694eebe89acbb0aa248a8d82c893d3de6347223d81c317165423dd104f584823

Analysis

max time kernel
138s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50a39adb75ff8b1ebcbbba2ae9001432.exe
Size

184KB
MD5

50a39adb75ff8b1ebcbbba2ae9001432
SHA1

1da65dfb8315d892f9c200b8953d89a969774054
SHA256

694eebe89acbb0aa248a8d82c893d3de6347223d81c317165423dd104f584823
SHA512

1c3941a6645422dc0d3e85b018ce5a1f041b022955ae433b4c3c2e0f3592e1a40b87cc63aa937e401ee002e617498b98cfbe3d2b84a1197ffb6dddfc32e429e1
SSDEEP

3072:iWERo4ryrNwooqjAoarKvJcCmL5MsE2w+6xvxEyNNlvvpFy:iWmoPOooXo0KvJKLg7NlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2700	Unicorn-47593.exe
3036	Unicorn-18943.exe
2936	Unicorn-56446.exe
2764	Unicorn-40790.exe
2120	Unicorn-13908.exe
2040	Unicorn-21522.exe
2792	Unicorn-26709.exe
1964	Unicorn-63657.exe
2808	Unicorn-64212.exe
2248	Unicorn-42853.exe
2264	Unicorn-64020.exe
1508	Unicorn-39127.exe
772	Unicorn-51742.exe
1348	Unicorn-59355.exe
1168	Unicorn-14985.exe
2000	Unicorn-14430.exe
1940	Unicorn-48447.exe
2020	Unicorn-23943.exe
1812	Unicorn-44726.exe
1916	Unicorn-40170.exe
1560	Unicorn-3968.exe
1120	Unicorn-53730.exe
2060	Unicorn-8613.exe
1664	Unicorn-53346.exe
2236	Unicorn-45178.exe
1888	Unicorn-37010.exe
552	Unicorn-41840.exe
2084	Unicorn-40902.exe
1880	Unicorn-25120.exe
284	Unicorn-616.exe
2016	Unicorn-29968.exe
2628	Unicorn-51327.exe
3028	Unicorn-10507.exe
2788	Unicorn-1379.exe
2364	Unicorn-2427.exe
2132	Unicorn-46304.exe
1752	Unicorn-38629.exe
2284	Unicorn-63195.exe
2752	Unicorn-20648.exe
2840	Unicorn-63387.exe
1488	Unicorn-5826.exe
2212	Unicorn-46688.exe
2980	Unicorn-35099.exe
2636	Unicorn-21909.exe
2804	Unicorn-38437.exe
1932	Unicorn-1187.exe
2824	Unicorn-13932.exe
1528	Unicorn-21586.exe
692	Unicorn-56797.exe
1920	Unicorn-41037.exe
2500	Unicorn-58224.exe
1228	Unicorn-28593.exe
1764	Unicorn-29745.exe
860	Unicorn-41888.exe
2516	Unicorn-37228.exe
108	Unicorn-46465.exe
2916	Unicorn-46164.exe
2640	Unicorn-16232.exe
2812	Unicorn-38572.exe
2820	Unicorn-57840.exe
2740	Unicorn-26320.exe
2620	Unicorn-4939.exe
2608	Unicorn-4747.exe
2944	Unicorn-8831.exe

Loads dropped DLL 64 IoCs

pid	Process
2944	50a39adb75ff8b1ebcbbba2ae9001432.exe
2944	50a39adb75ff8b1ebcbbba2ae9001432.exe
2700	Unicorn-47593.exe
2700	Unicorn-47593.exe
2944	50a39adb75ff8b1ebcbbba2ae9001432.exe
2944	50a39adb75ff8b1ebcbbba2ae9001432.exe
3036	Unicorn-18943.exe
2700	Unicorn-47593.exe
3036	Unicorn-18943.exe
2700	Unicorn-47593.exe
2936	Unicorn-56446.exe
2936	Unicorn-56446.exe
2764	Unicorn-40790.exe
3036	Unicorn-18943.exe
2764	Unicorn-40790.exe
3036	Unicorn-18943.exe
2120	Unicorn-13908.exe
2120	Unicorn-13908.exe
2040	Unicorn-21522.exe
2040	Unicorn-21522.exe
2936	Unicorn-56446.exe
2936	Unicorn-56446.exe
2792	Unicorn-26709.exe
2792	Unicorn-26709.exe
2764	Unicorn-40790.exe
2764	Unicorn-40790.exe
2248	Unicorn-42853.exe
2248	Unicorn-42853.exe
2040	Unicorn-21522.exe
2040	Unicorn-21522.exe
2264	Unicorn-64020.exe
2264	Unicorn-64020.exe
2808	Unicorn-64212.exe
2808	Unicorn-64212.exe
1964	Unicorn-63657.exe
1964	Unicorn-63657.exe
2120	Unicorn-13908.exe
2120	Unicorn-13908.exe
1508	Unicorn-39127.exe
1508	Unicorn-39127.exe
2792	Unicorn-26709.exe
2792	Unicorn-26709.exe
772	Unicorn-51742.exe
772	Unicorn-51742.exe
1168	Unicorn-14985.exe
1168	Unicorn-14985.exe
2020	Unicorn-23943.exe
2020	Unicorn-23943.exe
1348	Unicorn-59355.exe
1348	Unicorn-59355.exe
1812	Unicorn-44726.exe
1812	Unicorn-44726.exe
2248	Unicorn-42853.exe
2248	Unicorn-42853.exe
1964	Unicorn-63657.exe
1964	Unicorn-63657.exe
1940	Unicorn-48447.exe
1940	Unicorn-48447.exe
2808	Unicorn-64212.exe
2808	Unicorn-64212.exe
2020	Unicorn-23943.exe
2020	Unicorn-23943.exe
2236	Unicorn-45178.exe
284	Unicorn-616.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2944	2588	WerFault.exe	155
2984	2108	WerFault.exe	193

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2944	50a39adb75ff8b1ebcbbba2ae9001432.exe
2700	Unicorn-47593.exe
3036	Unicorn-18943.exe
2936	Unicorn-56446.exe
2120	Unicorn-13908.exe
2764	Unicorn-40790.exe
2040	Unicorn-21522.exe
2792	Unicorn-26709.exe
2808	Unicorn-64212.exe
2248	Unicorn-42853.exe
2264	Unicorn-64020.exe
1964	Unicorn-63657.exe
1508	Unicorn-39127.exe
772	Unicorn-51742.exe
1348	Unicorn-59355.exe
1168	Unicorn-14985.exe
2020	Unicorn-23943.exe
1812	Unicorn-44726.exe
1940	Unicorn-48447.exe
1916	Unicorn-40170.exe
1560	Unicorn-3968.exe
1120	Unicorn-53730.exe
2060	Unicorn-8613.exe
1664	Unicorn-53346.exe
2236	Unicorn-45178.exe
1888	Unicorn-37010.exe
552	Unicorn-41840.exe
284	Unicorn-616.exe
1880	Unicorn-25120.exe
2084	Unicorn-40902.exe
2364	Unicorn-2427.exe
2980	Unicorn-35099.exe
2628	Unicorn-51327.exe
2752	Unicorn-20648.exe
2132	Unicorn-46304.exe
1488	Unicorn-5826.exe
2284	Unicorn-63195.exe
2016	Unicorn-29968.exe
3028	Unicorn-10507.exe
2804	Unicorn-38437.exe
2824	Unicorn-13932.exe
2788	Unicorn-1379.exe
2636	Unicorn-21909.exe
1752	Unicorn-38629.exe
2840	Unicorn-63387.exe
2212	Unicorn-46688.exe
1932	Unicorn-1187.exe
1528	Unicorn-21586.exe
692	Unicorn-56797.exe
2500	Unicorn-58224.exe
1764	Unicorn-29745.exe
1920	Unicorn-41037.exe
860	Unicorn-41888.exe
1228	Unicorn-28593.exe
2516	Unicorn-37228.exe
108	Unicorn-46465.exe
2640	Unicorn-16232.exe
2916	Unicorn-46164.exe
2820	Unicorn-57840.exe
2620	Unicorn-4939.exe
2812	Unicorn-38572.exe
2588	Unicorn-17768.exe
2740	Unicorn-26320.exe
2608	Unicorn-4747.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 2700	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	27
PID 2944 wrote to memory of 2700	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	27
PID 2944 wrote to memory of 2700	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	27
PID 2944 wrote to memory of 2700	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	27
PID 2700 wrote to memory of 3036	2700	Unicorn-47593.exe	28
PID 2700 wrote to memory of 3036	2700	Unicorn-47593.exe	28
PID 2700 wrote to memory of 3036	2700	Unicorn-47593.exe	28
PID 2700 wrote to memory of 3036	2700	Unicorn-47593.exe	28
PID 2944 wrote to memory of 2936	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	29
PID 2944 wrote to memory of 2936	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	29
PID 2944 wrote to memory of 2936	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	29
PID 2944 wrote to memory of 2936	2944	50a39adb75ff8b1ebcbbba2ae9001432.exe	29
PID 3036 wrote to memory of 2764	3036	Unicorn-18943.exe	30
PID 3036 wrote to memory of 2764	3036	Unicorn-18943.exe	30
PID 3036 wrote to memory of 2764	3036	Unicorn-18943.exe	30
PID 3036 wrote to memory of 2764	3036	Unicorn-18943.exe	30
PID 2700 wrote to memory of 2120	2700	Unicorn-47593.exe	31
PID 2700 wrote to memory of 2120	2700	Unicorn-47593.exe	31
PID 2700 wrote to memory of 2120	2700	Unicorn-47593.exe	31
PID 2700 wrote to memory of 2120	2700	Unicorn-47593.exe	31
PID 2936 wrote to memory of 2040	2936	Unicorn-56446.exe	32
PID 2936 wrote to memory of 2040	2936	Unicorn-56446.exe	32
PID 2936 wrote to memory of 2040	2936	Unicorn-56446.exe	32
PID 2936 wrote to memory of 2040	2936	Unicorn-56446.exe	32
PID 2764 wrote to memory of 2792	2764	Unicorn-40790.exe	33
PID 2764 wrote to memory of 2792	2764	Unicorn-40790.exe	33
PID 2764 wrote to memory of 2792	2764	Unicorn-40790.exe	33
PID 2764 wrote to memory of 2792	2764	Unicorn-40790.exe	33
PID 3036 wrote to memory of 2808	3036	Unicorn-18943.exe	34
PID 3036 wrote to memory of 2808	3036	Unicorn-18943.exe	34
PID 3036 wrote to memory of 2808	3036	Unicorn-18943.exe	34
PID 3036 wrote to memory of 2808	3036	Unicorn-18943.exe	34
PID 2120 wrote to memory of 1964	2120	Unicorn-13908.exe	35
PID 2120 wrote to memory of 1964	2120	Unicorn-13908.exe	35
PID 2120 wrote to memory of 1964	2120	Unicorn-13908.exe	35
PID 2120 wrote to memory of 1964	2120	Unicorn-13908.exe	35
PID 2040 wrote to memory of 2248	2040	Unicorn-21522.exe	36
PID 2040 wrote to memory of 2248	2040	Unicorn-21522.exe	36
PID 2040 wrote to memory of 2248	2040	Unicorn-21522.exe	36
PID 2040 wrote to memory of 2248	2040	Unicorn-21522.exe	36
PID 2936 wrote to memory of 2264	2936	Unicorn-56446.exe	37
PID 2936 wrote to memory of 2264	2936	Unicorn-56446.exe	37
PID 2936 wrote to memory of 2264	2936	Unicorn-56446.exe	37
PID 2936 wrote to memory of 2264	2936	Unicorn-56446.exe	37
PID 2792 wrote to memory of 1508	2792	Unicorn-26709.exe	38
PID 2792 wrote to memory of 1508	2792	Unicorn-26709.exe	38
PID 2792 wrote to memory of 1508	2792	Unicorn-26709.exe	38
PID 2792 wrote to memory of 1508	2792	Unicorn-26709.exe	38
PID 2764 wrote to memory of 772	2764	Unicorn-40790.exe	39
PID 2764 wrote to memory of 772	2764	Unicorn-40790.exe	39
PID 2764 wrote to memory of 772	2764	Unicorn-40790.exe	39
PID 2764 wrote to memory of 772	2764	Unicorn-40790.exe	39
PID 2248 wrote to memory of 1348	2248	Unicorn-42853.exe	40
PID 2248 wrote to memory of 1348	2248	Unicorn-42853.exe	40
PID 2248 wrote to memory of 1348	2248	Unicorn-42853.exe	40
PID 2248 wrote to memory of 1348	2248	Unicorn-42853.exe	40
PID 2040 wrote to memory of 1168	2040	Unicorn-21522.exe	41
PID 2040 wrote to memory of 1168	2040	Unicorn-21522.exe	41
PID 2040 wrote to memory of 1168	2040	Unicorn-21522.exe	41
PID 2040 wrote to memory of 1168	2040	Unicorn-21522.exe	41
PID 2264 wrote to memory of 2000	2264	Unicorn-64020.exe	42
PID 2264 wrote to memory of 2000	2264	Unicorn-64020.exe	42
PID 2264 wrote to memory of 2000	2264	Unicorn-64020.exe	42
PID 2264 wrote to memory of 2000	2264	Unicorn-64020.exe	42

C:\Users\Admin\AppData\Local\Temp\50a39adb75ff8b1ebcbbba2ae9001432.exe
"C:\Users\Admin\AppData\Local\Temp\50a39adb75ff8b1ebcbbba2ae9001432.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38629.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8831.exe
        9⤵
        Executes dropped EXE
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2988.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
        11⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        12⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36663.exe
        13⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        15⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        16⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        17⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37746.exe
        18⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53309.exe
        19⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14721.exe
        10⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7638.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
        12⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52312.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        15⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20253.exe
        16⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64633.exe
        9⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
        10⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
        11⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
        13⤵
        
        PID:2108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
        14⤵
        Program crash
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38437.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59890.exe
        9⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54789.exe
        10⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53523.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4037.exe
        12⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40060.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49754.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        15⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-996.exe
        11⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31321.exe
        12⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        13⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42141.exe
        14⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
        15⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33657.exe
        16⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13932.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
        9⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33710.exe
        10⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
        12⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
        13⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31223.exe
        16⤵
        
        PID:1932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26320.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50529.exe
        10⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        11⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        12⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        13⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
        14⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9889.exe
        15⤵
        
        PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40902.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        8⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        10⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
        11⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18213.exe
        14⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62250.exe
        15⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44622.exe
        16⤵
        
        PID:1720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5826.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58224.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42402.exe
        8⤵
        
        PID:1408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30663.exe
        10⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63225.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15363.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
        14⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24513.exe
        15⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
        16⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        17⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61072.exe
        16⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
        15⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
        16⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        7⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59060.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
        10⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        11⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
        13⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10507.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41302.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        9⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        10⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51160.exe
        11⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9084.exe
        12⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29552.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        11⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
        12⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39770.exe
        13⤵
        
        PID:2828
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53346.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20648.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
        12⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        13⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        14⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54388.exe
        15⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12281.exe
        16⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
        17⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51327.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17768.exe
        8⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27493.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12189.exe
        11⤵
        
        PID:2588
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
        12⤵
        Program crash
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48660.exe
        8⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55007.exe
        9⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        10⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55324.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52893.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39157.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21913.exe
        14⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28239.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
        16⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3724.exe
        17⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
        16⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
        7⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
        8⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13964.exe
        9⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11966.exe
        10⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9852.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40678.exe
        13⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15592.exe
        14⤵
        
        PID:532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1187.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1753.exe
        8⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13782.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61992.exe
        10⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59561.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38633.exe
        13⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
        14⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26812.exe
        7⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1914.exe
        8⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        9⤵
        
        PID:692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4253.exe
        11⤵
        
        PID:1744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44726.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        8⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36746.exe
        11⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6048.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
        14⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
        15⤵
        
        PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63387.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41888.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
        7⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26585.exe
        8⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7913.exe
        9⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
        10⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38988.exe
        11⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1248.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        14⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
        11⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        12⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        13⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
        15⤵
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51987.exe
        10⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5524.exe
        11⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe
        13⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
        14⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-755.exe
        12⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        13⤵
        
        PID:2444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        6⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43523.exe
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50290.exe
        8⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55680.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32166.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1669.exe
        12⤵
        
        PID:2760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45178.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1379.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28593.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1229.exe
        10⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12298.exe
        11⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        12⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34305.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        14⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20232.exe
        15⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62245.exe
        16⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46656.exe
        15⤵
        
        PID:2456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
        8⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26694.exe
        9⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29102.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33155.exe
        11⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3692.exe
        12⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        13⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7605.exe
        14⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43283.exe
        15⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        16⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20807.exe
        15⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4747.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21510.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        11⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
        12⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
        13⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53075.exe
        13⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
        14⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33081.exe
        15⤵
        
        PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8613.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38572.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
        8⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
        10⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48147.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
        12⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        13⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        14⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
        15⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42012.exe
        16⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        10⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6315.exe
        11⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40833.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14076.exe
        13⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        14⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43719.exe
        15⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18613.exe
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25402.exe
        9⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57906.exe
        10⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38436.exe
        11⤵
        
        PID:2696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21586.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29745.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
        7⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        8⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
        9⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
        10⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18353.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49043.exe
        12⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
        13⤵
        
        PID:1364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe
      4⤵
      Executes dropped EXE
      PID:2000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14985.exe

Filesize
184KB

MD5
0779d5b75fd6673ecf8a683295b605e3

SHA1
7b3dbe5d1389ca746fc325da68dcba8382092007

SHA256
1b78612c2bccc9e2a40cc1d45aa99c15ae5fcd37e0add9296fb332952e260671

SHA512
bccae9ac6c509401e3c7e1b046a9b8a83e97e3edc8a827eeae1d6f3f208cfb71ed8648e0c6f1d5e7b350ed00a020d7904853d0c99f6c2226cdd5e73c01964e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26419.exe

Filesize
184KB

MD5
3288cb593a3473d47441af7f00b37023

SHA1
6c528cbe342af63d31efcc6dd1225bb570d9ccbc

SHA256
f7ce3e2e679de861075a0f16a9a0f9e4cc4b7d4ee267c5d88c47f5b496db750d

SHA512
08b4db588ebd2278f5112e46070a0a21de325e8a3f33307aea7e2fbf4a05dfdeceba20cbe8ee79d6f35ef79758ac973457242d47a502d323f7f827a2091c31e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe

Filesize
184KB

MD5
13c9240f450ba0c47ea65521e209e7c3

SHA1
3fbf6457a72479524e7c999a00edbe5ca43304db

SHA256
566d54768715fc2d2823ff4d99ed9cd6844e48e9008947a782cac74501fa656a

SHA512
faa8ab879de03299d1fc04e2beb9db06400ae3e6239c4a7769ffa5ba0ba96e332975f43bd543206d330b579c84c51ed59c02a80f81bb81e31041ffcedcb1bdd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5955.exe

Filesize
184KB

MD5
f807f1b7501b8625747f2a20293c4fe4

SHA1
9438c4307b4b4c1756390f83c90e53225b73caf6

SHA256
1cb52326b67de90270a1166aeea59f6f5f2db9cc0f48c7dd827457200f5d5e94

SHA512
34850b13cb01bfde84b8328854defc62bd7040ec8ec2766d01b03713e5433928914a3719b4ec479b90294371b6f4f220512ad3e7f06e60cc242fa69af2775913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe

Filesize
184KB

MD5
afc233bbed575978781a0c0aa6d4f854

SHA1
5fd2353a9888df8370137cc2d329e49232daf29e

SHA256
4d173c1c4bb61bc0c3d033115f02afc9825c893adeb07abbebd73704b00731fd

SHA512
e6fcc231f56027014875607cb5d82ab79a2c140a0b1732db4103b86492bd7873007574befbed9f7d5f917dae45663fa8d9d30287c9a2dcc22e99771704faaf5c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13908.exe

Filesize
184KB

MD5
8dfee37a3b5f497eedb00dbb92267653

SHA1
4a850c384bb03c6698957c7d35a0fa108fa0b68a

SHA256
094060742e86ec4511240a01e78e3feb4f396719249a60a3f384c7a0d8e6b607

SHA512
910ed7cc27513d0595904a30b06d0dbd9a87622986128e5b92eac5f31617baacea586138a8d23295be4454f714d6ff5cae3fbf755840da4f03c78914cf7de27b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14430.exe

Filesize
184KB

MD5
3304be0b2da9905b5312fe2bfb920032

SHA1
67c0d2f30e51f768ad2d62a74816fdeeed40df47

SHA256
468aa0b8bdfe454e739680e8f33cd041f0220016710935f6152b98219780865f

SHA512
43fb703e176d4b52d26177b186173854531ad26967d14f666352f32393021a97e674b147fb2ecaf8abe00728cdd396a64e9a8be54e7832ad3ca827014f5c87da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe

Filesize
184KB

MD5
b976a1d461a2acc7072b5edc318d4eca

SHA1
bc898deb100e9788a006b1c43df3cb1f82c46341

SHA256
dd54c60b5591ba6817264b5a9ec5eeaf1bb6db701c5041ef9374e3e401fc81a6

SHA512
241e64867a279d63e9b5dcb48a52da64406f32337a41b4086f9fb1bd4c33928f919f68235a61e9da990be4533bdf279b87176fa5778ec67332a524c4b1ae39e9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe

Filesize
184KB

MD5
0e119b57fcf7619a6afc2307e1c28a1c

SHA1
940eb86b808d2b985a18f1b727db132eae7e64ef

SHA256
132bbc7bfc94950bfe6fba71915fb31a27202d9ad39ef7fab1ce2f48f5ebb664

SHA512
e9d8a734484969d0105eb1d0a0c5556d0f91f0225b0626543ac3061c1a451515a9b737452260bb328138a46b4be34c11f023c88cae494101d96fd715f8b4c697

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe

Filesize
184KB

MD5
19c9d4c63bf793d2701cefd22db52e11

SHA1
f0259f44ff3cc4b82a1a85db6dd5d894744c2fdb

SHA256
0c854ef5e7a16d6d0d70fc968a790507bc2add0095757e91e39d644ca73c9e6f

SHA512
c801777eeab6138a673d93f5fc3f617c66a67058c9556ca281f4ff3dcf23a49ac42607d1eba525b526cc22e4c3543010f8eb4a15e380b4f601b154194c790c86

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26709.exe

Filesize
184KB

MD5
01793eeabaead2ee3e6d625dde1af6eb

SHA1
1896102bbba0fc3c749381a6d5d5ebfb67c78c3f

SHA256
a5074e78024b0a362de09fadaf8e02ea117286a70bc51bdbf51a6d3d98f3b978

SHA512
89e4c7e4f82219566ad5df6fce78a3161311c7bd64b305966c1f552d8997b047d9a7c168253f02d5cf407440bf7dabc627410a07abb5325d3a9219f28876de3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe

Filesize
184KB

MD5
f360706e7e136cbba3e19266a0d18f7f

SHA1
4758d6c1da964ac6ba11bba34e982e3611d95c8b

SHA256
b120bd38f3786eea6919a576c706a9d9cb266f084c0ca7b431fa1db91ebbae50

SHA512
37ab9d577ec0b5cd068aef7ead2334e0839641921e803ac90ea7fbf7bfe08f39c9493ba2167b8b5b2a2c2ced79d327525e0f1f019d63b0f667a80d28bc1901ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40790.exe

Filesize
184KB

MD5
634827569ebee75c055c6a2317054002

SHA1
146436166fda25a7988acd5e0cf94ec01c780a39

SHA256
f5ffbcf557e0770cd5f6c564c4f3842b6af2c8d3c8bc9d82b841a23a875a6f07

SHA512
f8357d37c818444d409287bd39d38ee85d2a03eaf0d38da67c7e3e540271100c8fcd442615ff5974fb97c4efad66e3120f4db94a12142275090e71f91c1140e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42853.exe

Filesize
184KB

MD5
dccab00d61da1255d904d1ba57b94233

SHA1
2f7585a2a5d0aab5485365d1f9ee5bcdeda82f9e

SHA256
d716aa6c3e34544b95178777bf8cf473f96eb047faa090f02fd7a0743146ea4d

SHA512
13b3d50c77f15c46c0b347cf6e27895fe5efbd6d630b42ee639a2cae6f700585923694a09732b7d0aacbe709fb3e58728c3a6c89914676446b24940077087cd0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47593.exe

Filesize
184KB

MD5
bb06b631951f08b86150506fd5dd9383

SHA1
9d95bb0fd0f057d07dd1490ccb2d76b6f09c43f7

SHA256
c781116f23a644525aa2decab6e0b787eafa6751b98a7348a62e872f36e845d2

SHA512
af61dc52549053fe46980ccb288efb0bb5e59cb99371824486be225cf7747a4d633ca9c2e1b309ff4318268cf82ac0174729bad9c6c70840dfa5d3ad5ae33b6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe

Filesize
184KB

MD5
69b2ae0c11ca7f22a0596992e6e98ce0

SHA1
97fbcf10fe12f1f3f0cd9cd279f42485b5ad5fdb

SHA256
3e2475a49d1fbe1cf39592753674d63d4e8fd74f809ad480e8ab3071d89cc07f

SHA512
f7ec88a90a70d576b24d756e4b73aca046fc1dd635143b8375ed70608145d6624b0ca732bb562baad507b679596d3984bd0f7e7f537d30f0fe0126eccedebebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51742.exe

Filesize
184KB

MD5
d256a565ead9717766939294468c3a31

SHA1
9b5ae7772217555e5038b6faf0e767b9e12e9453

SHA256
e5f967ad9b5ae3900c7c7d40612e94accaf51af685540b2e7c2904d01c5fe237

SHA512
a6d50eef2e8b99cb0f499bc056c0b35abe01f5223126ab55b0c82e4ee34206ebea06fa8f8b7af9dc5dc41225046c7ddbf6ad2398f53fbc25666ae21f1c68e111

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe

Filesize
184KB

MD5
343f31178f89ee74db1d10089bcfe7d9

SHA1
e3e4d11b7d37f5d9301ae125a6f3b8d795c9eb11

SHA256
9998c7b32c10734c3193b1844f8dc210e81143efeb478dc09fe61209d50f783a

SHA512
1913178a2339c9ede3ae387057ec650f789237aff16a315f4b5c87c229642fdf34b2cde5e252a63c17120dda32fb1ca0d6b12174a88325c0b867d0ce00bbdc8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59355.exe

Filesize
184KB

MD5
c7f0211bd85258ff47532cf304a6eb94

SHA1
6a029f9d41034fd2e7f4575ea0d04cb2da8b1a52

SHA256
fe03796eda62e16d18938f53539a2a533d3689a834f75b83cb8cf319887361ed

SHA512
39b53a4c281ba524becc907709e0ef2a5a3b2c84d8c32115e7c947da4e5a6b79ea7760c552eafbffe850d975bbd7f9628fed408ccfbe9268c3e6a6d077a31d14

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe

Filesize
184KB

MD5
f4b07f9a8e2f79ed54a2d73c2fb511c2

SHA1
25d16327bc107d8e0a18fd87a1c8394c84d73016

SHA256
7d294d1c61034687d28c37342b5bce5e370384b1fcfe746c2ce95b51f676b535

SHA512
751d0998671918785ab0db1b3c7d2ff9393c73be5745483e4afef53e03f90bc27ec05b3c4f126c1ea502b054de1e8eb4f2e84c565927fcb192b7626937b15f56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64212.exe

Filesize
184KB

MD5
7e8b0facfa2885cbbbc218f78ea67cc9

SHA1
25cdb17ba3159cb11acd7340aa33ebc739ca92db

SHA256
f35547b9bcc52ec4b3418cd17032a19a0ae586b29df8af5b4cfe2b31c2f2579c

SHA512
05999fb40866cb7701b88ac53955a9fb6284a3ffc582b097ac23c79923f5f26cdac8131fa777e5cface5ec127ee3edcbf500b1ae118d7ef556e69b0def3418c8

Download Submit
memory/2456-1120-0x0000000006490000-0x00000000065EC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads