SHA1
72bbea6f71a047bfe4104b083d0f95f2b9af411a

SHA256
f4a6d469902f53818815e75ed9feae72b81777a01450c8db9ee0220df2b471f2

SHA512
556f99c42b9e29ef049a2f42417d4f7a42ce082308e421e84307c0b19a6affce714994162f4c240dbcab762afa09177a15a3ecba04f41bad7e87ba01c2c22a40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40234.exe

Filesize
184KB

MD5
1bef6bd4a3b936befe3ecc579eca53a1

SHA1
ae13702ed175a9819b91074e116e844dacde7aac

SHA256
2b3ca1a28abe6bc3c269a3aaf2150cbe4585ea26d14aa37996d78bb47238f499

SHA512
05bf2e99b3475b96e5484d789424a1149c603ac9c1aec22e1b42fc0e91d5c6dd12e336641eb3d6241564a14ffc3f93b8a988418a14bd04a7a51d5d5530658720

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4369.exe

Filesize
184KB

MD5
4265aaf89c5bd8fd5e87042892e63c57

SHA1
4440bc1a889eeef1e78fbcd39b01c69b1508fc0e

SHA256
a7aad39f5abb8299145603073b48bcad3837be812d88f63d358774837a5c6a10

SHA512
110f3c11c794648781eaf9e1e332544e64bc97b64c62e339224710b03250a75278938f905eab461749d634fe2087c8e5d6d405847c1b5629dd78918509018e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5974.exe

Filesize
184KB

MD5
42d68d424546e11484ae2c42003fb026

SHA1
a1c0cc27fb3f642a6d38fe2a2dbfe2f6bed29fea

SHA256
522421687c8b8620e9b68291148b0f4f7796f194897a50ef7f86bdf2aee0670f

SHA512
c008f888205a0d739b1c31c167e72acda48bd1977d1bf3e9355c41f315f3e5ca30f02d0ae39f3377d9a6897716f8056d523e9a7fac55dd9c3229ffa0726ca28d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe

Filesize
184KB

MD5
f3b32f4017baada80cfc1be499b9deca

SHA1
2ff4646f453cf2d90fb18b1158c632e387766e48

SHA256
d138d7f0d388d4b68f4e6ee390e55ddc9d0f7e6326e29570d038a15b0101b34f

SHA512
abcd3150b73a3b573564d7d69b5731bfb487eb9fb26837d643566d07a7b8da823e08ea36361a3dbc18d21b22de678dc415a3d222c145c19876acc0d30c16d167

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16622.exe

Filesize
184KB

MD5
bfbbd687ae1f8bf210ea682cc3ac97dc

SHA1
c9f8f86a139b3098eaf5cc82b08ae55078a0a991

SHA256
fb0f0d130a2bf0b198d42d6fe44b9aca6ba1061c1ddc2b910d34efbe2d140dfa

SHA512
cca6a3bd5e6f6b8163376b016415466cb3a637f531c313c8b95967bf4f7097ac5b23187533bd7cac21ef9df1dbfcaf39fd3da4f72c0e59a22b723e626a54c8a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18602.exe

Filesize
184KB

MD5
9d3cdaeed4f0a7e7c277fbe55298b01d

SHA1
d830c830a8c72c3ad01b420daf72069caf23afce

SHA256
69869b92b1cc2d296df85b45380a969384261bd4a3032653b8b980f92d9a5f44

SHA512
7e5921a19a1ceda863c609f3a8446aa65246423b2071574771edee455e32028d307d1e98e2b272ac3ebfef9cd2d51fbbd3935126d7760fb637abbc8f15e810a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21038.exe

Filesize
184KB

MD5
07a4e30aadf3833dfebd131f15cfc788

SHA1
5c3c68769e4098f673a7ca5a8527b647509196ec

SHA256
5767cba1a7a4a423731df3d72382a81f2da7ddbcbc08dd6d37044a47a7d234c6

SHA512
af45203f383e39962c89d14d083010e9be38500ce76bc434eeb1282c8a8457f8323346a4cebc9efb42d808c86b73e8a1db0df417b61bb893c6da92936cceea58

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe

Filesize
184KB

MD5
2dfa09d3c90b9fcbc79946b6f05731cd

SHA1
3c605ef4f320f3103b2c76776ed1494363b8447c

SHA256
68afe30cf6bd33d9b0ccc6bed3ff52ecb753602642bd28f44f5d4e171fbae628

SHA512
f0ef31144a36468ce4b1b6b4f4ef3f7f20d2925d80239c086ab0d212ed05103f18721dae966c21b2699f4f5d97d8576dcdbf1716d42d3afb9b1f7bc8679b54f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe

Filesize
184KB

MD5
d76be5210a18101fac10f706b50453f2

SHA1
e7ece7396d85e77a6d2fc8baaaa42bbff401e770

SHA256
b2bd95add4fc05e81a1fd3f1aa664c81c325ec1c3bc60b80bcb9638aba787929

SHA512
3e1d142104f5dc6f573ef424d2bef04e689ce48d7cb52b8049c1733efb566a199bbc61943c7f8caac89e9869f2d11bd76b82c7d08a5a73900e3db5643bbce3ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe

Filesize
184KB

MD5
34587ece5ac6433b9b79b7430893a919

SHA1
c9ca45a3748675b3353cd487fa1b31532dfe18b0

SHA256
636dd8b5b2e6957ca3dbb326378503f72f24671da6430261477604316b26884e

SHA512
0aa1a90d62efa209530cf76eb4ec0f8edd7df1321cf958ca4886535473add39943e920cfdafb9324330ccdf43c97f34e94729975aa0a9499a5e15ba85a01193a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe

Filesize
184KB

MD5
6e0c300736768f97aaa16d00ae51579d

SHA1
e5c73ef4a9b137a23ef47cc95fa99112ef1080d3

SHA256
fca6c3f272b1831a5be219fd9ce6e4bee39d69a9f5edf75401f5327bb8186623

SHA512
c55988ebfa46b6c1943fec4455df55ab508ecd32124daa0677296a9ec2edb8af6fb86bbb416863f33c72cdf623014cf2e3b4e1deb72a9c87c224cc9e79a71898

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe

Filesize
184KB

MD5
8b7e33091011609b9b7724823528d1d2

SHA1
9a671298c305352224c903c0346acb08bbc2be4f

SHA256
01cbd847bce431067d1d36cc175637b0ce7cb1597788f64e24494d57cdbdd824

SHA512
1703c6e7ff2620b7ff0db19fc482ff08d29f2665445b7e956af6188f9b2a01320bb164020fd1dcde321d1761084eba3974096c4c8010f527cb2a26b4d4368ec3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe

Filesize
184KB

MD5
b8a821324cdb96ed68161031530c148d

SHA1
1f4c320bd39a719264b646c20cc25c0e5430d4a3

SHA256
d7a18b44e7cdaf68a48d1ffb3690ea9ca6f52d3c362097418d8569fcca0ee820

SHA512
fef1478d889650ba2e15b1e9d048f6fcae07cf592ec0694ba248d743c34575e4f99cd5396e7cc41af09115e3829061ecd9bfd50362ad3f0114c0fd61282119f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43490.exe

Filesize
184KB

MD5
163364e18134ea61a29dea148946aa90

SHA1
3c0db9f9a3ff05db77aba45cf99e04f21a6062c1

SHA256
2a0234210019237360538f44d1d760cdf09af4ef32d9952eff2a5f67a12b779f

SHA512
ea8ca33dfba36d891019f03bc298d044d426d046729b8a0d45d0ad2088a129a89cf3c716f0ce8240e9684a36d1aaae7be45627897923347b3c44b199e9e6bc86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44237.exe

Filesize
184KB

MD5
bd97237ea0a2dec32cd911f21540b3c2

SHA1
db98344134d6c4c530de6d234415b48d6643eb39

SHA256
b3806a5b083551aff2af111e43d7d3f6547f6d08e7cfc302aed393d1dd34b886

SHA512
c87118bff55b4bc5a6fbc101df4937444d8b8bfd3971ad9bc2c836393e7333cfd705a9c2a657a7bc713bd27a1891be2220aed4ee3e48ac8e4841c46132064798

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe

Filesize
184KB

MD5
4e62fe81a2c08302a221c84df80a45c2

SHA1
cbaaeb139d446800b25b0cd89f75414805937ae8

SHA256
de2d8182bf54735b9f27092fd50553cffb4fe62675fbe322f3499341e3ba547b

SHA512
113bf0ca2169e435012e3e6e94f7f93b6ec8a718c4194787cf8be4b9facbaa8c9d698d18a272edee4c639b9d0f448d7a86842c8c04adc486790a05ab74d0b28a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50041.exe

Filesize
184KB

MD5
ebbfc62c4b964f3fdb38460f6cf734c0

SHA1
24a1dce797e347d9b78403d927458c356f3b9d73

SHA256
fc6d6b9adc389957a3a2bfa2385c851a382bd53bd50f7c528197035d02fb0fc6

SHA512
a2f90adabb1ff5e7061d29eec0bdc54fcacf872b86d98a3dcfdca6d210b3c2f0ace53d173a5d6494b2f7f7c4724a18cb8d5e18c4ea12ca79e26904e9be7c0917

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56336.exe

Filesize
184KB

MD5
334506a5f9a129302caeefc6d966b5c5

SHA1
fa49fe151733b4d1c4e58c03eabcb05f6d4e68bf

SHA256
712d146d2e16cb936d80ede0c7fa6f8a17374912506c6492c7fba49aaa19e2e9

SHA512
77c5d41c32cababb78c69247ca568afa96bab853f59f9c6e3ed1bc7baec103844d869a9fc03f7076275294ae853ee1338283a23141192c89fa7982879f03e83a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56891.exe

Filesize
184KB

MD5
c8f4a01abcd5eb5b4a4381895d7d595d

SHA1
2881520b22832af3b87d6d13879f9963dc2c3ae2

SHA256
0cd2984ade643c033e89383aa7c935fa47ca24f313d2f959ef7a90e0dc0c9bbf

SHA512
54c3e414be0d2772442e2600de4c20020ec493f76167e342557c6c3212f2d8782b554d3b69da93b8ea7458f97d03ff2d5c6485ec42135a5b900c8d8d3f15aca4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe

Filesize
184KB

MD5
f58bfbf9fbd975b27e0dc772bec74e67

SHA1
9e17da2115c81de463e395d451fce41dc9f80c44

SHA256
9c113402621a1bbade7cb335a9b85a474a5572085f5bca5a09d77a31e2636468

SHA512
d8a2ebe7847a95bdcebfc0931cfd1e23d10a0af292386922b149625d746853aae8db89604a8c7b9694154f0fcd1690fa41f5f017b6fe6cf599a686f816cd4166

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads