b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
Size

184KB
MD5

95009eca487f90a5726b7bc1bb47e6f7
SHA1

df442767c928e6b569977d3a9c02ad27689cce07
SHA256

b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593
SHA512

badb2be2e3bf16037068ffb4e5c44a8ca809460050125c8fdc78dac63aa9e612ceac530fccd5136b3c3489ffa742d85aeddc8e8513548661d8d6c926f6000b53
SSDEEP

3072:ZPT65kon1jCCd/XZWrWE88szuunqnxiuF:ZPzoku/XI8VzuIqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 15 IoCs

pid	Process
2820	Unicorn-34683.exe
2372	Unicorn-41165.exe
2940	Unicorn-57179.exe
2792	Unicorn-23654.exe
2580	Unicorn-63709.exe
2744	Unicorn-56902.exe
2340	Unicorn-17685.exe
2500	Unicorn-63192.exe
3060	Unicorn-10654.exe
1040	Unicorn-59362.exe
1640	Unicorn-13690.exe
2512	Unicorn-22264.exe
2212	Unicorn-18463.exe
1904	Unicorn-37458.exe
1652	Unicorn-5050.exe

Loads dropped DLL 30 IoCs

pid	Process
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2820	Unicorn-34683.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2820	Unicorn-34683.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2940	Unicorn-57179.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2940	Unicorn-57179.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2372	Unicorn-41165.exe
2372	Unicorn-41165.exe
2820	Unicorn-34683.exe
2820	Unicorn-34683.exe
2792	Unicorn-23654.exe
2792	Unicorn-23654.exe
2940	Unicorn-57179.exe
2940	Unicorn-57179.exe
2372	Unicorn-41165.exe
2744	Unicorn-56902.exe
2372	Unicorn-41165.exe
2744	Unicorn-56902.exe
2580	Unicorn-63709.exe
2580	Unicorn-63709.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2820	Unicorn-34683.exe
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2820	Unicorn-34683.exe
2340	Unicorn-17685.exe
2340	Unicorn-17685.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1200	668	WerFault.exe	49

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
2820	Unicorn-34683.exe
2940	Unicorn-57179.exe
2372	Unicorn-41165.exe
2792	Unicorn-23654.exe
2744	Unicorn-56902.exe
2580	Unicorn-63709.exe
2340	Unicorn-17685.exe
2500	Unicorn-63192.exe
3060	Unicorn-10654.exe
1040	Unicorn-59362.exe
1640	Unicorn-13690.exe
1652	Unicorn-5050.exe
1904	Unicorn-37458.exe
2212	Unicorn-18463.exe
2512	Unicorn-22264.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 2820	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	28
PID 2504 wrote to memory of 2820	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	28
PID 2504 wrote to memory of 2820	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	28
PID 2504 wrote to memory of 2820	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	28
PID 2820 wrote to memory of 2372	2820	Unicorn-34683.exe	29
PID 2820 wrote to memory of 2372	2820	Unicorn-34683.exe	29
PID 2820 wrote to memory of 2372	2820	Unicorn-34683.exe	29
PID 2820 wrote to memory of 2372	2820	Unicorn-34683.exe	29
PID 2504 wrote to memory of 2940	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	30
PID 2504 wrote to memory of 2940	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	30
PID 2504 wrote to memory of 2940	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	30
PID 2504 wrote to memory of 2940	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	30
PID 2940 wrote to memory of 2792	2940	Unicorn-57179.exe	31
PID 2940 wrote to memory of 2792	2940	Unicorn-57179.exe	31
PID 2940 wrote to memory of 2792	2940	Unicorn-57179.exe	31
PID 2940 wrote to memory of 2792	2940	Unicorn-57179.exe	31
PID 2504 wrote to memory of 2580	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	32
PID 2504 wrote to memory of 2580	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	32
PID 2504 wrote to memory of 2580	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	32
PID 2504 wrote to memory of 2580	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	32
PID 2372 wrote to memory of 2744	2372	Unicorn-41165.exe	33
PID 2372 wrote to memory of 2744	2372	Unicorn-41165.exe	33
PID 2372 wrote to memory of 2744	2372	Unicorn-41165.exe	33
PID 2372 wrote to memory of 2744	2372	Unicorn-41165.exe	33
PID 2820 wrote to memory of 2340	2820	Unicorn-34683.exe	34
PID 2820 wrote to memory of 2340	2820	Unicorn-34683.exe	34
PID 2820 wrote to memory of 2340	2820	Unicorn-34683.exe	34
PID 2820 wrote to memory of 2340	2820	Unicorn-34683.exe	34
PID 2792 wrote to memory of 2500	2792	Unicorn-23654.exe	35
PID 2792 wrote to memory of 2500	2792	Unicorn-23654.exe	35
PID 2792 wrote to memory of 2500	2792	Unicorn-23654.exe	35
PID 2792 wrote to memory of 2500	2792	Unicorn-23654.exe	35
PID 2940 wrote to memory of 3060	2940	Unicorn-57179.exe	36
PID 2940 wrote to memory of 3060	2940	Unicorn-57179.exe	36
PID 2940 wrote to memory of 3060	2940	Unicorn-57179.exe	36
PID 2940 wrote to memory of 3060	2940	Unicorn-57179.exe	36
PID 2372 wrote to memory of 1040	2372	Unicorn-41165.exe	37
PID 2372 wrote to memory of 1040	2372	Unicorn-41165.exe	37
PID 2372 wrote to memory of 1040	2372	Unicorn-41165.exe	37
PID 2372 wrote to memory of 1040	2372	Unicorn-41165.exe	37
PID 2744 wrote to memory of 1640	2744	Unicorn-56902.exe	38
PID 2744 wrote to memory of 1640	2744	Unicorn-56902.exe	38
PID 2744 wrote to memory of 1640	2744	Unicorn-56902.exe	38
PID 2744 wrote to memory of 1640	2744	Unicorn-56902.exe	38
PID 2580 wrote to memory of 2512	2580	Unicorn-63709.exe	39
PID 2580 wrote to memory of 2512	2580	Unicorn-63709.exe	39
PID 2580 wrote to memory of 2512	2580	Unicorn-63709.exe	39
PID 2580 wrote to memory of 2512	2580	Unicorn-63709.exe	39
PID 2504 wrote to memory of 1904	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	40
PID 2504 wrote to memory of 1904	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	40
PID 2504 wrote to memory of 1904	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	40
PID 2504 wrote to memory of 1904	2504	b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe	40
PID 2820 wrote to memory of 2212	2820	Unicorn-34683.exe	41
PID 2820 wrote to memory of 2212	2820	Unicorn-34683.exe	41
PID 2820 wrote to memory of 2212	2820	Unicorn-34683.exe	41
PID 2820 wrote to memory of 2212	2820	Unicorn-34683.exe	41
PID 2340 wrote to memory of 1652	2340	Unicorn-17685.exe	42
PID 2340 wrote to memory of 1652	2340	Unicorn-17685.exe	42
PID 2340 wrote to memory of 1652	2340	Unicorn-17685.exe	42
PID 2340 wrote to memory of 1652	2340	Unicorn-17685.exe	42

C:\Users\Admin\AppData\Local\Temp\b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe
"C:\Users\Admin\AppData\Local\Temp\b5127f43df90aafb1fe9855288a9f51b31c5d349e5ca7fdbca9e1bd872380593.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
        6⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        7⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        7⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        7⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
        7⤵
        
        PID:2720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40868.exe
        6⤵
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
        6⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14859.exe
        6⤵
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25436.exe
        6⤵
        
        PID:3808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        6⤵
        
        PID:3204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
        6⤵
        
        PID:3268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16326.exe
        6⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45790.exe
        5⤵
        
        PID:1400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20349.exe
        6⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64487.exe
        6⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
        6⤵
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
        5⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
        6⤵
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        6⤵
        
        PID:3972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18144.exe
        6⤵
        
        PID:2964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9160.exe
        6⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39950.exe
        5⤵
        
        PID:1064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19453.exe
        5⤵
        
        PID:2208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46992.exe
        5⤵
        
        PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65463.exe
        5⤵
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52480.exe
        6⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
        7⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1511.exe
        7⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        7⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8111.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        7⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        7⤵
        
        PID:3444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:2832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4042.exe
        6⤵
        
        PID:3888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55823.exe
        6⤵
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        6⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        5⤵
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5348.exe
        6⤵
        
        PID:2600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28656.exe
        6⤵
        
        PID:1608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14911.exe
        6⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
        6⤵
        
        PID:3872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
        6⤵
        
        PID:3324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13999.exe
        6⤵
        
        PID:1184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38992.exe
        6⤵
        
        PID:2232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64755.exe
        5⤵
        
        PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45153.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61516.exe
        5⤵
        
        PID:3216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42388.exe
        5⤵
        
        PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19796.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20748.exe
        5⤵
        
        PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
        5⤵
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
      4⤵
      PID:668
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
        5⤵
        Program crash
        
        PID:1200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23601.exe
      4⤵
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
        5⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30820.exe
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31284.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37979.exe
      4⤵
      PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
      4⤵
      PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20857.exe
      4⤵
      PID:2320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
      4⤵
      PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
      4⤵
      PID:4052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5204.exe
      4⤵
      PID:2584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20212.exe
        5⤵
        
        PID:776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
        6⤵
        
        PID:520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57315.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39897.exe
        6⤵
        
        PID:3880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20249.exe
        6⤵
        
        PID:2440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37248.exe
        5⤵
        
        PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34084.exe
        5⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19873.exe
        6⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12514.exe
        5⤵
        
        PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25322.exe
        5⤵
        
        PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49765.exe
        5⤵
        
        PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
        5⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28740.exe
        5⤵
        
        PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65141.exe
      4⤵
      PID:432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
        5⤵
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60795.exe
        6⤵
        
        PID:3116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
        6⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19722.exe
        6⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14713.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
        5⤵
        
        PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21179.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41858.exe
        5⤵
        
        PID:3108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24261.exe
        5⤵
        
        PID:1456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        5⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34075.exe
        5⤵
        
        PID:3020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51752.exe
      4⤵
      PID:2748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
      4⤵
      PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54515.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27764.exe
      4⤵
      PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64054.exe
      4⤵
      PID:3312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
      4⤵
      PID:4084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      4⤵
      PID:4076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
        5⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
        5⤵
        
        PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        5⤵
        
        PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
        5⤵
        
        PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
        5⤵
        
        PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
      4⤵
      PID:2132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
      4⤵
      PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
      4⤵
      PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31231.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
      4⤵
      PID:3360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19972.exe
    3⤵
    PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10051.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      4⤵
      PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      4⤵
      PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      4⤵
      PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      4⤵
      PID:3200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52453.exe
      4⤵
      PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
    3⤵
    PID:1204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33614.exe
    3⤵
    PID:1588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
    3⤵
    PID:3080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
    3⤵
    PID:3320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe
        5⤵
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
        6⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51131.exe
        7⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1294.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
        7⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        7⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60849.exe
        7⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9835.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20324.exe
        7⤵
        
        PID:4660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31265.exe
        6⤵
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15029.exe
        6⤵
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        6⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
        6⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
        6⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24978.exe
        6⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36236.exe
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        6⤵
        
        PID:1500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
        6⤵
        
        PID:1636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
        6⤵
        
        PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11176.exe
        5⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29397.exe
        6⤵
        
        PID:3732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28913.exe
        6⤵
        
        PID:3436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54346.exe
        5⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48832.exe
        5⤵
        
        PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
      4⤵
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36751.exe
        5⤵
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
        6⤵
        
        PID:1828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2010.exe
        6⤵
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35256.exe
        6⤵
        
        PID:3296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
        6⤵
        
        PID:3828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
        6⤵
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        5⤵
        
        PID:340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32588.exe
        5⤵
        
        PID:904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
        5⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9261.exe
        5⤵
        
        PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17491.exe
      4⤵
      PID:1988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51020.exe
        5⤵
        
        PID:1212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
        5⤵
        
        PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
        5⤵
        
        PID:3460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
      4⤵
      PID:3016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42996.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39590.exe
      4⤵
      PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61459.exe
      4⤵
      PID:1188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
      4⤵
      PID:1776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41193.exe
        5⤵
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36850.exe
        6⤵
        
        PID:632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        6⤵
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3640.exe
        6⤵
        
        PID:1884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        6⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51625.exe
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16984.exe
        5⤵
        
        PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29881.exe
        5⤵
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
        5⤵
        
        PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
        5⤵
        
        PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
        5⤵
        
        PID:4060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
        5⤵
        
        PID:4724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1478.exe
      4⤵
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32831.exe
        5⤵
        
        PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50503.exe
        5⤵
        
        PID:1972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe
        5⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22569.exe
        5⤵
        
        PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26700.exe
      4⤵
      PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
      4⤵
      PID:1100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9801.exe
      4⤵
      PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
      4⤵
      PID:3344
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
    3⤵
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41961.exe
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26744.exe
        5⤵
        
        PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2469.exe
        5⤵
        
        PID:1092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24289.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4712.exe
        5⤵
        
        PID:3720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
      4⤵
      PID:880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      4⤵
      PID:1968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7376.exe
      4⤵
      PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42774.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9534.exe
      4⤵
      PID:3240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12126.exe
      4⤵
      PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61239.exe
    3⤵
    PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
      4⤵
      PID:1492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
      4⤵
      PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35814.exe
      4⤵
      PID:3288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12788.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
      4⤵
      PID:2260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17813.exe
    3⤵
    PID:2284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
    3⤵
    PID:1648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3036.exe
    3⤵
    PID:3088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6497.exe
    3⤵
    PID:3868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-694.exe
      4⤵
      PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39325.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
        5⤵
        
        PID:2944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20586.exe
        5⤵
        
        PID:3172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27148.exe
        5⤵
        
        PID:3472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37056.exe
      4⤵
      PID:2876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8599.exe
      4⤵
      PID:2268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
      4⤵
      PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44970.exe
      4⤵
      PID:3712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
      4⤵
      PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
      4⤵
      PID:804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
      4⤵
      PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28765.exe
      4⤵
      PID:4204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46366.exe
    3⤵
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
      4⤵
      PID:2032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
      4⤵
      PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      4⤵
      PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
      4⤵
      PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
      4⤵
      PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18503.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61438.exe
    3⤵
    PID:1272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58803.exe
    3⤵
    PID:1896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14433.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
    3⤵
    PID:3624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
    3⤵
    PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52880.exe
    3⤵
    PID:2680
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
    3⤵
    PID:4108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52718.exe
    3⤵
    PID:1364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59226.exe
      4⤵
      PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7166.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
        5⤵
        
        PID:3496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
        5⤵
        
        PID:3388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        5⤵
        
        PID:2096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9479.exe
        5⤵
        
        PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58162.exe
        5⤵
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64238.exe
      4⤵
      PID:2352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
      4⤵
      PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
      4⤵
      PID:3688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
      4⤵
      PID:3932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
      4⤵
      PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54015.exe
      4⤵
      PID:1916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-724.exe
      4⤵
      PID:4676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21590.exe
    3⤵
    PID:1920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
    3⤵
    PID:3144
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
    3⤵
    PID:2188
- C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
  2⤵
  PID:1840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe
    3⤵
    PID:936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4890.exe
    3⤵
    PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
    3⤵
    PID:1228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
    3⤵
    PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
    3⤵
    PID:3896
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
    3⤵
    PID:2184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
  2⤵
  PID:2376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14051.exe
  2⤵
  PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
  2⤵
  PID:2552
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29486.exe
  2⤵
  PID:4008
- C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
  2⤵
  PID:3236
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52450.exe
  2⤵
  PID:2280

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe

Filesize
184KB

MD5
64c8e79c3aea0ba84d937ad47ca8fbab

SHA1
3022b02e76a6bfd69838d5b5170e6b01f9e28efb

SHA256
bd132c287c512f358d0437e6973ee79972d268fb7150541108c1e4b29acb95e9

SHA512
89374f1433b17aca592174a05762d2a2713494b27485fa2ecd41d27521770bde06a179d551b0c653595708864d4d672524bc7900eef45eca4960c580266d81ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12601.exe

Filesize
184KB

MD5
55309d807939f290e9d6bf9da6b5470c

SHA1
5fb6790ec15b6905e5a5352369bdef1f107d0927

SHA256
0e76298d93b60167e633b386eb32b4e98ae46f1e5c2971daa5eedbf9724c9b2c

SHA512
247af4bba8545e8da881139de950235d261c0b0ad917b10fa9cc8d2b9f2fa3ab94b8504645e98314872ebb5def99e5d24a8c1b4ee976baf51b3298ccce6e8170

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13548.exe

Filesize
184KB

MD5
ac5d6d19b056acd4745acab00ffe2b7a

SHA1
2872d0d58b85418a8e81c60206a81d9a7f48f50b

SHA256
d13c8e7b4af791c9b94dbe28df7a8c9f72e2588bdfac99ac4fecc697f08ff930

SHA512
251a6222ad3805be97d02e8f4d363609cbf5db784fdad3e8ac208dbcefe215922ba8a24d5492d45010d39bfa303b6376d6228e1a336e31f51792bf3fe961c699

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13690.exe

Filesize
184KB

MD5
88d92e3636c2344504adac3313e17eea

SHA1
bfd5584b32d95a2d61f928b63f591db028ab518d

SHA256
4ec12a4beacd7f2f1dccf77956c0c192321f2ce1cb4ce321adb02beb22300a10

SHA512
7bfca73b5aa69f646f3d11604b5427d8b93f61a8f49c92b9f772934a051b070b7ef6c01bd398ddd537103cc396a43949e1793dfc88c928e14572ed1a10ec9177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe

Filesize
184KB

MD5
e5e0722c69b08dbf497b01afa1e26112

SHA1
21090002cc1939ae713c925800623c3e67ac1b25

SHA256
4732e99be90bbe124b459cfd4ab894ab1ade4ae54c19a0ddbbea796fd02abf4c

SHA512
c3e1d0a2e9e1b0e016396ad78ab6f07ecb44b781220b648d6184af78d87cab88a7db26416a9e269d1730309da99c9ed1e070cb17bdbe4ce1648d946b560a5169

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe

Filesize
184KB

MD5
b5c9a5c090bbbc274830493db61debcf

SHA1
dd54a4b28408cac74f9c3499210f5baafc762118

SHA256
d6f82466915d60efca4c03bbc2918f899ef8bb933fe67dc20feafd008e8b86bc

SHA512
33c98a24ff2fc7971743b659ec690acccb224cc7845d58318cf84c5a78e0566e283dd5031d0e812331e3b7a446eacd5bfc3c3524ea16bffd4a8a7ef365c84ffe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe

Filesize
184KB

MD5
b61cc2821a462fdd677e2e10232e1745

SHA1
73965579c46e8226bf95dd08e3152ab4df12936d

SHA256
f2723261dd758094a0040cfa6ff337597ff0421ef628c66714e206a6dd6a5fc1

SHA512
8cf3c4c787206f5c27e56df706e8f6fb28f8ed70b9187e48adcf9c8041ed3049ac213b55b009530eac9ffc80b7514f6b3e7f24f91373b8135336bb1e8fdd92bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23654.exe

Filesize
184KB

MD5
cff291aed3e66e0a02edc864db6210cb

SHA1
745545f4f4ddde6f8b79eee799fe6bbb8164879c

SHA256
f99695165b69856148a5eaee5a498d89d06ade5da121f84a6bc5937a0fe65f55

SHA512
563111a6ce51f9ad4b691bf4c5ae3d5e75f6b0cc4559e4d45ea66dca9152bd948094b7ae43bcac653a3212fe3a1a76ed1440163364106591c5c88f352b20ff87

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe

Filesize
184KB

MD5
f9758c87dbac0f29b4796fcb462f6f7b

SHA1
bc1786e34e5d4c91f01388d9bf9b73eceacfaf6b

SHA256
df489c90183ba84026b8789f091757b8eb63c40a1a5e6754897814327e268fb9

SHA512
a2288cd80f92a3ead558b6b9b778833cd116d956246f9c420fdfa90a348ce4189b29b2f9840a1701c3be47c0b845431ae5d2a5d88f278a3676be85d0236e4b1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe

Filesize
184KB

MD5
866c566720fd661f896c3d5bef2bc1f0

SHA1
aeadfa2aa0ca32037bf988ec37bb832bae73f771

SHA256
fdba6bfda187e01ad34d9fca92dc27bdbd97b3f45e71d926c9c54ae8e09f7a4f

SHA512
612a510fd0bc356e1382a36bffcff58edac483ac73a0322de10d825e2e39af7ecf29929c51ecee71feb909dba74ac32e4be5486b064cc28ca238ac173d120ef6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe

Filesize
184KB

MD5
37b69db78bc1b5a4d69ff741015c76bb

SHA1
d581f1a63cc1b25f5f6caa32d2941859d4d2e035

SHA256
0396089f920a236cec31edad2908a7f396dc6a102c27505e2326d4f944846fa7

SHA512
b267a72f167a5484ec04790685c97743e17904845d135355da3a04c5d6cc4d1b0c08c219bf728406d4f9199e1dbe1f63b4f89cdceb0eadec62e51552e3947a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe

Filesize
184KB

MD5
788d3a783d1a9f37573252cb34db4c2f

SHA1
6593e614b9cf66ac4ba9e7789c66358b29ae114e

SHA256
094ead382bcc44f293839d244897dab39881592ca8d695e05e1db2dd5b4be65f

SHA512
468df1f4b2ae217ae82ee70d5fe1a4d08ecaf99882a5f6622d5c4c1b66902cd5e0afb886acaedc227fe87e1d20378239b47690ec9dc4b6043afb7a411b017b6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe

Filesize
184KB

MD5
7a6ad524ffc072edbf158b5a863d24a1

SHA1
d466880e37dc28821b7f4f736587b82776dd02a6

SHA256
05d9f62c6f39067745c63b9188ee5ad09abfbed689583b0943e26da74b35c113

SHA512
16efd04f0f21cc7b540827383dddfa0905f61c09a57c4759551ca8d250b2423ba6d606174f4f148b5b39864ac442a3fb6a28b4c8ef62de6983e64ddfd301abf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59362.exe

Filesize
184KB

MD5
e52a1c684c3e96a660007af667a57692

SHA1
6a5516211bd9c27cc9c5e65520acd7450751ae1f

SHA256
2ce8f35af65cfe458b6efb3c3b81f052afd1b15a8eef157a4c2e4d6dcd77563c

SHA512
ecc4bde3fc89b8478d49e2c7dec82712afc37dbc75e7d8cc70ac33f6574435261aa04a17f5090a24a1a398bf2f6e609901d7cfd86b29ac29bc173f669ed065d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63192.exe

Filesize
184KB

MD5
abc0e6d5fed194f4b756f7623d6a9b14

SHA1
dff4800a6606e67230dde6c628032bd784256867

SHA256
e67e2130801f101ecfdcd58de17c9b8959c3d4178ae67f1be2077c2026795410

SHA512
f504ded72dc9320b65277b6af87f82778ddb7dddc09fc1b5e6e1fad037f4afcef97a61153285bfbc6bcfea2bfe05963a3f64e50eff407efcc7288d1e09751eed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe

Filesize
184KB

MD5
3c73da44ab0b2465f94aa86c1dc49383

SHA1
c770f18972bcf0d2c7ad52475e1d0cb0c333a33d

SHA256
1da0447abbfd381e35570c942566f64e41f6c00b14efc7d3b66073802041aff7

SHA512
e1b0ddd68186f21b902c2eac0bd92a2744b583907d14f9006d860bf47cab9320e0846ba4fc4bf8313efa5a4790cf4ff00ac7a58c9efefdc8135aeac0f52c09ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6818.exe

Filesize
184KB

MD5
1ff0da393ed32febd7119a6bf9944825

SHA1
8813bbc8cbddca5a242e9bdd639cffba3807c16e

SHA256
d5616f9e2f2b0b4a291be7020eda0f24b1ec61705e84f2ded2bc2bc0519f4e55

SHA512
17a3cec0f199b6f52e1761fd7e70926fd232e9860032ac17aabab50a18e4f8e33349a56a87c30e2c91b333c2cedea08b097e5d0a96cc1181548038bcd6486127

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6844.exe

Filesize
184KB

MD5
15264747515192f532fdf255e73d76ff

SHA1
baba86df82cdeac052b2f9ce086b839ead1f1653

SHA256
41b9b40b397f007d2af5ef4c17c27cb33be4bdcf2fa3608eab7f04118e2e2d59

SHA512
b93929711c05d3998090f18c9d6215328d611ac182c82c56aac2b5d33781e2f72d87d19ae798b0a47f312abc9e9f3888fb18c239cac9e09ade341b9b2151d6d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe

Filesize
184KB

MD5
8a8f6d2467f755f7d19fecef8f3f041f

SHA1
ed1502b6d669387b8ca281b27fb002335a78e1e2

SHA256
758be148a3f8212a369e93dc795088f35d88c80927776c9d368b4eb504e32e1b

SHA512
a946646cbb3c146128d8bec832fd652e6a42adb0e81c5374284da7d792838e55866efae6fec298f9da22f1bd83544db206743cae46947b8868bb44185ffde528

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe

Filesize
184KB

MD5
fec1e44ef1fad6ea5e81410906083637

SHA1
874c7bee449d55f8e9d1c18a4f77af340b026a32

SHA256
8f0c1b5286974d36cba791d755fdceeedf38fb61aa01ead6c5fc9527a42befb3

SHA512
0fd1ea5e5c8469dfaac320dda33ebc5b5e8be7afec6ee096ab49cf2b8637c16ddaa6cf8cd0dccf378afb1ba1949ef34bb25f79f3eabb2e6c5d8293f02cc2ee29

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34683.exe

Filesize
184KB

MD5
288dcb7743a367b7a138ada2f4826631

SHA1
08cec8bb882c4330b448a8f47b2f87f536205dec

SHA256
30764ed8a696c8db6fd4cafbbd4b92d5a3d7f7bd9a08cd44a4c0ca2bcf650fda

SHA512
e96fc847064805aff93b9edc95242f301b5eff35cd646b155a7228d3d1a61212ee6e83d777dc99c89e56e7a68bb1e77852143f7709d121993742d66c0a67c2ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57179.exe

Filesize
184KB

MD5
19727ad045bb6ddced66fee180205e3d

SHA1
29b14a134dd1f417762c34e4aef19e46ade18931

SHA256
f33e999aa2345d483c512fa0507a7d81e05ef69e4bd7d07d4a8b912441b91a09

SHA512
8712ca3c391f296c581c940f303f06b78fffb7a1bdaa79414307ffb178fa79b3fbd38ab5f8d1b3c0d5d555b0cc5078607241275cba32c916101a6e76ac23b612

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe

Filesize
184KB

MD5
179ff9e1440217be6ce76fced8354d62

SHA1
1cd17dfcaa2e4aa5510b63bbf76145b54f509449

SHA256
db9a27238e295d9d5fe13d0316ca2ef6257a37532e3196eee0ea59a0a37e2f17

SHA512
88f7b84d6e405d55a1195da18cc695740b500f716f23ff237375c030941c7aef9db6a36e6143bdfe22077b81e3646d20ff36626c3c00b16d416ae7431d230ceb

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads