aaa03657b84103fb08f352e6fae59fe571be6a245eb6ae05746ded95780f44ba

Analysis

max time kernel
39s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
09/01/2024, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e515e016ce2efe82dc48a76d4d82b73.exe
Size

184KB
MD5

4e515e016ce2efe82dc48a76d4d82b73
SHA1

2255adc028550dfcfbac7cf5c077a70106e3e70c
SHA256

aaa03657b84103fb08f352e6fae59fe571be6a245eb6ae05746ded95780f44ba
SHA512

8ee411fea4725912e3ce234532710b68ba941a1bbd10ac63b5199c8f58387d40174e0e325488531ebbb94de8f000d2104566cdabfa418c158fc8cd3f8fbfccb9
SSDEEP

3072:qtHHoKeqzAkbOjQdTIcozFbX0v6p7ZmtgYx8kP0O7lPdpFK:qtnoUskbPdMcozXg+O7lPdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2164	Unicorn-1966.exe
2752	Unicorn-31946.exe
2852	Unicorn-16164.exe
2728	Unicorn-8292.exe
2524	Unicorn-5270.exe
2616	Unicorn-49325.exe
1980	Unicorn-42392.exe
2896	Unicorn-59475.exe
1404	Unicorn-26056.exe
2792	Unicorn-53697.exe
300	Unicorn-5635.exe
2104	Unicorn-46798.exe
1688	Unicorn-49437.exe
1640	Unicorn-26378.exe
2088	Unicorn-17826.exe
2300	Unicorn-43076.exe
3012	Unicorn-62942.exe
592	Unicorn-42522.exe
588	Unicorn-2236.exe
1120	Unicorn-40227.exe
2244	Unicorn-37761.exe
2416	Unicorn-2724.exe
1932	Unicorn-31505.exe
1944	Unicorn-56756.exe
2484	Unicorn-57353.exe
1260	Unicorn-49740.exe
1176	Unicorn-45101.exe
2976	Unicorn-17067.exe
1700	Unicorn-36933.exe
1672	Unicorn-57161.exe
1212	Unicorn-47730.exe
2564	Unicorn-8707.exe
2824	Unicorn-48814.exe
2404	Unicorn-23563.exe
2464	Unicorn-53511.exe
2864	Unicorn-58326.exe
2148	Unicorn-20823.exe
2628	Unicorn-36089.exe
2640	Unicorn-18239.exe
288	Unicorn-9618.exe
2972	Unicorn-15291.exe
2956	Unicorn-25400.exe
2396	Unicorn-1565.exe
2588	Unicorn-38996.exe
2684	Unicorn-19130.exe
760	Unicorn-63308.exe
1768	Unicorn-10770.exe
2924	Unicorn-30636.exe
2112	Unicorn-22468.exe
2240	Unicorn-33335.exe
2888	Unicorn-40875.exe
1936	WerFault.exe
2392	Unicorn-30678.exe
2016	Unicorn-6230.exe
1684	Unicorn-26402.exe
1628	Unicorn-38893.exe
1880	Unicorn-36941.exe
240	Unicorn-1891.exe
2372	Unicorn-1336.exe
2460	Unicorn-50345.exe
996	Unicorn-22311.exe
1064	Unicorn-62213.exe
2160	Unicorn-37611.exe
2076	Unicorn-64434.exe

Loads dropped DLL 64 IoCs

pid	Process
1340	4e515e016ce2efe82dc48a76d4d82b73.exe
1340	4e515e016ce2efe82dc48a76d4d82b73.exe
2164	Unicorn-1966.exe
2164	Unicorn-1966.exe
1340	4e515e016ce2efe82dc48a76d4d82b73.exe
1340	4e515e016ce2efe82dc48a76d4d82b73.exe
2752	Unicorn-54284.exe
2752	Unicorn-54284.exe
2164	Unicorn-1966.exe
2164	Unicorn-1966.exe
2852	Unicorn-16164.exe
2852	Unicorn-16164.exe
2728	Unicorn-8292.exe
2728	Unicorn-8292.exe
2752	Unicorn-54284.exe
2752	Unicorn-54284.exe
2524	Unicorn-5270.exe
2524	Unicorn-5270.exe
2852	Unicorn-16164.exe
2852	Unicorn-16164.exe
2616	Unicorn-49325.exe
2616	Unicorn-49325.exe
1980	Unicorn-42392.exe
1980	Unicorn-42392.exe
2728	Unicorn-8292.exe
2728	Unicorn-8292.exe
2896	Unicorn-59475.exe
2896	Unicorn-59475.exe
1404	Unicorn-26056.exe
1404	Unicorn-26056.exe
2524	Unicorn-5270.exe
2792	Unicorn-53697.exe
2792	Unicorn-53697.exe
2524	Unicorn-5270.exe
300	Unicorn-5635.exe
300	Unicorn-5635.exe
2616	Unicorn-49325.exe
2616	Unicorn-49325.exe
1980	Unicorn-42392.exe
2104	Unicorn-46798.exe
1980	Unicorn-42392.exe
2104	Unicorn-46798.exe
1688	Unicorn-49437.exe
1688	Unicorn-49437.exe
1640	Unicorn-26378.exe
1640	Unicorn-26378.exe
2896	Unicorn-59475.exe
2088	Unicorn-17826.exe
2896	Unicorn-59475.exe
2088	Unicorn-17826.exe
592	Unicorn-42522.exe
592	Unicorn-42522.exe
1404	Unicorn-26056.exe
1404	Unicorn-26056.exe
588	Unicorn-2236.exe
300	Unicorn-5635.exe
588	Unicorn-2236.exe
300	Unicorn-5635.exe
2300	Unicorn-43076.exe
2300	Unicorn-43076.exe
3012	Unicorn-62942.exe
3012	Unicorn-62942.exe
2792	Unicorn-53697.exe
2792	Unicorn-53697.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1936	2772	WerFault.exe	136
2248	1276	WerFault.exe	226

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1340	4e515e016ce2efe82dc48a76d4d82b73.exe
2164	Unicorn-1966.exe
2752	Unicorn-31946.exe
2852	Unicorn-16164.exe
2728	Unicorn-8292.exe
2524	Unicorn-5270.exe
2616	Unicorn-49325.exe
1980	Unicorn-42392.exe
2896	Unicorn-59475.exe
1404	Unicorn-26056.exe
2792	Unicorn-53697.exe
300	Unicorn-5635.exe
2104	Unicorn-46798.exe
1688	Unicorn-49437.exe
1640	Unicorn-26378.exe
2088	Unicorn-17826.exe
592	Unicorn-42522.exe
3012	Unicorn-62942.exe
2300	Unicorn-43076.exe
588	Unicorn-2236.exe
2244	Unicorn-37761.exe
1120	Unicorn-40227.exe
2416	Unicorn-2724.exe
1932	Unicorn-31505.exe
2484	Unicorn-57353.exe
1260	Unicorn-54139.exe
2976	Unicorn-17067.exe
1176	Unicorn-45101.exe
1700	Unicorn-36933.exe
1212	Unicorn-47730.exe
1672	Unicorn-57161.exe
2564	Unicorn-8707.exe
2404	Unicorn-23563.exe
2464	Unicorn-53511.exe
2824	Unicorn-48814.exe
2864	Unicorn-58326.exe
2640	Unicorn-18239.exe
2148	Unicorn-20823.exe
2628	Unicorn-36089.exe
2396	Unicorn-1565.exe
2972	Unicorn-15291.exe
2924	Unicorn-30636.exe
288	Unicorn-9618.exe
2684	Unicorn-19130.exe
2112	Unicorn-22468.exe
1768	Unicorn-10770.exe
2956	Unicorn-25400.exe
2588	Unicorn-38996.exe
2888	Unicorn-40875.exe
2240	Unicorn-33335.exe
760	Unicorn-63308.exe
1936	WerFault.exe
2392	Unicorn-30678.exe
2016	Unicorn-6230.exe
1628	Unicorn-38893.exe
1684	Unicorn-26402.exe
1880	Unicorn-36941.exe
996	Unicorn-22311.exe
2372	Unicorn-1336.exe
240	Unicorn-1891.exe
1064	Unicorn-62213.exe
2160	Unicorn-37611.exe
2460	Unicorn-50345.exe
1804	Unicorn-64434.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1340 wrote to memory of 2164	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	28
PID 1340 wrote to memory of 2164	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	28
PID 1340 wrote to memory of 2164	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	28
PID 1340 wrote to memory of 2164	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	28
PID 2164 wrote to memory of 2752	2164	Unicorn-1966.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-1966.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-1966.exe	29
PID 2164 wrote to memory of 2752	2164	Unicorn-1966.exe	29
PID 1340 wrote to memory of 2852	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	30
PID 1340 wrote to memory of 2852	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	30
PID 1340 wrote to memory of 2852	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	30
PID 1340 wrote to memory of 2852	1340	4e515e016ce2efe82dc48a76d4d82b73.exe	30
PID 2752 wrote to memory of 2728	2752	Unicorn-54284.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-54284.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-54284.exe	33
PID 2752 wrote to memory of 2728	2752	Unicorn-54284.exe	33
PID 2164 wrote to memory of 2524	2164	Unicorn-1966.exe	176
PID 2164 wrote to memory of 2524	2164	Unicorn-1966.exe	176
PID 2164 wrote to memory of 2524	2164	Unicorn-1966.exe	176
PID 2164 wrote to memory of 2524	2164	Unicorn-1966.exe	176
PID 2852 wrote to memory of 2616	2852	Unicorn-16164.exe	31
PID 2852 wrote to memory of 2616	2852	Unicorn-16164.exe	31
PID 2852 wrote to memory of 2616	2852	Unicorn-16164.exe	31
PID 2852 wrote to memory of 2616	2852	Unicorn-16164.exe	31
PID 2728 wrote to memory of 1980	2728	Unicorn-8292.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8292.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8292.exe	38
PID 2728 wrote to memory of 1980	2728	Unicorn-8292.exe	38
PID 2752 wrote to memory of 2896	2752	Unicorn-54284.exe	37
PID 2752 wrote to memory of 2896	2752	Unicorn-54284.exe	37
PID 2752 wrote to memory of 2896	2752	Unicorn-54284.exe	37
PID 2752 wrote to memory of 2896	2752	Unicorn-54284.exe	37
PID 2524 wrote to memory of 1404	2524	Unicorn-5270.exe	36
PID 2524 wrote to memory of 1404	2524	Unicorn-5270.exe	36
PID 2524 wrote to memory of 1404	2524	Unicorn-5270.exe	36
PID 2524 wrote to memory of 1404	2524	Unicorn-5270.exe	36
PID 2852 wrote to memory of 2792	2852	Unicorn-16164.exe	95
PID 2852 wrote to memory of 2792	2852	Unicorn-16164.exe	95
PID 2852 wrote to memory of 2792	2852	Unicorn-16164.exe	95
PID 2852 wrote to memory of 2792	2852	Unicorn-16164.exe	95
PID 2616 wrote to memory of 300	2616	Unicorn-49325.exe	34
PID 2616 wrote to memory of 300	2616	Unicorn-49325.exe	34
PID 2616 wrote to memory of 300	2616	Unicorn-49325.exe	34
PID 2616 wrote to memory of 300	2616	Unicorn-49325.exe	34
PID 1980 wrote to memory of 2104	1980	Unicorn-42392.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-42392.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-42392.exe	46
PID 1980 wrote to memory of 2104	1980	Unicorn-42392.exe	46
PID 2728 wrote to memory of 1688	2728	Unicorn-8292.exe	123
PID 2728 wrote to memory of 1688	2728	Unicorn-8292.exe	123
PID 2728 wrote to memory of 1688	2728	Unicorn-8292.exe	123
PID 2728 wrote to memory of 1688	2728	Unicorn-8292.exe	123
PID 2896 wrote to memory of 1640	2896	Unicorn-59475.exe	44
PID 2896 wrote to memory of 1640	2896	Unicorn-59475.exe	44
PID 2896 wrote to memory of 1640	2896	Unicorn-59475.exe	44
PID 2896 wrote to memory of 1640	2896	Unicorn-59475.exe	44
PID 1404 wrote to memory of 2088	1404	Unicorn-26056.exe	39
PID 1404 wrote to memory of 2088	1404	Unicorn-26056.exe	39
PID 1404 wrote to memory of 2088	1404	Unicorn-26056.exe	39
PID 1404 wrote to memory of 2088	1404	Unicorn-26056.exe	39
PID 2792 wrote to memory of 3012	2792	Unicorn-53697.exe	42
PID 2792 wrote to memory of 3012	2792	Unicorn-53697.exe	42
PID 2792 wrote to memory of 3012	2792	Unicorn-53697.exe	42
PID 2792 wrote to memory of 3012	2792	Unicorn-53697.exe	42

C:\Users\Admin\AppData\Local\Temp\4e515e016ce2efe82dc48a76d4d82b73.exe
"C:\Users\Admin\AppData\Local\Temp\4e515e016ce2efe82dc48a76d4d82b73.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1340
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
        7⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23563.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-376.exe
        9⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52006.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
        13⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        15⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
        16⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        12⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49671.exe
        13⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        14⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25504.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        12⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
        13⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
        14⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18296.exe
        10⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7315.exe
        12⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57139.exe
        13⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14243.exe
        13⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48814.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        11⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21841.exe
        12⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29021.exe
        8⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21820.exe
        10⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        11⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
        12⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8570.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20668.exe
        10⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        11⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22311.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47730.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26402.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15920.exe
        12⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31564.exe
        8⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2473.exe
        9⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54845.exe
        10⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
        11⤵
        
        PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31016.exe
        5⤵
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
        7⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4304.exe
        8⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22131.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32775.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19288.exe
        13⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        9⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
        11⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        12⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6126.exe
        7⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10678.exe
        9⤵
        
        PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26378.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31505.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45301.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52769.exe
        10⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6230.exe
        11⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41706.exe
        13⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
        14⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49884.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10957.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35094.exe
        9⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24757.exe
        10⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
        11⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        12⤵
        
        PID:1276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
        13⤵
        Program crash
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62452.exe
        8⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23652.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        10⤵
        
        PID:2348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
        6⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49245.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
        9⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57476.exe
        10⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60839.exe
        11⤵
        
        PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        5⤵
        Executes dropped EXE
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18089.exe
        6⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
        7⤵
        
        PID:1956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe
    3⤵
    PID:2524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57353.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
        9⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41399.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63713.exe
        11⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39796.exe
        12⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38198.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40875.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        12⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
        13⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        14⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-433.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65410.exe
        9⤵
        
        PID:2772
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
        10⤵
        Executes dropped EXE
        Program crash
        Suspicious use of SetWindowsHookEx
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36054.exe
        9⤵
        
        PID:328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9785.exe
        11⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-865.exe
        12⤵
        
        PID:560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        6⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
        7⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13427.exe
        8⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49240.exe
        9⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
        10⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        11⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
        12⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        11⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16875.exe
        12⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        7⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        8⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
        9⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        10⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        11⤵
        
        PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
        5⤵
        Executes dropped EXE
        
        PID:1260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38996.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27350.exe
        7⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52240.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        9⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43076.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22500.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
        8⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        9⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58581.exe
        7⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        8⤵
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        5⤵
        
        PID:2396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36089.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
        10⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11720.exe
        6⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54284.exe
        7⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26210.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
        9⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        11⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62627.exe
        11⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3412.exe
        7⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
        8⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe
        10⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26304.exe
        11⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
        10⤵
        
        PID:2836
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49325.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5635.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45101.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40122.exe
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
        10⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
        11⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        12⤵
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19318.exe
        7⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31394.exe
        9⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25307.exe
        10⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17373.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15429.exe
        13⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8788.exe
        8⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        9⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27912.exe
        10⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        11⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1249.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7069.exe
        13⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17067.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9831.exe
        6⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64818.exe
        7⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17923.exe
        9⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38893.exe
        10⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24083.exe
        11⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
        10⤵
        
        PID:500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8928.exe
        6⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36246.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35317.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40574.exe
        9⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        10⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41311.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        12⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
        13⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
        8⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
        9⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7938.exe
        10⤵
        
        PID:2244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
        6⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46064.exe
        8⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32421.exe
        10⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53697.exe
        6⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9878.exe
        7⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
        8⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15291.exe
        10⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44887.exe
        11⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
        7⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5270.exe
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51280.exe
        9⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60226.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
        11⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19027.exe
        9⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
        10⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        10⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62063.exe
        7⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53942.exe
        9⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
        10⤵
        
        PID:1040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37985.exe
    3⤵
    PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62942.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3876.exe
        5⤵
        
        PID:1212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63308.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31591.exe
        7⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23802.exe
        8⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21223.exe
        9⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34642.exe
        11⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10770.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64434.exe
        6⤵
        Executes dropped EXE
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
        7⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61160.exe
        8⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
        9⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46672.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49739.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16598.exe
        7⤵
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
        8⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        9⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21265.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2183.exe
        11⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57071.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60133.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        10⤵
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8707.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23423.exe
        6⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30678.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13044.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12328.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12322.exe
        7⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
        8⤵
        
        PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe

Filesize
93KB

MD5
646b55bba6bfc027b75566deed70a92e

SHA1
dcc43023ab9fb5ea6c25238756e8dd8befb4e9ee

SHA256
d6e1344f5ccf3522a1f4929810562e63450d8dc15f2cc4d47db0304d74076a0b

SHA512
aa50e67b2597fecafaad829f63beddc05d310516da47f024b37f146fa1f9f9c97a73dbd70359e135196956d5066cf7e893e6b903eddd6afe4188d0a6922befc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34114.exe

Filesize
136KB

MD5
996f3f815c4abff09cd3236e799a54cb

SHA1
d2661d2b854dc77875a82b4ef974094da07029cc

SHA256
fb18ffcf1ebd1a376610715d2009b8adedcea929cd445f9ce0be49afc72007b6

SHA512
91d67356e14ed5d6c4e6cfa491eff999a3de4e6f4b4bbf0bc9bf7d7a2bc74165778524e1bb1a85b9a20799618a6f7399c9ee2de1630b620e4d7fb6b43b674434

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40734.exe

Filesize
184KB

MD5
b8be62da6bfc6ecd55164769c3605f7e

SHA1
ac19171d32a7a683ca56241bc9aa2789171463a9

SHA256
e7f4405989f284c7c8c8ba73c7f1dde8fe2d9a0426f9233bb6fd9d4d1f81a0e0

SHA512
c4e352614bac847eb1e3cc3fffd14c85976885873953c1ef1fdcfb64897e1cbd5e438cc41c4edec24d3ba5d6111a7fa06e2845b0c98aa9ce3209308ccda18b76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
96KB

MD5
520ab6b49e1d3dacd84d4c75a2109ef6

SHA1
66231e8f9998995ac2fea0ff64e9e4282ef818eb

SHA256
6eb06ebe75f78b8855122af006813dd0d30915fa785aa033187ff5146e13a26b

SHA512
728d1adac8c56f6fa502647bc81ff956461f2e23c8b8319fab914f07f116dcea46ec62e766021c5ab9d943a56d5e22bd4d7a96f2aad07ad3315bf8bcac35ef0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe

Filesize
184KB

MD5
03d15526b5f484cd2f3ead61f00a25b9

SHA1
8c91f15f355324ac219aabb18bb73a59323ecde4

SHA256
e6f8c503bbd2604a56d85c37422fea32e8fa4df122c0788be67889e2ed563740

SHA512
c05793c7d65277a42194424b3ab7ff3b940eb7f70a87f04b5edeec17a7321a78539f9dc7c9c89140a86cbae8f0a504fc0a51b62f2e3298acfea7f31e234a803e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe

Filesize
184KB

MD5
e0a2e28f38bbf0348b9f8c592d8cc90b

SHA1
92735552a43cdebeb04f040d6dd64cab47e7ebb4

SHA256
5fde64eca686f2a7e32265ace59c97886319078ef2e5a8e6856af5adef9009eb

SHA512
74cb120595c993a8599b7cfc2fec971481201b656a78be7f80b3be2a6649b6e650d1f918bfb5f0955276915862cefc133136caef4f1fe97154871aeebc7b6d3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16164.exe

Filesize
92KB

MD5
6756384bd8fdf0e8444d2a6ad836c2b7

SHA1
8ca72de10ac25a62b1f195f76de4726ab357aa6d

SHA256
c9b6b01d1ffe1a81ffeaca51452aebfc11f637c7a2a42e96e5f991e18ea68854

SHA512
10fbf09367c23bc7f08a6c71a56dc5480575f3944bb6f2570d927159082c1d9a78a9cda94609a8e166f7686bd0cd83b9adec5d97b8e856c1ad47fe5902d72c1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1966.exe

Filesize
184KB

MD5
492515ef4c34427bd4de0110b88d8553

SHA1
938e2a7e96aa282d45e59aa067cbaf2d8ca5df1f

SHA256
12fc945e78bc6800647c25a5237839c5c96504bafd9b24b4c448b416463c0553

SHA512
304cc8a0a0360a66a2a37e5a7c4961f56987e91e637cc52036af9e4cb107ec6b42215ba2a239705c118653536ece680faf32ff35f147c0160240d17e3ccd3f45

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe

Filesize
184KB

MD5
89e0ce052c26a3c78f1300b717832d89

SHA1
1d1275df653371a83144d3eed4ecc048a0ae5833

SHA256
000c6a3b0de37cae04e06cf615007b94b7b6af271651d717642b012c28f2f0f4

SHA512
9522d85be2fd0610245a71454a31f398cab7983d9259d34f14f0e377659b40fb3be569c8aba9265aa60db4a99de5508680ab9bc6c3926332bc9bf51201c45150

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25375.exe

Filesize
99KB

MD5
4266b55032d69d897867ce11f606821a

SHA1
809737cf28c1f2c09c2dcac0b5ff3df6256ede55

SHA256
6f91579e7a6313faa1c072fe84c3281920dfcb73245ff4d1cbf58e0ab3ad8b07

SHA512
a59c088c6be0ce271d6921591111042b13797d850623850a3bcffd01f64981b26ebaab35ea78315acab8d83db803464c37df59464b92cb25d2efd71e07ae7dea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31946.exe

Filesize
184KB

MD5
b902300bde50f56f8b498ff57967054c

SHA1
6c702296fa61567a68c4dea06d4f69e024801a35

SHA256
536fb7b88c8c6bc368ed1feff1a51879887e70d4ae9944aee4a8c3c97f877053

SHA512
24110de2da5a979f9217bef449f099fd531df5891bdb29cd6230efac00d7e0d9d6dc610fa6df62f5f7c5c1ff90ce0b904bb7e7b5c9bce4e257e7696c5b6228fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42392.exe

Filesize
92KB

MD5
e86028803b6419663a4951408ecf7591

SHA1
62e01ed4160d06fef3dec29342460b15e0749c25

SHA256
35c243c6cfcdde695a77950652c8106c6d2e97aa660f344e7d741a56f09b6888

SHA512
68c726a0caa3a69957ffd9afca0fec6121d1f129994b9d4d4eb1f68b26210b0d7169833b3371af8932e590466b9eecb8b7f5bd0ae178e6caf378f6c392ce2dc8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads