0e0c1b348273502080067a72342fbe5f22fc7b5cb4c6d750ad331db281c488e4

Analysis

max time kernel
126s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe
Size

184KB
MD5

8827dea29e1b3c763a1d8901debccf30
SHA1

91a4817eba2e38193113768a590f5654e895948f
SHA256

0e0c1b348273502080067a72342fbe5f22fc7b5cb4c6d750ad331db281c488e4
SHA512

07b9cddbba5ce9cdeabe99d5616fc7eca50b4a2ac26d505c19e029581d43b4503729ddcfd4379887e3bebc2300ae4ee53bf4131653e7ce168020a23fb9a0c74b
SSDEEP

3072:N1DrsWonCdIpzhAEMz38RbSvtvnqn1i8v:N1Vo3phAp8RSvtPqn1i8v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
4452	Unicorn-31014.exe
3900	Unicorn-31113.exe
2748	Unicorn-42357.exe
2492	Unicorn-1640.exe
732	Unicorn-51526.exe
4600	Unicorn-59677.exe
1936	Unicorn-48080.exe
1960	Unicorn-29254.exe
2592	Unicorn-42601.exe
1484	Unicorn-22735.exe
1780	Unicorn-40332.exe
3904	Unicorn-14536.exe
3152	Unicorn-47209.exe
4516	Unicorn-6294.exe
1256	Unicorn-11941.exe
3132	Unicorn-17353.exe
388	Unicorn-49079.exe
3504	Unicorn-51727.exe
5116	Unicorn-53865.exe
2908	Unicorn-59376.exe
4420	Unicorn-57072.exe
3628	Unicorn-16009.exe
4720	Unicorn-16009.exe
2076	Unicorn-1317.exe
1480	Unicorn-25939.exe
4672	Unicorn-28623.exe
2380	Unicorn-48489.exe
1224	Unicorn-6527.exe
2976	Unicorn-47940.exe
2072	Unicorn-15567.exe
3620	Unicorn-2184.exe
4040	Unicorn-43814.exe
4312	Unicorn-14908.exe
3512	Unicorn-14405.exe
1076	Unicorn-14405.exe
3092	Unicorn-8275.exe
32	Unicorn-65142.exe
3960	Unicorn-3087.exe
4428	Unicorn-40742.exe
3928	Unicorn-23913.exe
4196	Unicorn-4047.exe
396	Unicorn-9046.exe
2880	Unicorn-14408.exe
2588	Unicorn-30060.exe
3224	Unicorn-63348.exe
4172	Unicorn-3484.exe
2248	Unicorn-45171.exe
4776	Unicorn-54704.exe
3196	Unicorn-40169.exe
536	Unicorn-25286.exe
3336	Unicorn-40169.exe
4048	Unicorn-7496.exe
4176	Unicorn-52100.exe
3804	Unicorn-54708.exe
1008	Unicorn-39794.exe
3532	Unicorn-60173.exe
744	Unicorn-20102.exe
3372	Unicorn-47028.exe
5136	Unicorn-38441.exe
5128	Unicorn-38441.exe
5192	Unicorn-52400.exe
5324	Unicorn-26380.exe
5392	Unicorn-17129.exe
5504	Unicorn-30476.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
2488	4516	WerFault.exe	106
5764	4516	WerFault.exe	106
6388	5084	WerFault.exe
1564	9604	WerFault.exe	395
8012	7044	WerFault.exe	265
8216	6876	WerFault.exe	303
10448	6116	WerFault.exe
10712	7612	WerFault.exe	277
8248	8748	WerFault.exe	371
11164	8748	WerFault.exe	371

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe
4452	Unicorn-31014.exe
3900	Unicorn-31113.exe
2748	Unicorn-42357.exe
732	Unicorn-51526.exe
2492	Unicorn-1640.exe
4600	Unicorn-59677.exe
1936	Unicorn-48080.exe
1960	Unicorn-29254.exe
1484	Unicorn-22735.exe
2592	Unicorn-42601.exe
1780	Unicorn-40332.exe
3152	Unicorn-47209.exe
3904	Unicorn-14536.exe
4516	Unicorn-6294.exe
1256	Unicorn-11941.exe
3132	Unicorn-17353.exe
388	Unicorn-49079.exe
3504	Unicorn-51727.exe
5116	Unicorn-53865.exe
4420	Unicorn-57072.exe
1480	Unicorn-25939.exe
3628	Unicorn-16009.exe
4720	Unicorn-16009.exe
2380	Unicorn-48489.exe
2976	Unicorn-47940.exe
4672	Unicorn-28623.exe
1224	Unicorn-6527.exe
2072	Unicorn-15567.exe
3620	Unicorn-2184.exe
4040	Unicorn-43814.exe
4312	Unicorn-14908.exe
3092	Unicorn-8275.exe
1076	Unicorn-14405.exe
3512	Unicorn-14405.exe
4596	Unicorn-19881.exe
32	Unicorn-65142.exe
3960	Unicorn-3087.exe
4196	Unicorn-4047.exe
4428	Unicorn-40742.exe
396	Unicorn-9046.exe
3928	Unicorn-23913.exe
3224	Unicorn-63348.exe
2588	Unicorn-30060.exe
2880	Unicorn-14408.exe
2248	Unicorn-45171.exe
3196	Unicorn-40169.exe
536	Unicorn-25286.exe
4172	Unicorn-3484.exe
4776	Unicorn-54704.exe
3804	Unicorn-54708.exe
3336	Unicorn-40169.exe
4048	Unicorn-7496.exe
4176	Unicorn-52100.exe
3532	Unicorn-60173.exe
3372	Unicorn-47028.exe
5136	Unicorn-38441.exe
744	Unicorn-20102.exe
5192	Unicorn-52400.exe
1008	Unicorn-39794.exe
5128	Unicorn-38441.exe
5324	Unicorn-26380.exe
5392	Unicorn-17129.exe
5504	Unicorn-30476.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4452	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	90
PID 4656 wrote to memory of 4452	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	90
PID 4656 wrote to memory of 4452	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	90
PID 4452 wrote to memory of 3900	4452	Unicorn-31014.exe	91
PID 4452 wrote to memory of 3900	4452	Unicorn-31014.exe	91
PID 4452 wrote to memory of 3900	4452	Unicorn-31014.exe	91
PID 4656 wrote to memory of 2748	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	92
PID 4656 wrote to memory of 2748	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	92
PID 4656 wrote to memory of 2748	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	92
PID 2748 wrote to memory of 2492	2748	Unicorn-42357.exe	93
PID 2748 wrote to memory of 2492	2748	Unicorn-42357.exe	93
PID 2748 wrote to memory of 2492	2748	Unicorn-42357.exe	93
PID 3900 wrote to memory of 732	3900	Unicorn-31113.exe	94
PID 3900 wrote to memory of 732	3900	Unicorn-31113.exe	94
PID 3900 wrote to memory of 732	3900	Unicorn-31113.exe	94
PID 4656 wrote to memory of 4600	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	95
PID 4656 wrote to memory of 4600	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	95
PID 4656 wrote to memory of 4600	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	95
PID 4452 wrote to memory of 1936	4452	Unicorn-31014.exe	96
PID 4452 wrote to memory of 1936	4452	Unicorn-31014.exe	96
PID 4452 wrote to memory of 1936	4452	Unicorn-31014.exe	96
PID 2492 wrote to memory of 1960	2492	Unicorn-1640.exe	99
PID 2492 wrote to memory of 1960	2492	Unicorn-1640.exe	99
PID 2492 wrote to memory of 1960	2492	Unicorn-1640.exe	99
PID 732 wrote to memory of 2592	732	Unicorn-51526.exe	100
PID 732 wrote to memory of 2592	732	Unicorn-51526.exe	100
PID 732 wrote to memory of 2592	732	Unicorn-51526.exe	100
PID 2748 wrote to memory of 1484	2748	Unicorn-42357.exe	101
PID 2748 wrote to memory of 1484	2748	Unicorn-42357.exe	101
PID 2748 wrote to memory of 1484	2748	Unicorn-42357.exe	101
PID 3900 wrote to memory of 1780	3900	Unicorn-31113.exe	102
PID 3900 wrote to memory of 1780	3900	Unicorn-31113.exe	102
PID 3900 wrote to memory of 1780	3900	Unicorn-31113.exe	102
PID 1936 wrote to memory of 3904	1936	Unicorn-48080.exe	105
PID 1936 wrote to memory of 3904	1936	Unicorn-48080.exe	105
PID 1936 wrote to memory of 3904	1936	Unicorn-48080.exe	105
PID 4600 wrote to memory of 3152	4600	Unicorn-59677.exe	103
PID 4600 wrote to memory of 3152	4600	Unicorn-59677.exe	103
PID 4600 wrote to memory of 3152	4600	Unicorn-59677.exe	103
PID 4452 wrote to memory of 4516	4452	Unicorn-31014.exe	106
PID 4452 wrote to memory of 4516	4452	Unicorn-31014.exe	106
PID 4452 wrote to memory of 4516	4452	Unicorn-31014.exe	106
PID 4656 wrote to memory of 1256	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	104
PID 4656 wrote to memory of 1256	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	104
PID 4656 wrote to memory of 1256	4656	8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe	104
PID 1484 wrote to memory of 3132	1484	Unicorn-22735.exe	109
PID 1484 wrote to memory of 3132	1484	Unicorn-22735.exe	109
PID 1484 wrote to memory of 3132	1484	Unicorn-22735.exe	109
PID 2748 wrote to memory of 388	2748	Unicorn-42357.exe	110
PID 2748 wrote to memory of 388	2748	Unicorn-42357.exe	110
PID 2748 wrote to memory of 388	2748	Unicorn-42357.exe	110
PID 1960 wrote to memory of 3504	1960	Unicorn-29254.exe	111
PID 1960 wrote to memory of 3504	1960	Unicorn-29254.exe	111
PID 1960 wrote to memory of 3504	1960	Unicorn-29254.exe	111
PID 2592 wrote to memory of 5116	2592	Unicorn-42601.exe	112
PID 2592 wrote to memory of 5116	2592	Unicorn-42601.exe	112
PID 2592 wrote to memory of 5116	2592	Unicorn-42601.exe	112
PID 732 wrote to memory of 2908	732	Unicorn-51526.exe	113
PID 732 wrote to memory of 2908	732	Unicorn-51526.exe	113
PID 732 wrote to memory of 2908	732	Unicorn-51526.exe	113
PID 2492 wrote to memory of 4420	2492	Unicorn-1640.exe	114
PID 2492 wrote to memory of 4420	2492	Unicorn-1640.exe	114
PID 2492 wrote to memory of 4420	2492	Unicorn-1640.exe	114
PID 3152 wrote to memory of 3628	3152	Unicorn-47209.exe	117

C:\Users\Admin\AppData\Local\Temp\8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\8827dea29e1b3c763a1d8901debccf30_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        8⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
        9⤵
        
        PID:7376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16892.exe
        9⤵
        
        PID:5020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        8⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        8⤵
        
        PID:8972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27769.exe
        9⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64960.exe
        8⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        7⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        8⤵
        
        PID:8492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13461.exe
        9⤵
        
        PID:10224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4267.exe
        8⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        7⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        7⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43753.exe
        8⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        8⤵
        
        PID:8996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        7⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
        8⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        7⤵
        
        PID:8964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        7⤵
        
        PID:5716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
        6⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        7⤵
        
        PID:312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        6⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53693.exe
        6⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        5⤵
        Executes dropped EXE
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19881.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3880.exe
        7⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        8⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        9⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
        8⤵
        
        PID:9360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24966.exe
        8⤵
        
        PID:4360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19823.exe
        8⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        7⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        7⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        6⤵
        
        PID:5084
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 232
        7⤵
        Program crash
        
        PID:6388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6376.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe
        7⤵
        
        PID:7612
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 632
        8⤵
        Program crash
        
        PID:10712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
        7⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        7⤵
        
        PID:5452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16607.exe
        7⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        6⤵
        
        PID:8988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
        6⤵
        
        PID:4436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9805.exe
        6⤵
        
        PID:3576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20255.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        6⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41718.exe
        7⤵
        
        PID:5604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
        6⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        6⤵
        
        PID:8704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9091.exe
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        6⤵
        
        PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48206.exe
        5⤵
        
        PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57588.exe
        5⤵
        
        PID:8700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31787.exe
        5⤵
        
        PID:5600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39436.exe
        7⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38278.exe
        8⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42276.exe
        9⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        9⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        8⤵
        
        PID:8808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33804.exe
        7⤵
        
        PID:6560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
        7⤵
        
        PID:9036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
        6⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44715.exe
        7⤵
        
        PID:8400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        8⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        7⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31679.exe
        6⤵
        
        PID:8480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54704.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
        6⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
        7⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15766.exe
        7⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47247.exe
        6⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28179.exe
        6⤵
        
        PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
        6⤵
        
        PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
        5⤵
        
        PID:7468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10437.exe
        6⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
        7⤵
        
        PID:7332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        7⤵
        
        PID:8584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59315.exe
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        6⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21112.exe
        6⤵
        
        PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41769.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        7⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        6⤵
        
        PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        5⤵
        
        PID:7044
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 684
        6⤵
        Program crash
        
        PID:8012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
        5⤵
        
        PID:9232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3484.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57417.exe
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        6⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        5⤵
        
        PID:6812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30061.exe
        5⤵
        
        PID:1236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        5⤵
        
        PID:5612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23427.exe
      4⤵
      PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        5⤵
        
        PID:4852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25267.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
      4⤵
      PID:7848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
      4⤵
      PID:4564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        5⤵
        Executes dropped EXE
        
        PID:2076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:32
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30476.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
        7⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        8⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51124.exe
        9⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37663.exe
        8⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
        8⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        7⤵
        
        PID:8748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 600
        8⤵
        Program crash
        
        PID:8248
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 620
        8⤵
        Program crash
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23887.exe
        6⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        7⤵
        
        PID:6116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 436
        8⤵
        Program crash
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28067.exe
        7⤵
        
        PID:8708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        6⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1459.exe
        6⤵
        
        PID:5308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56480.exe
        6⤵
        
        PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
        5⤵
        
        PID:5988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37510.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
        7⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61369.exe
        6⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39750.exe
        5⤵
        
        PID:8856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
        5⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31278.exe
        5⤵
        
        PID:9408
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62118.exe
        6⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45042.exe
        6⤵
        
        PID:8936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7468.exe
        5⤵
        
        PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        5⤵
        
        PID:8948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
        5⤵
        
        PID:9144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3400.exe
        5⤵
        
        PID:6500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        5⤵
        
        PID:7008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
      4⤵
      PID:5772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
      4⤵
      PID:8568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40660.exe
      4⤵
      PID:7788
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4516
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 724
      4⤵
      Program crash
      PID:2488
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 708
      4⤵
      Program crash
      PID:5764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34824.exe
        6⤵
        
        PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8380.exe
        5⤵
        
        PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        5⤵
        
        PID:5268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        5⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43254.exe
        6⤵
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        
        PID:2676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27494.exe
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
        5⤵
        
        PID:9444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62054.exe
        5⤵
        
        PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
      4⤵
      PID:9284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        5⤵
        
        PID:6820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        5⤵
        
        PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
      4⤵
      PID:5712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
      4⤵
      PID:8760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23543.exe
    3⤵
    PID:8504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
    3⤵
    PID:5568
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1096.exe
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
        7⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        8⤵
        
        PID:8044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        9⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        7⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
        7⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60048.exe
        6⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10582.exe
        7⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        6⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        6⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1983.exe
        6⤵
        
        PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3087.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
        7⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35592.exe
        8⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        7⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34797.exe
        7⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22351.exe
        6⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3044.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15852.exe
        7⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
        6⤵
        
        PID:8980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        7⤵
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
        5⤵
        
        PID:5244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        6⤵
        
        PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35136.exe
        5⤵
        
        PID:4688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
        6⤵
        
        PID:6908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24389.exe
        5⤵
        
        PID:9604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 492
        6⤵
        Program crash
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
        5⤵
        
        PID:9392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40742.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
        6⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30220.exe
        7⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        9⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39884.exe
        7⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
        7⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13052.exe
        7⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39148.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
        7⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40372.exe
        6⤵
        
        PID:6804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        5⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        6⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
        5⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8402.exe
        5⤵
        
        PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        5⤵
        
        PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18763.exe
        6⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25200.exe
        6⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
        6⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53759.exe
        5⤵
        
        PID:9816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15839.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35016.exe
        5⤵
        
        PID:7924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
        5⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44230.exe
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
      4⤵
      PID:7824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
        7⤵
        
        PID:5800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35784.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
        7⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12117.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
        7⤵
        
        PID:10108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        6⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45000.exe
        7⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        8⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36077.exe
        7⤵
        
        PID:6192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29270.exe
        6⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
        6⤵
        
        PID:4016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13582.exe
        6⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
        6⤵
        
        PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63110.exe
        6⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
        7⤵
        
        PID:7716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32003.exe
        7⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
        6⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        7⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21612.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        6⤵
        
        PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
        5⤵
        
        PID:5528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        6⤵
        
        PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22973.exe
        5⤵
        
        PID:7840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
        6⤵
        
        PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8936.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17035.exe
        7⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45344.exe
        7⤵
        
        PID:1920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58611.exe
        6⤵
        
        PID:8500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21970.exe
        6⤵
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
        6⤵
        
        PID:5932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47405.exe
        5⤵
        
        PID:6504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
        6⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
        6⤵
        
        PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5918.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
        5⤵
        
        PID:6096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        5⤵
        
        PID:6720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6474.exe
        6⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10581.exe
        7⤵
        
        PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12078.exe
        5⤵
        
        PID:8448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        5⤵
        
        PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41536.exe
      4⤵
      PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34731.exe
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
        5⤵
        
        PID:8244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
        5⤵
        
        PID:10980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
      4⤵
      PID:8464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55118.exe
      4⤵
      PID:5532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38441.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33478.exe
        7⤵
        
        PID:5512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22728.exe
        8⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6484.exe
        7⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        7⤵
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28716.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27001.exe
        7⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48793.exe
        6⤵
        
        PID:9276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
        6⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        6⤵
        
        PID:10172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24991.exe
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
        6⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        5⤵
        
        PID:9292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25823.exe
        6⤵
        
        PID:6184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17064.exe
        5⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52400.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41801.exe
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14922.exe
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12693.exe
        7⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        5⤵
        
        PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
      4⤵
      PID:6748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33148.exe
        5⤵
        
        PID:10152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
        5⤵
        
        PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
      4⤵
      PID:8392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
      4⤵
      PID:1668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14908.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17129.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40614.exe
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27979.exe
        6⤵
        
        PID:8088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        5⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        5⤵
        
        PID:9300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16534.exe
        5⤵
        
        PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28335.exe
      4⤵
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
      4⤵
      PID:7384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
      4⤵
      PID:5776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
    3⤵
    PID:5684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
      4⤵
      PID:7640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16751.exe
    3⤵
    PID:5676
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56507.exe
    3⤵
    PID:8896
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14408.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26883.exe
        6⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32646.exe
        7⤵
        
        PID:7632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44790.exe
        8⤵
        
        PID:9676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24575.exe
        7⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41645.exe
        7⤵
        
        PID:7344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        6⤵
        
        PID:6668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29584.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        6⤵
        
        PID:2020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        6⤵
        
        PID:6444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26425.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62080.exe
        7⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
        6⤵
        
        PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
        5⤵
        
        PID:7988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45171.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42342.exe
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42537.exe
        6⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46518.exe
        7⤵
        
        PID:8104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14582.exe
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21477.exe
        5⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        6⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18479.exe
        5⤵
        
        PID:7012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22254.exe
        5⤵
        
        PID:10288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
      4⤵
      PID:9244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61286.exe
        6⤵
        
        PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19855.exe
        5⤵
        
        PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42550.exe
        5⤵
        
        PID:9148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61872.exe
        5⤵
        
        PID:8648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11068.exe
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
        5⤵
        
        PID:7752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
        5⤵
        
        PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
      4⤵
      PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27193.exe
        5⤵
        
        PID:9564
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
      4⤵
      PID:7372
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        5⤵
        
        PID:9556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
        5⤵
        
        PID:8892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11349.exe
        5⤵
        
        PID:9992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33949.exe
    3⤵
    PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37896.exe
      4⤵
      PID:8232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21717.exe
      4⤵
      PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45558.exe
      4⤵
      PID:10900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
    3⤵
    PID:6688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
    3⤵
    PID:10256
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28201.exe
        5⤵
        
        PID:5960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36552.exe
        6⤵
        
        PID:8048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1324.exe
        5⤵
        
        PID:6768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37942.exe
        5⤵
        
        PID:9548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19119.exe
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37128.exe
        5⤵
        
        PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
      4⤵
      PID:7864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60912.exe
      4⤵
      PID:8104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39794.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
        5⤵
        
        PID:7916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9215.exe
        5⤵
        
        PID:9176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
      4⤵
      PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23917.exe
      4⤵
      PID:8612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43548.exe
      4⤵
      PID:5208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4624.exe
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
      4⤵
      PID:8108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
        5⤵
        
        PID:9632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38432.exe
    3⤵
    PID:8112
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7496.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42150.exe
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23430.exe
        5⤵
        
        PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
      4⤵
      PID:5840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4015.exe
      4⤵
      PID:9252
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43351.exe
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19563.exe
      4⤵
      PID:9308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24432.exe
      4⤵
      PID:5740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
    3⤵
    PID:6876
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 488
      4⤵
      Program crash
      PID:8216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50249.exe
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
      4⤵
      PID:8472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54656.exe
      4⤵
      PID:8332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8149.exe
    3⤵
    PID:9268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31865.exe
  2⤵
  PID:6712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
    3⤵
    PID:8792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10124.exe
    3⤵
    PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37181.exe
  2⤵
  PID:8384
- C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-10980.exe
  2⤵
  PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4516 -ip 4516
1⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3712 --field-trial-handle=2252,i,16504368816373493055,9578615028378602855,262144 --variations-seed-version /prefetch:8
1⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 560 -p 4516 -ip 4516
1⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 5084 -ip 5084
1⤵
PID:6124

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6876 -ip 6876
1⤵
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 584 -p 9564 -ip 9564
1⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 736 -p 8748 -ip 8748
1⤵
PID:8052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11062.exe

Filesize
184KB

MD5
2b0305f6b0cd6d4f00977f353a2fd54a

SHA1
ebaa63467b4dd6b0a8cad2688556118c6732e46f

SHA256
f0a845b67d549126be653ca1093c807ec899c0bd3d2cbe5f736eab63eedade51

SHA512
c14bf89cfa099053d38d51deb2a8a08f83b2ef20984dd850f728e505bdae2307932662de5a29a0b0487e291ccd8c39ec7be6fc89ef7f233a9cdc14d0a4031c04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe

Filesize
184KB

MD5
86971a824ac092c249b4c86068924030

SHA1
627af9fe18a867b8b1b5672209672c43552af1a1

SHA256
bf6ac83e230f039cd484ef438c55c727abd678424af416869e463b81149f0c54

SHA512
4578488b0f107a3686496301e0352d0445bfce861d842f7ef405f00715329762a0bdce71d67e4d58fe54186a2a48ff5c0372bdb11323a66095e5c621d1bb8b3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe

Filesize
184KB

MD5
53052b10dc8c514cc73f10c90277594b

SHA1
048ba198e2e5d6a88e456dcf6cdcdb92ebb23c9d

SHA256
d82ab506c42dc59774038b0b4413a5fbc4f23fe1b2ac7bec4418d7e2bb80b850

SHA512
bc40e5b63965bda4dc0bbbc7d41e2c474f586d4630807736c6c7d66b759588b47348af544da3ea71c17294a32208a20ae5c1aab2ee142c9b94f112c057a82e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14536.exe

Filesize
184KB

MD5
e87de1b336338848cfddc0ed2ff431f9

SHA1
e34b738d5bc80f732d050bec3f86a85b314662b3

SHA256
62873d0a7b3605bf9cfff17e361b08a50cafc51189fd7bf18ced45d5edb2e562

SHA512
824d02915a79ae6eb5e8911e579699f14aff31d7d5f674a765d2097ed7600ab71f57c42416f978f2f38bf263a53dfe9dc28de529d1df869f30d94036e2294901

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15567.exe

Filesize
184KB

MD5
3d346b90d9f6f72e1292833e82b58d04

SHA1
9800fa28121faf16326135fb32cb63d458471e86

SHA256
330479258c4411421a30c140ad1276f7e7e2ce264f291f107d502f63417f7cb1

SHA512
ed964d4670603067ee00ba29ecd0445763e8f1de27868247cc13ae0dbcd11aae4a4710a0921644f015ef1fb36b43461ed24646789e6c86111d79651a1ffe24a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe

Filesize
184KB

MD5
2b5a19a714fa3c7df3cc0bec5563674d

SHA1
5a5565640816d91138872bd298a3b82def21c936

SHA256
681f06d8dcb3433fa476e838320e877e0359fd39ff4656c884c4c02c73863ebc

SHA512
272f5956d3f994c9cfd19b1e086c43644d67365780297c9be4e6b5f1c40dad8410e043f2448146e4a69c07000fbeb692c32f610fa959daa59ec2206236f34d41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1640.exe

Filesize
184KB

MD5
ddaa1e153294078a847a00d62c27a6d8

SHA1
0376d343ff3515eb3a63276c0c7de15c692fba7a

SHA256
92fdc3d49cb293a3cffcee5969bf43e4eaccc8bf027af5ba2ca2ac31bf25c5e0

SHA512
9bf8b765d1331350222b1d5f03dc8a3d1b5759cb8c950acbd9f23c1bfb210ad36b3601582e0372469cce523290632bbf93828bd6ff4f57ba8a549763654dcdfb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17353.exe

Filesize
184KB

MD5
8d5cb2b7c3ee73a750a2229a561573d8

SHA1
b8ba18e1bc697fd9e9ce65a5b067c4f63c37d09f

SHA256
ce1c6d1a6a3ae25853c79f7f778e39a62b66fee6659490df6eda3535bd64206d

SHA512
173a440b07166c9d3c0ba3dc5cad7cf3d2ff94cae43566bca4ad2564f4f216aeec9b8bbf3bc7a4b5ebdc3a860c53ca04ac49d62edb091e41a89ddc004a8b690f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe

Filesize
184KB

MD5
266948aa7fcdc31f1ea3cd1f1de85658

SHA1
29dbd7383b2f87dcdf7d8c6f052d9d3eaef86f3e

SHA256
31d2c9da3d0a1b1bd47bfc33644fa9a14b308e9301d9a36e3135aebfff721c87

SHA512
77b770c352045cbde978ff72bb81134a8fd3d49ce33c4b3d69d9f8e0553d6f222bd8142a92854a4696eb85c8f636aad2e2871a7ab7755b346826136093a9435a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe

Filesize
184KB

MD5
80fd6158be473fa7ed223a9284686ad7

SHA1
42b84f8112b02ca58f681e53ea7473e868c9b739

SHA256
6e2d4cfa76b2e0350f7ceb43fc5739cdea6508f5bfa7a2066d65a27ced1eebc5

SHA512
9c3cff37521b25018eecaf70ed491edfddc4813261c102a2dc4b8d61104fcfb58ec2a46878cf134c5a6f418919ed268486c8ba07af35f21e92a6a30a08eaa36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25939.exe

Filesize
184KB

MD5
8b8c61a11a49c631aff633014063bd2a

SHA1
6e4bfa9062793bf38db58eddc0f8c82208881a18

SHA256
5b38051459a98adf73942f2389944bc3fa7caa979e32ddf4b47b91c454c3dbb1

SHA512
c5b94eb7ec76a434785500a0d7161aa391a1345698a0036e3f9ac7d52b7de35fc6faa30dce7c9b21705cb1df6fc209115ac101073915dfc6f455a0f118a4677a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28623.exe

Filesize
184KB

MD5
979740fc5da2a1d226ceb81e89f50425

SHA1
ea7631d7cec7d771a397369bcf503e54048e059c

SHA256
b9ad06ca8d2c74a7169ca0f7011ee1120c0a96400d9e169bd086864b6b28a985

SHA512
fa57a1f61daf17c799c90bff2d5963f6f31bb9bb00a9c89c0bbda303d0eac229c284fed17a6bee93dd354ea3841509351fc37c0a8db988bb266c843cd9bfb89a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe

Filesize
184KB

MD5
cab62a3e0ca419be65f2bf1aef549474

SHA1
9144ba6069b3f47fca762cb479eebbaf979e618b

SHA256
9486b8a5a4617206eb496a283191646cda32a13a6cdff477dfcc61f7513b81ac

SHA512
435708ccbf314d4a0607f71f530373977b7bdb5b904a9d4360d69736be7e39240c2eb209894ca7aa719f05b60f236f864e0593b72b9d7c783652d6d48cab00d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe

Filesize
184KB

MD5
a73faa7845bb8a13e637045247ccc6d6

SHA1
509f53bbd378c63e16ade89243e503e136c9b406

SHA256
2f2739a29ddf7a9a37ebdcdc1a46daf095c0a7543eb8ea5b2bd1e02463f88080

SHA512
f08c47cd5e222d386805a0df55711889c35eef5e4a48852b01373a413620732e91bcb04e759675c99ca4bafc377f65f0111a82833b6eb6dd80bfae5694184a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe

Filesize
184KB

MD5
ed17eb2da52a6d781be81b5dd43e174b

SHA1
50f5fa90422a6035530427547e486ce67af13456

SHA256
3a81783d1c1f6c0f1f0779c2c060fc54ee16cf9057bd8bed4b95c308e3485a9f

SHA512
cb9994eeda8d1d22d62c0141d12a86f10ccce1135ea938a216dc429028d0173084157e24194c9b53b6d08b49c6ea4e39cd589c337cf4363b10462539fd633a04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35782.exe

Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40172.exe

Filesize
184KB

MD5
4661bf3f8efb0535edd787098596bdfb

SHA1
47fb78fee538731c689b3e3a8e75855365f7532f

SHA256
6102f069e4ba2abeee96e6d0c2641f755ad3f1222a34c5d4a79a443621bab6fb

SHA512
95a9ab28b44f5d0d25b293a19a28f3eb3c99aa7efe749ae186165e478c07b713e701cdecc0f4c1dec3ead33e46fec3470a2445ebbaa9abca8f7acbdc2fc7fdba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40332.exe

Filesize
184KB

MD5
1971f093d2f35dd53af193605f7fb555

SHA1
acb562b539c20eb4ed0390a9d6bc0610749294cd

SHA256
ef23ffcd360d7ddfad7f0692e33cd57eb6cad04eaab4ad2ddcf257d19f08162a

SHA512
bd0ee854185caa9840510bcdd6fb00fdcac5a5c49347a92ece56646866a421498c9bd9b6cb775546db650db0c9dbf7b3afd0818b513872c487c2d3bda5ab41f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe

Filesize
184KB

MD5
4b2f68162bc4a48f20f4fa9a03c6af61

SHA1
9a5bfd64c90f134ba13d1398e7056f8481e807c5

SHA256
4f4f5773224d938138ca68ef93f72d8aa521dc64c9af1233ca34dc942ddf4364

SHA512
54793e048c7708e380ff94fb1dc740397dc4cb6d51b4ef03a3fe5b85b7db87e7845651abc32060fc131d18fa965c2f1d766034c72cdfb6ccd4c5df51c01a7e2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42601.exe

Filesize
184KB

MD5
ead3e6db5b5f9613b0e796263e9ebd62

SHA1
49b5d88b5c7c6a8f882445c3f7cb40f64038d7a9

SHA256
9df696e655113e182a7fe9c032acfcd5f6542fd846c40ca8c7b093d1cdfef702

SHA512
472d54c31517a8a49a07908d61c08159c56e9bdb3da91394039181c2c594eb1417d613990acccaabf43734e9f7aecada04fbaf0f75944460aa4ffba4f34dc441

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43814.exe

Filesize
184KB

MD5
9181fe6d020071f710c943296cd7ad9e

SHA1
47c3d5bbccab28c54fd0b828e3cdab71f3dc4969

SHA256
aabc22f4c625cefcfcaf54e0d431470e38f29660d9e71172c04dc3f749f1d081

SHA512
2a7271ec49a7b4242c526d3bfe5434e0e37ffd88cd8865d62729fa6f6999562a79f11df043b417980d52d23129431ad61749fd8125fb833eaa52958f42fec35a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47209.exe

Filesize
184KB

MD5
5b4f77d7f737376fbed675a1308893cd

SHA1
07519c5b86c6f4f3d82e23bf5ed7fae911eada60

SHA256
84d999b9bae65a24679596603dc84ebf364b4768ed2a339ce6582ab5fb8fc0b5

SHA512
b7be11bb458b26e91ce65b37d4e6a4f7992e80f7dbaa29c82e98b8bf344f460855e7288dfda0d26e01a31f99d96643a37b6939fbeb4ede25d25fa95db3ea07e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47940.exe

Filesize
184KB

MD5
0ecf45eb335699e58b575ad8289fb5bd

SHA1
5e9bb1c2c144269c30492d6ef60d83636343bc59

SHA256
3ca470e35ec160b6b4f0a6ca0394dd85e963de98c38483047fe79b655900cd97

SHA512
e051cb3d54f9690980a78cc81837b9ce0ba73bc13d5eaacd655b34451f467a033142772416ca9396b99f1967e7013c7855593341aab3fab1d095199aba3bb241

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48080.exe

Filesize
184KB

MD5
f8e5ffb44555dea8d3a0cbc0b58e5903

SHA1
dd60d6279513203ada297a0067c37eee9c96a48a

SHA256
6ab925df8300fc8674fc25c19b67a563eef30aa3e95cdf8c089f90b107649876

SHA512
1ee28715201a7ecb8317edae745a37c632a1ab4d272138c331f29f167da1b925f162eb975a69a12f4772fea7478a567d2c1cb03a30b2b8e1436087db0b5971c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48105.exe

Filesize
184KB

MD5
66689448d094d3f4ea8090adfd58e4d4

SHA1
88144f2d92fc550637b792e1cb723bec67834036

SHA256
ffab93803617a461f715c23d5c5e1b7b285da1e9d31f71f0b93c2877efeb3845

SHA512
27d29a5a9453dd04101aff015ae6a203855c4aea266fbe4e6749bce5d318ca9ad67939f726baafffecdfba883420f6fceb74d0f52f4458871540e16ba5e3fe52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe

Filesize
184KB

MD5
a05193ce3d2769989500308fcb819f92

SHA1
b91f3647533eea70bce2d217706e950f9d9df53a

SHA256
5a0ae7d063da354b2e35f28174e775e2cf93fc73771b269e9f18aefe6cfaca0a

SHA512
4710cf3c0757d269adc4adbdd250b4dbe7aae9191dbffd201732cbcd84baa1af7751bee84dbe70056db01eceda6cafbce2b73f2c24f0c5515c8b60f341ac9321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48489.exe

Filesize
184KB

MD5
a01ecadfce420aa1d56805362725caf0

SHA1
a436dd6a8a1ae6719fab5531e634770718f1a9eb

SHA256
fae6b2a36c96a7949aed0e31d7de157aa6439ff287903f0f8e98136bf003822b

SHA512
93b4651bc6fedc1ec9fea39c59333150b2a86c8fb39ee6d7aa466395a817b14a1967523d777e1b104033ef14af50c99f47b11f49cfc9b39d8e08edc962e4b2e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe

Filesize
184KB

MD5
4b8784c7d5950ddf32d7f2e1e0b4b445

SHA1
bd29b540f5784306f7cf1cfba07b7c2d9e9d56f6

SHA256
9e526815d83c8d4185770e037b1e4e2dd8d75cba4e2a2a5603acfa52670ba92a

SHA512
2964e4a55de87192734dde47c0cacd82c4447ce6b197031f350ab3dbd763cd91dcecfe3287866dc9295eaa7dbbef9a943571e0c6fff242a74d05a4fbf7218891

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51526.exe

Filesize
184KB

MD5
f9047e8b0e234150d66bb38698db2a27

SHA1
0a23ce29b8496b75037bbcf7dcccb55366df4206

SHA256
0808cc49799eea40e1d9aaccdbc5d33caf8ce49cd737117e8e6c2b469765a2c4

SHA512
7a101c55f597c1ad7f965228869c1b66dba7f08ab5a1dd08539883425051943bac2c246ea9e3851f928b016e3f4cb3e4d038fe189bd04fbea248ade9ecb0bc3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51727.exe

Filesize
184KB

MD5
dc19fd22f43546f70ff241fbfb891cc8

SHA1
9db453404677a481df8c73ae982dc90874e2240e

SHA256
445b35035b522f2471fedbdcaf1d33958454d05dfc716de2efc5f43f24fd6abe

SHA512
7f59d2e1d87a43bcc82981b6dd6d77a56913aab600069c2b30ddbdcc689db99e650b33e8799ac2cd572a916981634ec9f54087ca0c9d222d214d882afde37ed0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe

Filesize
184KB

MD5
83d7cee558ac3e37bf0ad32ccaeb07b8

SHA1
b246517e040bc7d637078af91d9b51909cf6c638

SHA256
97149c457c86f37afcb2ccb76e21bfbae0d10fa51048ffeefa42bc498b7f6bdb

SHA512
6c8cd07d07f59e48d8ddd2f30c254890ab20183b25066895cc5e96b696537051d21fd2d59d372f66b6f43102a3c60d1e5ec4f9ab278e33f7b7636c24575aa656

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53865.exe

Filesize
184KB

MD5
b254889de86207a7ff756b38d4dac0f5

SHA1
3fc67945145d3d83ec8b449ad28839c7052abf65

SHA256
bc71ea2055f8e35110cf866ca1184f2ee17ba1ef571f03e3589949c5de683749

SHA512
9d6e7ccfe6d777b282102874314af9775489896ea95315f60aa2133546004d0b9d298bd04d90fc10a979ff8a6764cc4f66b422c64fb026e9a8f4395bf9e9590b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57072.exe

Filesize
184KB

MD5
d7e6560d16e17ff3650aa070a1a118cf

SHA1
dce9d1637c200425155f5500ab5d5228a6fa43e4

SHA256
dd556caa42606e05932f74c97e6aec53b78ca24b722fb519b7fb3ce774485919

SHA512
23c3edad67b0e51d20e8c8f254e372a64eaa31db803d5c2b6b2114d813978a404c3660889acedbedecb0320fa0090bbb0e29537cba3ae54ec0e18b86d0812056

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe

Filesize
184KB

MD5
e09890ef5d73a75906fcb8d7fe900679

SHA1
14a24305583e842216b127cd2e41fe7a401e291a

SHA256
6d4839d6d2bfc231761270ff3a97d104cd4da7f2ae7063b9c3e90dc7d779e78c

SHA512
049b9a672747332a9850fceee49dde242b47890cccd5b96cd685ced0dfad681fca08244ef2af6dd003df024841b952c43e91233cb86858be23c23b50394e2cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe

Filesize
184KB

MD5
c1b3b2f02a96bb2c48b9592e75c775f1

SHA1
3afdfca6255a3c90e581bbc25c0479d29e2660ea

SHA256
09d4c4a7783571a5eb418d50e068340a617ba763c9f5bc785969a3c2f0437c8d

SHA512
873426d5de497ba5a4df8651d2d8f074d71973630d0a3bc6c0daff76fb9eca030ac09b675cf924cfee13d7600f30e0a555ace5fb2576887598c29db31d16c3b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6294.exe

Filesize
184KB

MD5
a17a5e0515825d96a90e06d73932354b

SHA1
7805c78937e39da39ac2310909faec29955e0e7e

SHA256
f34a2e99693a012000b6aa13d097b19b2758e1140f07ce73da7b61433de3bbc4

SHA512
00c71657fe3e497463706cc89c54b39e88eae00e89e9f6bf6d2fd62409635bd14196c0ba2b440990a939f274c45506f156cba771cbe3601c2fae44be2e2e1768

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6527.exe

Filesize
184KB

MD5
2dd4f0bce6c94a8ffc9cccc9b8263c90

SHA1
780a2e0bb5b73e1ed9e03a4ade8b2f518b251340

SHA256
5547e6cd6f0ca345f076b71b85e3f33ae4034929cdbe131aa5a1bbf476c31fb1

SHA512
ea1b09ab4b0933c3c13758da87275a3f11c82fdcba674a39aa3bed5ecc27b729fffb6a3a0b5cb71dfe53c9c4aba76f9c0d1a249efeb03a83ca2dbca6bed7b274

Download Submit
memory/1256-3269-0x00000000751A0000-0x00000000751B6000-memory.dmp

Filesize
88KB

Download
memory/1256-3243-0x0000000076E30000-0x0000000076EEF000-memory.dmp

Filesize
764KB

Download
memory/2908-689-0x00000000031A0000-0x000000000327B000-memory.dmp

Filesize
876KB

Download
memory/4064-1752-0x00007FFC6DD70000-0x00007FFC6DF65000-memory.dmp

Filesize
2.0MB

Download
memory/4656-3235-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4656-3535-0x00007FFC6DD70000-0x00007FFC6DF65000-memory.dmp

Filesize
2.0MB

Download
memory/4656-3536-0x00000000752E0000-0x000000007543D000-memory.dmp

Filesize
1.4MB

Download
memory/9564-2075-0x0000000077360000-0x000000007743C000-memory.dmp

Filesize
880KB

Download
memory/9564-2094-0x00000000752D0000-0x00000000752DF000-memory.dmp

Filesize
60KB

Download
memory/9564-2082-0x0000000075540000-0x00000000755FF000-memory.dmp

Filesize
764KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads