df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835

Analysis

max time kernel
42s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
Size

184KB
MD5

2e03b2635425ba8b771a5d2ac67b945c
SHA1

52b4206f7c6029eb1ffd27fe93e8a11663b760f3
SHA256

df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835
SHA512

850de928d98acd2b575dca14c5e73c2793517c342130c76d8093ab2a14013533326ca5c65f984a3934ea15875ea1da053d904bcb72e5cb09bbfe932635695312
SSDEEP

3072:FdmFifonRoUC0dQNtWI9lE0MVVvuqnviuOn2:FdloRmwQN3lVMVVGqnviuO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
852	Unicorn-56188.exe
3000	Unicorn-33986.exe
2644	Unicorn-14312.exe
2304	Unicorn-63296.exe
2536	Unicorn-29838.exe
2508	Unicorn-33700.exe
2400	Unicorn-35969.exe
1908	Unicorn-27155.exe
2824	Unicorn-42495.exe
692	Unicorn-8130.exe
2844	Unicorn-27996.exe
1352	Unicorn-30195.exe
3048	Unicorn-16621.exe
1692	Unicorn-14892.exe
2284	Unicorn-8762.exe
2672	Unicorn-40482.exe
1740	Unicorn-29439.exe
1772	Unicorn-61416.exe
840	Unicorn-6958.exe
2332	Unicorn-53990.exe
3028	Unicorn-36896.exe
2076	Unicorn-15955.exe
284	Unicorn-54950.exe
1456	Unicorn-2220.exe
1204	Unicorn-22278.exe
2144	Unicorn-16147.exe
980	Unicorn-2184.exe
1988	Unicorn-32780.exe
1976	Unicorn-32588.exe
2296	Unicorn-23398.exe
2204	Unicorn-15745.exe
880	Unicorn-29482.exe
1896	Unicorn-4870.exe
1640	Unicorn-3910.exe
2112	Unicorn-3588.exe
2044	Unicorn-56702.exe
2976	Unicorn-1812.exe
2640	Unicorn-56712.exe
2520	Unicorn-10848.exe
2492	Unicorn-41793.exe
2376	Unicorn-19925.exe
2668	Unicorn-1274.exe
2392	Unicorn-18798.exe
3052	Unicorn-25042.exe
1616	Unicorn-54268.exe
2676	Unicorn-23506.exe
2796	Unicorn-56489.exe
2864	Unicorn-50816.exe
2436	Unicorn-930.exe
2148	Unicorn-57522.exe
792	Unicorn-7252.exe
312	Unicorn-23458.exe
1092	Unicorn-31285.exe
2556	Unicorn-11611.exe
2464	Unicorn-25346.exe
2220	Unicorn-31638.exe
2216	Unicorn-33584.exe
2260	Unicorn-38087.exe
1532	Unicorn-11606.exe
1072	Unicorn-64720.exe
780	Unicorn-23647.exe
400	Unicorn-18099.exe
1556	Unicorn-63770.exe
1956	Unicorn-19059.exe

Loads dropped DLL 64 IoCs

pid	Process
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
852	Unicorn-56188.exe
852	Unicorn-56188.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
852	Unicorn-56188.exe
852	Unicorn-56188.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
3000	Unicorn-33986.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2644	Unicorn-14312.exe
3000	Unicorn-33986.exe
2644	Unicorn-14312.exe
2536	Unicorn-29838.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2536	Unicorn-29838.exe
2644	Unicorn-14312.exe
2644	Unicorn-14312.exe
2304	Unicorn-63296.exe
2304	Unicorn-63296.exe
2400	Unicorn-35969.exe
3000	Unicorn-33986.exe
3000	Unicorn-33986.exe
2400	Unicorn-35969.exe
852	Unicorn-56188.exe
852	Unicorn-56188.exe
2508	Unicorn-33700.exe
2508	Unicorn-33700.exe
1908	Unicorn-27155.exe
1908	Unicorn-27155.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
2824	Unicorn-42495.exe
2824	Unicorn-42495.exe
2536	Unicorn-29838.exe
2536	Unicorn-29838.exe
2284	Unicorn-8762.exe
2284	Unicorn-8762.exe
852	Unicorn-56188.exe
852	Unicorn-56188.exe
1352	Unicorn-30195.exe
1352	Unicorn-30195.exe
3000	Unicorn-33986.exe
2508	Unicorn-33700.exe
3000	Unicorn-33986.exe
2508	Unicorn-33700.exe
2644	Unicorn-14312.exe
692	Unicorn-8130.exe
2644	Unicorn-14312.exe
692	Unicorn-8130.exe
2400	Unicorn-35969.exe
2844	Unicorn-27996.exe
2400	Unicorn-35969.exe
2844	Unicorn-27996.exe
2304	Unicorn-63296.exe
2304	Unicorn-63296.exe
1504	WerFault.exe
1504	WerFault.exe
1504	WerFault.exe
1504	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe

Program crash 35 IoCs

pid	pid_target	Process	procid_target
1504	1692	WerFault.exe	42
2292	3048	WerFault.exe	39
548	2144	WerFault.exe	55
1236	1456	WerFault.exe	52
1520	2044	WerFault.exe	65
2592	2640	WerFault.exe	68
1996	1204	WerFault.exe	54
1888	2864	WerFault.exe	78
1460	2508	WerFault.exe	31
1524	2676	WerFault.exe	76
2412	1072	WerFault.exe	91
2708	840	WerFault.exe	46
2616	2332	WerFault.exe	47
2552	2824	WerFault.exe	35
2924	880	WerFault.exe	61
992	1640	WerFault.exe	63
2080	2492	WerFault.exe	69
2268	3052	WerFault.exe	73
2748	2796	WerFault.exe	77
2328	1896	WerFault.exe	62
3092	2148	WerFault.exe	80
2912	2976	WerFault.exe	66
3068	2376	WerFault.exe	70
1340	2392	WerFault.exe	72
2832	980	WerFault.exe	56
2600	2644	WerFault.exe	30
2724	2844	WerFault.exe	38
3320	312	WerFault.exe	82
3284	792	WerFault.exe	81
3260	2464	WerFault.exe	86
1684	2556	WerFault.exe	85
3664	2220	WerFault.exe	87
3200	1616	WerFault.exe	74
4052	1740	WerFault.exe	44
4244	2536	WerFault.exe	32

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
852	Unicorn-56188.exe
3000	Unicorn-33986.exe
2644	Unicorn-14312.exe
2536	Unicorn-29838.exe
2400	Unicorn-35969.exe
2304	Unicorn-63296.exe
2508	Unicorn-33700.exe
1908	Unicorn-27155.exe
2824	Unicorn-42495.exe
692	Unicorn-8130.exe
2284	Unicorn-8762.exe
3048	Unicorn-16621.exe
1352	Unicorn-30195.exe
2844	Unicorn-27996.exe
1692	Unicorn-14892.exe
2672	Unicorn-40482.exe
1740	Unicorn-29439.exe
1772	Unicorn-61416.exe
840	Unicorn-6958.exe
2332	Unicorn-53990.exe
3028	Unicorn-36896.exe
2076	Unicorn-15955.exe
2144	Unicorn-16147.exe
284	Unicorn-54950.exe
1976	Unicorn-32588.exe
1204	Unicorn-22278.exe
980	Unicorn-2184.exe
1988	Unicorn-32780.exe
1456	Unicorn-2220.exe
2296	Unicorn-23398.exe
2204	Unicorn-15745.exe
880	Unicorn-29482.exe
1896	Unicorn-4870.exe
1640	Unicorn-3910.exe
2112	Unicorn-3588.exe
2044	Unicorn-56702.exe
2976	Unicorn-1812.exe
2640	Unicorn-56712.exe
2520	Unicorn-10848.exe
2492	Unicorn-41793.exe
2376	Unicorn-19925.exe
2392	Unicorn-18798.exe
3052	Unicorn-25042.exe
1616	Unicorn-54268.exe
2676	Unicorn-23506.exe
2796	Unicorn-56489.exe
2436	Unicorn-930.exe
2864	Unicorn-50816.exe
312	Unicorn-23458.exe
1092	Unicorn-31285.exe
2148	Unicorn-57522.exe
792	Unicorn-7252.exe
2556	Unicorn-11611.exe
2464	Unicorn-25346.exe
2220	Unicorn-31638.exe
2216	Unicorn-33584.exe
2260	Unicorn-38087.exe
1532	Unicorn-11606.exe
400	Unicorn-18099.exe
1072	Unicorn-64720.exe
780	Unicorn-23647.exe
1556	Unicorn-63770.exe
1956	Unicorn-19059.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 852	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	28
PID 2020 wrote to memory of 852	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	28
PID 2020 wrote to memory of 852	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	28
PID 2020 wrote to memory of 852	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	28
PID 852 wrote to memory of 3000	852	Unicorn-56188.exe	29
PID 852 wrote to memory of 3000	852	Unicorn-56188.exe	29
PID 852 wrote to memory of 3000	852	Unicorn-56188.exe	29
PID 852 wrote to memory of 3000	852	Unicorn-56188.exe	29
PID 2020 wrote to memory of 2644	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	30
PID 2020 wrote to memory of 2644	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	30
PID 2020 wrote to memory of 2644	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	30
PID 2020 wrote to memory of 2644	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	30
PID 852 wrote to memory of 2508	852	Unicorn-56188.exe	31
PID 852 wrote to memory of 2508	852	Unicorn-56188.exe	31
PID 852 wrote to memory of 2508	852	Unicorn-56188.exe	31
PID 852 wrote to memory of 2508	852	Unicorn-56188.exe	31
PID 2020 wrote to memory of 2536	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	32
PID 2020 wrote to memory of 2536	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	32
PID 2020 wrote to memory of 2536	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	32
PID 2020 wrote to memory of 2536	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	32
PID 3000 wrote to memory of 2400	3000	Unicorn-33986.exe	33
PID 3000 wrote to memory of 2400	3000	Unicorn-33986.exe	33
PID 3000 wrote to memory of 2400	3000	Unicorn-33986.exe	33
PID 3000 wrote to memory of 2400	3000	Unicorn-33986.exe	33
PID 2644 wrote to memory of 2304	2644	Unicorn-14312.exe	34
PID 2644 wrote to memory of 2304	2644	Unicorn-14312.exe	34
PID 2644 wrote to memory of 2304	2644	Unicorn-14312.exe	34
PID 2644 wrote to memory of 2304	2644	Unicorn-14312.exe	34
PID 2020 wrote to memory of 1908	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	36
PID 2020 wrote to memory of 1908	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	36
PID 2020 wrote to memory of 1908	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	36
PID 2020 wrote to memory of 1908	2020	df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe	36
PID 2536 wrote to memory of 2824	2536	Unicorn-29838.exe	35
PID 2536 wrote to memory of 2824	2536	Unicorn-29838.exe	35
PID 2536 wrote to memory of 2824	2536	Unicorn-29838.exe	35
PID 2536 wrote to memory of 2824	2536	Unicorn-29838.exe	35
PID 2644 wrote to memory of 692	2644	Unicorn-14312.exe	37
PID 2644 wrote to memory of 692	2644	Unicorn-14312.exe	37
PID 2644 wrote to memory of 692	2644	Unicorn-14312.exe	37
PID 2644 wrote to memory of 692	2644	Unicorn-14312.exe	37
PID 2304 wrote to memory of 2844	2304	Unicorn-63296.exe	38
PID 2304 wrote to memory of 2844	2304	Unicorn-63296.exe	38
PID 2304 wrote to memory of 2844	2304	Unicorn-63296.exe	38
PID 2304 wrote to memory of 2844	2304	Unicorn-63296.exe	38
PID 3000 wrote to memory of 1352	3000	Unicorn-33986.exe	40
PID 3000 wrote to memory of 1352	3000	Unicorn-33986.exe	40
PID 3000 wrote to memory of 1352	3000	Unicorn-33986.exe	40
PID 3000 wrote to memory of 1352	3000	Unicorn-33986.exe	40
PID 2400 wrote to memory of 3048	2400	Unicorn-35969.exe	39
PID 2400 wrote to memory of 3048	2400	Unicorn-35969.exe	39
PID 2400 wrote to memory of 3048	2400	Unicorn-35969.exe	39
PID 2400 wrote to memory of 3048	2400	Unicorn-35969.exe	39
PID 852 wrote to memory of 2284	852	Unicorn-56188.exe	41
PID 852 wrote to memory of 2284	852	Unicorn-56188.exe	41
PID 852 wrote to memory of 2284	852	Unicorn-56188.exe	41
PID 852 wrote to memory of 2284	852	Unicorn-56188.exe	41
PID 2508 wrote to memory of 1692	2508	Unicorn-33700.exe	42
PID 2508 wrote to memory of 1692	2508	Unicorn-33700.exe	42
PID 2508 wrote to memory of 1692	2508	Unicorn-33700.exe	42
PID 2508 wrote to memory of 1692	2508	Unicorn-33700.exe	42
PID 1908 wrote to memory of 2672	1908	Unicorn-27155.exe	43
PID 1908 wrote to memory of 2672	1908	Unicorn-27155.exe	43
PID 1908 wrote to memory of 2672	1908	Unicorn-27155.exe	43
PID 1908 wrote to memory of 2672	1908	Unicorn-27155.exe	43

C:\Users\Admin\AppData\Local\Temp\df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe
"C:\Users\Admin\AppData\Local\Temp\df77ce743c332efe9d196706e24b8af857163b197879bef80774ee1de8541835.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:2292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23506.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
        7⤵
        Program crash
        
        PID:1524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3973.exe
        6⤵
        
        PID:3696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
        6⤵
        
        PID:2416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4442.exe
        6⤵
        
        PID:4504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
        6⤵
        Program crash
        
        PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        5⤵
        
        PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1173.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-932.exe
        5⤵
        
        PID:3184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4972.exe
        5⤵
        
        PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54950.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31285.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        7⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57250.exe
        7⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        7⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59310.exe
        7⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
        7⤵
        
        PID:4720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41131.exe
        7⤵
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51683.exe
        7⤵
        
        PID:4636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
        6⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
        6⤵
        
        PID:3980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
        6⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
        6⤵
        
        PID:4452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
        6⤵
        
        PID:4468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46184.exe
        6⤵
        
        PID:1300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
        6⤵
        
        PID:3288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        6⤵
        
        PID:3344
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 248
        6⤵
        Program crash
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40054.exe
        5⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
        6⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35347.exe
        6⤵
        
        PID:4204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
        6⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54917.exe
        5⤵
        
        PID:440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
        5⤵
        
        PID:3636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
        5⤵
        
        PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        5⤵
        
        PID:4336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15955.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1274.exe
        5⤵
        Executes dropped EXE
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7216.exe
        5⤵
        
        PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
        5⤵
        
        PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
        5⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50837.exe
        5⤵
        
        PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        5⤵
        
        PID:2476
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 248
        5⤵
        Program crash
        
        PID:1340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41618.exe
      4⤵
      PID:524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
      4⤵
      PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
      4⤵
      PID:1384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62664.exe
      4⤵
      PID:4644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
      4⤵
      PID:4424
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1692
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2220.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1456
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
        5⤵
        Program crash
        
        PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25346.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
        5⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
        5⤵
        
        PID:3252
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
        5⤵
        Program crash
        
        PID:3260
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
      4⤵
      Program crash
      PID:1460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10848.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59946.exe
        6⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43003.exe
        6⤵
        
        PID:3792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
        6⤵
        
        PID:4616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
        5⤵
        
        PID:2448
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
        5⤵
        Program crash
        
        PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56712.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
        5⤵
        Program crash
        
        PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39803.exe
      4⤵
      PID:1216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29604.exe
      4⤵
      PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18779.exe
      4⤵
      PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25873.exe
      4⤵
      PID:4384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
      4⤵
      PID:5116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
      4⤵
      PID:4308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
      4⤵
      PID:1704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        5⤵
        
        PID:2564
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 248
        5⤵
        Program crash
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54964.exe
      4⤵
      PID:2008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
      4⤵
      PID:3100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
      4⤵
      PID:2496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39415.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55212.exe
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36997.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
      4⤵
      PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
      4⤵
      PID:3620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47573.exe
      4⤵
      PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
      4⤵
      PID:2740
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 248
      4⤵
      Program crash
      PID:3068
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34480.exe
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52531.exe
      4⤵
      PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25195.exe
      4⤵
      PID:4992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
      4⤵
      PID:4848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31668.exe
    3⤵
    PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25059.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19804.exe
    3⤵
    PID:3872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62539.exe
    3⤵
    PID:4488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16095.exe
    3⤵
    PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39547.exe
    3⤵
    PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
    3⤵
    PID:1620
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12364.exe
        7⤵
        
        PID:468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 248
        7⤵
        Program crash
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58036.exe
        6⤵
        
        PID:584
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
        6⤵
        Program crash
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54268.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        6⤵
        
        PID:1596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20202.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
        6⤵
        
        PID:3916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54805.exe
        6⤵
        
        PID:3888
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 244
        6⤵
        Program crash
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42690.exe
        5⤵
        
        PID:3064
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
        5⤵
        Program crash
        
        PID:2724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32780.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57522.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
        6⤵
        
        PID:2780
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
        6⤵
        Program crash
        
        PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
        5⤵
        
        PID:1876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46185.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
        5⤵
        
        PID:3356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15473.exe
        5⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
        5⤵
        
        PID:4728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46350.exe
        5⤵
        
        PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10315.exe
        5⤵
        
        PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        5⤵
        
        PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
      4⤵
      PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34734.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34351.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50746.exe
      4⤵
      PID:4000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10131.exe
      4⤵
      PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
      4⤵
      PID:288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42347.exe
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1637.exe
      4⤵
      PID:4988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7252.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe
        6⤵
        
        PID:948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
        6⤵
        
        PID:3264
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
        6⤵
        Program crash
        
        PID:3284
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
        5⤵
        Program crash
        
        PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
        5⤵
        
        PID:2164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56674.exe
        5⤵
        
        PID:3240
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
        5⤵
        Program crash
        
        PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-85.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
      4⤵
      PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17467.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
      4⤵
      PID:4160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16147.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2144
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
      4⤵
      Program crash
      PID:548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9645.exe
      4⤵
      PID:1992
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 248
      4⤵
      Program crash
      PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
    3⤵
    PID:2280
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
    3⤵
    - Program crash
    PID:2600
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3910.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 248
        6⤵
        Program crash
        
        PID:992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
        5⤵
        
        PID:944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
        5⤵
        
        PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50136.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3588.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41747.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-103.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48384.exe
        5⤵
        
        PID:3488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41488.exe
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        5⤵
        
        PID:4908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23255.exe
      4⤵
      PID:2808
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
      4⤵
      Program crash
      PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56702.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 220
        5⤵
        Program crash
        
        PID:1520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9520.exe
      4⤵
      PID:1576
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
      4⤵
      Program crash
      PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60906.exe
      4⤵
      PID:2460
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 248
      4⤵
      Program crash
      PID:2912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61217.exe
    3⤵
    PID:1156
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31137.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31137.exe
    3⤵
    PID:2136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29524.exe
    3⤵
    PID:3908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
    3⤵
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62786.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
    3⤵
    PID:4348
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62032.exe
    3⤵
    PID:3192
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 244
    3⤵
    - Program crash
    PID:4244
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1908
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15745.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33584.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19148.exe
        6⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62455.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
        6⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12291.exe
        6⤵
        
        PID:4040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61550.exe
        6⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43363.exe
        5⤵
        
        PID:2244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30936.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
        5⤵
        
        PID:3728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
        5⤵
        
        PID:4392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2813.exe
        5⤵
        
        PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37857.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11507.exe
        5⤵
        
        PID:4004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        5⤵
        
        PID:4220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
        5⤵
        
        PID:4944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-903.exe
        5⤵
        
        PID:1448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
      4⤵
      PID:3828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
      4⤵
      PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1835.exe
      4⤵
      PID:4592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23398.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31638.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
        5⤵
        
        PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8760.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40075.exe
        5⤵
        
        PID:3384
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 248
        5⤵
        Program crash
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58240.exe
      4⤵
      PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45940.exe
      4⤵
      PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
      4⤵
      PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22259.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
      4⤵
      PID:4732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
      4⤵
      PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46348.exe
      4⤵
      PID:4612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38087.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
        5⤵
        
        PID:4792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4772.exe
        5⤵
        
        PID:4812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9947.exe
        5⤵
        
        PID:4632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39289.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
      4⤵
      PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
      4⤵
      PID:3824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9670.exe
      4⤵
      PID:4192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17413.exe
      4⤵
      PID:4920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13111.exe
      4⤵
      PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44909.exe
      4⤵
      PID:4836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33691.exe
    3⤵
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11734.exe
      4⤵
      PID:4840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
      4⤵
      PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
      4⤵
      PID:4692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28136.exe
    3⤵
    PID:3560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9237.exe
    3⤵
    PID:4016
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
    3⤵
    PID:4208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7613.exe
    3⤵
    PID:4928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
    3⤵
    PID:5012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
    3⤵
    PID:4432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43911.exe
    3⤵
    PID:3632
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4870.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:400
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 248
      4⤵
      Program crash
      PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1556
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33937.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59935.exe
    3⤵
    PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33820.exe
    3⤵
    PID:3368
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 248
    3⤵
    - Program crash
    PID:4052
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29482.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64720.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1072
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 200
      4⤵
      Program crash
      PID:2412
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 248
    3⤵
    - Program crash
    PID:2924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:780
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10137.exe
  2⤵
  PID:1584
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19724.exe
  2⤵
  PID:3924
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24004.exe
  2⤵
  PID:3964
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33915.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33915.exe
  2⤵
  PID:3416
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44339.exe
  2⤵
  PID:4372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
  2⤵
  PID:5104
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
  2⤵
  PID:4296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34973.exe
  2⤵
  PID:2776

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1173.exe

Filesize
184KB

MD5
e10fd1108943269b2233f5f7f6d1bb18

SHA1
0ab87021215b5b2aa1ffb3b414f96bac43b86fca

SHA256
bb593054d6bf0b27d01c7131ca84f00a2fbf0ccbac6bf72b29e6c7c748340947

SHA512
3699f7441264256f4a7e2473b936856dac90f5aa9daa79da52d26a4a2a6adf929aa2f9c160b2e7fc9f2e32b103fe0d0b854576a8360eb0ee05d91f0fc68f0bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe

Filesize
184KB

MD5
7e5e6be130fd572c9e7e4273d50e6fcf

SHA1
8d63ae1a0782af3e50b64c220a88aea9e1d26533

SHA256
d365af16f44b53bb4ac7409f03afef2c0f34e6a7e60e368eefcc8691cd577a31

SHA512
4aa130f5c657617963a0583180b3954438554eac3eff9e6e0c2e35e77a178898c05a405906d8066add70e26caab90a6b040f99fa7afed4536c9d136ab853e42f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29838.exe

Filesize
184KB

MD5
1bfd54833bf227e4b509f68f47ccd0d6

SHA1
0cfdccd8961f023a1b521448231ba7ed3afe5b34

SHA256
1711332a9edca81cd3f6f8240ce37fcb9fa2cc8c7974e7472a768787f6811d04

SHA512
f4dea7f65411b87f9913d2a5547c8cdb97a8d7f708fb15991ff1d7f6a209bdee273abe2e4dc44e82a50bca93d15fea31f2806cd6085e70e611fcb3cfa36f10e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35969.exe

Filesize
184KB

MD5
9f2770a20f3be21a83d702ab82152ee5

SHA1
8945dafc24fc952a2334f416f79e67b9cc5da382

SHA256
53428b2eb7e150285a43b02c6ec61caa272de9d797092e766ded223046e60ef8

SHA512
e85fee52299dcc72ae16bae235d2a3d2d865bcc3ba868258b1132d2ac6ca6f0bb7cb4f1b0ed399d14c2a7160577d6ff3b60a9a063a3eadfa2b29d63e1565e1c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53963.exe

Filesize
184KB

MD5
4fd48f7a96afe8f97a442ad3f4a37045

SHA1
6dc808dacf67be73aa794a7581fe98c55f70e445

SHA256
20cc27e8d8536067528078f1dbfff344ef5e151b542132fdd070cb5ab2c2ed82

SHA512
fd2dc4a59b6561bc98465a6fcca6408ee31b28314d8e807085463e3b8dc8ed2ba302a1ccfb9ffc4ae21abc55bb143f2af495422e5479c501bc00acdbae894fc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe

Filesize
184KB

MD5
fb2478fdfa7fc2f721be70e2eb50e8fc

SHA1
6b9575600521915bf5d3f2f2556b9e7c3cdcdf3e

SHA256
521c4fb2b245416c5cf4a5b5e36d1d694ac9f052d29dcf56f77a16bf482cd822

SHA512
00096c7f45962ec51efdacc8ba39f69495d60d499f2bafcfd394aae48b20bb81afb683bf7a415cfe32a18afc3d1d1959c0b3c81c455c496bc401ce81d960c1fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe

Filesize
184KB

MD5
bc778e7594a7caea47554a4230ecea80

SHA1
d40e3c6fd3867ba4c21903f0a719d509d4e94d8c

SHA256
0f1fe877faeeacfbc15ef944610979dcdd45567f8ee2808f64fdf2d75784b5c8

SHA512
d991081dd10f2086a0a6702c45072fba9ed11079e32b15acd20fa4de0057011de3d4a64cebc09d008563ee8f801df8ba825e335cbe69200630f44dcd232c6301

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63296.exe

Filesize
184KB

MD5
977dc8745570c6df4ca962e9af5bf6e0

SHA1
0e2adf525cdf7451650100e7dc62b6cc8039f49a

SHA256
d3c9df5c8909f07498d8da6bb42ff153b66ef416669eafbeb1035a0c6161f5de

SHA512
9e0e46923209aad4962cc77d108cff81d3bba4210ab9d18ac7a0ea4161d5a8f15622771e4ed385f7fa0a5071c45457df7abc46cce0fbf20ac2bedce482219c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe

Filesize
184KB

MD5
21e083d68e40e23f9db9d97b1a066c9d

SHA1
460d97654048a8870002cfdc05e27f3ab257e72a

SHA256
311e6c606fd1c04646e16cc654597d5fa87d43b62dad295afecb7cbb9bb6dd37

SHA512
02666838ebd2ae437ee0611d07fd0147d21474275f9e725527bec79ca0e23da6efd27fbc530a1b02ee1ffc25f87400c40186f0d0c6c6ac5e90ca58538bc71b00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14312.exe

Filesize
184KB

MD5
ad6bd202439b3f90d97f5345403c5716

SHA1
27afa0851081e62008ef188180ee0599950eee2f

SHA256
28181d0a09027c98146cf1a5fcbf1c62c12aa34c02881e19c8a8fea9e742127a

SHA512
a78818126bb69907f0667743c1ccb8803bead22605404c40cd5f779c2cc109f38dcc31decc66434e097d385d65b46fb6615186d63dd4fa401cdb147f1755626c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14892.exe

Filesize
184KB

MD5
cf51b7c0d2a4eaa166487c8911de9814

SHA1
8747f3369eb8462dfd5bdfdcaa442093e9c6973e

SHA256
ffe6af05eab4d02fe7d02d68f37dcb8907c6871bb58e3bb2812162fca8baac67

SHA512
4ca14434d219ebcdd42cf706be189bf6896c1ea0f8e517fad2b5207e11ef9992d159268b28b85cdda6e89141b16004da4c255688ebc045ad8af1691d31ceac9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe

Filesize
184KB

MD5
b8b33e17b8d7d50dc76c339bd8a4fe73

SHA1
b16c36198fb03af0b894d63336435092811999bf

SHA256
c2ab035605bb903c7cd99de70c98c234ead39fadb751a57f2212843c79186f22

SHA512
0a7b6d1e5d34aac2a740fefad1ea06b779d12cb9145097011ccdd9dd4e677eb7735f6022ee836faae46a49dce4dbdc35c7d5a13b3b962fd0443b80932ca947b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27996.exe

Filesize
184KB

MD5
67ba9e533dec598177fdd94d475ce78a

SHA1
cf83c00f4e80ed7eb310ce29bbceb82a25207233

SHA256
b119f3a654c28269226782a4275b818794a7382a6f41feff4a4eeb27ffeff3e1

SHA512
ebe49b4bd405e950ca913ac6e4f1d6743580c0404ef311ad4e400120d6ec1a2da4a14612e15a8da0e0a79d6fbc84e861177e935a67830ad0ef50734756eed4db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29439.exe

Filesize
184KB

MD5
b063126040351e72cf0ba312fe671d55

SHA1
a39fc060604ae3fd596e3d768aa3ceaa7cfd6093

SHA256
db0016852bd3228af28bac67e5b6d1ed2ff3e74cb6b9334cfe595deafba4b1aa

SHA512
30ae2967b33073a1639906493deb3b6f266efad23a70971973eee68ff0398882fd1981d7ebccd534216d725da9cfc07d3e9b3f174a1436755aaee58af7df0948

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe

Filesize
184KB

MD5
18f01a8c612e2321cf249a408db6e64c

SHA1
9ccdf16e73f45fc7e7436b876e2e47c261570b11

SHA256
98faaae66d5dc2322939104ec4d4376a17b5d19d4bef91889ac36ac4737e804f

SHA512
ef73c4e2bf9b590e80ce41c6bcbc3331c172c2eea3cce53b13b58a1d22e1ef51dfd31d1e95b23028e5a9224f282b6a192336ac1a29e312c2729c2046304a8ad3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33700.exe

Filesize
184KB

MD5
2d370b992087e797a0866a1017ccacf1

SHA1
e2abe2b999cbdd8766295c583c7ad7afbce33fc6

SHA256
8b365f9907e46aee74b72e67cc1ded584b6467c80973892f5debd0a621104684

SHA512
941fae87ca5d20d653a43d8d9a74591bc6803eb17ce4a5797a56d0ac22187f43c6a792333c74f48913e717eededde0d78057cab8bc93ffb2fa83614fa95fc46e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33986.exe

Filesize
184KB

MD5
ba5e7fb23ec34fa72fada6707c61ad57

SHA1
b03db571f94b372f4efaee94fc69472a6642e177

SHA256
b171f96cc80a2d44b4b6e1336648fd3f0f4169033873a372372c49a8d11d27b4

SHA512
d2fafddb538989c58b12f8eb367bc02e881de45cd844e458e654a1bf53cd37500bc49faeafd8d9ea980f9a00cdfe8eee6af01e0d6931a2ff800896bbf43839ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe

Filesize
184KB

MD5
492853c1b43b06f5c1942a8045865eb9

SHA1
d59f8f33e5bbf4596977efb6635c18c9820f1d65

SHA256
4770f89418eaba6fcd60b4b92dffc40f79a9de973c51c1dbbc15b935329b88fa

SHA512
1b7cb4f1943a3b2cf9daf7bf6bd20b9ce503049ccb4526b829093eac7a36e3f331b3d99b67c42eae0f8b6b2ae8f468f0ea233dea614e569397b8c5d324460594

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42495.exe

Filesize
184KB

MD5
559d02a9406914a349d7b1600fa21175

SHA1
991edf7de9e0a17b3ed582155ee324006779419b

SHA256
367541a8ac71bfc467e3300c23d9bc42a072d7583fd95d5dfbcb422b4b3c0c78

SHA512
fbf5ef3c897c4b2da1c410b1871fb928e8920c7d6df95fbf606cf139077aa5a8a86c19d0c35566378205f36224652e0c523392eff9dbe1abad84c48508896a33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56188.exe

Filesize
184KB

MD5
a1006e9f8904061af40ac69bbea2675c

SHA1
80ddcbe470509f8d55b448048f4daae7a5343e8d

SHA256
240fee1f9020d740b1bf6970f0092853fc8f340e20dc5dea91e387bf029cb84c

SHA512
268811d18d89bf8fbd9d8be567f326de861d14ce478660419a4dd45ba1105bd3734ddf3adcefb2d7db6d35a831546f52d3ee4b7e8a0141316a424423ec684eec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe

Filesize
184KB

MD5
c3b8a8c12f9c4cea769a9774ba134f9b

SHA1
0d8a3a088c1a6d6bd2e329a0a52b2629e8401e05

SHA256
5c5ef4d3a05ac27beec27ecc4d6df0b1a79bbf67acd4a88946407e667efc0b91

SHA512
b5a1bc424b4955eab2ac8d3fcaf15ef7170c13288c89b027e139216133bacf6ad5f46be93fee16a53b37abbbb37aaac9bf80edea88247d7020f801b695c0df7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6958.exe

Filesize
184KB

MD5
23a00dc130964f2b7833ee899c5f7e5a

SHA1
5c8a54ed5546eddfe1ffd09296c3b4e1f1556c2a

SHA256
4bae5461886a28d656c164c40d9f0243de99f58441d27dac189e12030873ce87

SHA512
f781f3b7c3f79690d3dfa2e84694ac7a43f87ec7d6621558a35630e73d9528af7a626364552638add29f32048dfd7881cbfe0eb2d4957ff65e630e383975f1bb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8130.exe

Filesize
184KB

MD5
ab34e81f1126992dc498d02f5d741a24

SHA1
6f2d1876a31d99ca98dc30dea6addd9255b682f9

SHA256
353cf371a357b8da375c64ffffb25298dac046cb1615a75ad2aefb40e0a7ef92

SHA512
9ff9dbb5c483afa1190c1cb5e54f6175fd86eaeae94620a7f677f4755fcb0a8c9346fb3b9fcd2cc49c6619c03cf1215830e7eed1ee69693f010e40af23f00ae8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe

Filesize
184KB

MD5
4376a97a4b734dcffe97e6936b193df1

SHA1
65c888358fbd9fc267c866773381b0e353218929

SHA256
ace5dd7fff3a25f1c1a19f1de8ad1af3d7fb3d2673045f6cadfb7492f61449cd

SHA512
aa696e1fe6ef519f2b077d104ccaa0509f81a07b6109c43ac8445863d51bf48d4d9ccd766d4e3b89028d385fb9840a3333d72664afc149b0aa64e7fa971878af

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads