c7f29c65ffdc95a751b7f8505a7e029b248f1c78f7fd42efdd38e523c50ca79e

Analysis

max time kernel
132s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1388c24cb567a6350afecf30fa27cbc5.exe
Size

184KB
MD5

1388c24cb567a6350afecf30fa27cbc5
SHA1

2c83eb21fbe3169d5fe93138c8bfcc24bd948c8a
SHA256

c7f29c65ffdc95a751b7f8505a7e029b248f1c78f7fd42efdd38e523c50ca79e
SHA512

0d24689e4c8e4606c2ad2b63bc0b7636c752def0381ba731a9ef1a6395ae7d806624bda375ade210838a4abfdf465dde97d526e7acf5dec5e0b5e044ba00091b
SSDEEP

3072:gelPoMrfYA0bOjMdiAc+z4bXS46NvuIVxulpgPVL7lPdppuT:gexoy50bHdLc+zvfoU7lPdp8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2984	Unicorn-61240.exe
2808	Unicorn-56959.exe
2704	Unicorn-20757.exe
2616	Unicorn-43249.exe
2164	Unicorn-7047.exe
2640	Unicorn-11645.exe
1668	Unicorn-37275.exe
1816	Unicorn-65309.exe
2692	Unicorn-41552.exe
1912	Unicorn-8687.exe
588	Unicorn-46191.exe
576	Unicorn-45268.exe
912	Unicorn-26554.exe
1796	Unicorn-21916.exe
1780	Unicorn-12403.exe
2920	Unicorn-50099.exe
1112	Unicorn-17234.exe
1700	Unicorn-4427.exe
288	Unicorn-55906.exe
2444	Unicorn-14105.exe
1224	Unicorn-17670.exe
560	Unicorn-53680.exe
1584	Unicorn-35040.exe
1236	Unicorn-18896.exe
700	Unicorn-26955.exe
2220	Unicorn-12455.exe
2356	Unicorn-50499.exe
2176	Unicorn-7006.exe
1164	Unicorn-10042.exe
1964	Unicorn-21146.exe
2992	Unicorn-15775.exe
2664	Unicorn-5001.exe
2172	Unicorn-36330.exe
3060	Unicorn-4041.exe
2504	Unicorn-45842.exe
1984	Unicorn-7030.exe
2436	Unicorn-61410.exe
1148	Unicorn-61026.exe
552	Unicorn-53050.exe
1096	Unicorn-5961.exe
884	Unicorn-53616.exe
1564	Unicorn-22864.exe
436	Unicorn-23056.exe
1572	Unicorn-47752.exe
908	Unicorn-54768.exe
760	Unicorn-23549.exe
1120	Unicorn-24701.exe
1556	Unicorn-28074.exe
1712	Unicorn-61130.exe
2944	Unicorn-10777.exe
1732	Unicorn-19138.exe
2132	Unicorn-10222.exe
3068	Unicorn-39749.exe
896	Unicorn-59615.exe
2728	Unicorn-30237.exe
2624	Unicorn-22645.exe
2776	Unicorn-44960.exe
2784	Unicorn-9106.exe
2404	Unicorn-60767.exe
1668	Unicorn-53284.exe
3044	Unicorn-58499.exe
2612	Unicorn-35146.exe
1940	Unicorn-6195.exe
1100	Unicorn-40321.exe

Loads dropped DLL 64 IoCs

pid	Process
2672	1388c24cb567a6350afecf30fa27cbc5.exe
2672	1388c24cb567a6350afecf30fa27cbc5.exe
2984	Unicorn-61240.exe
2984	Unicorn-61240.exe
2672	1388c24cb567a6350afecf30fa27cbc5.exe
2672	1388c24cb567a6350afecf30fa27cbc5.exe
2808	Unicorn-56959.exe
2984	Unicorn-61240.exe
2808	Unicorn-56959.exe
2984	Unicorn-61240.exe
2704	Unicorn-20757.exe
2704	Unicorn-20757.exe
2704	Unicorn-20757.exe
2640	Unicorn-11645.exe
2704	Unicorn-20757.exe
2640	Unicorn-11645.exe
2164	Unicorn-7047.exe
2164	Unicorn-7047.exe
2808	Unicorn-56959.exe
2616	Unicorn-43249.exe
2616	Unicorn-43249.exe
2808	Unicorn-56959.exe
1284	WerFault.exe
1284	WerFault.exe
1284	WerFault.exe
1284	WerFault.exe
2640	Unicorn-11645.exe
2692	Unicorn-41552.exe
2640	Unicorn-11645.exe
2692	Unicorn-41552.exe
2616	Unicorn-43249.exe
2616	Unicorn-43249.exe
588	Unicorn-46191.exe
588	Unicorn-46191.exe
1912	Unicorn-8687.exe
1912	Unicorn-8687.exe
1668	Unicorn-37275.exe
1668	Unicorn-37275.exe
2164	Unicorn-7047.exe
2164	Unicorn-7047.exe
1284	WerFault.exe
1668	Unicorn-37275.exe
2692	Unicorn-41552.exe
588	Unicorn-46191.exe
1668	Unicorn-37275.exe
2692	Unicorn-41552.exe
588	Unicorn-46191.exe
1700	Unicorn-4427.exe
1700	Unicorn-4427.exe
1796	Unicorn-21916.exe
1796	Unicorn-21916.exe
1780	Unicorn-12403.exe
1780	Unicorn-12403.exe
2920	Unicorn-50099.exe
2920	Unicorn-50099.exe
1112	Unicorn-17234.exe
1112	Unicorn-17234.exe
1912	Unicorn-8687.exe
1912	Unicorn-8687.exe
912	Unicorn-26554.exe
912	Unicorn-26554.exe
576	Unicorn-45268.exe
576	Unicorn-45268.exe
2176	Unicorn-7006.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
1284	1816	WerFault.exe	34
2896	2100	WerFault.exe	231
2808	2840	WerFault.exe	263

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2672	1388c24cb567a6350afecf30fa27cbc5.exe
2984	Unicorn-61240.exe
2808	Unicorn-56959.exe
2704	Unicorn-20757.exe
2616	Unicorn-43249.exe
2164	Unicorn-7047.exe
2640	Unicorn-11645.exe
1668	Unicorn-37275.exe
1816	Unicorn-65309.exe
588	Unicorn-46191.exe
2692	Unicorn-41552.exe
1912	Unicorn-8687.exe
576	Unicorn-45268.exe
1796	Unicorn-21916.exe
2920	Unicorn-50099.exe
1780	Unicorn-12403.exe
1112	Unicorn-17234.exe
912	Unicorn-26554.exe
1700	Unicorn-4427.exe
288	Unicorn-55906.exe
2444	Unicorn-14105.exe
1236	Unicorn-18896.exe
1224	Unicorn-17670.exe
1584	Unicorn-35040.exe
1164	Unicorn-10042.exe
2220	Unicorn-12455.exe
700	Unicorn-26955.exe
560	Unicorn-53680.exe
2176	Unicorn-7006.exe
2356	Unicorn-50499.exe
1964	Unicorn-21146.exe
3060	Unicorn-4041.exe
2664	Unicorn-5001.exe
2992	Unicorn-15775.exe
2504	Unicorn-45842.exe
2172	Unicorn-36330.exe
1984	Unicorn-7030.exe
2436	Unicorn-61410.exe
552	Unicorn-53050.exe
1096	Unicorn-5961.exe
1148	Unicorn-61026.exe
884	Unicorn-53616.exe
1564	Unicorn-22864.exe
1572	Unicorn-47752.exe
436	Unicorn-23056.exe
908	Unicorn-54768.exe
760	Unicorn-23549.exe
1120	Unicorn-24701.exe
1556	Unicorn-28074.exe
1712	Unicorn-61130.exe
2944	Unicorn-10777.exe
1732	Unicorn-19138.exe
2132	Unicorn-10222.exe
896	Unicorn-59615.exe
3068	Unicorn-39749.exe
2728	Unicorn-30237.exe
2776	Unicorn-44960.exe
2556	Unicorn-3159.exe
2496	Unicorn-2775.exe
1100	Unicorn-40321.exe
780	Unicorn-62448.exe
2964	Unicorn-33959.exe
2220	Unicorn-15354.exe
1940	Unicorn-6195.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 2984	2672	1388c24cb567a6350afecf30fa27cbc5.exe	28
PID 2672 wrote to memory of 2984	2672	1388c24cb567a6350afecf30fa27cbc5.exe	28
PID 2672 wrote to memory of 2984	2672	1388c24cb567a6350afecf30fa27cbc5.exe	28
PID 2672 wrote to memory of 2984	2672	1388c24cb567a6350afecf30fa27cbc5.exe	28
PID 2984 wrote to memory of 2808	2984	Unicorn-61240.exe	30
PID 2984 wrote to memory of 2808	2984	Unicorn-61240.exe	30
PID 2984 wrote to memory of 2808	2984	Unicorn-61240.exe	30
PID 2984 wrote to memory of 2808	2984	Unicorn-61240.exe	30
PID 2672 wrote to memory of 2704	2672	1388c24cb567a6350afecf30fa27cbc5.exe	29
PID 2672 wrote to memory of 2704	2672	1388c24cb567a6350afecf30fa27cbc5.exe	29
PID 2672 wrote to memory of 2704	2672	1388c24cb567a6350afecf30fa27cbc5.exe	29
PID 2672 wrote to memory of 2704	2672	1388c24cb567a6350afecf30fa27cbc5.exe	29
PID 2808 wrote to memory of 2616	2808	Unicorn-56959.exe	31
PID 2808 wrote to memory of 2616	2808	Unicorn-56959.exe	31
PID 2808 wrote to memory of 2616	2808	Unicorn-56959.exe	31
PID 2808 wrote to memory of 2616	2808	Unicorn-56959.exe	31
PID 2984 wrote to memory of 2164	2984	Unicorn-61240.exe	32
PID 2984 wrote to memory of 2164	2984	Unicorn-61240.exe	32
PID 2984 wrote to memory of 2164	2984	Unicorn-61240.exe	32
PID 2984 wrote to memory of 2164	2984	Unicorn-61240.exe	32
PID 2704 wrote to memory of 2640	2704	Unicorn-20757.exe	33
PID 2704 wrote to memory of 2640	2704	Unicorn-20757.exe	33
PID 2704 wrote to memory of 2640	2704	Unicorn-20757.exe	33
PID 2704 wrote to memory of 2640	2704	Unicorn-20757.exe	33
PID 2704 wrote to memory of 1668	2704	Unicorn-20757.exe	35
PID 2704 wrote to memory of 1668	2704	Unicorn-20757.exe	35
PID 2704 wrote to memory of 1668	2704	Unicorn-20757.exe	35
PID 2704 wrote to memory of 1668	2704	Unicorn-20757.exe	35
PID 2640 wrote to memory of 1816	2640	Unicorn-11645.exe	34
PID 2640 wrote to memory of 1816	2640	Unicorn-11645.exe	34
PID 2640 wrote to memory of 1816	2640	Unicorn-11645.exe	34
PID 2640 wrote to memory of 1816	2640	Unicorn-11645.exe	34
PID 2164 wrote to memory of 2692	2164	Unicorn-7047.exe	36
PID 2164 wrote to memory of 2692	2164	Unicorn-7047.exe	36
PID 2164 wrote to memory of 2692	2164	Unicorn-7047.exe	36
PID 2164 wrote to memory of 2692	2164	Unicorn-7047.exe	36
PID 2616 wrote to memory of 1912	2616	Unicorn-43249.exe	38
PID 2616 wrote to memory of 1912	2616	Unicorn-43249.exe	38
PID 2616 wrote to memory of 1912	2616	Unicorn-43249.exe	38
PID 2616 wrote to memory of 1912	2616	Unicorn-43249.exe	38
PID 2808 wrote to memory of 588	2808	Unicorn-56959.exe	37
PID 2808 wrote to memory of 588	2808	Unicorn-56959.exe	37
PID 2808 wrote to memory of 588	2808	Unicorn-56959.exe	37
PID 2808 wrote to memory of 588	2808	Unicorn-56959.exe	37
PID 1816 wrote to memory of 1284	1816	Unicorn-65309.exe	39
PID 1816 wrote to memory of 1284	1816	Unicorn-65309.exe	39
PID 1816 wrote to memory of 1284	1816	Unicorn-65309.exe	39
PID 1816 wrote to memory of 1284	1816	Unicorn-65309.exe	39
PID 2640 wrote to memory of 912	2640	Unicorn-11645.exe	40
PID 2640 wrote to memory of 912	2640	Unicorn-11645.exe	40
PID 2640 wrote to memory of 912	2640	Unicorn-11645.exe	40
PID 2640 wrote to memory of 912	2640	Unicorn-11645.exe	40
PID 2692 wrote to memory of 576	2692	Unicorn-41552.exe	41
PID 2692 wrote to memory of 576	2692	Unicorn-41552.exe	41
PID 2692 wrote to memory of 576	2692	Unicorn-41552.exe	41
PID 2692 wrote to memory of 576	2692	Unicorn-41552.exe	41
PID 588 wrote to memory of 1796	588	Unicorn-46191.exe	43
PID 588 wrote to memory of 1796	588	Unicorn-46191.exe	43
PID 588 wrote to memory of 1796	588	Unicorn-46191.exe	43
PID 588 wrote to memory of 1796	588	Unicorn-46191.exe	43
PID 1912 wrote to memory of 1780	1912	Unicorn-8687.exe	44
PID 1912 wrote to memory of 1780	1912	Unicorn-8687.exe	44
PID 1912 wrote to memory of 1780	1912	Unicorn-8687.exe	44
PID 1912 wrote to memory of 1780	1912	Unicorn-8687.exe	44

C:\Users\Admin\AppData\Local\Temp\1388c24cb567a6350afecf30fa27cbc5.exe
"C:\Users\Admin\AppData\Local\Temp\1388c24cb567a6350afecf30fa27cbc5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46704.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49683.exe
        12⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        13⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17517.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16826.exe
        15⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
        9⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9366.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        11⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        12⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        13⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
        14⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12295.exe
        15⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11133.exe
        16⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
        17⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        14⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        15⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
        16⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27150.exe
        10⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7006.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15775.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59615.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        10⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50337.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        12⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        13⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34063.exe
        10⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52510.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
        14⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30661.exe
        15⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30237.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
        9⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        12⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36999.exe
        13⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39052.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61688.exe
        15⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
        14⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56151.exe
        15⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33630.exe
        16⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16783.exe
        17⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
        16⤵
        
        PID:440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        9⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        11⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18896.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53050.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61130.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53305.exe
        10⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
        12⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
        13⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        14⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54340.exe
        16⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24611.exe
        17⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24868.exe
        18⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27285.exe
        17⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63457.exe
        14⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        9⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33285.exe
        10⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:1900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10222.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
        10⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        13⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12479.exe
        9⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        10⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        12⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33463.exe
        14⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63001.exe
        15⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13352.exe
        16⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39749.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59283.exe
        9⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11992.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        11⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18980.exe
        12⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60767.exe
        8⤵
        Executes dropped EXE
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19777.exe
        9⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
        12⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41330.exe
        13⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40147.exe
        14⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        13⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58499.exe
        7⤵
        Executes dropped EXE
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
        8⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41872.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        10⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62342.exe
        13⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
        8⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        9⤵
        
        PID:1472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54768.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50679.exe
        9⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9106.exe
        8⤵
        Executes dropped EXE
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35324.exe
        9⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        10⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
        12⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
        13⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55906.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61026.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20493.exe
        9⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
        10⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2624.exe
        12⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
        13⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
        14⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59804.exe
        13⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
        15⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        10⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55779.exe
        11⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        12⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
        14⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47794.exe
        8⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63606.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10158.exe
        10⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34830.exe
        11⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43089.exe
        12⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62347.exe
        13⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
        14⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55153.exe
        15⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28665.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29222.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
        11⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50099.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24701.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53284.exe
        8⤵
        Executes dropped EXE
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
        9⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        10⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        12⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51641.exe
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        14⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39431.exe
        15⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16124.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29331.exe
        13⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35146.exe
        7⤵
        Executes dropped EXE
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24743.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        9⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1366.exe
        12⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43339.exe
        14⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22481.exe
        15⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11428.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60635.exe
        13⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
        14⤵
        
        PID:1992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1816
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 244
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21146.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
        9⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-783.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17170.exe
        11⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11669.exe
        12⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        13⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        14⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13928.exe
        15⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
        16⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15354.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
        8⤵
        
        PID:476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7820.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36500.exe
        10⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43958.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54864.exe
        12⤵
        
        PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10777.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3004.exe
        9⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14535.exe
        10⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59334.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47464.exe
        13⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3159.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
        8⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        10⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        11⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17901.exe
        12⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        13⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28217.exe
        14⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
        15⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32460.exe
        16⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        13⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe
        14⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
        8⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59551.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53859.exe
        11⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18170.exe
        12⤵
        
        PID:1884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17670.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36637.exe
        8⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49491.exe
        9⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23994.exe
        10⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36916.exe
        11⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7038.exe
        12⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13333.exe
        13⤵
        
        PID:2840
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 376
        14⤵
        Program crash
        
        PID:2808
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 380
        13⤵
        Program crash
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25131.exe
        7⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19562.exe
        9⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        10⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22915.exe
        11⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35030.exe
        12⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9809.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        14⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39476.exe
        15⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22808.exe
        12⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44960.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
        7⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
        9⤵
        
        PID:2484

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe

Filesize
64KB

MD5
39169ce6b95f43941e5467247e2a4746

SHA1
f210883bfd4a89554a29b7d0a7969b1377dd6570

SHA256
aea0643fead8a17f757f044ccb4f6cbe8c16622dbd363ef1f337252a4cbbc86c

SHA512
190b6cef819f158d5a6f8b6af70ab56f0fa1ac154a9354f18017fd8192fed656438dc441a6dd582e571086c565ff03bea40784327ed07a6d3a7e46cda2442d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23056.exe

Filesize
184KB

MD5
44e0eee86c885b64bf96624e0e72f6b9

SHA1
31f99abf8c965fbdfbe47aa835a84df483a6eef8

SHA256
f8998aad1cc84023e5e2ae5ae36205c363ee518c0cd52d7c3e219b099937096d

SHA512
a3f9af5f2ea2477c42486eeffb02c1bf9cc21cccd269430506fbe83720b4df2cb600bc7610392048802a93a37907c5be56c3c1b7814178b001f7acb671c94d88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37275.exe

Filesize
184KB

MD5
4ab979318c0c1f4a32c6cc0fcca9bbf1

SHA1
a7c6d2859f9c7e1c96a4b22ebd8145f949979a71

SHA256
5ed3df11ef448eb31436b34014a933cb5737077e9cd781f5f8c500f7dcf8f054

SHA512
1151114d5dd55365e724f0cf9d2936690ba72e302dd32b45b2c86bb07dc91923e09ef7c61bfa09c8853e605c83ee82cacdd3cb37d757bfc1421b7581a4290e85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45268.exe

Filesize
184KB

MD5
306cd2fd6cc23f84ff800a93d1447fbb

SHA1
f0841ccc780e387c27867d0a4a13f25de0c3b1b4

SHA256
cdffe1f33294d8d4f2f4067d28d48de56e13142e0b8ddc7b0cb835d5e56277f4

SHA512
b6adb14cd8dbbf81a61d0a3a86b4177f56480b8b8ab8e7cb1dc984e542a2c8728882ede50d35d2b8505319cede26a6135cbbb5036b450c6d55059f318c5e3675

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46191.exe

Filesize
184KB

MD5
4c969294485d303a40c624b26a4c35c1

SHA1
42c28f8e41e73b9bfb8a3f90cafeac3104a38b2f

SHA256
f3b5f9a6c122d56aa0136f8a3ae7b21133c4671a26886b780f42465b4d1ce5a6

SHA512
afe3e26be069dd13b7bbfa34a45cd1b15966b9d19e59318d812ab41903b21d3ff5bebc9bd2000cdcc0a6745185a97958487e093a530c619646a3b62221109671

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe

Filesize
184KB

MD5
2896b97ff5e0d4f0c1feb428271d5033

SHA1
8a43035a5d5d693b6b14e9ba9e324e6337df9994

SHA256
7fa3c8e35dd9fbe83c2058866c1cda9053afc50b7e7068ce046cf47059a2e35b

SHA512
67ed54025aa4cd450c0872d97c563bf8004b16548e23165160a42e1520cc155b77004c577ae16379c8b55d221b47dd18d60932fcd99ef9f7babd2a1527c68e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5694.exe

Filesize
184KB

MD5
2a6c716048a490f94a02c58730a58ee5

SHA1
a77fde9277a17e00bb17642886c04c9ad8201051

SHA256
3edd814f4f388d3f567f27100a1473dd45b354a30ab377356bde5b7488bc0daf

SHA512
7fb43da05a68aba9413ebdf4da4e588a5dc6deaa52c45bd8f3ee929befa258498977a491ad0aee8e6a7ed50f8bdb298f1efd04d96e78c7075aa3b578af265758

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe

Filesize
184KB

MD5
c803101974a0da261aa6d201a4a688fa

SHA1
04d2ca9878dd0bf2cb628e8f84bd7c0cb7edef29

SHA256
b4b3463832d4de9ccc2c6f408e68386f5704e433473a55cac4ef79d696c938ed

SHA512
df40d0014a459fbd17d2b3f06e489ad871c84aaa9d8e17b09d3f84decf8c0f5da6a86d64dfc287b170a74c39b901114f53e59cf5497a1f81ad0dd1b3c342a5ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe

Filesize
184KB

MD5
b7dc78b24e6f7d78730fa0962ffc4d8f

SHA1
1740e5fd6126317c13bdb95a7aefdef2783df2b7

SHA256
79262b9b8bcb88ece7866cd73dc0e260de35982189ea2c5b00b8dcd0ce9c3bf0

SHA512
84095d43feba49c5d4a1cb2f7ecfcd7729132453cd1920caa298db5a6adf46c4c159f2e49c23f58bacf40b9c4dcc7605bcd60cd3e163c73b71ce687ec7ab48a9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6195.exe

Filesize
184KB

MD5
5968ccdb1aebe384df0b68379d163f76

SHA1
6b0c6630da93d96e892f46e66fcd1687cdb56ebc

SHA256
d28a8b68209c25b17e814f06220203ea21a2a295b922c379727edcf576c35e0a

SHA512
ac7346347f287686ef7e7a5b3415ee43899a24fa73017db17f9bcc01141ac69efce3340c89866419f8cd2d4ddd28237bf6d7097d894aa705eea344dace214648

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6528.exe

Filesize
184KB

MD5
c22a6a0ae0d711280de8db64548e9643

SHA1
c0c117d5aaafa95e471a2d8fc8cc0e62af6eb2ab

SHA256
774a8badd565d511438e355cdd321f43921513d6b2350d35d11b608c9bb17a32

SHA512
2bd792c7cdcb1f955d6e04814673c4f720668c2caa901931820f3184bd1dd555f2fe6300ea8dad545274face6096e9319dc8c68e87d68d8e422c36bac92fa4c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe

Filesize
184KB

MD5
388435a52ae04df44b199b5e07e57109

SHA1
1c5d0a3a7acb573b84d093d301cc24bea766cc14

SHA256
5740b216cc2df9a01ea4ecb7000c14a6083aabd3e034ac060f8180b8591cb224

SHA512
a2e1fc028e60d3d8e5ae439931b5a0d29a78bd900f8718aec717e48787af0f01e5cd2a7b622015714c399c94459482f8eb4fa76435f39a26b31989f320b7631b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11645.exe

Filesize
184KB

MD5
e72d32584a35be86bd621447ce7342ab

SHA1
68670cf4fbc076ac6b86b649c45732c688ed16f4

SHA256
fce6e2caf6369196327f3c18b71f687cd83a8b5ff2992fa23b473f3d5ec5f484

SHA512
1b2a16b4e080519fb04da920f2943a3030aee3926092fde4dac9ab172d647fed327e4ee24b8b8a7ea9fb1353c3f5f436668c155f38e4b2b0ff93aa9d62301e5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe

Filesize
128KB

MD5
e45076b0abb4c607dc247fafdc7756d3

SHA1
fbe33fa5347cfcbc5cf0cc2c7722b1a2e5390419

SHA256
541e5ad25049671d8f84b502ef3a328f132ae2eea99339f37b4ec4c4cfb9e2d2

SHA512
a15f0bda3506691a966e5d57f10cb71efbb3a2cb2a5718a708821fbb21079bdb6b6324e235129924f726b8a3d783c3dd15a52ed2afc4a824c046e413a4d6c9a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe

Filesize
184KB

MD5
9cacb63832a90d5f305e3581e765e238

SHA1
79c2ba0a0335660e2e6f21adbdfcaae48dbf87cb

SHA256
716b0820738583b086f607b293aa80531a8938c281c60a589a09b625e71d75ee

SHA512
e09d6529adabd6cbc4f89f4252e094358aaa7293c64ceb5f157ea9579c5ec8cc4e34f0fca6ea681b136efb7f99a67eda568c745731829ab8fab744433e0d0aee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe

Filesize
184KB

MD5
3f0385927fa7a26daabe8db7816681e1

SHA1
8e75db366025f534da5fe1ff9f415b77d3d76fda

SHA256
3dd695673a5ce0036517648c9bc9ac656c43439fc2fcdb6eabf95d66a63a1bd8

SHA512
35860777c12c4ced34f08147ccd81ccc35590aa2aeb3b50b9aa33b0dd3009d4993d04e8bb6f88dd98575bb39e6517c5fef3f59e3ca04ea85df8beef9fe14aeaf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe

Filesize
184KB

MD5
04e4787c6c82784f57be151572cb0152

SHA1
f30b7048a5a03e872a45a636608408e6bf6ed84e

SHA256
b2c63ec258847c7383400d3409a49f589fa9e85a72d686fe7df1fd3a5a0e286b

SHA512
dbf569cc1d9663817b1cf478e30e9834a6cf01293c63bcadab943f0d06a61cb68da7581d6ebd145b8efac5cbae72d428df7189bcfca80c86eb23c431906722b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20757.exe

Filesize
127KB

MD5
66f0e9f24ed18aa6fdd4f5aa5ae08127

SHA1
e4ad92123e7c5cf5dcdda5b6ec87a8a08f9194ab

SHA256
4e01d5c14f3f19b53643d026461f4c514af1a701d32d6fb204993c8e91017f03

SHA512
35e265470062c2f208729c1c2a5a50302101e778ab29ffdb29d527f430bd997ef0f847218ece5032138295018e800b21536320d1b94d08a99df5004b25fcb232

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe

Filesize
184KB

MD5
b4d20c30286d73eb7ac4a06aa1a2784d

SHA1
c040011db0c38ac61a34c9bbbafce548ee8f8983

SHA256
4ec48d72707842a1cf5c52e4eaee603f829d71bd217eb804aa996c94e7ebd848

SHA512
adf27e5636c3a989ddb0ba74df6d57372c3fe50b08e885c19650505c8460a5537bed2e2237d0a42f51c4ea6123fcd440597f30ec01f34f9c410028a05189a7a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe

Filesize
184KB

MD5
02ab5c5f8fcb0d558c4e65bc0db660be

SHA1
aa17601cfd3826ec67e574adcc78cfe1d199b3ab

SHA256
ae40e23f36d5626ba488b1053aa596c977e98a26200927d93735f1375e2e6b4a

SHA512
344cc98199c46ccc2affca0bb081f92e3ec9d1dacca9f125c50f685a8fbc75bbf010c87025d60060773a947936945c3b132c12dada1452a519bf23b28e708ecf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41552.exe

Filesize
184KB

MD5
cbbb90f3ae91d6b96ab644e1fe47020d

SHA1
ebb51b73dc512bb6fdf424ba7574ac2233711048

SHA256
99fb3b7017b5f54a65fc182e8f730e513db7a68358adebde8d89a53f5027f8ca

SHA512
01eca08623e084f5b93375ce91248c99a5deec66481486643a3c2bb7ac9d576dde9938559f0da89fb94238cee0489b7a498e7f0e5224a0b6e12089f7503c5e4d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe

Filesize
184KB

MD5
a064850e2ee3a075302a47ccb312813e

SHA1
2dfdd7576c7e99c1b116cb42387557d54d9ff8be

SHA256
b78caee9f1dc9229d437f0eba7a140542df95e87a04bc5a8fb8717267707f7a4

SHA512
98ef5bf1dc1eee92a764819eeaf67ff72543fbd485711333f6b48d0764961a01b8ed6dcd8114bd6e4c04cb0de6a7af7c1ae6dc3bc9dcbc0a547b914400f46905

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe

Filesize
184KB

MD5
88ff178c3ff3ef5af81df8766e41af12

SHA1
c3395697b8e9a5d37538265f5381111ced0c1792

SHA256
7d1ae15705aae562ae2e3719be784a9a8c0da8dd549630f5d5d46a295bbcbec5

SHA512
61ad088e965b9d40a29b50ebe3b082cf318416f9f6064e2bbe1956bd63d15f25ddfd6db299fe04c33f5bc1ef7dfaf3f8f55e08bfb668dac571be4cc3a9cc6b36

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56959.exe

Filesize
172KB

MD5
424ded5143152e38ff75362bc4d01049

SHA1
f772156d73361b57978ca5a2499bfb8a172a966a

SHA256
3a2ea001ef74abbefb3a000e3516ef00e0a387b617d76ee0a568992688c949a4

SHA512
5ff738b9dd9593aee6b0ab6a9c2a26563540f69a959ee9e81bdfb93b7546acdaecf555ae9f3584d643bdc8c04f4f5a62cc9ee7782dc63e8e05c3e952f7caf820

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61240.exe

Filesize
184KB

MD5
f75ea07bc346f4d4ec7c829c411f3385

SHA1
f1b5a99e931a020174cc2eaafe9a60a20f0a7596

SHA256
3125ddbf1d3bc71a9541a31a744e5352c628eebabaca740168b1543904eee0d2

SHA512
c3d01ad2728668b149aea9c1895256281201ee579f8d8752b05cf2f514652f71f3d163f9c03a50c87d3b7a01f6ceb0f0f832e816d79fe3db1bddd4ef492af814

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7047.exe

Filesize
184KB

MD5
033b8f6d5b7ce6faedd3a5733922a529

SHA1
856b0115ac4a5a58c7c4f369f4bd9139fcdd0c96

SHA256
17a77a1098b8cd31ffd41988bb3b7e18574b7274e917b961ea33443a539e4de6

SHA512
bba7c7712d6cc868d021e93f032ac94e55e0ece95fdf26abeec3b31a44bba48e71665a13a1f339905cce228a2117cb796ec94cf7c0e1e17c244b5193415c0094

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe

Filesize
184KB

MD5
e667b2f85901b892f43adc3044f442be

SHA1
8cd8eb1a3f1dec9e09c050494a71e93cc9ca42bf

SHA256
e21779729e02da75bdb2192bc75ff3fa980ed640a40be2a7f08c4d5211f50c85

SHA512
69a473981f038223f72150f5f6dc7479d1add3bddb0201ae2437679ea12c398645df24074d76b62099351707207055e8f3b231ffd9c8a6415cb74e6c8c91093d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads