7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856

Analysis

max time kernel
135s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23/04/2024, 00:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
Size

184KB
MD5

2ac2eb012dfc95e73b2cbd524c389cc8
SHA1

6882a8a2b21cdd9d978d6c466f37d22f65bb880e
SHA256

7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856
SHA512

92f9dae5bdff5bd4a01740752e3ca9985c6cd41ffe635e952cb5a5341cece4eac4b791a56cc4c3cdaf19c25a9fc0d114652d1735b3ddd10c1765a55ee7609ca1
SSDEEP

3072:9feTukojSwaWdDXOW4V8bFpJvnqnviutrO:9fIokiDXu8ppJPqnviutr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 50 IoCs

pid	Process
1592	Unicorn-59843.exe
1728	Unicorn-26985.exe
2072	Unicorn-15173.exe
2660	Unicorn-12608.exe
3056	Unicorn-33853.exe
2800	Unicorn-10992.exe
2544	Unicorn-4862.exe
2952	Unicorn-49296.exe
2680	Unicorn-61989.exe
2844	Unicorn-33430.exe
2920	Unicorn-53296.exe
2784	Unicorn-51296.exe
1676	Unicorn-23549.exe
1640	Unicorn-37761.exe
2736	Unicorn-16262.exe
820	Unicorn-23509.exe
1808	Unicorn-47306.exe
2108	Unicorn-41624.exe
2216	Unicorn-53436.exe
448	Unicorn-5028.exe
816	Unicorn-16910.exe
2276	Unicorn-38949.exe
828	Unicorn-47122.exe
1300	Unicorn-19778.exe
1160	Unicorn-65449.exe
1568	Unicorn-22565.exe
1352	Unicorn-51161.exe
1048	Unicorn-5489.exe
1328	Unicorn-52745.exe
1708	Unicorn-47965.exe
2280	Unicorn-37168.exe
2076	Unicorn-18260.exe
2144	Unicorn-9328.exe
2984	Unicorn-12764.exe
2292	Unicorn-6634.exe
1748	Unicorn-3971.exe
2356	Unicorn-52430.exe
1964	Unicorn-38880.exe
2708	Unicorn-55787.exe
3012	Unicorn-58746.exe
2540	Unicorn-61917.exe
2656	Unicorn-50416.exe
2548	Unicorn-64488.exe
2556	Unicorn-25978.exe
2456	Unicorn-25978.exe
2428	Unicorn-1974.exe
2484	Unicorn-15709.exe
2948	Unicorn-5455.exe
2992	Unicorn-51127.exe
2932	Unicorn-22016.exe

Loads dropped DLL 64 IoCs

pid	Process
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
1592	Unicorn-59843.exe
1592	Unicorn-59843.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
1728	Unicorn-26985.exe
1728	Unicorn-26985.exe
1592	Unicorn-59843.exe
1592	Unicorn-59843.exe
2072	Unicorn-15173.exe
2072	Unicorn-15173.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
2660	Unicorn-12608.exe
1728	Unicorn-26985.exe
2660	Unicorn-12608.exe
1728	Unicorn-26985.exe
2072	Unicorn-15173.exe
2072	Unicorn-15173.exe
2800	Unicorn-10992.exe
2800	Unicorn-10992.exe
3056	Unicorn-33853.exe
3056	Unicorn-33853.exe
1592	Unicorn-59843.exe
1592	Unicorn-59843.exe
2544	Unicorn-4862.exe
2544	Unicorn-4862.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2680	Unicorn-61989.exe
2680	Unicorn-61989.exe
1728	Unicorn-26985.exe
2952	Unicorn-49296.exe
1728	Unicorn-26985.exe
2952	Unicorn-49296.exe
2660	Unicorn-12608.exe
2660	Unicorn-12608.exe
2920	Unicorn-53296.exe
2920	Unicorn-53296.exe
2800	Unicorn-10992.exe
2800	Unicorn-10992.exe
1640	Unicorn-37761.exe
1640	Unicorn-37761.exe
1592	Unicorn-59843.exe
1592	Unicorn-59843.exe
2544	Unicorn-4862.exe
1676	Unicorn-23549.exe
1676	Unicorn-23549.exe
2544	Unicorn-4862.exe
2784	Unicorn-51296.exe
2784	Unicorn-51296.exe
3056	Unicorn-33853.exe
3056	Unicorn-33853.exe
2736	Unicorn-16262.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
2736	Unicorn-16262.exe
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
820	Unicorn-23509.exe
820	Unicorn-23509.exe
2680	Unicorn-61989.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2492	2844	WerFault.exe	37
2880	2292	WerFault.exe	63

Suspicious use of SetWindowsHookEx 41 IoCs

pid	Process
764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
1592	Unicorn-59843.exe
1728	Unicorn-26985.exe
2072	Unicorn-15173.exe
2660	Unicorn-12608.exe
2800	Unicorn-10992.exe
3056	Unicorn-33853.exe
2544	Unicorn-4862.exe
2952	Unicorn-49296.exe
2680	Unicorn-61989.exe
2844	Unicorn-33430.exe
2920	Unicorn-53296.exe
1640	Unicorn-37761.exe
2784	Unicorn-51296.exe
1676	Unicorn-23549.exe
2736	Unicorn-16262.exe
820	Unicorn-23509.exe
2108	Unicorn-41624.exe
1808	Unicorn-47306.exe
2216	Unicorn-53436.exe
448	Unicorn-5028.exe
816	Unicorn-16910.exe
2276	Unicorn-38949.exe
828	Unicorn-47122.exe
1300	Unicorn-19778.exe
1160	Unicorn-65449.exe
1352	Unicorn-51161.exe
1048	Unicorn-5489.exe
1568	Unicorn-22565.exe
1328	Unicorn-52745.exe
1708	Unicorn-47965.exe
2280	Unicorn-37168.exe
2076	Unicorn-18260.exe
2144	Unicorn-9328.exe
2984	Unicorn-12764.exe
2292	Unicorn-6634.exe
1748	Unicorn-3971.exe
2540	Unicorn-61917.exe
1964	Unicorn-38880.exe
2356	Unicorn-52430.exe
3012	Unicorn-58746.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1592	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	28
PID 764 wrote to memory of 1592	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	28
PID 764 wrote to memory of 1592	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	28
PID 764 wrote to memory of 1592	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	28
PID 1592 wrote to memory of 1728	1592	Unicorn-59843.exe	29
PID 1592 wrote to memory of 1728	1592	Unicorn-59843.exe	29
PID 1592 wrote to memory of 1728	1592	Unicorn-59843.exe	29
PID 1592 wrote to memory of 1728	1592	Unicorn-59843.exe	29
PID 764 wrote to memory of 2072	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	30
PID 764 wrote to memory of 2072	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	30
PID 764 wrote to memory of 2072	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	30
PID 764 wrote to memory of 2072	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	30
PID 1728 wrote to memory of 2660	1728	Unicorn-26985.exe	31
PID 1728 wrote to memory of 2660	1728	Unicorn-26985.exe	31
PID 1728 wrote to memory of 2660	1728	Unicorn-26985.exe	31
PID 1728 wrote to memory of 2660	1728	Unicorn-26985.exe	31
PID 1592 wrote to memory of 3056	1592	Unicorn-59843.exe	32
PID 1592 wrote to memory of 3056	1592	Unicorn-59843.exe	32
PID 1592 wrote to memory of 3056	1592	Unicorn-59843.exe	32
PID 1592 wrote to memory of 3056	1592	Unicorn-59843.exe	32
PID 2072 wrote to memory of 2800	2072	Unicorn-15173.exe	33
PID 2072 wrote to memory of 2800	2072	Unicorn-15173.exe	33
PID 2072 wrote to memory of 2800	2072	Unicorn-15173.exe	33
PID 2072 wrote to memory of 2800	2072	Unicorn-15173.exe	33
PID 764 wrote to memory of 2544	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	34
PID 764 wrote to memory of 2544	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	34
PID 764 wrote to memory of 2544	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	34
PID 764 wrote to memory of 2544	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	34
PID 2660 wrote to memory of 2952	2660	Unicorn-12608.exe	35
PID 2660 wrote to memory of 2952	2660	Unicorn-12608.exe	35
PID 2660 wrote to memory of 2952	2660	Unicorn-12608.exe	35
PID 2660 wrote to memory of 2952	2660	Unicorn-12608.exe	35
PID 1728 wrote to memory of 2680	1728	Unicorn-26985.exe	36
PID 1728 wrote to memory of 2680	1728	Unicorn-26985.exe	36
PID 1728 wrote to memory of 2680	1728	Unicorn-26985.exe	36
PID 1728 wrote to memory of 2680	1728	Unicorn-26985.exe	36
PID 2072 wrote to memory of 2844	2072	Unicorn-15173.exe	37
PID 2072 wrote to memory of 2844	2072	Unicorn-15173.exe	37
PID 2072 wrote to memory of 2844	2072	Unicorn-15173.exe	37
PID 2072 wrote to memory of 2844	2072	Unicorn-15173.exe	37
PID 2800 wrote to memory of 2920	2800	Unicorn-10992.exe	38
PID 2800 wrote to memory of 2920	2800	Unicorn-10992.exe	38
PID 2800 wrote to memory of 2920	2800	Unicorn-10992.exe	38
PID 2800 wrote to memory of 2920	2800	Unicorn-10992.exe	38
PID 3056 wrote to memory of 2784	3056	Unicorn-33853.exe	39
PID 3056 wrote to memory of 2784	3056	Unicorn-33853.exe	39
PID 3056 wrote to memory of 2784	3056	Unicorn-33853.exe	39
PID 3056 wrote to memory of 2784	3056	Unicorn-33853.exe	39
PID 1592 wrote to memory of 1640	1592	Unicorn-59843.exe	40
PID 1592 wrote to memory of 1640	1592	Unicorn-59843.exe	40
PID 1592 wrote to memory of 1640	1592	Unicorn-59843.exe	40
PID 1592 wrote to memory of 1640	1592	Unicorn-59843.exe	40
PID 2544 wrote to memory of 1676	2544	Unicorn-4862.exe	41
PID 2544 wrote to memory of 1676	2544	Unicorn-4862.exe	41
PID 2544 wrote to memory of 1676	2544	Unicorn-4862.exe	41
PID 2544 wrote to memory of 1676	2544	Unicorn-4862.exe	41
PID 764 wrote to memory of 2736	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	43
PID 764 wrote to memory of 2736	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	43
PID 764 wrote to memory of 2736	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	43
PID 764 wrote to memory of 2736	764	7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe	43
PID 2844 wrote to memory of 2492	2844	Unicorn-33430.exe	42
PID 2844 wrote to memory of 2492	2844	Unicorn-33430.exe	42
PID 2844 wrote to memory of 2492	2844	Unicorn-33430.exe	42
PID 2844 wrote to memory of 2492	2844	Unicorn-33430.exe	42

C:\Users\Admin\AppData\Local\Temp\7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe
"C:\Users\Admin\AppData\Local\Temp\7d01732ef7f188c6b3acd5ea6c09295cc26a89ae6ce1c017d89e85a39d702856.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3971.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        8⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
        8⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
        9⤵
        
        PID:4740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
        8⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61695.exe
        7⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        7⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29247.exe
        7⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27222.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28884.exe
        7⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe
        7⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13877.exe
        7⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
        7⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37366.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16456.exe
        7⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42896.exe
        7⤵
        
        PID:3772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49496.exe
        6⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        6⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        7⤵
        
        PID:4840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        6⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9797.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58130.exe
        6⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
        6⤵
        
        PID:5104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41624.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
        7⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33461.exe
        7⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7093.exe
        7⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        8⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
        8⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
        7⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32501.exe
        7⤵
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        6⤵
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        6⤵
        
        PID:620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
        6⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49266.exe
        6⤵
        
        PID:3800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63815.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
        6⤵
        
        PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
        6⤵
        Program crash
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15758.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe
        5⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
        5⤵
        
        PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61913.exe
        5⤵
        
        PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47101.exe
        5⤵
        
        PID:3848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47685.exe
        7⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        8⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27407.exe
        7⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        6⤵
        
        PID:1104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
        6⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        6⤵
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        6⤵
        
        PID:3676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26963.exe
        6⤵
        
        PID:3456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
        6⤵
        
        PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37168.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        6⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21231.exe
        7⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        7⤵
        
        PID:2168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22313.exe
        6⤵
        
        PID:1336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28718.exe
        6⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11736.exe
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23219.exe
        5⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
        5⤵
        
        PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        5⤵
        
        PID:3604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
        5⤵
        
        PID:3664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18260.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31408.exe
        6⤵
        
        PID:1604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42940.exe
        6⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
        6⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26085.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
        5⤵
        
        PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
        5⤵
        
        PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40508.exe
        5⤵
        
        PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9328.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45951.exe
        5⤵
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        5⤵
        
        PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23381.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
        5⤵
        
        PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
        5⤵
        
        PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21270.exe
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37020.exe
      4⤵
      PID:2064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63555.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
      4⤵
      PID:1852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12091.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19084.exe
      4⤵
      PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
      4⤵
      PID:3296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33853.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33853.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
        6⤵
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        6⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12653.exe
        6⤵
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        6⤵
        
        PID:3760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
        6⤵
        
        PID:3960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
        5⤵
        
        PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27862.exe
        5⤵
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51293.exe
        5⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60239.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18513.exe
        5⤵
        
        PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51161.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54608.exe
        5⤵
        
        PID:2768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42262.exe
        6⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42717.exe
        5⤵
        
        PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45428.exe
        5⤵
        
        PID:2156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17329.exe
        5⤵
        
        PID:3936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
      4⤵
      PID:2772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62318.exe
      4⤵
      PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      4⤵
      PID:1432
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
      4⤵
      PID:3748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
        5⤵
        Executes dropped EXE
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
        5⤵
        
        PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
        5⤵
        
        PID:1288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49457.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14944.exe
        5⤵
        
        PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1974.exe
      4⤵
      Executes dropped EXE
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
      4⤵
      PID:3020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
        5⤵
        
        PID:940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
      4⤵
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18672.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
      4⤵
      PID:3428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
      4⤵
      PID:4028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47122.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
      4⤵
      Executes dropped EXE
      PID:2656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23637.exe
      4⤵
      PID:780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49017.exe
        5⤵
        
        PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34932.exe
      4⤵
      PID:3164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19323.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19036.exe
      4⤵
      PID:4288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64488.exe
    3⤵
    - Executes dropped EXE
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25547.exe
    3⤵
    PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39900.exe
    3⤵
    PID:2640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63209.exe
    3⤵
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25698.exe
      4⤵
      PID:4712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5242.exe
    3⤵
    PID:3388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61805.exe
    3⤵
    PID:3172
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8965.exe
    3⤵
    PID:3948
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5028.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58746.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49988.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63869.exe
        7⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51780.exe
        7⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29167.exe
        7⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        7⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
        6⤵
        
        PID:2676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50675.exe
        6⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16915.exe
        6⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38880.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16024.exe
        6⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
        6⤵
        
        PID:596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
        6⤵
        
        PID:3356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64114.exe
        5⤵
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-887.exe
        6⤵
        
        PID:3832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22396.exe
        6⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
        5⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10687.exe
        5⤵
        
        PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50641.exe
        5⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
        5⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
        5⤵
        
        PID:3880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16910.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
        6⤵
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22191.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49997.exe
        6⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43808.exe
        7⤵
        
        PID:1444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
        6⤵
        
        PID:3348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18933.exe
        6⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        5⤵
        
        PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
        5⤵
        
        PID:752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37500.exe
        5⤵
        
        PID:2700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61073.exe
        5⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        5⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        5⤵
        
        PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
      4⤵
      Executes dropped EXE
      PID:2708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39370.exe
      4⤵
      PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2137.exe
      4⤵
      PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32108.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62940.exe
      4⤵
      PID:3192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61170.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14968.exe
      4⤵
      PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 200
      4⤵
      Loads dropped DLL
      Program crash
      PID:2492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
    3⤵
    PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-622.exe
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59917.exe
    3⤵
    PID:2756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
    3⤵
    PID:2872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
    3⤵
    PID:3940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
    3⤵
    PID:3108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2832.exe
    3⤵
    PID:3124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27520.exe
    3⤵
    PID:4856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19778.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe
        5⤵
        Executes dropped EXE
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        5⤵
        
        PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
        5⤵
        
        PID:1864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
        6⤵
        
        PID:4988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
        5⤵
        
        PID:1688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
        5⤵
        
        PID:3708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        5⤵
        
        PID:3976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12331.exe
        5⤵
        
        PID:3612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51127.exe
      4⤵
      Executes dropped EXE
      PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
      4⤵
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        5⤵
        
        PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12127.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
      4⤵
      PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
      4⤵
      PID:4940
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65449.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25978.exe
      4⤵
      Executes dropped EXE
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12254.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        5⤵
        
        PID:3696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
        5⤵
        
        PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57494.exe
      4⤵
      PID:996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        5⤵
        
        PID:4824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
      4⤵
      PID:384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
      4⤵
      PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6504.exe
      4⤵
      PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18370.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
      4⤵
      PID:4892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15709.exe
    3⤵
    - Executes dropped EXE
    PID:2484
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3749.exe
      4⤵
      PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
    3⤵
    PID:2864
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
    3⤵
    PID:2616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54643.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54643.exe
    3⤵
    PID:3308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
      4⤵
      Executes dropped EXE
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
        5⤵
        
        PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
      4⤵
      PID:2576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
        5⤵
        
        PID:4880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
      4⤵
      PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
      4⤵
      PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-841.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
      4⤵
      PID:3840
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
    3⤵
    PID:2320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
    3⤵
    PID:2608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24522.exe
    3⤵
    PID:2408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
    3⤵
    PID:600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27735.exe
    3⤵
    PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58479.exe
    3⤵
    PID:3876
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52745.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
    3⤵
    PID:2500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
    3⤵
    PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
    3⤵
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33091.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25656.exe
    3⤵
    PID:3136
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-342.exe
    3⤵
    PID:5000
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9641.exe
  2⤵
  PID:1940
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
  2⤵
  PID:2460
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54389.exe
  2⤵
  PID:1140
- C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-57873.exe
  2⤵
  PID:1744
- C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
  2⤵
  PID:3396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34069.exe
  2⤵
  PID:3184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56302.exe
  2⤵
  PID:1776
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13422.exe
  2⤵
  PID:3600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1071.exe

Filesize
184KB

MD5
2046fe85236fde385e161baa4a63c875

SHA1
23e5c366e3bb4468d2f97de9dd873424faf7623c

SHA256
241cda7fdb6f33de3bcf5475a3a15ec83b5a337c73baaabb21cfc49aec51a7ae

SHA512
7d806ec1728dfc477d18c93343d583083fceed25a7c0480d7446ef4c63837b27cea2ede56b125f71d657d787e31dcc895e156fa1135d1762dffde7e4b60394c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe

Filesize
184KB

MD5
ab737cfbb488b48e398d04d03879661a

SHA1
581b5e4487823f64ce70609c7743aec93f226509

SHA256
e8ab6ecbdf517e03d9edd037cc8a18528375648eaceea3cfacecfe5be54d90c4

SHA512
be1f6ef92ad13c0292e3ee64c09a5178dcc2008e3ff3278411514cbab73f87192d1cb54e33c26067c5a0f413222fad2cd76c69aa3fce7032c5116eb47f6ff1c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe

Filesize
184KB

MD5
b0b8abfd86ca1539dc79009a55b50c09

SHA1
442db2b1cf3e74ff7b88eb22eb0d9719c334ec1d

SHA256
1117db0fdb6bc2c2d8af47b6af82df441930222574369e81e455116c47c8c36c

SHA512
9f34c6fa020556cd98ed9dd8ff561ceab5a5ff472bc82171aab7bd0cdb0e8f942ab36e6bc956fd88dfc16bfc17319eaaef1b1a7d32440bf2325ba3b358efc8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33853.exe

Filesize
184KB

MD5
c33f0d81c5f436cba0bd219228771771

SHA1
f650a5da9d26c47779e1fe6488edd69358973252

SHA256
1dda0f61c321c9ea4fef8784667b1c787c9cc24bf80380c0e04169721e43b5b2

SHA512
12a8ad2484aae68b896bb0d9089b279d85a367af9eed3afe8b2aeaa25c4ff770ca549bc8a428a6183e26186b5256365cda7e1e3a825d190d24660ae948fd9cf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe

Filesize
184KB

MD5
cd0ef03055baff98fd4fb949ae09effe

SHA1
83b15481dc016f7199584eee90100768afcb5107

SHA256
7429ac573891dd27fe0e49742eb777338515ee074fba58ff1ba8ef92f3765d2e

SHA512
e0d4b361f2440ee859d00093834b880c2317307bd0ef8c376b548e909071e9a8d121841b5754f5e247f27cd3370a67b46dab96beca5da6036d5929c497262ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38336.exe

Filesize
184KB

MD5
1f9ee76a7ed32e8c3986b4f893c6cc3a

SHA1
917047c0efcd800245c488b3e3a0218862894992

SHA256
67ff3c4ed06b36fbb1ca6e3210f300c7e5bfb3183af9d234c6bda947dd1da138

SHA512
e609ed8762b2dc8c326b948761f5eacb459bdb0dd8690f3807618931d25e131e36d4df4a5b0da3f013c2c91d2e218b58f00fc47573d981ca62d5313e1ed41ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe

Filesize
184KB

MD5
e524a8c87f34b099eedcd0a3f1c76bc0

SHA1
707e4569d94321ca67bad5fe5574b0cdf8616e54

SHA256
9990d6defeccc04bb578d4aaba114862389b65fc2c9af201775ba1c72735b071

SHA512
40081db716bf96c64844f59477127af5c17b688a91a6447f7f03e1aa66baab7f1de3281993f6258266d3c6dac557d21051354838c5f51967a9a71a0bca13294b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe

Filesize
184KB

MD5
bbf81a486685820ef0e3bc54182d870d

SHA1
a0fe52fe0bd720bf129af4476d53686c8a2f7fa3

SHA256
2ee9f151854cc87a9dfa48c3e9f41e27693d04e26794b3c89023c5e67a781b91

SHA512
ac12102bd8115c2b968c8d8b3e2284ad4144ae078f504afd59e7fde647906db8a553c8056f14a25557d1fa5fa957dd2670efe4859aa67effea3b933dcb5614fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51296.exe

Filesize
184KB

MD5
e3f1c8809e83922ded3745b2a8340bdf

SHA1
a2d4eefca6dc19e0893ec497a2500d57fca869e7

SHA256
83ed50a9321312d0e9fee27644621d9d515cf1ea10907c1b5f4eb919be7733d3

SHA512
19b6793933795373439a680b693be4d1b7a6facb6ea9d57e18e978083bdde7790607af6389d80bcda772baa23e21b0e47f2621680cf6a32e72baf4777bf68d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5455.exe

Filesize
184KB

MD5
00a4953d621593ead37d6cdca181949d

SHA1
4e9bda8ce955abb834f3c566ab8894a9d5c632c4

SHA256
3f204ed86d84cca7e17298b2cf5ad02061f39496945f9967d2eb90a0828ec7f3

SHA512
108a90a65adb2807e717ebd89905f75a370cf2b9f1e2b97739c0811ad5b7e2103eb68e187807599417d5513f98c219a5d928cb459ef9643c7947176e6d9f4b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5489.exe

Filesize
184KB

MD5
6ec8f5d89beb327caec954c0dcc4af37

SHA1
42b8df576e59e89f0fe42cd3d3d1fc9747ccd2d7

SHA256
8ec31b902ff1fde50fcce2201a2f1874035bbe9578b51b1c7705e49606798ecb

SHA512
9ddfb8f270b03c5bd7568cb4109c98948c1ec4e5c70bdff31a4dccce54a33f17999527c126a206fb85166ea7f5adbcc0e6f9572c4e3ba8457cf553a20071f8af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12608.exe

Filesize
184KB

MD5
dbf608d548ee9d54d7918ab05d776c35

SHA1
8fd56dbf726bf5dfd62ed79cfcfa9bb40255ea42

SHA256
162d0eb4644125289d8c24f4a82d194b62c6ded3885b0345b43c954aa5af9c8c

SHA512
a0dbccd18600ad2896779020aec976255f07d38e724302fd24f8bbf7af1f6c1ffb05b80353f5db2d2c25d191c81ea3227badac071cc0d46d6e47b4f3245e10a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe

Filesize
184KB

MD5
d277234f20cfb9433f90607c8d60f6ae

SHA1
2fa955be49d34b9a548bf0b70658007dbcd438c6

SHA256
a1212a0e05678fed89a27a42a594883cb69d746c1dd9d06765fafd6bc6a2dc9e

SHA512
bdf4fd54bf20b466b5c84d6f7d467ca8b91dc3465d8bd5293791661aa4fac631f2b61b8172c943d921363307f9ee6bbece5287254052189291a219deb5821d9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16262.exe

Filesize
184KB

MD5
d7d8c05580fb1c3d8949110aa4ae52ff

SHA1
e0f8cd503a00cd37e7ab06729123aac0deb4baf6

SHA256
927b1af359fc266521ef0709db34c43b3783aca51a7bbea55416a504dd7f8169

SHA512
03f2b22a4472567ec7506a79b5c1ce9f870c76032ae4870223b3cb4fa21f27413eaebf6182159fb73489db861f867aad6a3496c6381657833a9063d29f683926

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe

Filesize
184KB

MD5
123242cd493d5ce68f1dd6d0e571d253

SHA1
d126fb97908c1a3b556571276bba59664e16a754

SHA256
49a886f2d6d0f3d15a587e793ef154cfdebdad919b1a05cf29588a2fd0a2f602

SHA512
6ba0acaa2c489e76c9086298d9544c843aba54e6edd8fc3564984099df93faf1b0f6a99cad6a1e4fd03f5e7471cc8a576922599bc084c5ae98c46b3dabb5d2da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe

Filesize
184KB

MD5
d8621c8843a1dd7d34a31a78573f5ba9

SHA1
21b3748d6ae1fff86c5f198f9195ce5f683d392b

SHA256
b34c248b94f332539303c32477e3a049304a255dbef8e3944370e4703d16ceff

SHA512
3671d80712de2aff33da9e2f7c9ad6aed285495b615ea7bd55c1179d7664f0b6795464afa5c39aa069ec111f88aefce8f2a9678cad929c1e3f94a58b049e86cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26985.exe

Filesize
184KB

MD5
b23206156e74aa83051598435ada2a93

SHA1
daff029ea469e03c64bdd6da7f002c907f33ff37

SHA256
c9d21bf111d05bc547aacc0b9aa575ec0f26c804fa13db988fe19336c6c576af

SHA512
e8a976e9493d33aa1307d84a25d0e1860b3b4666429ff62af420d2ca3dbb5687d2ff2ec1c61aaa49be6eb8328a2911b292b58fe3b68d2ca7b74a8bd8ba6997d6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe

Filesize
184KB

MD5
ecc1ded6ff219e4f28584d894e994341

SHA1
3f68c0866f4d3309d9eab8306d8698becdbc2495

SHA256
b3b54334f4f3c1868a1b5ebe0bb0f8c9687fb02c82ea34620121374453e3ec6c

SHA512
8eaf5acf32cb549cb54332c34aea687c84aba35af2f85ecdc3dd6b38668ab53a978992df8a28b831abaf24002f595ce16ab2ad8357c89f69cda899af54a54a96

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe

Filesize
184KB

MD5
41efa3e18eef70e35a0efba5ed88e170

SHA1
46f8d05ac2a899924013b51cb5de368762bfcb92

SHA256
3daa56d000548d5572a6db6c29c657c6426c55183f4d79c3caa7f130c17a7c4f

SHA512
d63296b6c8885dab902f15b3592ac286c5f91ae34e0607c9160e68959d65f834b5d0a32635a3452c1edbce001daaa44fdc0d868c86d7291506d5f296f1a496dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe

Filesize
184KB

MD5
fcb47fa078a3a84fffb74158368bcfd1

SHA1
433bc201edf79faf78d30c3abc18f02862cc9012

SHA256
a62ae681739166090713cce0f9f44a032d84651ac3b347d49bcf818ff07e0c0f

SHA512
a91222e215586fbea1eaa3d88c343dee92726153be7689efe9e021484bf45b7fcdc5cce7484d83ac26f1396937f28ff4c07c8a1c6e5a6925512098ac75ee19a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53296.exe

Filesize
184KB

MD5
904175f9853ab850364dc79b158e8462

SHA1
5d2894186d8d1a61f11be13d3f35faa642a7e62c

SHA256
e4e625aec94148d2c65a07a3672f60fc5c76f1e589ade6d26c8f9dd5978de09e

SHA512
4bfe7c0d13391a8e55bf70c707873ff10b281e046cffc1635af8fd7f58a16903618d4ebbff5af3d842db319c13872d4a8e0f1d81f712fc5b857821e534768a23

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53436.exe

Filesize
184KB

MD5
a90b129c6098e0351758979b2d283259

SHA1
a28151398e3fb74df2c4789f3b2f5411a9adbd9d

SHA256
99816bb97640d8d72e48e2052900f1c2ab99905a6d8378b5ea243269c9a1a4f4

SHA512
03bc485f063b8076726653691c2f3cccb672b69b842efb7bc8ca9a083547965ad6a7dee7e8ea4db3a6444ffb74743670d370ccc1600ba8c941260abcaea2af7a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59843.exe

Filesize
184KB

MD5
199c286df72700c521f82d1fc0e3194f

SHA1
a4427ef6c246beb98ddff7e3b60548b783ead967

SHA256
6b80c24863a2539d23b49c645edab4fb6ea8349681145c17f7f6158d18b421d0

SHA512
f0723777acfda7e9892b0111d142474fb5a5007e3465bccc51db1e6c334b8ae945721f0fbf4364f50ccaec8c3e50da6af586988d7a12e162163b9b733bb304ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe

Filesize
184KB

MD5
ce9fbc1fb1db2c092f1c9c7f14d8e34b

SHA1
0804107e1fac254e70a1d999b54ce2129e7f0db2

SHA256
a47184028539e3e8273b2f05fd3f921aba80347d2ba4611aca6ac3d411f3e837

SHA512
a782365d834020facf62b0e925491adf2866fced67a4d855d837c1a0e172ed932f7b5cc1846373900d5e5a2371d3434ebff2e26caaf18fd4daa27489e4360c10

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads