f5ff5e0b40d7eb33f6f2a58dbeeaf5a44b23233b926cd7940a7a599f3117089d

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 04:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5c240644015a00370dedbcf0464b3b78.exe
Size

184KB
MD5

5c240644015a00370dedbcf0464b3b78
SHA1

68689208e7431351d29526c511c4f6f6c82b494c
SHA256

f5ff5e0b40d7eb33f6f2a58dbeeaf5a44b23233b926cd7940a7a599f3117089d
SHA512

a0b8652f406f644b4cc4aaa41b56b8fecdb1adc973a2b8327f9c8178491804eea5036637e787cc69a8d5c004bfc8a00dcda30d8df03c00df168c5d17d6081251
SSDEEP

3072:pLZpocRAiAmbOj9MgRcvzkuOi66O/YIpDxx8u2U07lvdpFX:pLDoXHmbmMscvzgl6n7lvdpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1376	Unicorn-55841.exe
2312	Unicorn-32479.exe
2088	Unicorn-30210.exe
2732	Unicorn-35930.exe
2660	Unicorn-32016.exe
2740	Unicorn-55411.exe
3068	Unicorn-41937.exe
1200	Unicorn-5159.exe
1468	Unicorn-46680.exe
2236	Unicorn-27521.exe
2920	Unicorn-26622.exe
1492	Unicorn-34527.exe
1956	Unicorn-50863.exe
2548	Unicorn-46758.exe
1196	Unicorn-19343.exe
1532	Unicorn-38310.exe
1384	Unicorn-18444.exe
600	Unicorn-22166.exe
3008	Unicorn-52544.exe
2360	Unicorn-37786.exe
2004	Unicorn-7936.exe
1184	Unicorn-11657.exe
1036	Unicorn-55876.exe
1916	Unicorn-28269.exe
1664	Unicorn-49540.exe
108	Unicorn-61387.exe
2188	Unicorn-15331.exe
2496	Unicorn-64532.exe
2532	Unicorn-29565.exe
1712	Unicorn-33287.exe
2120	Unicorn-48663.exe
2144	Unicorn-19197.exe
2812	Unicorn-41585.exe
2376	Unicorn-7687.exe
2804	Unicorn-46520.exe
2596	Unicorn-12622.exe
2772	Unicorn-32488.exe
2136	Unicorn-30267.exe
1088	Unicorn-20667.exe
584	Unicorn-16945.exe
1472	Unicorn-2986.exe
844	Unicorn-2856.exe
2916	Unicorn-41170.exe
1968	Unicorn-53401.exe
1504	Unicorn-10609.exe
1992	Unicorn-37915.exe
1592	Unicorn-8388.exe
2560	Unicorn-62140.exe
2760	Unicorn-1502.exe
856	Unicorn-19375.exe
2480	Unicorn-15845.exe
2264	Unicorn-57449.exe
2828	Unicorn-17328.exe
2964	Unicorn-16368.exe
964	Unicorn-14073.exe
2764	Unicorn-17904.exe
2440	Unicorn-18563.exe
908	Unicorn-4400.exe
1072	Unicorn-6092.exe
3044	Unicorn-49476.exe
2500	Unicorn-48900.exe
2032	Unicorn-16695.exe
2792	Unicorn-21054.exe
2520	Unicorn-1287.exe

Loads dropped DLL 64 IoCs

pid	Process
3036	5c240644015a00370dedbcf0464b3b78.exe
3036	5c240644015a00370dedbcf0464b3b78.exe
1376	Unicorn-55841.exe
3036	5c240644015a00370dedbcf0464b3b78.exe
1376	Unicorn-55841.exe
3036	5c240644015a00370dedbcf0464b3b78.exe
2312	Unicorn-32479.exe
2312	Unicorn-32479.exe
1376	Unicorn-55841.exe
1376	Unicorn-55841.exe
2088	Unicorn-30210.exe
2088	Unicorn-30210.exe
2732	Unicorn-35930.exe
2732	Unicorn-35930.exe
2312	Unicorn-32479.exe
2312	Unicorn-32479.exe
2660	Unicorn-32016.exe
2660	Unicorn-32016.exe
2740	Unicorn-55411.exe
2740	Unicorn-55411.exe
2088	Unicorn-30210.exe
2088	Unicorn-30210.exe
3068	Unicorn-41937.exe
1200	Unicorn-5159.exe
3068	Unicorn-41937.exe
1200	Unicorn-5159.exe
2732	Unicorn-35930.exe
2732	Unicorn-35930.exe
2236	Unicorn-27521.exe
2236	Unicorn-27521.exe
2920	Unicorn-26622.exe
2920	Unicorn-26622.exe
2740	Unicorn-55411.exe
2740	Unicorn-55411.exe
1468	Unicorn-46680.exe
1468	Unicorn-46680.exe
2660	Unicorn-32016.exe
2660	Unicorn-32016.exe
1492	Unicorn-34527.exe
1492	Unicorn-34527.exe
3068	Unicorn-41937.exe
3068	Unicorn-41937.exe
1956	Unicorn-50863.exe
1956	Unicorn-50863.exe
1200	Unicorn-5159.exe
1200	Unicorn-5159.exe
2548	Unicorn-46758.exe
2548	Unicorn-46758.exe
1532	Unicorn-38310.exe
1532	Unicorn-38310.exe
2920	Unicorn-26622.exe
2920	Unicorn-26622.exe
600	Unicorn-22166.exe
600	Unicorn-22166.exe
3008	Unicorn-52544.exe
3008	Unicorn-52544.exe
1468	Unicorn-46680.exe
1468	Unicorn-46680.exe
1384	Unicorn-18444.exe
1384	Unicorn-18444.exe
1196	Unicorn-19343.exe
1196	Unicorn-19343.exe
2236	Unicorn-27521.exe
2236	Unicorn-27521.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3036	5c240644015a00370dedbcf0464b3b78.exe
1376	Unicorn-55841.exe
2312	Unicorn-32479.exe
2088	Unicorn-30210.exe
2732	Unicorn-35930.exe
2660	Unicorn-32016.exe
2740	Unicorn-55411.exe
3068	Unicorn-41937.exe
1200	Unicorn-5159.exe
1468	Unicorn-46680.exe
2920	Unicorn-26622.exe
2236	Unicorn-27521.exe
1492	Unicorn-34527.exe
1956	Unicorn-50863.exe
2548	Unicorn-46758.exe
1532	Unicorn-38310.exe
1196	Unicorn-19343.exe
1384	Unicorn-18444.exe
600	Unicorn-22166.exe
3008	Unicorn-52544.exe
2360	Unicorn-37786.exe
2004	Unicorn-7936.exe
1184	Unicorn-11657.exe
1036	Unicorn-55876.exe
1916	Unicorn-28269.exe
1664	Unicorn-49540.exe
108	Unicorn-61387.exe
2188	Unicorn-15331.exe
2496	Unicorn-64532.exe
2532	Unicorn-29565.exe
1712	Unicorn-33287.exe
2120	Unicorn-48663.exe
2144	Unicorn-19197.exe
2812	Unicorn-41585.exe
2376	Unicorn-7687.exe
2804	Unicorn-46520.exe
2596	Unicorn-12622.exe
2772	Unicorn-32488.exe
2136	Unicorn-30267.exe
584	Unicorn-16945.exe
1088	Unicorn-20667.exe
844	Unicorn-2856.exe
1472	Unicorn-2986.exe
2916	Unicorn-41170.exe
1968	Unicorn-53401.exe
1504	Unicorn-10609.exe
1992	Unicorn-37915.exe
1592	Unicorn-8388.exe
2560	Unicorn-62140.exe
2760	Unicorn-1502.exe
856	Unicorn-19375.exe
2480	Unicorn-15845.exe
2264	Unicorn-57449.exe
2828	Unicorn-17328.exe
2964	Unicorn-16368.exe
964	Unicorn-14073.exe
2764	Unicorn-17904.exe
908	Unicorn-4400.exe
2440	Unicorn-18563.exe
1072	Unicorn-6092.exe
2500	Unicorn-48900.exe
3044	Unicorn-49476.exe
2032	Unicorn-16695.exe
2792	Unicorn-21054.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1376	3036	5c240644015a00370dedbcf0464b3b78.exe	28
PID 3036 wrote to memory of 1376	3036	5c240644015a00370dedbcf0464b3b78.exe	28
PID 3036 wrote to memory of 1376	3036	5c240644015a00370dedbcf0464b3b78.exe	28
PID 3036 wrote to memory of 1376	3036	5c240644015a00370dedbcf0464b3b78.exe	28
PID 1376 wrote to memory of 2312	1376	Unicorn-55841.exe	29
PID 1376 wrote to memory of 2312	1376	Unicorn-55841.exe	29
PID 1376 wrote to memory of 2312	1376	Unicorn-55841.exe	29
PID 1376 wrote to memory of 2312	1376	Unicorn-55841.exe	29
PID 3036 wrote to memory of 2088	3036	5c240644015a00370dedbcf0464b3b78.exe	30
PID 3036 wrote to memory of 2088	3036	5c240644015a00370dedbcf0464b3b78.exe	30
PID 3036 wrote to memory of 2088	3036	5c240644015a00370dedbcf0464b3b78.exe	30
PID 3036 wrote to memory of 2088	3036	5c240644015a00370dedbcf0464b3b78.exe	30
PID 2312 wrote to memory of 2732	2312	Unicorn-32479.exe	31
PID 2312 wrote to memory of 2732	2312	Unicorn-32479.exe	31
PID 2312 wrote to memory of 2732	2312	Unicorn-32479.exe	31
PID 2312 wrote to memory of 2732	2312	Unicorn-32479.exe	31
PID 1376 wrote to memory of 2660	1376	Unicorn-55841.exe	32
PID 1376 wrote to memory of 2660	1376	Unicorn-55841.exe	32
PID 1376 wrote to memory of 2660	1376	Unicorn-55841.exe	32
PID 1376 wrote to memory of 2660	1376	Unicorn-55841.exe	32
PID 2088 wrote to memory of 2740	2088	Unicorn-30210.exe	33
PID 2088 wrote to memory of 2740	2088	Unicorn-30210.exe	33
PID 2088 wrote to memory of 2740	2088	Unicorn-30210.exe	33
PID 2088 wrote to memory of 2740	2088	Unicorn-30210.exe	33
PID 2732 wrote to memory of 3068	2732	Unicorn-35930.exe	34
PID 2732 wrote to memory of 3068	2732	Unicorn-35930.exe	34
PID 2732 wrote to memory of 3068	2732	Unicorn-35930.exe	34
PID 2732 wrote to memory of 3068	2732	Unicorn-35930.exe	34
PID 2312 wrote to memory of 1200	2312	Unicorn-32479.exe	35
PID 2312 wrote to memory of 1200	2312	Unicorn-32479.exe	35
PID 2312 wrote to memory of 1200	2312	Unicorn-32479.exe	35
PID 2312 wrote to memory of 1200	2312	Unicorn-32479.exe	35
PID 2660 wrote to memory of 1468	2660	Unicorn-32016.exe	36
PID 2660 wrote to memory of 1468	2660	Unicorn-32016.exe	36
PID 2660 wrote to memory of 1468	2660	Unicorn-32016.exe	36
PID 2660 wrote to memory of 1468	2660	Unicorn-32016.exe	36
PID 2740 wrote to memory of 2236	2740	Unicorn-55411.exe	37
PID 2740 wrote to memory of 2236	2740	Unicorn-55411.exe	37
PID 2740 wrote to memory of 2236	2740	Unicorn-55411.exe	37
PID 2740 wrote to memory of 2236	2740	Unicorn-55411.exe	37
PID 2088 wrote to memory of 2920	2088	Unicorn-30210.exe	38
PID 2088 wrote to memory of 2920	2088	Unicorn-30210.exe	38
PID 2088 wrote to memory of 2920	2088	Unicorn-30210.exe	38
PID 2088 wrote to memory of 2920	2088	Unicorn-30210.exe	38
PID 3068 wrote to memory of 1492	3068	Unicorn-41937.exe	39
PID 3068 wrote to memory of 1492	3068	Unicorn-41937.exe	39
PID 3068 wrote to memory of 1492	3068	Unicorn-41937.exe	39
PID 3068 wrote to memory of 1492	3068	Unicorn-41937.exe	39
PID 1200 wrote to memory of 1956	1200	Unicorn-5159.exe	40
PID 1200 wrote to memory of 1956	1200	Unicorn-5159.exe	40
PID 1200 wrote to memory of 1956	1200	Unicorn-5159.exe	40
PID 1200 wrote to memory of 1956	1200	Unicorn-5159.exe	40
PID 2732 wrote to memory of 2548	2732	Unicorn-35930.exe	41
PID 2732 wrote to memory of 2548	2732	Unicorn-35930.exe	41
PID 2732 wrote to memory of 2548	2732	Unicorn-35930.exe	41
PID 2732 wrote to memory of 2548	2732	Unicorn-35930.exe	41
PID 2236 wrote to memory of 1196	2236	Unicorn-27521.exe	42
PID 2236 wrote to memory of 1196	2236	Unicorn-27521.exe	42
PID 2236 wrote to memory of 1196	2236	Unicorn-27521.exe	42
PID 2236 wrote to memory of 1196	2236	Unicorn-27521.exe	42
PID 2920 wrote to memory of 1532	2920	Unicorn-26622.exe	43
PID 2920 wrote to memory of 1532	2920	Unicorn-26622.exe	43
PID 2920 wrote to memory of 1532	2920	Unicorn-26622.exe	43
PID 2920 wrote to memory of 1532	2920	Unicorn-26622.exe	43

C:\Users\Admin\AppData\Local\Temp\5c240644015a00370dedbcf0464b3b78.exe
"C:\Users\Admin\AppData\Local\Temp\5c240644015a00370dedbcf0464b3b78.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37786.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10149.exe
        11⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55858.exe
        12⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44269.exe
        13⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
        14⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
        15⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46197.exe
        16⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4818.exe
        17⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
        18⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14073.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        9⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31081.exe
        10⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        11⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63249.exe
        12⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        13⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
        14⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7687.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17328.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        9⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
        10⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        11⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29758.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13856.exe
        13⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
        14⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17341.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56495.exe
        16⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7936.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32488.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6046.exe
        8⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        9⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1641.exe
        10⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47976.exe
        12⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7849.exe
        13⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        14⤵
        
        PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46758.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17904.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
        9⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4998.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44774.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12696.exe
        12⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57253.exe
        13⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16219.exe
        14⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34538.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
        16⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
        17⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40503.exe
        18⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
        19⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4400.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29456.exe
        8⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51416.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
        10⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44629.exe
        12⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34303.exe
        13⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42691.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56111.exe
        15⤵
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16945.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30349.exe
        8⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24689.exe
        9⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        10⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34462.exe
        13⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
        14⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
        15⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        16⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44233.exe
        17⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48296.exe
        16⤵
        
        PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5159.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11657.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2834.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43258.exe
        10⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        11⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64362.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50054.exe
        13⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
        14⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
        15⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        16⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31555.exe
        17⤵
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21054.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
        8⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        9⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38280.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        11⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        12⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        13⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50065.exe
        14⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30267.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49476.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5849.exe
        8⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59817.exe
        9⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41664.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2894.exe
        11⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37968.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        13⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12765.exe
        14⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        15⤵
        
        PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46680.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41170.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26627.exe
        8⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
        9⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52395.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27710.exe
        12⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
        13⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16974.exe
        15⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56993.exe
        17⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51358.exe
        18⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26392.exe
        9⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28457.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16634.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        12⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3690.exe
        13⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
        14⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15410.exe
        15⤵
        
        PID:3056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53401.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48900.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        8⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
        9⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        11⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3199.exe
        12⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        7⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25285.exe
        10⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5054.exe
        11⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        12⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61419.exe
        13⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7792.exe
        14⤵
        
        PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:3008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64532.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43685.exe
        7⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
        8⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        9⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59958.exe
        10⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13696.exe
        12⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11188.exe
        13⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41916.exe
        14⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35122.exe
        15⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27398.exe
        16⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        8⤵
        
        PID:368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
        10⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32222.exe
        11⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18817.exe
        12⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        13⤵
        
        PID:280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6092.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
        8⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22156.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
        11⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11061.exe
        12⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22204.exe
        13⤵
        
        PID:2468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30210.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55411.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48663.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1287.exe
        8⤵
        Executes dropped EXE
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41018.exe
        9⤵
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32183.exe
        11⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54271.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
        14⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
        15⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        16⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        17⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34281.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        11⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42584.exe
        13⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
        14⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45506.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
        8⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5298.exe
        9⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50335.exe
        10⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        11⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27256.exe
        13⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37153.exe
        15⤵
        
        PID:1472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62140.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48423.exe
        7⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
        8⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57305.exe
        9⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54003.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
        11⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39896.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
        13⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65161.exe
        14⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1502.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41817.exe
        7⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        8⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10657.exe
        9⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40552.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
        13⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40216.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37326.exe
        15⤵
        
        PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        6⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7193.exe
        7⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-206.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        9⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48891.exe
        10⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25199.exe
        11⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37827.exe
        12⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        13⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2369.exe
        14⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
        15⤵
        
        PID:1496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        6⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
        7⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55385.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22431.exe
        9⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10363.exe
        10⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9443.exe
        11⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52976.exe
        12⤵
        
        PID:1636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2986.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
        7⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
        8⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
        9⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
        10⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
        11⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2550.exe
        12⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20795.exe
        13⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62765.exe
        14⤵
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
        15⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
        16⤵
        
        PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60405.exe
        6⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
        7⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25142.exe
        8⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
        9⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57293.exe
        11⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65086.exe
        12⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15112.exe
        13⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        14⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
        17⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20112.exe
        13⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
        14⤵
        
        PID:528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
        6⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
        8⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8756.exe
        9⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
        11⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61696.exe
        12⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7351.exe
        13⤵
        
        PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
        6⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
        7⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7828.exe
        8⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
        9⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26617.exe
        10⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
        11⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16018.exe
        12⤵
        
        PID:2292

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\Unicorn-32479.exe

Filesize
184KB

MD5
cedd5ffe6b0582c7661498ebbc383ccc

SHA1
dea25069a551d6986314f206f68bdc277821abf5

SHA256
1d11e4391bde42bcbd56023ced4849adb924122dd31b7cecc2cfd860ca1559fd

SHA512
12382d7db39c8e4b4d497605e94398c656629e6023b81fdd321ed268c2a7813adc7be286f86574baee2f79ef8768a80c9a04f6bcc587b769271fb7b989aad372

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34527.exe

Filesize
184KB

MD5
466a8454342212728f0e94a1c3457bfe

SHA1
b5d1f785090a48b26382648af5dbcec5f4cf3f7b

SHA256
8242b7e426f9a683d8441bb1093eb99d351570c9dc757fbe968247e3a7756107

SHA512
3e9a2461d3937f82324ffdd5d0c337d9cb531660b43250d39c8d85d5a1638de236c429f2363e8943bcefc51d75958a1c053df1827f6b5dc4817ac79fb5f3f012

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe

Filesize
184KB

MD5
e29a23944b3c25f057565811863d8c82

SHA1
dd294187c864b8253d4937923a0145bd45094d19

SHA256
c66dbe51e96e4c4486b8e2830a342703597e87ce5bc51d2b47841b511fdbd90a

SHA512
deec69957f626986b1839e5b1b45aa3df782adbfcbc3d2247c9cdfd8c3ab3fee381cec2423011b8c1e6bc0f4401df8db47766fc599ce88a2e5e73e3a06e2a669

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe

Filesize
184KB

MD5
fa4247850e45fbef483690b0fcf579e8

SHA1
16bd42675437dd852e3ef7b6912e4df6c48249ca

SHA256
65bc95e17074e1889d75c586720b02bf30ad3e4b7963bfd4374ebfd4abbe1034

SHA512
58912ce6036550bcd0953544bdfb68337683349caaf78c34968c454eeaa29b0914ffb1058434c68057351ca4a2b30b6af0d60aaf6003f35282374e2341deeb7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55841.exe

Filesize
184KB

MD5
ae44a87fe9e923fd60f5c8d9753a9182

SHA1
a15b31b140a8b61ed44397452d4971d051c2e9be

SHA256
2ddcd4e066863cdd5bfcc28801614c5591a4d48d4a3297b7aa7b91816ed33130

SHA512
b0b2a0c268cf17cf8ae1c27a221e03ca55d95b31dd9d09a822fbcdd8ad42a1afe8340e896a714071bcc247c4374508cf2052d07e571d74678e9151588fcde182

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads