34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05/04/2024, 20:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
Size

184KB
MD5

7fe089864f4a232d98c83785af101f5c
SHA1

721c0792b695c669b420380048c220bab68bc41f
SHA256

34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1
SHA512

f57c8f7d8aa817d48526f294b38388840c2f8207fbe67c43b36fb7bb8a67826a76d952beefd36c69a40e956d5e01dfae82a50dffcc4f26e3ee2613c4904a4947
SSDEEP

3072:mkgzKNon2kcDADGtiN98vCNklvnqYviuB:mkXomMDG88aNklPqYviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 54 IoCs

pid	Process
2184	Unicorn-20727.exe
2944	Unicorn-51536.exe
2496	Unicorn-62397.exe
2364	Unicorn-37229.exe
2752	Unicorn-13279.exe
2624	Unicorn-61733.exe
2360	Unicorn-16708.exe
2840	Unicorn-22621.exe
580	Unicorn-47125.exe
2560	Unicorn-33481.exe
2312	Unicorn-63196.exe
2124	Unicorn-63461.exe
1180	Unicorn-2100.exe
1456	Unicorn-53202.exe
1712	Unicorn-25168.exe
1512	Unicorn-29274.exe
2728	Unicorn-55916.exe
2224	Unicorn-44848.exe
864	Unicorn-5324.exe
2532	Unicorn-55916.exe
2784	Unicorn-29173.exe
2228	Unicorn-35304.exe
2208	Unicorn-15438.exe
892	Unicorn-228.exe
820	Unicorn-4852.exe
868	Unicorn-46440.exe
1132	Unicorn-51915.exe
756	Unicorn-10974.exe
1604	Unicorn-29911.exe
964	Unicorn-62605.exe
2316	Unicorn-33916.exe
2996	Unicorn-64551.exe
2696	Unicorn-34379.exe
2900	Unicorn-50161.exe
1216	Unicorn-22127.exe
2016	Unicorn-5044.exe
2252	Unicorn-42547.exe
1032	Unicorn-21381.exe
1704	Unicorn-36947.exe
2824	Unicorn-62413.exe
2600	Unicorn-43177.exe
1168	Unicorn-46077.exe
2764	Unicorn-41893.exe
2652	Unicorn-48023.exe
2460	Unicorn-48023.exe
2556	Unicorn-43674.exe
2432	Unicorn-56938.exe
2340	Unicorn-59844.exe
1804	Unicorn-48983.exe
1996	Unicorn-16119.exe
2688	Unicorn-40715.exe
1284	Unicorn-46087.exe
2308	Unicorn-40222.exe
2276	Unicorn-57706.exe

Loads dropped DLL 64 IoCs

pid	Process
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2184	Unicorn-20727.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2184	Unicorn-20727.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2944	Unicorn-51536.exe
2184	Unicorn-20727.exe
2944	Unicorn-51536.exe
2184	Unicorn-20727.exe
2496	Unicorn-62397.exe
2496	Unicorn-62397.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2364	Unicorn-37229.exe
2364	Unicorn-37229.exe
2752	Unicorn-13279.exe
2752	Unicorn-13279.exe
2944	Unicorn-51536.exe
2944	Unicorn-51536.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2184	Unicorn-20727.exe
2360	Unicorn-16708.exe
2360	Unicorn-16708.exe
2184	Unicorn-20727.exe
2840	Unicorn-22621.exe
2840	Unicorn-22621.exe
2364	Unicorn-37229.exe
2364	Unicorn-37229.exe
580	Unicorn-47125.exe
580	Unicorn-47125.exe
2752	Unicorn-13279.exe
2752	Unicorn-13279.exe
2312	Unicorn-63196.exe
2560	Unicorn-33481.exe
2312	Unicorn-63196.exe
2560	Unicorn-33481.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2360	Unicorn-16708.exe
2944	Unicorn-51536.exe
2944	Unicorn-51536.exe
2360	Unicorn-16708.exe
2124	Unicorn-63461.exe
2124	Unicorn-63461.exe
2184	Unicorn-20727.exe
2184	Unicorn-20727.exe
1456	Unicorn-53202.exe
1456	Unicorn-53202.exe
2840	Unicorn-22621.exe
2840	Unicorn-22621.exe
1712	Unicorn-25168.exe
1712	Unicorn-25168.exe
2364	Unicorn-37229.exe
2364	Unicorn-37229.exe
1180	Unicorn-2100.exe
1180	Unicorn-2100.exe
864	Unicorn-5324.exe
864	Unicorn-5324.exe
2752	Unicorn-13279.exe
2752	Unicorn-13279.exe
2728	Unicorn-55916.exe
2728	Unicorn-55916.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2932	2696	WerFault.exe	60

Suspicious use of SetWindowsHookEx 48 IoCs

pid	Process
2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
2184	Unicorn-20727.exe
2944	Unicorn-51536.exe
2496	Unicorn-62397.exe
2624	Unicorn-61733.exe
2752	Unicorn-13279.exe
2364	Unicorn-37229.exe
2360	Unicorn-16708.exe
2840	Unicorn-22621.exe
580	Unicorn-47125.exe
2560	Unicorn-33481.exe
2312	Unicorn-63196.exe
2124	Unicorn-63461.exe
1180	Unicorn-2100.exe
1456	Unicorn-53202.exe
1712	Unicorn-25168.exe
2728	Unicorn-55916.exe
2532	Unicorn-55916.exe
864	Unicorn-5324.exe
2224	Unicorn-44848.exe
1512	Unicorn-29274.exe
2228	Unicorn-35304.exe
2784	Unicorn-29173.exe
892	Unicorn-228.exe
2208	Unicorn-15438.exe
820	Unicorn-4852.exe
1132	Unicorn-51915.exe
756	Unicorn-10974.exe
868	Unicorn-46440.exe
1604	Unicorn-29911.exe
964	Unicorn-62605.exe
2316	Unicorn-33916.exe
2996	Unicorn-64551.exe
2696	Unicorn-34379.exe
2900	Unicorn-50161.exe
1216	Unicorn-22127.exe
1168	Unicorn-46077.exe
1032	Unicorn-21381.exe
2764	Unicorn-41893.exe
2600	Unicorn-43177.exe
2824	Unicorn-62413.exe
2432	Unicorn-56938.exe
1704	Unicorn-36947.exe
2016	Unicorn-5044.exe
2252	Unicorn-42547.exe
2556	Unicorn-43674.exe
2652	Unicorn-48023.exe
2460	Unicorn-48023.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 2184	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	28
PID 2164 wrote to memory of 2184	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	28
PID 2164 wrote to memory of 2184	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	28
PID 2164 wrote to memory of 2184	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	28
PID 2184 wrote to memory of 2944	2184	Unicorn-20727.exe	29
PID 2184 wrote to memory of 2944	2184	Unicorn-20727.exe	29
PID 2184 wrote to memory of 2944	2184	Unicorn-20727.exe	29
PID 2184 wrote to memory of 2944	2184	Unicorn-20727.exe	29
PID 2164 wrote to memory of 2496	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	30
PID 2164 wrote to memory of 2496	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	30
PID 2164 wrote to memory of 2496	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	30
PID 2164 wrote to memory of 2496	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	30
PID 2944 wrote to memory of 2364	2944	Unicorn-51536.exe	31
PID 2944 wrote to memory of 2364	2944	Unicorn-51536.exe	31
PID 2944 wrote to memory of 2364	2944	Unicorn-51536.exe	31
PID 2944 wrote to memory of 2364	2944	Unicorn-51536.exe	31
PID 2184 wrote to memory of 2752	2184	Unicorn-20727.exe	32
PID 2184 wrote to memory of 2752	2184	Unicorn-20727.exe	32
PID 2184 wrote to memory of 2752	2184	Unicorn-20727.exe	32
PID 2184 wrote to memory of 2752	2184	Unicorn-20727.exe	32
PID 2496 wrote to memory of 2624	2496	Unicorn-62397.exe	33
PID 2496 wrote to memory of 2624	2496	Unicorn-62397.exe	33
PID 2496 wrote to memory of 2624	2496	Unicorn-62397.exe	33
PID 2496 wrote to memory of 2624	2496	Unicorn-62397.exe	33
PID 2164 wrote to memory of 2360	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	34
PID 2164 wrote to memory of 2360	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	34
PID 2164 wrote to memory of 2360	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	34
PID 2164 wrote to memory of 2360	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	34
PID 2364 wrote to memory of 2840	2364	Unicorn-37229.exe	35
PID 2364 wrote to memory of 2840	2364	Unicorn-37229.exe	35
PID 2364 wrote to memory of 2840	2364	Unicorn-37229.exe	35
PID 2364 wrote to memory of 2840	2364	Unicorn-37229.exe	35
PID 2752 wrote to memory of 580	2752	Unicorn-13279.exe	36
PID 2752 wrote to memory of 580	2752	Unicorn-13279.exe	36
PID 2752 wrote to memory of 580	2752	Unicorn-13279.exe	36
PID 2752 wrote to memory of 580	2752	Unicorn-13279.exe	36
PID 2944 wrote to memory of 2560	2944	Unicorn-51536.exe	37
PID 2944 wrote to memory of 2560	2944	Unicorn-51536.exe	37
PID 2944 wrote to memory of 2560	2944	Unicorn-51536.exe	37
PID 2944 wrote to memory of 2560	2944	Unicorn-51536.exe	37
PID 2164 wrote to memory of 2312	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	38
PID 2164 wrote to memory of 2312	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	38
PID 2164 wrote to memory of 2312	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	38
PID 2164 wrote to memory of 2312	2164	34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe	38
PID 2360 wrote to memory of 2124	2360	Unicorn-16708.exe	40
PID 2360 wrote to memory of 2124	2360	Unicorn-16708.exe	40
PID 2360 wrote to memory of 2124	2360	Unicorn-16708.exe	40
PID 2360 wrote to memory of 2124	2360	Unicorn-16708.exe	40
PID 2184 wrote to memory of 1180	2184	Unicorn-20727.exe	39
PID 2184 wrote to memory of 1180	2184	Unicorn-20727.exe	39
PID 2184 wrote to memory of 1180	2184	Unicorn-20727.exe	39
PID 2184 wrote to memory of 1180	2184	Unicorn-20727.exe	39
PID 2840 wrote to memory of 1456	2840	Unicorn-22621.exe	41
PID 2840 wrote to memory of 1456	2840	Unicorn-22621.exe	41
PID 2840 wrote to memory of 1456	2840	Unicorn-22621.exe	41
PID 2840 wrote to memory of 1456	2840	Unicorn-22621.exe	41
PID 2364 wrote to memory of 1712	2364	Unicorn-37229.exe	42
PID 2364 wrote to memory of 1712	2364	Unicorn-37229.exe	42
PID 2364 wrote to memory of 1712	2364	Unicorn-37229.exe	42
PID 2364 wrote to memory of 1712	2364	Unicorn-37229.exe	42
PID 580 wrote to memory of 1512	580	Unicorn-47125.exe	43
PID 580 wrote to memory of 1512	580	Unicorn-47125.exe	43
PID 580 wrote to memory of 1512	580	Unicorn-47125.exe	43
PID 580 wrote to memory of 1512	580	Unicorn-47125.exe	43

C:\Users\Admin\AppData\Local\Temp\34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe
"C:\Users\Admin\AppData\Local\Temp\34edb7237169bf35be6ff8fa763be842703ed2aca0ffd74ee125df846b9e03c1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        8⤵
        Executes dropped EXE
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        8⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
        8⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3441.exe
        8⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        7⤵
        Executes dropped EXE
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65406.exe
        7⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29056.exe
        7⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51335.exe
        7⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
        7⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-493.exe
        7⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46440.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
        7⤵
        Executes dropped EXE
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        7⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
        7⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
        7⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
        7⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40715.exe
        6⤵
        Executes dropped EXE
        
        PID:2688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5734.exe
        6⤵
        
        PID:2828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
        6⤵
        
        PID:1200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
        6⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        6⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
        6⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
        6⤵
        
        PID:2936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
        6⤵
        
        PID:3104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        7⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        7⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
        7⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12544.exe
        7⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33147.exe
        7⤵
        
        PID:3408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        6⤵
        
        PID:440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        6⤵
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55262.exe
        6⤵
        
        PID:1964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
        6⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        6⤵
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
        6⤵
        
        PID:3368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3982.exe
        6⤵
        
        PID:3864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46087.exe
        5⤵
        Executes dropped EXE
        
        PID:1284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9316.exe
        5⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34799.exe
        5⤵
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32156.exe
        5⤵
        
        PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46077.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        6⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        6⤵
        
        PID:2176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39549.exe
        6⤵
        
        PID:2984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18294.exe
        6⤵
        
        PID:3512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22127.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26508.exe
        6⤵
        
        PID:2776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
        6⤵
        
        PID:1628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        6⤵
        
        PID:2716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        6⤵
        
        PID:2980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        6⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13578.exe
        6⤵
        
        PID:3084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39540.exe
        6⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20377.exe
        5⤵
        
        PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51510.exe
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        5⤵
        
        PID:764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        5⤵
        
        PID:3484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36359.exe
        5⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
        5⤵
        
        PID:3940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
        6⤵
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55552.exe
        6⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        5⤵
        
        PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        5⤵
        
        PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        5⤵
        
        PID:1016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62828.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49860.exe
        5⤵
        
        PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64482.exe
        5⤵
        
        PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      4⤵
      PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58318.exe
      4⤵
      PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
      4⤵
      PID:1296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
      4⤵
      PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
      4⤵
      PID:3996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      4⤵
      PID:3448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      4⤵
      PID:3112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      4⤵
      PID:3260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
        6⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        6⤵
        
        PID:2628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        6⤵
        
        PID:3100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
        6⤵
        
        PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42547.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10888.exe
        6⤵
        
        PID:3216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
        6⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7423.exe
        6⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7845.exe
        5⤵
        
        PID:2024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17981.exe
        5⤵
        
        PID:1684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30883.exe
        5⤵
        
        PID:1100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20264.exe
        5⤵
        
        PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63557.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24123.exe
        5⤵
        
        PID:3552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9725.exe
        5⤵
        
        PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
        5⤵
        
        PID:3380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:864
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
        6⤵
        
        PID:1448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62553.exe
        6⤵
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        6⤵
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
        6⤵
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42412.exe
        6⤵
        
        PID:3500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57994.exe
        6⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29216.exe
        6⤵
        
        PID:3832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42822.exe
        5⤵
        
        PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
        5⤵
        
        PID:2468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37385.exe
        5⤵
        
        PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
        5⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36463.exe
        5⤵
        
        PID:3540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31546.exe
        5⤵
        
        PID:1488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
        5⤵
        
        PID:2248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
        5⤵
        
        PID:1908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42154.exe
        5⤵
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2425.exe
        5⤵
        
        PID:3908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8946.exe
      4⤵
      PID:2704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
      4⤵
      PID:528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32142.exe
      4⤵
      PID:3068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63785.exe
      4⤵
      PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
      4⤵
      PID:3300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28523.exe
      4⤵
      PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22988.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51726.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10469.exe
      4⤵
      PID:3428
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29911.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46352.exe
        5⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49316.exe
        6⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46057.exe
        6⤵
        
        PID:3280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38861.exe
        6⤵
        
        PID:3080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
        5⤵
        
        PID:1124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29246.exe
        5⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        5⤵
        
        PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
      4⤵
      Executes dropped EXE
      PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16616.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20390.exe
      4⤵
      PID:928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29999.exe
      4⤵
      PID:2916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
      4⤵
      PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
      4⤵
      PID:3968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
      4⤵
      PID:3412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28670.exe
      4⤵
      PID:3892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
        5⤵
        
        PID:3048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
        5⤵
        
        PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33771.exe
        5⤵
        
        PID:2920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        5⤵
        
        PID:1632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58948.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
        5⤵
        
        PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11385.exe
      4⤵
      PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
      4⤵
      PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
      4⤵
      PID:2588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
      4⤵
      PID:2896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22158.exe
      4⤵
      PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5368.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      4⤵
      PID:3768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12434.exe
      4⤵
      PID:2148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
      4⤵
      PID:3748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59440.exe
      4⤵
      PID:4072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
      4⤵
      PID:3780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54047.exe
    3⤵
    PID:2040
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2254.exe
    3⤵
    PID:2684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
    3⤵
    PID:1652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10464.exe
    3⤵
    PID:3160
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
    3⤵
    PID:4020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
    3⤵
    PID:3636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33525.exe
    3⤵
    PID:4092
- C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
    3⤵
    - Executes dropped EXE
    PID:2276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
    3⤵
    PID:1848
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
    3⤵
    PID:1688
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
    3⤵
    PID:2404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59478.exe
    3⤵
    PID:3492
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
    3⤵
    PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57664.exe
    3⤵
    PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5680.exe
    3⤵
    PID:3376
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50161.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
        6⤵
        
        PID:2188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
        6⤵
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
        6⤵
        
        PID:2808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
        6⤵
        
        PID:2140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
        6⤵
        
        PID:3592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37996.exe
        6⤵
        
        PID:3772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56502.exe
        5⤵
        
        PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18291.exe
        5⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31.exe
        5⤵
        
        PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41600.exe
        5⤵
        
        PID:3856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24351.exe
        5⤵
        
        PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56938.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38039.exe
        5⤵
        
        PID:2420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
        5⤵
        
        PID:2172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        5⤵
        
        PID:3664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63197.exe
        5⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14262.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
        5⤵
        
        PID:3676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44550.exe
      4⤵
      PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43389.exe
      4⤵
      PID:884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55383.exe
      4⤵
      PID:3288
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21999.exe
        5⤵
        
        PID:564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
        5⤵
        
        PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
        5⤵
        
        PID:2160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17224.exe
        5⤵
        
        PID:3628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6595.exe
        5⤵
        
        PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
      4⤵
      PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
      4⤵
      PID:860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51963.exe
      4⤵
      PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64203.exe
      4⤵
      PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
      4⤵
      PID:4080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
      4⤵
      PID:916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      4⤵
      PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41893.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13710.exe
    3⤵
    PID:2820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe
    3⤵
    PID:3020
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14348.exe
    3⤵
    PID:888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
    3⤵
    PID:3168
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
    3⤵
    PID:3976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
    3⤵
    PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13925.exe
    3⤵
    PID:3184
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
        5⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63918.exe
        5⤵
        
        PID:924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54135.exe
        5⤵
        
        PID:2452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
        5⤵
        
        PID:3320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53157.exe
        5⤵
        
        PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54883.exe
      4⤵
      PID:1552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51099.exe
      4⤵
      PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
      4⤵
      PID:2848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63255.exe
      4⤵
      PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16564.exe
      4⤵
      PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
      4⤵
      PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52410.exe
      4⤵
      PID:912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      4⤵
      PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49005.exe
      4⤵
      PID:4272
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2696
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
      4⤵
      Program crash
      PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3081.exe
    3⤵
    PID:1892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
    3⤵
    PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12980.exe
    3⤵
    PID:3208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-192.exe
    3⤵
    PID:3828
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62413.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39528.exe
      4⤵
      PID:3024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52029.exe
      4⤵
      PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
      4⤵
      PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
      4⤵
      PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35109.exe
      4⤵
      PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
      4⤵
      PID:3444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19662.exe
    3⤵
    PID:1320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-227.exe
    3⤵
    PID:2328
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-633.exe
    3⤵
    PID:2548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60214.exe
    3⤵
    PID:1944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-22459.exe
    3⤵
    PID:3608
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55062.exe
    3⤵
    PID:3820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44027.exe
    3⤵
    PID:2336
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63136.exe
  2⤵
  PID:856
- C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
  2⤵
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
  2⤵
  PID:3916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63668.exe
  2⤵
  PID:3724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe

Filesize
184KB

MD5
dc87a928ad46be7c689cb43f24b10875

SHA1
16d591e18a3b6d44c6089a4de489083bb9b07b27

SHA256
3a2d7093484e3feb4597f8b3fa5a044a3d338fb7ef5f27b077dc77b89afb87e9

SHA512
6ef72339514c5dfb05551ac48872e7bacc0650c212f23369be5cdb62f86b64a6e1cc322f9d5af8b7b97722503f3107821f8d1880f4a18b7478e3aef27bb592d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13279.exe

Filesize
184KB

MD5
5110094fd7a8e935c4e4d9ff8a724a33

SHA1
4e2b193b9314d75a3d103e729f9f189838e293b0

SHA256
d5cf34b7b8c3fd764f0a11c9583a17fbb7e51934162652eac0f816d69f81ee4e

SHA512
6b2ab2d8a820616aaa6fb6e77ce948af754b6218ef06c311265ed22567601c33f5f4a464e2dabb90a632e6a10f18d145f3079dc2c38107cb7b27ac94434401eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16708.exe

Filesize
184KB

MD5
e738ef3d2071e9db786c14f1c36fee43

SHA1
352037dc4dd0a8681f99867ed3d270632d222915

SHA256
cd48d0351e400ca11f76dc98cefcd738a22e3ca4ac6e2327e5a059755444f23c

SHA512
92032a6c57dfda69ab12315c940031d3fd8338c30a6aa30e2573e50e712cd5222a8a92b2c8ffdf24a1687a88839fb257f3fea2e44bad3ad6657753eb89efbbbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1724.exe

Filesize
184KB

MD5
c553d0b6e671c405a536e30a1a720aa2

SHA1
35d3433a6211e1e9ec7904724696d3d05ff0a03b

SHA256
96eb9d0d45e47ffd5e3c7fd18e6e29874bedc43b1410bc9abd4956482b2370d1

SHA512
52e42e44b93fee131bc42da9b7e1b09a605f0089d4747e113a6f60713268515109825abb1b0a7e4cd515ca3b6baee11b034e5fa1645bdc589737e339ffc60ed2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22621.exe

Filesize
184KB

MD5
cb5341a49f60cb9b5fcb9b263a661dcd

SHA1
2a06e5f12b238500ce46f60719cc0477c9c1221a

SHA256
15681fff39c25e3e20b23e83da31af4de154578ca309da1536702ff7830ac937

SHA512
0344e0cd65bd5321bb049b10121652e30b1b033280585bca9f8434d2ce3e2e9d42754980a79ccb03a5da7bb4bd89bad24bbc90f3fbd90a2770c99a321f2474ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe

Filesize
184KB

MD5
b900af2bfa86012db36d51cc1851e543

SHA1
484fc46dbbd8c42c4dd92f6d76f4f2f54731858d

SHA256
33efcc6ec4efa9834d3bc232edc254bfd20c114ca0f81960a87a07faced2efa7

SHA512
1d085d5335cced5894768e08930320fb7226bab99165b00159d54bf3caf7a9ce523e40eef1654955d9f08af97387f4654a932b3ce04d5f9ea256c1192760f0f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61733.exe

Filesize
184KB

MD5
fa3ef7c07e5cab9cbcf7bcd9ba7f9b7c

SHA1
2fbc0b388a7e7b25e6fbea4521e6c0a09096604d

SHA256
e9ff621803a343733c09d16f0e6ce97998c66a315a03feb2c2eb707ea6a6ad52

SHA512
16c5e584c03a28c614c16c07b1e9c7f26a300f13794c196db1a62b3cf1d2944a8fe86c81352642553e8c4db671934f229b74de3c2df769dd8daa6a5fd6b7e670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63196.exe

Filesize
184KB

MD5
b84294610436fa5d6d653db1ac7508b6

SHA1
c541c5d2f588ddc2f83c704f7794629269c7aa1d

SHA256
d2c9d77fc51ad0882da9b8c43348b606988aba3f35d2848ea84da9ca29093504

SHA512
fd149632ea5641ad8fef77632d118c9d238e27f400db1a3f7e7190fd27eb4936dd2bb0a4e6880b3b6dce80aaa1341619edbc682b94c5a9f8000a158120102e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63461.exe

Filesize
184KB

MD5
b5ba8d1d763290fa1067c9d7d87f86b5

SHA1
4049789133a2a696e6211f642bc8816f1fa86518

SHA256
2162eb91154c7cee96d4693670e11be440c64060fe169e4dd604a21efcfe76f5

SHA512
1dd3cb82c8f41e5dcea5581666688d06ba9aa4d97917acd723534d6dfa7e4f9effbfe42f47ee94e69428a4104a58797f6967e89140a1938aaf830dcab8b4b3a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20727.exe

Filesize
184KB

MD5
7328772d4cc7be14d0aaa17fb5c48e55

SHA1
f35f8034cfaf10267a91f391257a5362f32308b9

SHA256
18ca345195ae46fdc3a95dc4adea204a8178d6ffce914d9ec026decd5306f257

SHA512
7901059c059d920bfc29ea462886bfb73a8eeaeae9cd38f25f1f3adfb866549c99168ed9bcb9d44b1ee173aac2591427c1f88186884216fd9ef97181fa2a366a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2100.exe

Filesize
184KB

MD5
f22408699e7bb247105ffbc1dd4c7de1

SHA1
03d2c6ab57ee2834f8333305f42418bc7b12c36a

SHA256
09153b6bf0c92cd0b4b609f1e5c29ed528a01e2bf595b40f8fb968998fb9c83b

SHA512
54ce98e3e3cddd2119c72f21330746857a66565fc41f16bc910cab3c1c98f2740e77d60c1a1326db01c2fbf595afac83b0a9ffb7225301fde659d6e40bf82d1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25168.exe

Filesize
184KB

MD5
948279477b102c821f4b667cf7d88015

SHA1
1bfdbd04b8e9800fc8fa8a911064b48a5ff3a1b2

SHA256
1c49faa2a3a5e836afbf13cdafed2f7e8f3861cf678efbb63c8bdc0651d91846

SHA512
b7bd4c47fdabea870240428279cef3a27c0465f5e509410e89be8d97d4a9f2cca69ed6148c08529bdf73b5b69ae799a2b4efae60983e02f5c58800b338f9ae4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29274.exe

Filesize
184KB

MD5
562bc2a7b571bd444561d8e4f18c5b85

SHA1
2d28a9183ed0e5fd337aedc1a241a5ca676d7e22

SHA256
e8216655d337b23de5f04c26c237536bc93f9e802fb3bd44948eaed68721c0ca

SHA512
633612fef99f746c734c3933c2516fd878036b64f6f73bc3c65cd9e89ad0527c83b1e9b65bd1ef95a3772fae55a2709f4fba1f1441a5f1c2c87bfbcad593ec43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33481.exe

Filesize
184KB

MD5
22297f9fe5babb6653adbde786e55836

SHA1
ac80c664c67a30d344aaef6d6cdd36cd6d47ef65

SHA256
eddd7f4b15d5d665ef93320079095bf2109c65dfbad4715fac16398351569a54

SHA512
d655c72a32a818c94d79c74773d2ccb8c1d9019b34fb002ccef530225c2f40ccdade3a11fe3d4906a1b7176f57db3dadfc07afe6cea15b7c81c3d925178bd559

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe

Filesize
184KB

MD5
4acd45ee7b9e16d458105807c1877905

SHA1
5a995d332be1feb22585b4d2381a5a57b5900db5

SHA256
77459b361f29feb95c5ca42d63710ab1a09d6222e78acf528cf4c3b1b12d52cc

SHA512
dbff4fe6cd2704616bced591f18676e7d7953c860093409d875018800c20afbd7f8d2aa91c43a5454237b756601e3c75c4a21d0cac2de70ccd02723b9e302dce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51536.exe

Filesize
184KB

MD5
fe9d5fa43d8c5eb9d7ed213823ef4987

SHA1
c6e5f858bfc33a43c167c930f996c2164c863728

SHA256
15e172ecd9d8a3683a1ab9449702b27a8cd47bf71fe7f3f1c20f044cee6ea576

SHA512
7b9eff4a81800367b67fbf598e649749af3b4b18b96f869fd8f1e64e848ce51435438ab1adbd88b550fc4d4534d5dc9996512cd76f134e8eb10ee3338cd0e5c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53202.exe

Filesize
184KB

MD5
12c5a5ca27d4d68458256195a23cd0b6

SHA1
5d8faf1a40f7ce1b4e78a1b3e6629c225a42523a

SHA256
6db615244394ea13c8b9de31bfe1b46d7f559ffe744e7ddb2dd67bd1aea65944

SHA512
0245be671b9c13f65b4545acdcbb64738c384392af6d06685ab536d1088a62c76a57c833f6ccd0fb412bccf89710726c5cffebb83a3a6c1ba2c2f2be373d4d20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe

Filesize
184KB

MD5
2e8ea1609f66d5542b1dd94c02519942

SHA1
6f5b8897ba5843fb6f33d305b70e4b9d63b6d3a9

SHA256
c7d726fd0d48d895b5fbd500aebde82e24fbf19888fcc09277caf0c8a14b1b48

SHA512
00d81298fe04852e243339914f164c31893014589a50640d2cbbccc3446b1e91370dac710f71a1ae6c9f38c3678aa70091234f56f38513b1ebbad9e15e488fec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55916.exe

Filesize
184KB

MD5
f2ab6b1178f7ad8f196d988c097cb380

SHA1
88dff45311cfc62fcc6dc015555f57d9c64379cf

SHA256
c78378cbba91662dbc8a68c73c412ae1cc004ef5082af813cb2cc3811c0759b3

SHA512
d760723d3d1c66f166c8b2b1b11e4acda8f3aab0c4fb857bae73a5cb603a6bdd85b7dda829f7fd52de8244bb0313c462b24233947ad7bf798a4a8d6b7b6b4b94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe

Filesize
184KB

MD5
9b5b680ae075df883eab344fce7ebe0f

SHA1
f28ac9696e037b92f6f7038e7557acaa26f11c58

SHA256
dec4944db23d6443ee8b1d1173e8349ddf8d52d620d4447ac646b35949baa6b5

SHA512
521041f593f9378f6e7da59060eee92c3c4f75e787db15a7bd4eb9058425a6b21d74e8cbe1348d2209d4b0a043bfe295646414dfd34c186ffbdf6fb4e10f0293

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads