4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 20:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
Size

184KB
MD5

3e41222816bd920ae2f7a0ef09b262ed
SHA1

74311010c09d90a5fc2ff0fcecc5aca5f9e33068
SHA256

4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50
SHA512

a9254b1854139c996be63f6e143d08da08e933248473a5a7d9504e6e5fe5f49d5a8da8a2ed7609e4a306a024d9bb2e9eb7d8cb27277c10b2b9b4f0dac79ecd3a
SSDEEP

3072:a926soon+juyZRDtKSnM8siz6lvnqnxiu3:a93o7aRDs83z6lPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2096	Unicorn-8584.exe
2640	Unicorn-2505.exe
2672	Unicorn-13366.exe
2512	Unicorn-17533.exe
2860	Unicorn-37399.exe
2432	Unicorn-23100.exe
2864	Unicorn-27093.exe
1724	Unicorn-50803.exe
1464	Unicorn-9862.exe
304	Unicorn-63055.exe
1616	Unicorn-60595.exe
1760	Unicorn-14923.exe
1604	Unicorn-14658.exe
1748	Unicorn-2925.exe
692	Unicorn-22791.exe
868	Unicorn-21482.exe
1204	Unicorn-41348.exe
1660	Unicorn-53600.exe
2500	Unicorn-12302.exe
2592	Unicorn-59630.exe
2472	Unicorn-46616.exe
2692	Unicorn-10521.exe
276	Unicorn-16652.exe
1912	Unicorn-45240.exe
2152	Unicorn-56101.exe
1224	Unicorn-21290.exe
1596	Unicorn-41156.exe
1800	Unicorn-6345.exe
548	Unicorn-215.exe
916	Unicorn-25374.exe
1156	Unicorn-31216.exe
1220	Unicorn-37347.exe
2012	Unicorn-33263.exe
1440	Unicorn-41985.exe
2688	Unicorn-3091.exe
2168	Unicorn-57767.exe
2900	Unicorn-18873.exe
2540	Unicorn-40669.exe
2632	Unicorn-28987.exe
2544	Unicorn-9121.exe
2120	Unicorn-39847.exe
2644	Unicorn-28987.exe
2528	Unicorn-64974.exe
2832	Unicorn-13589.exe
2488	Unicorn-13589.exe
2824	Unicorn-33190.exe
1888	Unicorn-13589.exe
2212	Unicorn-13589.exe
2056	Unicorn-27324.exe
1572	Unicorn-33455.exe
888	Unicorn-33455.exe
2412	Unicorn-33455.exe
112	Unicorn-33455.exe
1020	Unicorn-33455.exe
772	Unicorn-46439.exe
1580	Unicorn-46174.exe
1620	Unicorn-38271.exe
1728	Unicorn-46065.exe
2184	Unicorn-44092.exe
1032	Unicorn-65359.exe
1920	Unicorn-50222.exe
2336	Unicorn-7170.exe
592	Unicorn-19688.exe
2600	Unicorn-27232.exe

Loads dropped DLL 64 IoCs

pid	Process
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2096	Unicorn-8584.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2096	Unicorn-8584.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2096	Unicorn-8584.exe
2640	Unicorn-2505.exe
2096	Unicorn-8584.exe
2640	Unicorn-2505.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2672	Unicorn-13366.exe
2672	Unicorn-13366.exe
2512	Unicorn-17533.exe
2512	Unicorn-17533.exe
2096	Unicorn-8584.exe
2096	Unicorn-8584.exe
2860	Unicorn-37399.exe
2860	Unicorn-37399.exe
2640	Unicorn-2505.exe
2640	Unicorn-2505.exe
2432	Unicorn-23100.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2432	Unicorn-23100.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2672	Unicorn-13366.exe
2672	Unicorn-13366.exe
2864	Unicorn-27093.exe
2864	Unicorn-27093.exe
2512	Unicorn-17533.exe
1724	Unicorn-50803.exe
2512	Unicorn-17533.exe
1724	Unicorn-50803.exe
1464	Unicorn-9862.exe
1464	Unicorn-9862.exe
2096	Unicorn-8584.exe
2096	Unicorn-8584.exe
1604	Unicorn-14658.exe
1604	Unicorn-14658.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2672	Unicorn-13366.exe
1748	Unicorn-2925.exe
1748	Unicorn-2925.exe
2672	Unicorn-13366.exe
692	Unicorn-22791.exe
2864	Unicorn-27093.exe
692	Unicorn-22791.exe
2864	Unicorn-27093.exe
1760	Unicorn-14923.exe
2432	Unicorn-23100.exe
1760	Unicorn-14923.exe
2432	Unicorn-23100.exe
1616	Unicorn-60595.exe
2640	Unicorn-2505.exe
1616	Unicorn-60595.exe
2640	Unicorn-2505.exe
2860	Unicorn-37399.exe
2860	Unicorn-37399.exe
868	Unicorn-21482.exe
868	Unicorn-21482.exe
2512	Unicorn-17533.exe
2512	Unicorn-17533.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
2096	Unicorn-8584.exe
2640	Unicorn-2505.exe
2672	Unicorn-13366.exe
2512	Unicorn-17533.exe
2860	Unicorn-37399.exe
2432	Unicorn-23100.exe
2864	Unicorn-27093.exe
1724	Unicorn-50803.exe
1464	Unicorn-9862.exe
304	Unicorn-63055.exe
1604	Unicorn-14658.exe
1760	Unicorn-14923.exe
1616	Unicorn-60595.exe
1748	Unicorn-2925.exe
692	Unicorn-22791.exe
868	Unicorn-21482.exe
1204	Unicorn-41348.exe
1660	Unicorn-53600.exe
2500	Unicorn-12302.exe
2592	Unicorn-59630.exe
2472	Unicorn-46616.exe
2692	Unicorn-10521.exe
276	Unicorn-16652.exe
1912	Unicorn-45240.exe
1800	Unicorn-6345.exe
1596	Unicorn-41156.exe
916	Unicorn-25374.exe
548	Unicorn-215.exe
2152	Unicorn-56101.exe
1224	Unicorn-21290.exe
1156	Unicorn-31216.exe
1220	Unicorn-37347.exe
2012	Unicorn-33263.exe
2688	Unicorn-3091.exe
1440	Unicorn-41985.exe
2168	Unicorn-57767.exe
2644	Unicorn-28987.exe
2900	Unicorn-18873.exe
2212	Unicorn-13589.exe
2120	Unicorn-39847.exe
2488	Unicorn-13589.exe
2528	Unicorn-64974.exe
2540	Unicorn-40669.exe
2832	Unicorn-13589.exe
888	Unicorn-33455.exe
2056	Unicorn-27324.exe
2412	Unicorn-33455.exe
772	Unicorn-46439.exe
1624	Unicorn-40310.exe
1280	Unicorn-27232.exe
2184	Unicorn-44092.exe
2632	Unicorn-28987.exe
1996	Unicorn-18244.exe
1572	Unicorn-33455.exe
1728	Unicorn-46065.exe
1032	Unicorn-65359.exe
2668	Unicorn-63024.exe
3032	Unicorn-20709.exe
1424	Unicorn-38202.exe
3016	Unicorn-7768.exe
592	Unicorn-19688.exe
1960	Unicorn-63282.exe
1196	Unicorn-47383.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2096	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	28
PID 2872 wrote to memory of 2096	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	28
PID 2872 wrote to memory of 2096	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	28
PID 2872 wrote to memory of 2096	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	28
PID 2096 wrote to memory of 2640	2096	Unicorn-8584.exe	29
PID 2096 wrote to memory of 2640	2096	Unicorn-8584.exe	29
PID 2096 wrote to memory of 2640	2096	Unicorn-8584.exe	29
PID 2096 wrote to memory of 2640	2096	Unicorn-8584.exe	29
PID 2872 wrote to memory of 2672	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	30
PID 2872 wrote to memory of 2672	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	30
PID 2872 wrote to memory of 2672	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	30
PID 2872 wrote to memory of 2672	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	30
PID 2096 wrote to memory of 2512	2096	Unicorn-8584.exe	31
PID 2096 wrote to memory of 2512	2096	Unicorn-8584.exe	31
PID 2096 wrote to memory of 2512	2096	Unicorn-8584.exe	31
PID 2096 wrote to memory of 2512	2096	Unicorn-8584.exe	31
PID 2640 wrote to memory of 2860	2640	Unicorn-2505.exe	32
PID 2640 wrote to memory of 2860	2640	Unicorn-2505.exe	32
PID 2640 wrote to memory of 2860	2640	Unicorn-2505.exe	32
PID 2640 wrote to memory of 2860	2640	Unicorn-2505.exe	32
PID 2872 wrote to memory of 2432	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	33
PID 2872 wrote to memory of 2432	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	33
PID 2872 wrote to memory of 2432	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	33
PID 2872 wrote to memory of 2432	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	33
PID 2672 wrote to memory of 2864	2672	Unicorn-13366.exe	34
PID 2672 wrote to memory of 2864	2672	Unicorn-13366.exe	34
PID 2672 wrote to memory of 2864	2672	Unicorn-13366.exe	34
PID 2672 wrote to memory of 2864	2672	Unicorn-13366.exe	34
PID 2512 wrote to memory of 1724	2512	Unicorn-17533.exe	35
PID 2512 wrote to memory of 1724	2512	Unicorn-17533.exe	35
PID 2512 wrote to memory of 1724	2512	Unicorn-17533.exe	35
PID 2512 wrote to memory of 1724	2512	Unicorn-17533.exe	35
PID 2096 wrote to memory of 1464	2096	Unicorn-8584.exe	36
PID 2096 wrote to memory of 1464	2096	Unicorn-8584.exe	36
PID 2096 wrote to memory of 1464	2096	Unicorn-8584.exe	36
PID 2096 wrote to memory of 1464	2096	Unicorn-8584.exe	36
PID 2860 wrote to memory of 304	2860	Unicorn-37399.exe	37
PID 2860 wrote to memory of 304	2860	Unicorn-37399.exe	37
PID 2860 wrote to memory of 304	2860	Unicorn-37399.exe	37
PID 2860 wrote to memory of 304	2860	Unicorn-37399.exe	37
PID 2640 wrote to memory of 1616	2640	Unicorn-2505.exe	38
PID 2640 wrote to memory of 1616	2640	Unicorn-2505.exe	38
PID 2640 wrote to memory of 1616	2640	Unicorn-2505.exe	38
PID 2640 wrote to memory of 1616	2640	Unicorn-2505.exe	38
PID 2432 wrote to memory of 1760	2432	Unicorn-23100.exe	39
PID 2432 wrote to memory of 1760	2432	Unicorn-23100.exe	39
PID 2432 wrote to memory of 1760	2432	Unicorn-23100.exe	39
PID 2432 wrote to memory of 1760	2432	Unicorn-23100.exe	39
PID 2872 wrote to memory of 1604	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	40
PID 2872 wrote to memory of 1604	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	40
PID 2872 wrote to memory of 1604	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	40
PID 2872 wrote to memory of 1604	2872	4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe	40
PID 2672 wrote to memory of 1748	2672	Unicorn-13366.exe	41
PID 2672 wrote to memory of 1748	2672	Unicorn-13366.exe	41
PID 2672 wrote to memory of 1748	2672	Unicorn-13366.exe	41
PID 2672 wrote to memory of 1748	2672	Unicorn-13366.exe	41
PID 2864 wrote to memory of 692	2864	Unicorn-27093.exe	42
PID 2864 wrote to memory of 692	2864	Unicorn-27093.exe	42
PID 2864 wrote to memory of 692	2864	Unicorn-27093.exe	42
PID 2864 wrote to memory of 692	2864	Unicorn-27093.exe	42
PID 2512 wrote to memory of 868	2512	Unicorn-17533.exe	43
PID 2512 wrote to memory of 868	2512	Unicorn-17533.exe	43
PID 2512 wrote to memory of 868	2512	Unicorn-17533.exe	43
PID 2512 wrote to memory of 868	2512	Unicorn-17533.exe	43

C:\Users\Admin\AppData\Local\Temp\4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe
"C:\Users\Admin\AppData\Local\Temp\4fbb7d5dc89c41f584e1dce8c21595fb9bb8f151c100f0e6b59701ebf2bbfa50.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19465.exe
        7⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44794.exe
        7⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55016.exe
        7⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24696.exe
        7⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53934.exe
        7⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
        7⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57840.exe
        7⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17087.exe
        6⤵
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7083.exe
        6⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30205.exe
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48418.exe
        6⤵
        
        PID:1488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
        6⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        6⤵
        
        PID:2536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        6⤵
        
        PID:2328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
        6⤵
        
        PID:3796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40455.exe
        6⤵
        
        PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
        5⤵
        
        PID:300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42061.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52787.exe
        5⤵
        
        PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
        5⤵
        
        PID:3364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50985.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60395.exe
        5⤵
        
        PID:3884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6345.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61710.exe
        6⤵
        
        PID:2652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
        6⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
        5⤵
        
        PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
        5⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
        5⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
        5⤵
        
        PID:4092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-215.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
        5⤵
        
        PID:2508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30335.exe
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12396.exe
        5⤵
        
        PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5001.exe
        5⤵
        
        PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33190.exe
      4⤵
      Executes dropped EXE
      PID:2824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56770.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-893.exe
      4⤵
      PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55200.exe
      4⤵
      PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42460.exe
      4⤵
      PID:3568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
      4⤵
      PID:3780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46856.exe
      4⤵
      PID:1716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33263.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32250.exe
        6⤵
        
        PID:1836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9904.exe
        6⤵
        
        PID:2076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31001.exe
        6⤵
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
        6⤵
        
        PID:3336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
        6⤵
        
        PID:1364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11680.exe
        6⤵
        
        PID:2068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47904.exe
        6⤵
        
        PID:3476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44092.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62371.exe
        6⤵
        
        PID:3292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38006.exe
        6⤵
        
        PID:3724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-193.exe
        6⤵
        
        PID:3936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        5⤵
        
        PID:468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45335.exe
        5⤵
        
        PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31368.exe
        5⤵
        
        PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37347.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38271.exe
        6⤵
        Executes dropped EXE
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
        6⤵
        
        PID:2464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2447.exe
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        6⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45942.exe
        6⤵
        
        PID:2968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
        6⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
        6⤵
        
        PID:3120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49972.exe
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
        5⤵
        Executes dropped EXE
        
        PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15555.exe
        5⤵
        
        PID:2368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
        5⤵
        
        PID:3064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28640.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        5⤵
        
        PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31216.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46439.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63024.exe
        5⤵
        
        PID:1656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
        5⤵
        
        PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55406.exe
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
        5⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
        5⤵
        
        PID:3820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46174.exe
      4⤵
      Executes dropped EXE
      PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8422.exe
      4⤵
      PID:896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56085.exe
      4⤵
      PID:2624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47271.exe
      4⤵
      PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
      4⤵
      PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23301.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
      4⤵
      PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
      4⤵
      PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
      4⤵
      PID:4196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1464
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43320.exe
        5⤵
        
        PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64006.exe
        5⤵
        
        PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
        5⤵
        
        PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16560.exe
        5⤵
        
        PID:3152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32933.exe
        5⤵
        
        PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
        5⤵
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35174.exe
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3091.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19688.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
        5⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
        5⤵
        
        PID:296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48354.exe
        5⤵
        
        PID:1272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37398.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
        5⤵
        
        PID:3708
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40310.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24047.exe
      4⤵
      PID:2112
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39193.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52746.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60566.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27598.exe
      4⤵
      PID:3136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
      4⤵
      PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
      4⤵
      PID:3812
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18873.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
        5⤵
        
        PID:2940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62931.exe
        5⤵
        
        PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14606.exe
        5⤵
        
        PID:3440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
        5⤵
        
        PID:3700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
      4⤵
      PID:2108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
      4⤵
      PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
      4⤵
      PID:3228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40669.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
    3⤵
    PID:1212
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8298.exe
    3⤵
    PID:2868
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44899.exe
    3⤵
    PID:1640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49865.exe
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46660.exe
    3⤵
    PID:3548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35448.exe
    3⤵
    PID:3540
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1949.exe
    3⤵
    PID:2792
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62256.exe
    3⤵
    PID:3324
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45240.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        6⤵
        Executes dropped EXE
        
        PID:112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48799.exe
        6⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53031.exe
        6⤵
        
        PID:3892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64223.exe
        6⤵
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36952.exe
        6⤵
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53205.exe
        6⤵
        
        PID:3920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47581.exe
        6⤵
        
        PID:1520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe
        6⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28963.exe
        6⤵
        
        PID:4168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58233.exe
        5⤵
        
        PID:2008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-663.exe
        5⤵
        
        PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
        5⤵
        
        PID:3420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56101.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        5⤵
        
        PID:2004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20948.exe
        5⤵
        
        PID:1492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1256.exe
        5⤵
        
        PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56200.exe
        5⤵
        
        PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7170.exe
      4⤵
      Executes dropped EXE
      PID:2336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38355.exe
      4⤵
      PID:1944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61285.exe
      4⤵
      PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
      4⤵
      PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51734.exe
      4⤵
      PID:3756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16652.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
        5⤵
        Executes dropped EXE
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
        6⤵
        
        PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41155.exe
        5⤵
        
        PID:1460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41531.exe
        5⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25265.exe
        5⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27178.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        5⤵
        
        PID:3788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40794.exe
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
      4⤵
      PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
      4⤵
      PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51318.exe
      4⤵
      PID:2700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
      4⤵
      PID:2288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34023.exe
      4⤵
      PID:3876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
      4⤵
      PID:556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
      4⤵
      PID:3528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23363.exe
      4⤵
      PID:4220
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10521.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
    3⤵
    PID:568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
    3⤵
    PID:240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
    3⤵
    PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
    3⤵
    PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3452.exe
    3⤵
    PID:3768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47885.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65056.exe
    3⤵
    PID:3388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
        5⤵
        
        PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7768.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49364.exe
        5⤵
        
        PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11194.exe
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47795.exe
        5⤵
        
        PID:3584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
        5⤵
        
        PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
      4⤵
      Executes dropped EXE
      PID:1888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
        5⤵
        
        PID:4084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55386.exe
        5⤵
        
        PID:3600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
        5⤵
        
        PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38202.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15152.exe
        5⤵
        
        PID:3928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
        5⤵
        
        PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54164.exe
        5⤵
        
        PID:4204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16433.exe
      4⤵
      PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-363.exe
      4⤵
      PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
      4⤵
      PID:3740
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21290.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33455.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34964.exe
      4⤵
      PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64429.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
      4⤵
      PID:2516
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62266.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
      4⤵
      PID:3948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45320.exe
      4⤵
      PID:3576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19163.exe
      4⤵
      PID:4152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27324.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
    3⤵
    PID:2520
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31691.exe
    3⤵
    PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
    3⤵
    PID:3960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1604
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5052.exe
      4⤵
      PID:1512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48707.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31785.exe
      4⤵
      PID:3648
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9121.exe
    3⤵
    - Executes dropped EXE
    PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45986.exe
    3⤵
    PID:312
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44441.exe
    3⤵
    PID:1308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
    3⤵
    PID:4044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37458.exe
    3⤵
    PID:3616
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46616.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2472
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28987.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50222.exe
      4⤵
      Executes dropped EXE
      PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      4⤵
      PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27914.exe
        5⤵
        
        PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
        5⤵
        
        PID:3792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21144.exe
      4⤵
      PID:2172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42926.exe
      4⤵
      PID:4060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27232.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
      4⤵
      PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42328.exe
      4⤵
      PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51975.exe
      4⤵
      PID:1256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29823.exe
      4⤵
      PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27950.exe
      4⤵
      PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
      4⤵
      PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49921.exe
      4⤵
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
    3⤵
    PID:2708
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64394.exe
    3⤵
    PID:1056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52216.exe
    3⤵
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65032.exe
    3⤵
    PID:3128
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54464.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
    3⤵
    PID:964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30974.exe
    3⤵
    PID:3704
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64974.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2528
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
  2⤵
  PID:3036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-52304.exe
  2⤵
  PID:2160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
  2⤵
  PID:2296
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54065.exe
  2⤵
  PID:968
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44306.exe
  2⤵
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27252.exe
  2⤵
  PID:3684
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
  2⤵
  PID:3260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
  2⤵
  PID:3996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14923.exe

Filesize
184KB

MD5
9aa876a17ee2d46fec6990f4b55b2afe

SHA1
0ad9ade3a347a8d061057fe6fbbea3d35183c28f

SHA256
aae8cb39b97e3968eda946c433f400faffbf8952bbcbeb4417e5ac7463d3d474

SHA512
32d1ad3f649d2d3806f5cbd0237fcbc20266e216f5d65aa868128ca00db9f34ef91d9a2bdd4587f3acddba46cdc2308fd551d5e3abe64e5b6a275e70c91a7eda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe

Filesize
184KB

MD5
26075edec2f9a92bc10d4222796cd17e

SHA1
befcb7e21a685241dc20759492a336cb6d8dd2b8

SHA256
db493a81a1bf5f17de3d6f25ceb4571358d77a6ed1fd98c5d5a6804f876d60cd

SHA512
46e4fbd197593ca700bad8d6e2170cd39f85c151a1ba065cf5cc9ee4727d93871a6809ea64ba3310ced8228463c1b22a347bd3fe18cb308d2a061ab6ca6bb202

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2925.exe

Filesize
184KB

MD5
02308fb0bcded077a5f8a69452c1f534

SHA1
d5391d949574d84ce4710c24b295ba44709e69e5

SHA256
dd0968467219c4aaf59e0822f4a6fd0602bf9e673d64ab0ace14a0b5b5dcf9f7

SHA512
041b029cad329013d5eef12761fe3e42b6c4f0d422190af34e3f895fa711e8abfca4c309d60c133f72be00093af1440d0f57804f0a3464a4ab952af6802f65b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37399.exe

Filesize
184KB

MD5
aab39827606e8094f64803033f702ad5

SHA1
730fa14354eff90631ae8486c9a6df33c519ef65

SHA256
a905ea10e7360797e4e00f70c30a0345ef870514f37b9067eef1c1b166493db4

SHA512
314c467a1f158b0111ab91dc0f13620c8994eb8fe6aaf9dc6045c89b7e0015e611735e641c2d344eadadc14de971ba9ef72f3ab0d73591b89a0b2512f07e20da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39847.exe

Filesize
184KB

MD5
8b7c6567f933c8e19353bcff5e9cd94c

SHA1
c9e722fbb071e2cf916e6805dbd8a3b708c5d095

SHA256
db45e70af42e2d4ba6aa573ba3228231227ed5e198ad9af27090a11fedbfdfd5

SHA512
bc71d1ab09a13131666aee70f30cc63e2d146a7c55d5966c952dbe891111d65c584ff5cc907894d770e26e947a284e47868244b243400c1cceb762c1a511cf22

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41348.exe

Filesize
184KB

MD5
40ff0a4ab9e371d6236c9d875df182ee

SHA1
85d8a3c61951ef4c58ae4eff66f6e51329bebd32

SHA256
413011743ae4efca6463a2723bf1d9b5fe9d78da126564ba74f407db78aa9fdd

SHA512
f390877a8cba19fa5989035b9a880ded7ba44a8bacc23e0dbe47050b8be35b3d82a01d2bdc50b9f99c3a8e42922d8dc4c64c6fef59f294ba8ca0c9ab06a3625c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53414.exe

Filesize
184KB

MD5
aedf2eb151e6bd36b66f2f099fd1516f

SHA1
9c7d55f673afc92e0ba57d59606acff7af4fa432

SHA256
d79fb9e0edb7d45231097288a8082556671dfc743e5f4b87f3d27175fc8f7a0b

SHA512
014a1311de261aabf2e3a6b28268dad389c3f69e7f8868d9d7dd038cb6fc0562d1f55b6db98dbbeb4d27c6fe0ca0fe6c22710aaabd61c58acec1442b48c3c820

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53600.exe

Filesize
184KB

MD5
b502beeade40272dda2c254e4f973df8

SHA1
66d91f17c223f393fc984a7678424a002768528d

SHA256
75be51b40ac02b158f53d0965bb2b6a7d36749aead1735d7e893d49bb6c8548d

SHA512
16dd8facf1d97f3b0e8d613a9df54e7fce957f3fa8d96e4ad8bb0eae88f595cbcbc1b57abeeeb8b6a521927204cb16254199f190a1ce3575eefe6a057856a53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60595.exe

Filesize
184KB

MD5
7c4b09f3181a5bfaa92afd1c9550bbd8

SHA1
712bd2e8c0a8d5679dd79eced94eb6f9b19fad0d

SHA256
7c60ce11a4898f23f326c525b20c445bb5c4b9ee5181cea5bc2f9c9ea8f21e85

SHA512
d8279fdb6334fb63a89e59be2d5ab4931ea875a460261406a7e9531e7316fbdf9528a21284d6d393c452296f234df901b362d364b5b12a82a3bf007af9a9ed0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63055.exe

Filesize
184KB

MD5
59600133143ad07517c0fc45d01ece43

SHA1
88f0e2e0251d974342b5cb2111f44b1ef2ca040c

SHA256
6d74bd65acc2fea8b78f46802d4e3f84d8e865abf8de1815df001482c5346587

SHA512
7008e73ef7802d8a2c977a5c64738617ea9590c4921cc322fd4884bcf2e088b6b6f1e90913519205ba38bcdb13140a8de82b142d8125f84b3d1663567d6ed1f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-784.exe

Filesize
184KB

MD5
ed57205b579c21fa8feea084ee0d8af4

SHA1
42a1601a61757992cc7a2da3e8c2af772901c343

SHA256
5dbb000ac8b62948470c9ba308c5cb0da535945348b12b569cc818eff4426c07

SHA512
a474825ae1dd80c7c8e20a0882f467a31639d80e5e74142aa1a16c3a3ea5f139675f03789c9c1814e009dd7e40632b955428700393e91dfe7763e164643ff9d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9862.exe

Filesize
184KB

MD5
d44a81b4b345771ccdccddc4583e487e

SHA1
7244633ee6ae6892060d31cf0663fa607930f841

SHA256
56948cad4ee721488e9a44a7f7542ad5c2492ce84adbaa44e264a2243c9e43fc

SHA512
a4e5223e9d6e948a200b18e409bd42fec57e87807ca4652e2e17666e5a9e619e2265acd4d98827c614bf576fab4a09214c0752f619c77eed219cc7b6a916f19a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe

Filesize
184KB

MD5
c7fe659ef454395b3358c6ef69d6153a

SHA1
aa0a34f4c84684a1735bc913e11d5db8a4d7fccb

SHA256
546ee30c1724ba45f932e23d4238d1f0484f03894ad9cf96dd294fc8dc732f00

SHA512
729280e6856b8fbd0e87af674e08b7154b49c058d47d1c2d9f934cb928f152f1c66184d648fb79517263c013a69121d0a7d4248e2e2a5bd64989c765f7947087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe

Filesize
184KB

MD5
6d1df4684bbdeb68e4ff4cb1aab66b34

SHA1
fbe746f2ecf44cb7132a289be0e19ca4aa42caf2

SHA256
c9fffb1cc189d32a160bf738f7af772532d6aba165ffcda711e78eaccc31b5b0

SHA512
581985272477a55b6c3243cf0cc1b402568ce13e7af569dc38708e8615e8be086ab0112da07f89d64542d6def7d608474c3f62cd15c2f7dc98c6988390baaa92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe

Filesize
184KB

MD5
3ecff6c488b7b51ba67856dca8030266

SHA1
24a4a4f4daf5547c0d4bbb7f9ac3f57ddeab9bed

SHA256
63cd13b774cfb80fff8a6d5ad0a4c85d986c1f94554219bcbd631e7577729882

SHA512
f134bb512fef8a5460ec0887b89339581a0d6fcebba43d78944dd873cea60cf379d58c514511037c95afcc00afe7fe13b3d2e20491b1a8bdb45656837920d451

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17533.exe

Filesize
184KB

MD5
ae4e57ad8cd649d38cbf57b95a402427

SHA1
78f385d235f35a6d25c2a71d026114d5502eac83

SHA256
65a997c50940d63e587980a932f4070c291c212a5a12dc8ea41b02851f78b31a

SHA512
f068b2b096a3fdfa10f4e8a0f7948604972344b566478f77c03104e62ffeaeef39a5a4a4c74a79ee7c77f7dcbfb34c271a8c181a87ff13bf7c95a0ab54055998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe

Filesize
184KB

MD5
047094d99320e9a1b0b08906d77f22f7

SHA1
b7cedc582a7f0205055b9e006a6cc47476203aa5

SHA256
9cbbd8769c9dd00420ac128d13f9516450f33e4c70ece55e7da3b65e4397f485

SHA512
f618bc48934e89630063730b2e7b997f14fc705ddfd6d08775318abe2297fe18579058422bdf5a4ec5d68392750d24013632ba54ee6f306651a3b464504c5a7b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22791.exe

Filesize
184KB

MD5
961032e34f190aa2b37e444f58c40e25

SHA1
c28017cd03a359a19ba0b855e204d69a70709986

SHA256
867999248d12c549b2f200748fc943cfd2477602c7b07a3ad1aa3121e70ca3c5

SHA512
10566313c8ee7f3aa2de3b5552fcdf50c635a4158ae9b8e5c11c3beee9c9d2b9ef96104439570aa9e3264bfed940cf23013ac7886d2848f1292c0a263a815579

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2505.exe

Filesize
184KB

MD5
d27d79df6e1758760ab7dcd60af0466b

SHA1
99949ca8e2b62f438dc576b9567daf6d6c03082d

SHA256
63623c7ff0f5ff12d256366e43c1111191d2304121c5a94a621645ed12f18661

SHA512
750e8ded22c74832dbabd937016dcbbc19bfd6ee504d24372ffe62fe657e8fba933c4954b1285b5157c7f88d521955e2bb5a55ec19a5451b0e8f3d9972e035f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27093.exe

Filesize
184KB

MD5
5d031206d33d25289af9de15303d6240

SHA1
ad74937efc62329ff51a545cb9c2c90e3cc96732

SHA256
0ce3d2a12ecc91e42da0eb8b1412605bc204f8d1447c5b1d5839d2e1baee1eb4

SHA512
08620a69f770631206ff87c878d266a836bc45b442468a9d467b10caa6c86606ed1c3127cfd4825dd4a8cb1a3faf174d8d480f6fd7e9612c00704d3a5c421b70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe

Filesize
184KB

MD5
01489276063f59497778ab9b3f183af8

SHA1
73817198df560caf91810ba3cdba326b32728fc8

SHA256
60f374efa34cd965fdb2908b9e61ca1a280d636b1d95729b05687a7013062266

SHA512
c2f460f418d90eb4b66718aebd82471320a3aeca7ea238a457c9a5e16b4f762ec92e44db0ed6e03a6b53286b08d97838dfc1e292e8d187d6c8073c212ac5fbec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8584.exe

Filesize
184KB

MD5
cd6cf8fe39cb970a6faac4c0acf206c6

SHA1
77792d61c02dece57ab2595263075fd35c0c5291

SHA256
57acd18eff0aa8ab94a13dc0bb26acb296ecaed42070957ab433dce6162af9cf

SHA512
180adc68b7d4b6317afcbfdf805147434c598188ed2de560a10bc2e30836d2591c182912b5c4c5e0c305eb5f64f0eb1df2236f05b3ba3241b32843e4785bc95f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads