8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d

Analysis

max time kernel
147s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 22:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
Size

184KB
MD5

dfcb44e44a9e98a4dc178d15ed4d5b28
SHA1

495e3d0d513ba644d627f3ad6a858000f86c7f00
SHA256

8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d
SHA512

5a56a9f5f6918433bb241acd8d2d40f71f510bcfc8fa4467115ae8aa50a182602457d69d4819e15395f657d2ba2c0f9235ffe65076f4b2c95e03a8c661b5f62d
SSDEEP

3072:CPD6RxoxFT0jHer6WAPQd/EClvnqnviumnQ:CPyocberIQZEClPqnvium

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 33 IoCs

pid	Process
1032	Unicorn-31496.exe
1644	Unicorn-41885.exe
2928	Unicorn-48662.exe
2704	Unicorn-61511.exe
2952	Unicorn-10919.exe
2920	Unicorn-53343.exe
2740	Unicorn-16486.exe
2532	Unicorn-20562.exe
2064	Unicorn-16478.exe
2176	Unicorn-10347.exe
2792	Unicorn-58065.exe
1816	Unicorn-717.exe
2892	Unicorn-50473.exe
2756	Unicorn-8309.exe
2760	Unicorn-27095.exe
1780	Unicorn-64391.exe
3004	Unicorn-33665.exe
1860	Unicorn-5631.exe
268	Unicorn-20955.exe
1004	Unicorn-800.exe
1492	Unicorn-38303.exe
1624	Unicorn-6830.exe
1180	Unicorn-31426.exe
1148	Unicorn-29389.exe
2008	Unicorn-29389.exe
2964	Unicorn-36165.exe
2716	Unicorn-56031.exe
1800	Unicorn-19174.exe
1352	Unicorn-31889.exe
1912	Unicorn-51755.exe
1836	Unicorn-38741.exe
792	Unicorn-6651.exe
2372	Unicorn-26517.exe

Loads dropped DLL 64 IoCs

pid	Process
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
1032	Unicorn-31496.exe
1032	Unicorn-31496.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
1644	Unicorn-41885.exe
1644	Unicorn-41885.exe
1032	Unicorn-31496.exe
1032	Unicorn-31496.exe
2928	Unicorn-48662.exe
2928	Unicorn-48662.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2952	Unicorn-10919.exe
2952	Unicorn-10919.exe
1032	Unicorn-31496.exe
2704	Unicorn-61511.exe
1032	Unicorn-31496.exe
2704	Unicorn-61511.exe
1644	Unicorn-41885.exe
1644	Unicorn-41885.exe
2920	Unicorn-53343.exe
2920	Unicorn-53343.exe
2740	Unicorn-16486.exe
2740	Unicorn-16486.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
2928	Unicorn-48662.exe
2928	Unicorn-48662.exe
2176	Unicorn-10347.exe
2176	Unicorn-10347.exe
2532	Unicorn-20562.exe
2532	Unicorn-20562.exe
2952	Unicorn-10919.exe
2952	Unicorn-10919.exe
1032	Unicorn-31496.exe
1032	Unicorn-31496.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
2064	Unicorn-16478.exe
2064	Unicorn-16478.exe
2704	Unicorn-61511.exe
2704	Unicorn-61511.exe
1724	WerFault.exe
2892	Unicorn-50473.exe
2892	Unicorn-50473.exe
2928	Unicorn-48662.exe
2928	Unicorn-48662.exe
2792	Unicorn-58065.exe
1816	Unicorn-717.exe
2792	Unicorn-58065.exe
1816	Unicorn-717.exe
2740	Unicorn-16486.exe
2740	Unicorn-16486.exe
2756	Unicorn-8309.exe
2756	Unicorn-8309.exe
1644	Unicorn-41885.exe
1644	Unicorn-41885.exe
2920	Unicorn-53343.exe
2920	Unicorn-53343.exe
2760	Unicorn-27095.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1724	1780	WerFault.exe	43

Suspicious use of SetWindowsHookEx 31 IoCs

pid	Process
2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
1032	Unicorn-31496.exe
1644	Unicorn-41885.exe
2928	Unicorn-48662.exe
2704	Unicorn-61511.exe
2952	Unicorn-10919.exe
2920	Unicorn-53343.exe
2740	Unicorn-16486.exe
2532	Unicorn-20562.exe
2176	Unicorn-10347.exe
2064	Unicorn-16478.exe
1816	Unicorn-717.exe
2892	Unicorn-50473.exe
2792	Unicorn-58065.exe
2760	Unicorn-27095.exe
2756	Unicorn-8309.exe
1780	Unicorn-64391.exe
3004	Unicorn-33665.exe
1860	Unicorn-5631.exe
268	Unicorn-20955.exe
1004	Unicorn-800.exe
1492	Unicorn-38303.exe
1624	Unicorn-6830.exe
1180	Unicorn-31426.exe
2964	Unicorn-36165.exe
2008	Unicorn-29389.exe
1352	Unicorn-31889.exe
1912	Unicorn-51755.exe
2716	Unicorn-56031.exe
1836	Unicorn-38741.exe
1800	Unicorn-19174.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1032	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	28
PID 2360 wrote to memory of 1032	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	28
PID 2360 wrote to memory of 1032	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	28
PID 2360 wrote to memory of 1032	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	28
PID 1032 wrote to memory of 1644	1032	Unicorn-31496.exe	29
PID 1032 wrote to memory of 1644	1032	Unicorn-31496.exe	29
PID 1032 wrote to memory of 1644	1032	Unicorn-31496.exe	29
PID 1032 wrote to memory of 1644	1032	Unicorn-31496.exe	29
PID 2360 wrote to memory of 2928	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	30
PID 2360 wrote to memory of 2928	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	30
PID 2360 wrote to memory of 2928	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	30
PID 2360 wrote to memory of 2928	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	30
PID 1644 wrote to memory of 2704	1644	Unicorn-41885.exe	31
PID 1644 wrote to memory of 2704	1644	Unicorn-41885.exe	31
PID 1644 wrote to memory of 2704	1644	Unicorn-41885.exe	31
PID 1644 wrote to memory of 2704	1644	Unicorn-41885.exe	31
PID 1032 wrote to memory of 2952	1032	Unicorn-31496.exe	32
PID 1032 wrote to memory of 2952	1032	Unicorn-31496.exe	32
PID 1032 wrote to memory of 2952	1032	Unicorn-31496.exe	32
PID 1032 wrote to memory of 2952	1032	Unicorn-31496.exe	32
PID 2928 wrote to memory of 2920	2928	Unicorn-48662.exe	33
PID 2928 wrote to memory of 2920	2928	Unicorn-48662.exe	33
PID 2928 wrote to memory of 2920	2928	Unicorn-48662.exe	33
PID 2928 wrote to memory of 2920	2928	Unicorn-48662.exe	33
PID 2360 wrote to memory of 2740	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	34
PID 2360 wrote to memory of 2740	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	34
PID 2360 wrote to memory of 2740	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	34
PID 2360 wrote to memory of 2740	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	34
PID 2952 wrote to memory of 2532	2952	Unicorn-10919.exe	35
PID 2952 wrote to memory of 2532	2952	Unicorn-10919.exe	35
PID 2952 wrote to memory of 2532	2952	Unicorn-10919.exe	35
PID 2952 wrote to memory of 2532	2952	Unicorn-10919.exe	35
PID 1032 wrote to memory of 2176	1032	Unicorn-31496.exe	36
PID 1032 wrote to memory of 2176	1032	Unicorn-31496.exe	36
PID 1032 wrote to memory of 2176	1032	Unicorn-31496.exe	36
PID 1032 wrote to memory of 2176	1032	Unicorn-31496.exe	36
PID 2704 wrote to memory of 2064	2704	Unicorn-61511.exe	37
PID 2704 wrote to memory of 2064	2704	Unicorn-61511.exe	37
PID 2704 wrote to memory of 2064	2704	Unicorn-61511.exe	37
PID 2704 wrote to memory of 2064	2704	Unicorn-61511.exe	37
PID 1644 wrote to memory of 2792	1644	Unicorn-41885.exe	38
PID 1644 wrote to memory of 2792	1644	Unicorn-41885.exe	38
PID 1644 wrote to memory of 2792	1644	Unicorn-41885.exe	38
PID 1644 wrote to memory of 2792	1644	Unicorn-41885.exe	38
PID 2920 wrote to memory of 2756	2920	Unicorn-53343.exe	39
PID 2920 wrote to memory of 2756	2920	Unicorn-53343.exe	39
PID 2920 wrote to memory of 2756	2920	Unicorn-53343.exe	39
PID 2920 wrote to memory of 2756	2920	Unicorn-53343.exe	39
PID 2740 wrote to memory of 1816	2740	Unicorn-16486.exe	40
PID 2740 wrote to memory of 1816	2740	Unicorn-16486.exe	40
PID 2740 wrote to memory of 1816	2740	Unicorn-16486.exe	40
PID 2740 wrote to memory of 1816	2740	Unicorn-16486.exe	40
PID 2360 wrote to memory of 2760	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	41
PID 2360 wrote to memory of 2760	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	41
PID 2360 wrote to memory of 2760	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	41
PID 2360 wrote to memory of 2760	2360	8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe	41
PID 2928 wrote to memory of 2892	2928	Unicorn-48662.exe	42
PID 2928 wrote to memory of 2892	2928	Unicorn-48662.exe	42
PID 2928 wrote to memory of 2892	2928	Unicorn-48662.exe	42
PID 2928 wrote to memory of 2892	2928	Unicorn-48662.exe	42
PID 2176 wrote to memory of 1780	2176	Unicorn-10347.exe	43
PID 2176 wrote to memory of 1780	2176	Unicorn-10347.exe	43
PID 2176 wrote to memory of 1780	2176	Unicorn-10347.exe	43
PID 2176 wrote to memory of 1780	2176	Unicorn-10347.exe	43

C:\Users\Admin\AppData\Local\Temp\8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe
"C:\Users\Admin\AppData\Local\Temp\8cbf5d4f09f25cfef9c4b6db9660e9d106a3a6e361a0cc2d4cd23cbaedf4d42d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9988.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2566.exe
        7⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
        9⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        8⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        8⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
        8⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        7⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55221.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
        7⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24886.exe
        7⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16765.exe
        6⤵
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe
        6⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24908.exe
        6⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
        6⤵
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64056.exe
        6⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        7⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        7⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
        7⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6233.exe
        6⤵
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        6⤵
        
        PID:3948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13374.exe
        6⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38303.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1820.exe
        6⤵
        
        PID:936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        6⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10160.exe
        7⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
        7⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
        7⤵
        
        PID:4088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60698.exe
        6⤵
        
        PID:2616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
        6⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        6⤵
        
        PID:3396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
        5⤵
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30662.exe
        6⤵
        
        PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18654.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
        5⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8693.exe
        5⤵
        
        PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
        5⤵
        Executes dropped EXE
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
        5⤵
        
        PID:1300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38681.exe
        5⤵
        
        PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19174.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31862.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
        5⤵
        
        PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32916.exe
        5⤵
        
        PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64535.exe
      4⤵
      PID:1232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
      4⤵
      PID:332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46171.exe
      4⤵
      PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15673.exe
      4⤵
      PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54086.exe
      4⤵
      PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16424.exe
      4⤵
      PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
        6⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        7⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        7⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22314.exe
        8⤵
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        8⤵
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26453.exe
        8⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8193.exe
        8⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25672.exe
        8⤵
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        7⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
        7⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20794.exe
        8⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19625.exe
        8⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
        7⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
        7⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
        7⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
        6⤵
        
        PID:1456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        6⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35137.exe
        7⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26527.exe
        7⤵
        
        PID:3964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11961.exe
        6⤵
        
        PID:896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50844.exe
        6⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43400.exe
        6⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4734.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5616.exe
        6⤵
        
        PID:2424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
        6⤵
        
        PID:2220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6651.exe
        5⤵
        Executes dropped EXE
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15303.exe
        5⤵
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33923.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12718.exe
        6⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        6⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
        5⤵
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20701.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5492.exe
        5⤵
        
        PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
        5⤵
        Executes dropped EXE
        
        PID:2372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37757.exe
        6⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15940.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
        6⤵
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        6⤵
        
        PID:3096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8086.exe
        6⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
        5⤵
        
        PID:2568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27342.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3373.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
        5⤵
        
        PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47029.exe
      4⤵
      PID:2420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65303.exe
      4⤵
      PID:3008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe
      4⤵
      PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29871.exe
      4⤵
      PID:2188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64194.exe
      4⤵
      PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1780
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 188
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
      4⤵
      PID:1656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58887.exe
      4⤵
      PID:1992
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18349.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22599.exe
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-726.exe
        6⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62235.exe
        5⤵
        
        PID:2396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
        5⤵
        
        PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
        5⤵
        
        PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2733.exe
      4⤵
      PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
      4⤵
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33590.exe
      4⤵
      PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24919.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
      4⤵
      PID:656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25523.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37266.exe
      4⤵
      PID:1060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9418.exe
    3⤵
    PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58991.exe
    3⤵
    PID:600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33301.exe
    3⤵
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18423.exe
    3⤵
    PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
    3⤵
    PID:1096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
    3⤵
    PID:3468
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        6⤵
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
        6⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8748.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59267.exe
        7⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50055.exe
        7⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65427.exe
        7⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7556.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
        7⤵
        
        PID:968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
        6⤵
        
        PID:2660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50030.exe
        6⤵
        
        PID:412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
        6⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
        5⤵
        
        PID:2452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36128.exe
        6⤵
        
        PID:2644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
        6⤵
        
        PID:3424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1783.exe
        6⤵
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
        6⤵
        
        PID:4100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40124.exe
        6⤵
        
        PID:3184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        6⤵
        
        PID:3496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21622.exe
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37207.exe
        5⤵
        
        PID:980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
        5⤵
        
        PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53833.exe
        5⤵
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19938.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43519.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        5⤵
        
        PID:4080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
        5⤵
        
        PID:4244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31889.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8675.exe
        5⤵
        
        PID:1844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31341.exe
        5⤵
        
        PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20024.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4831.exe
        5⤵
        
        PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2873.exe
        5⤵
        
        PID:3448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65050.exe
        5⤵
        
        PID:3236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18709.exe
        5⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
        5⤵
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
      4⤵
      PID:1668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24841.exe
      4⤵
      PID:592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29105.exe
      4⤵
      PID:616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
      4⤵
      PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
      4⤵
      PID:3740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62855.exe
      4⤵
      PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe
        5⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
        6⤵
        
        PID:3372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59496.exe
        6⤵
        
        PID:3716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41001.exe
        5⤵
        
        PID:3296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1882.exe
      4⤵
      PID:2560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22410.exe
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29802.exe
      4⤵
      PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
      4⤵
      PID:1464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31426.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
      4⤵
      PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28515.exe
      4⤵
      PID:1792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33819.exe
      4⤵
      PID:3664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
    3⤵
    PID:2052
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
    3⤵
    PID:1416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
    3⤵
    PID:1240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
    3⤵
    PID:1548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49367.exe
    3⤵
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58609.exe
    3⤵
    PID:3440
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
    3⤵
    PID:3900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
    3⤵
    PID:3684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65457.exe
    3⤵
    PID:4040
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29389.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1135.exe
        5⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
        5⤵
        
        PID:2840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28141.exe
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43113.exe
        6⤵
        
        PID:3568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
        6⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42510.exe
        6⤵
        
        PID:3464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        6⤵
        
        PID:928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32101.exe
        5⤵
        
        PID:2636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17284.exe
        5⤵
        
        PID:3640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23706.exe
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
      4⤵
      PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42256.exe
      4⤵
      PID:1972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29385.exe
      4⤵
      PID:752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
      4⤵
      PID:1500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30426.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50957.exe
      4⤵
      PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36165.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29484.exe
      4⤵
      PID:2872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58406.exe
        5⤵
        
        PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34751.exe
        5⤵
        
        PID:1652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
      4⤵
      PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11919.exe
        5⤵
        
        PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35214.exe
        5⤵
        
        PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
      4⤵
      PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54479.exe
      4⤵
      PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24967.exe
      4⤵
      PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26041.exe
      4⤵
      PID:3608
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9816.exe
      4⤵
      PID:3140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
      4⤵
      PID:768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13906.exe
      4⤵
      PID:1680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48441.exe
      4⤵
      PID:1368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45339.exe
      4⤵
      PID:2276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24992.exe
      4⤵
      PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4672.exe
      4⤵
      PID:4356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
    3⤵
    PID:2060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
      4⤵
      PID:3616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28541.exe
    3⤵
    PID:764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
    3⤵
    PID:1988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5361.exe
    3⤵
    PID:2444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
    3⤵
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
    3⤵
    PID:3808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17574.exe
    3⤵
    PID:3604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
    3⤵
    PID:1808
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2760
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40340.exe
    3⤵
    PID:688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
    3⤵
    PID:3036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45816.exe
    3⤵
    PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4665.exe
    3⤵
    PID:2688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30719.exe
    3⤵
    PID:1612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57292.exe
    3⤵
    PID:3400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52092.exe
    3⤵
    PID:3868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53742.exe
    3⤵
    PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
    3⤵
    PID:4696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1836
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40606.exe
    3⤵
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14799.exe
      4⤵
      PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48375.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36464.exe
      4⤵
      PID:4228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
    3⤵
    PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39951.exe
    3⤵
    PID:2324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
    3⤵
    PID:1772
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19408.exe
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
    3⤵
    PID:4020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15140.exe
  2⤵
  PID:1100
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65065.exe
  2⤵
  PID:692
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3841.exe
  2⤵
  PID:1312
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
  2⤵
  PID:328
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51372.exe
  2⤵
  PID:3080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
  2⤵
  PID:3120
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
  2⤵
  PID:4792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11744.exe

Filesize
184KB

MD5
52851cc999f6366361562dd47eea6f9d

SHA1
20899f33270995c6764d29e8081aa3add0dea590

SHA256
5be4544cd9daf2ebff6a147d45ee90e8167512c7c0385a0910e1a01f6b38ae8f

SHA512
179e18e35c5e0484710fce0c7dddf7d3e4138586dd9c0fa7af089df52d0519397055353293adab66f68d7738e65970f125d80cd781e428e7b4541782ac51faf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe

Filesize
184KB

MD5
f8638b88baba480e9f9cbba7b970392c

SHA1
3f93a8d85e667831b44d05b02c172f2703e03552

SHA256
98eb235aa342444a7b81c3a427299fcd7d827c455454f6c4b1ce609d9f431c3f

SHA512
7ff862108e322c17e217728f637277908c399b11f2cd1982f2706b8eaed6cd58b363774328d2f076b091d887eafb62504c09b4b6b0dc964c7e5ec6ea65da8625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12789.exe

Filesize
184KB

MD5
2b97517d144c896633491f85470c50b1

SHA1
c7645004947ebe07c8480da45d85489a242610d3

SHA256
c6cfb69620a584b973bdaeb8ed6c48aa02a44c566f1eb22a754f36794ad4d50b

SHA512
01474ce7140b6798fa78700cce6b29f9eb117f11f220612183aa554457ab3c715853ed74eb871f173cfe928a418800e69e9d1ab24383c4dd036b6b67d32aa261

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe

Filesize
61KB

MD5
9de7f6b572a91d1b0a6b92ecd6287f63

SHA1
4d9866a910f4e99616bc35c5758a3010e3ee1a59

SHA256
884a335baaa7a711e08502804560c29954abadf12da2fbcd7278a11e04b87f46

SHA512
4437c7c02d424bc661de11bd4f4e4552c658213191365d4adbc2b1afd49a5957a4c00a7e87e4f16a58f3852bcd4fdc791ac913380248248d52549d537a5b10d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37035.exe

Filesize
184KB

MD5
69ad7345a3dc22bce91dbd3c4fdbac3b

SHA1
ddd4870e1944bcf4513bd5ce2f41c9cb86899af4

SHA256
ec307c7f2e6d23efa7817e74ccda9e0d32199ef3198f2ef2a99e399b8fbdb139

SHA512
9ad51c55530f5ee9874e3378c84668a01bdb172c09711abf9ebd8175352c07cd4ceae92f4ea7ef1e083cbedb0aa8a8a6c134655511da11e03d7a6aeebcbb61e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53343.exe

Filesize
184KB

MD5
18c9f54fc056bd55d52044dcb4495306

SHA1
fd6d9cdcc82687567e30ed7a8dc5aa9161f95ebf

SHA256
24ee17be0dda208a23a69fbb6b2aacfe6a73e4af1d25b52152396cfd8bd1542d

SHA512
1628b00fc0d715ffd1a24a07aede807bf2e46a2eff693632866d24a3a170543641119553d5b9238034551eaa73d66a6898e3319a309d300ba7b896f168424830

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58065.exe

Filesize
184KB

MD5
e38e93a94aa3764668f211e87603e807

SHA1
916a6f0079cb6316df70f7e898237859ba7af324

SHA256
1ebbfd1113031d15c36892e8f090876a0ac29ed2429767573737b94ee51e2109

SHA512
28d4a5b6fea45ca912ebd5f764e3a0c7a5ab390e7617ed581fff0bd5457ccdad7f58c940c9839a9c36a5abcb08ee131b3f581f22cde646ac8debc0dbc0e3fe63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe

Filesize
128KB

MD5
bf313904491793f23a473ec76017628a

SHA1
df4618a4ac4b62df30d0e06dca47ad1dd3619509

SHA256
223e5aee40de1edcabd594a99e1464a5119fd4e88d2930f049a277bf23b47b02

SHA512
3e0aeb8a69db9aac895f06b0e41d4982b3c42198124e81d6eb88871bdfce5f7545257d484c3889d0aa8c1f84368f512d0a978a276b900656bcc0809d97524e69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe

Filesize
184KB

MD5
963943fc039f97f79e14472313af0c79

SHA1
1869ba3787533e99fbaabd6ad254423ee920f7a2

SHA256
3988a29bc3c7890088b65037951bda6151c36040c75088c6cd4e8bde4606cef3

SHA512
e7a1ee8fe5ca3d92125690b215d81d1caed7005f3356598f7ed11926c1c5bb49765c61280781ef69610d19c701fcc54059f9753a1d16e52b8a6d14a6c14b928c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe

Filesize
184KB

MD5
6c81db98838e43ff1ed4245eb38cb964

SHA1
6b6035e9e3d7ff82ce5b05f0bab60bde484fa203

SHA256
3ed6cda2943bb00b5d10aeb7fc9e4b2324511938db4bee8718c27b93579a6dbd

SHA512
ad13fa17062f271049ad08bf982efeb1806ccb32c1b6c8be0ef07203bff81af1a229f9d14352cdcd4e13254618f1b61d51c4adaf9b49b4b2077d21a4d550cc00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe

Filesize
184KB

MD5
d78ab8c4f5e6665f533d259bb4ec4963

SHA1
a6c80063709f039c4e43e04633af80c748a6b88b

SHA256
5102c9c05799247f1987f14d0f17cfefa6e07ef65123e521a4b69589b8ec148c

SHA512
e4ddacd15b049358d3ef3fa01a70f6399f86f5c346fba1d1394ac228cc902704bf58f3e804cda2688cff9986b5d0b231013a5a98e3c95ff6892b185d17872ea4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10919.exe

Filesize
184KB

MD5
122d0f52905c49b32ada48849fae4bde

SHA1
f87a32eeff730c1f6618dcc310544608567a4146

SHA256
15930c33fdf407878d6188a9848bd889ce26267ea3a0da81bc1aa5ede383e78b

SHA512
79639d195b3b644c2734ddc0101168f771f369ca0e51a6351e15fbeb164f2e0a90d23eae2c190e502c33f1b4502ef14b2a1a34bbaf13cd90e6b2dfa4229ba4b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16478.exe

Filesize
184KB

MD5
443981a16c9443546688b3ad1fc73953

SHA1
a276c65386efdc8afe2f1852bd1cb3f5d012d240

SHA256
8c83957fd4949c676f0f8da45f4d3eb440e1a5555b824193b32541d7c96b4329

SHA512
989b5ca5a109a9ef6cb6238b67ec885e1c0576f623825058c2dc2ace277a2371bab245b1cf8a7a52cfbe1c89d3b850dde5f2175e7c2c1dcedad7c4f565a66b98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe

Filesize
184KB

MD5
4392f12a3a7a8c99845f7168e8bc756c

SHA1
232cac01cfa0f75e5c75ab022ae1753bcdd768ee

SHA256
63f02a232c6efdb5db5ba4ab74e2ab6cdede35dc1a2db26d2e2777b7d4a34c97

SHA512
8a25bcb6da473323b79af9a9d3be1090b23475e12aafebbc71698551c02bf44e40b23682d97f94026022501d4c1d5c85b17495d897c395d8694ce3efe209145a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe

Filesize
184KB

MD5
4cf8345bfb6feb64e26bcbd1c420828c

SHA1
ecf98e8db2082d2bd1a88addbc40f5beedafbcc3

SHA256
00b1b1e773e163fda97b526296c3b58bbc9b137a2f4a38bb8d671efd234ffc1b

SHA512
cfe84edaafcc17126233b61f9cbe08c87d5f276421e9483d099a0d4ec31261f77aa4585ecd1748baeeeeec6cf6a2d604fbada90a9a01ad4b02033164b88fd803

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe

Filesize
184KB

MD5
6b6f2bc061bb7a0206322a862ea27031

SHA1
a8628bf64c888825a8583b012a1e790caf3e704f

SHA256
2c107dab161b04866d80039856aa638dbdc8851b681c5be6915b0393963c6e71

SHA512
56acb36b3483f4535b104d16aca17fc0b768a5e5edc1fdb18869fb51cb512992f94029f5a38a1d92e7ac9d1f04eb8e3ffdb961c0c6ef5f9fe20ca546f48634c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe

Filesize
184KB

MD5
a54e503e1f289d1b6d9efe2b44260f42

SHA1
416d6791032c43b10bd83b311394f68f8811a930

SHA256
5d73becf4a404577c54b513405d6f33836f568b31c8749e4ed9d9d29e02b193c

SHA512
241b2437677228d2e3e9049c701f005835512a0e64ac87c1359b98860a8a28d3f4e8c9b7882a71e9271e539593e1e5b58f6dee8de929862707778ea839871df7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31496.exe

Filesize
184KB

MD5
d39da453b20c3c5d23511422d1daca3d

SHA1
d7547c2ea245592a3b4957d345bb22887f2cc6b9

SHA256
448343b03ce6c65f3567971af86422cbbd7f83e831004f9e84f7f806bf64a779

SHA512
cf9b1d40dfead598475b675334e64f4668c34de7076eb49c22ad6d9df3e498f4ab502fcd21be7f1ddf1b6dff3f815d68b6fed776d576b0c9cee999f3ce910d25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe

Filesize
184KB

MD5
522022ab50a49af5c6f713e0a297674e

SHA1
8e3f558e2a43f2e6f1d7d3da6b8c9cf49346e292

SHA256
6b97616d3999fa67a99b43d9fb3c4bbf557c5382a0c9797b3451ad64396b38c8

SHA512
0bc74e56ee04f6c6af1e9cc5cb96c905792fa8b37c555cf5ae0e4c607b25a8294a5843899822abc82dd36dfa98ef3219de9aef53a6aa0ee688ed48cc276767d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41885.exe

Filesize
184KB

MD5
8657c89cf9fecd5334528af62557e23c

SHA1
1f06d16a5a2742a0ab6ea41a53fc2b453e327fac

SHA256
11176c3972a810e287ae3cdaf5c115b2086a0971e4174588ac6125da759b46ec

SHA512
868adff8960de8464f3e68c33c44a9ee653ee8628d18f01a8f1d72e0cf7fc011d643dca8f7bf64c8a31f0941f02fd9c9cb21c6c4759d60e112908ab474c2bfbe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48662.exe

Filesize
184KB

MD5
e358cfa51306bfcefc0c886182c1a60e

SHA1
95fdac142d8967d456a5601df39b7a965d3bc2da

SHA256
ebb9abc00671d6ee90469e213a054811b4c59355825462b09e8122226e5e0f66

SHA512
02665d85a0346a2b823e6eb5f1ff8ce56da0f7205d9e81419062ad37099dfca561f17a67493da3d80adddce389e4fcc82df19cb75e1519083319521935f5f79d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe

Filesize
184KB

MD5
0b2636bf96f399a9f3b11e8b80abaaf6

SHA1
d96e0dda3dbb20a7edca6b731a526287a68154dd

SHA256
1e514aec0c9ecb20b50de2a15a9a1dfb31e25453fea62df25de05978db54c904

SHA512
5e8c3fe26bc70259665a352aaf1047d907e3f440912a78814c0190a8517cc2cfa12a6608d775bcfcc31510da7ec56b0cdc837044f65281357ff9105327495cea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe

Filesize
184KB

MD5
ffbbd34c4b8420ae548855bf05b78f8c

SHA1
9711c9f37dfcae8b88d511e0622795d6f0e5a83d

SHA256
9c8cb62f97846a564e1f92f1c8aad4454ef24869357bbcab38b5d9ec415f13d4

SHA512
582ae08fe4060aa345ef915ab273a7c51b26fb70ef487b0332457db520290bd00950ad8b75f5f7140a14f88ba83a16e8ede3f84427156342d6506faae1b287ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61511.exe

Filesize
184KB

MD5
3c39e7e2af9c7cb857a20dc26536f785

SHA1
beb4cd969cb38418d5ba3e832629abf8d4cf0200

SHA256
42c76f73542bc2411874e2840827d1f00125579e0e86de1f1fb76f85c486fb3a

SHA512
4a2e2b07d729fc2462c2d754b64a9e82bbf7be258fdeee4aed31f5ee88eb7af796bed99c77af795913217c43777210a9cc3d2ac9066319ae4fccb2eefae8a00f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64391.exe

Filesize
184KB

MD5
ef34db8cd470755a653e1f32a081e6d4

SHA1
c172df451f6a9f2714deb1b49157638ff40d3525

SHA256
1018744313a36018ecbf2333ae4aca8b9e0ebacf0be6c8fe4ee23bc9ca3c2534

SHA512
1b41292104f4e8e455bb6343223c50e9501d9f43135b6041a12e0803ce206a5697eb597c3e0dc2a1dbfb94e901fbb6a793d27c65d66aa5ac8cc9f66cd6c48290

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe

Filesize
184KB

MD5
27220d3aa2228a1b038c61a13871cc61

SHA1
836035a6ca23cc92b20be30950caadefa4bb4eae

SHA256
d497c30a8fe467c316f97a86f815f05a8562ff5309c05ad4f657b246cefc6454

SHA512
6d70659677d0880975e10380360f58b5170fdb494b885de37bed90518cb85a99b786e0455a7936cfa6f95df5a662c8a1a26867b43aeb06b6e347bfd928e7e6d5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads