06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7

Analysis

max time kernel
151s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18-04-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
Size

184KB
MD5

598184611e051409f85832a6b846d4bc
SHA1

961e67bc97371131506d937b5b706f50ddd3c80a
SHA256

06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7
SHA512

192ecc02cae3c74f86a973c34964bc7e06d3f1dfa473a5c283753f805db1f992df448b74b951cf58e5751853ae7b66f51fb6b42a148e4ab718ad6720765809f1
SSDEEP

3072:4SffBkontdJ7zl2tWSr8PdAN6vNqnviuf:4SqoN/l2v81AN6Vqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3044	Unicorn-23060.exe
2684	Unicorn-12198.exe
2568	Unicorn-61954.exe
2644	Unicorn-24534.exe
2552	Unicorn-36786.exe
2584	Unicorn-8752.exe
2948	Unicorn-61382.exe
2724	Unicorn-35800.exe
2768	Unicorn-24102.exe
340	Unicorn-62696.exe
1680	Unicorn-56988.exe
2204	Unicorn-45705.exe
364	Unicorn-38514.exe
528	Unicorn-11606.exe
2504	Unicorn-29277.exe
2864	Unicorn-40735.exe
320	Unicorn-59764.exe
2248	Unicorn-42489.exe
2256	Unicorn-53350.exe
552	Unicorn-30791.exe
2056	Unicorn-56779.exe
1824	Unicorn-19931.exe
1152	Unicorn-64947.exe
1556	Unicorn-5540.exe
1672	Unicorn-36267.exe
2312	Unicorn-62909.exe
964	Unicorn-1462.exe
2316	Unicorn-23750.exe
1624	Unicorn-45203.exe
960	Unicorn-33505.exe
2228	Unicorn-61238.exe
1740	Unicorn-24381.exe
2300	Unicorn-3869.exe
1760	Unicorn-53625.exe
1600	Unicorn-41180.exe
1636	Unicorn-2271.exe
1764	Unicorn-47388.exe
1736	Unicorn-45342.exe
2632	Unicorn-62141.exe
2540	Unicorn-24638.exe
2620	Unicorn-24949.exe
2412	Unicorn-2655.exe
2464	Unicorn-59262.exe
2408	Unicorn-57886.exe
2664	Unicorn-64108.exe
2488	Unicorn-37201.exe
2740	Unicorn-31244.exe
2904	Unicorn-4601.exe
2392	Unicorn-27160.exe
2736	Unicorn-11378.exe
1952	Unicorn-55748.exe
776	Unicorn-35882.exe
1032	Unicorn-49618.exe
1812	Unicorn-30282.exe
1504	Unicorn-55748.exe
788	Unicorn-55618.exe
1976	Unicorn-35882.exe
2452	Unicorn-55618.exe
1988	Unicorn-3816.exe
2712	Unicorn-3039.exe
2484	Unicorn-55618.exe
540	Unicorn-9946.exe
1144	Unicorn-9946.exe
2028	Unicorn-57009.exe

Loads dropped DLL 64 IoCs

pid	Process
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2684	Unicorn-12198.exe
2568	Unicorn-61954.exe
3044	Unicorn-23060.exe
2684	Unicorn-12198.exe
2568	Unicorn-61954.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2644	Unicorn-24534.exe
2644	Unicorn-24534.exe
2684	Unicorn-12198.exe
2684	Unicorn-12198.exe
2552	Unicorn-36786.exe
2552	Unicorn-36786.exe
2568	Unicorn-61954.exe
2568	Unicorn-61954.exe
3044	Unicorn-23060.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2584	Unicorn-8752.exe
2584	Unicorn-8752.exe
2948	Unicorn-61382.exe
2948	Unicorn-61382.exe
2724	Unicorn-35800.exe
2644	Unicorn-24534.exe
2724	Unicorn-35800.exe
2644	Unicorn-24534.exe
1680	Unicorn-56988.exe
2584	Unicorn-8752.exe
1680	Unicorn-56988.exe
2584	Unicorn-8752.exe
2552	Unicorn-36786.exe
2552	Unicorn-36786.exe
2568	Unicorn-61954.exe
2568	Unicorn-61954.exe
2204	Unicorn-45705.exe
2204	Unicorn-45705.exe
2684	Unicorn-12198.exe
2684	Unicorn-12198.exe
2768	Unicorn-24102.exe
2768	Unicorn-24102.exe
528	Unicorn-11606.exe
528	Unicorn-11606.exe
340	Unicorn-62696.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
340	Unicorn-62696.exe
3044	Unicorn-23060.exe
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
2504	Unicorn-29277.exe
2504	Unicorn-29277.exe
2948	Unicorn-61382.exe
2948	Unicorn-61382.exe
320	Unicorn-59764.exe
320	Unicorn-59764.exe
2644	Unicorn-24534.exe
2644	Unicorn-24534.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3032	2464	WerFault.exe	70

Suspicious use of SetWindowsHookEx 45 IoCs

pid	Process
2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
3044	Unicorn-23060.exe
2684	Unicorn-12198.exe
2568	Unicorn-61954.exe
2644	Unicorn-24534.exe
2552	Unicorn-36786.exe
2584	Unicorn-8752.exe
2948	Unicorn-61382.exe
2724	Unicorn-35800.exe
2768	Unicorn-24102.exe
1680	Unicorn-56988.exe
340	Unicorn-62696.exe
364	Unicorn-38514.exe
2204	Unicorn-45705.exe
2504	Unicorn-29277.exe
528	Unicorn-11606.exe
320	Unicorn-59764.exe
2864	Unicorn-40735.exe
2248	Unicorn-42489.exe
2256	Unicorn-53350.exe
1152	Unicorn-64947.exe
1824	Unicorn-19931.exe
1624	Unicorn-45203.exe
2056	Unicorn-56779.exe
960	Unicorn-33505.exe
1672	Unicorn-36267.exe
964	Unicorn-1462.exe
1556	Unicorn-5540.exe
2316	Unicorn-23750.exe
2312	Unicorn-62909.exe
2228	Unicorn-61238.exe
1740	Unicorn-24381.exe
1760	Unicorn-53625.exe
2300	Unicorn-3869.exe
1600	Unicorn-41180.exe
1736	Unicorn-45342.exe
1636	Unicorn-2271.exe
1764	Unicorn-47388.exe
2540	Unicorn-24638.exe
2632	Unicorn-62141.exe
2464	Unicorn-59262.exe
2412	Unicorn-2655.exe
2024	Unicorn-9946.exe
1800	Unicorn-58140.exe
2408	Unicorn-57886.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 3044	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	28
PID 2956 wrote to memory of 3044	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	28
PID 2956 wrote to memory of 3044	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	28
PID 2956 wrote to memory of 3044	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	28
PID 3044 wrote to memory of 2684	3044	Unicorn-23060.exe	29
PID 3044 wrote to memory of 2684	3044	Unicorn-23060.exe	29
PID 3044 wrote to memory of 2684	3044	Unicorn-23060.exe	29
PID 3044 wrote to memory of 2684	3044	Unicorn-23060.exe	29
PID 2956 wrote to memory of 2568	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	30
PID 2956 wrote to memory of 2568	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	30
PID 2956 wrote to memory of 2568	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	30
PID 2956 wrote to memory of 2568	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	30
PID 2684 wrote to memory of 2644	2684	Unicorn-12198.exe	31
PID 2684 wrote to memory of 2644	2684	Unicorn-12198.exe	31
PID 2684 wrote to memory of 2644	2684	Unicorn-12198.exe	31
PID 2684 wrote to memory of 2644	2684	Unicorn-12198.exe	31
PID 2568 wrote to memory of 2552	2568	Unicorn-61954.exe	32
PID 2568 wrote to memory of 2552	2568	Unicorn-61954.exe	32
PID 2568 wrote to memory of 2552	2568	Unicorn-61954.exe	32
PID 2568 wrote to memory of 2552	2568	Unicorn-61954.exe	32
PID 3044 wrote to memory of 2584	3044	Unicorn-23060.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-23060.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-23060.exe	33
PID 3044 wrote to memory of 2584	3044	Unicorn-23060.exe	33
PID 2956 wrote to memory of 2948	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	34
PID 2956 wrote to memory of 2948	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	34
PID 2956 wrote to memory of 2948	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	34
PID 2956 wrote to memory of 2948	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	34
PID 2644 wrote to memory of 2724	2644	Unicorn-24534.exe	35
PID 2644 wrote to memory of 2724	2644	Unicorn-24534.exe	35
PID 2644 wrote to memory of 2724	2644	Unicorn-24534.exe	35
PID 2644 wrote to memory of 2724	2644	Unicorn-24534.exe	35
PID 2684 wrote to memory of 2768	2684	Unicorn-12198.exe	36
PID 2684 wrote to memory of 2768	2684	Unicorn-12198.exe	36
PID 2684 wrote to memory of 2768	2684	Unicorn-12198.exe	36
PID 2684 wrote to memory of 2768	2684	Unicorn-12198.exe	36
PID 2552 wrote to memory of 1680	2552	Unicorn-36786.exe	37
PID 2552 wrote to memory of 1680	2552	Unicorn-36786.exe	37
PID 2552 wrote to memory of 1680	2552	Unicorn-36786.exe	37
PID 2552 wrote to memory of 1680	2552	Unicorn-36786.exe	37
PID 2568 wrote to memory of 340	2568	Unicorn-61954.exe	38
PID 2568 wrote to memory of 340	2568	Unicorn-61954.exe	38
PID 2568 wrote to memory of 340	2568	Unicorn-61954.exe	38
PID 2568 wrote to memory of 340	2568	Unicorn-61954.exe	38
PID 3044 wrote to memory of 2204	3044	Unicorn-23060.exe	39
PID 3044 wrote to memory of 2204	3044	Unicorn-23060.exe	39
PID 3044 wrote to memory of 2204	3044	Unicorn-23060.exe	39
PID 3044 wrote to memory of 2204	3044	Unicorn-23060.exe	39
PID 2956 wrote to memory of 528	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	40
PID 2956 wrote to memory of 528	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	40
PID 2956 wrote to memory of 528	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	40
PID 2956 wrote to memory of 528	2956	06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe	40
PID 2584 wrote to memory of 364	2584	Unicorn-8752.exe	41
PID 2584 wrote to memory of 364	2584	Unicorn-8752.exe	41
PID 2584 wrote to memory of 364	2584	Unicorn-8752.exe	41
PID 2584 wrote to memory of 364	2584	Unicorn-8752.exe	41
PID 2948 wrote to memory of 2504	2948	Unicorn-61382.exe	42
PID 2948 wrote to memory of 2504	2948	Unicorn-61382.exe	42
PID 2948 wrote to memory of 2504	2948	Unicorn-61382.exe	42
PID 2948 wrote to memory of 2504	2948	Unicorn-61382.exe	42
PID 2724 wrote to memory of 2864	2724	Unicorn-35800.exe	43
PID 2724 wrote to memory of 2864	2724	Unicorn-35800.exe	43
PID 2724 wrote to memory of 2864	2724	Unicorn-35800.exe	43
PID 2724 wrote to memory of 2864	2724	Unicorn-35800.exe	43

C:\Users\Admin\AppData\Local\Temp\06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe
"C:\Users\Admin\AppData\Local\Temp\06b4a48f55b985d4a18693089d9900a41ffd3f02a694b038e9a63a391a4b90c7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3869.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        8⤵
        Executes dropped EXE
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        8⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10120.exe
        8⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        8⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        7⤵
        Executes dropped EXE
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        7⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57232.exe
        7⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64086.exe
        7⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6529.exe
        7⤵
        
        PID:3712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53625.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        7⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
        7⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        7⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        7⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18977.exe
        7⤵
        
        PID:3584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
        6⤵
        Executes dropped EXE
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
        6⤵
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53497.exe
        6⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50457.exe
        6⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
        6⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
        6⤵
        
        PID:3244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60140.exe
        6⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27521.exe
        6⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9946.exe
        7⤵
        Executes dropped EXE
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        7⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        7⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10981.exe
        7⤵
        
        PID:3656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
        6⤵
        Executes dropped EXE
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2441.exe
        6⤵
        
        PID:3052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
        6⤵
        
        PID:2756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        6⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
        6⤵
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48327.exe
        6⤵
        
        PID:3340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46033.exe
        6⤵
        
        PID:3700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        6⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57009.exe
        6⤵
        Executes dropped EXE
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        6⤵
        
        PID:3000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
        6⤵
        
        PID:108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-360.exe
        6⤵
        
        PID:3540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48178.exe
        6⤵
        
        PID:3320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20589.exe
        6⤵
        
        PID:3848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        6⤵
        
        PID:3472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
        6⤵
        
        PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38846.exe
        5⤵
        
        PID:2236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
        5⤵
        
        PID:1000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
        5⤵
        
        PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
        5⤵
        
        PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        5⤵
        
        PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        5⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
        6⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
        6⤵
        
        PID:1984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6555.exe
        6⤵
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
        6⤵
        
        PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11378.exe
        5⤵
        Executes dropped EXE
        
        PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8803.exe
        5⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51999.exe
        5⤵
        
        PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64947.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24638.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        6⤵
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
        6⤵
        
        PID:672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47615.exe
        6⤵
        
        PID:3624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        6⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        6⤵
        
        PID:3992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25286.exe
        6⤵
        
        PID:3924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
        6⤵
        
        PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
        5⤵
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        
        PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        5⤵
        
        PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        5⤵
        
        PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
        5⤵
        
        PID:3536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9749.exe
        5⤵
        
        PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        5⤵
        
        PID:956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55256.exe
        5⤵
        
        PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
      4⤵
      Executes dropped EXE
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57771.exe
      4⤵
      PID:3012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
      4⤵
      PID:2208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
      4⤵
      PID:3392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
      4⤵
      PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
      4⤵
      PID:3276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14203.exe
      4⤵
      PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24721.exe
      4⤵
      PID:3996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12140.exe
        6⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
        7⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35351.exe
        7⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19590.exe
        7⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4666.exe
        6⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32980.exe
        5⤵
        
        PID:868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43501.exe
        5⤵
        
        PID:648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1440.exe
        5⤵
        
        PID:948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54066.exe
        5⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32120.exe
        5⤵
        
        PID:3688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37657.exe
        5⤵
        
        PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
        6⤵
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        6⤵
        
        PID:2528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
        6⤵
        
        PID:3836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53685.exe
        6⤵
        
        PID:3136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58140.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        
        PID:2132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        5⤵
        
        PID:324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64596.exe
        5⤵
        
        PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39111.exe
        5⤵
        
        PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3620.exe
        5⤵
        
        PID:584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25993.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13348.exe
        5⤵
        
        PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
      4⤵
      PID:1268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
      4⤵
      PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58342.exe
      4⤵
      PID:2520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
      4⤵
      PID:3344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
      4⤵
      PID:3188
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
      4⤵
      PID:1476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
      4⤵
      PID:4080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19931.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27160.exe
        5⤵
        Executes dropped EXE
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        
        PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        5⤵
        
        PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
        5⤵
        
        PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
        5⤵
        
        PID:3732
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        5⤵
        
        PID:332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9320.exe
        5⤵
        
        PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
      4⤵
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17434.exe
      4⤵
      PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
      4⤵
      PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
      4⤵
      PID:3404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
      4⤵
      PID:3980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23750.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2655.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33549.exe
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42508.exe
        5⤵
        
        PID:3920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11855.exe
        5⤵
        
        PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
      4⤵
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
      4⤵
      PID:2068
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
      4⤵
      PID:3352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
      4⤵
      PID:3292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17163.exe
      4⤵
      PID:3644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59262.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2464
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 188
      4⤵
      Program crash
      PID:3032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53064.exe
    3⤵
    PID:2728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5739.exe
    3⤵
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19014.exe
    3⤵
    PID:2808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
    3⤵
    PID:3972
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
    3⤵
    PID:3932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6809.exe
    3⤵
    PID:2704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60747.exe
    3⤵
    PID:2120
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
    3⤵
    PID:4304
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2271.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39146.exe
        7⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24475.exe
        7⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21988.exe
        7⤵
        
        PID:3428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19245.exe
        6⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        6⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
        6⤵
        
        PID:2588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
        6⤵
        
        PID:3632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41887.exe
        6⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
        6⤵
        
        PID:4136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62141.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
        6⤵
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63371.exe
        6⤵
        
        PID:1844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41305.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21548.exe
        6⤵
        
        PID:3660
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58184.exe
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
        6⤵
        
        PID:940
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        5⤵
        
        PID:1868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
        5⤵
        
        PID:1496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46603.exe
        5⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6103.exe
        5⤵
        
        PID:3088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
      4⤵
      Executes dropped EXE
      PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-749.exe
      4⤵
      PID:2556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
      4⤵
      PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22910.exe
      4⤵
      PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11702.exe
      4⤵
      PID:3888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64341.exe
      4⤵
      PID:3776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
      4⤵
      PID:908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
      4⤵
      PID:4296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62909.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3039.exe
        5⤵
        Executes dropped EXE
        
        PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54243.exe
        5⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        5⤵
        
        PID:772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        5⤵
        
        PID:3228
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38254.exe
        5⤵
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55618.exe
      4⤵
      Executes dropped EXE
      PID:788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48353.exe
      4⤵
      PID:2348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20414.exe
      4⤵
      PID:2104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49361.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65244.exe
      4⤵
      PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50361.exe
      4⤵
      PID:4376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56779.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
      4⤵
      Executes dropped EXE
      PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58664.exe
      4⤵
      PID:2900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
      4⤵
      PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
      4⤵
      PID:2640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44766.exe
      4⤵
      PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57211.exe
      4⤵
      PID:3476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42281.exe
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
      4⤵
      PID:4316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37201.exe
    3⤵
    - Executes dropped EXE
    PID:2488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4062.exe
    3⤵
    PID:1644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54211.exe
    3⤵
    PID:1768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40545.exe
    3⤵
    PID:2516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23765.exe
    3⤵
    PID:3944
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2940.exe
    3⤵
    PID:4028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45203.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        5⤵
        Executes dropped EXE
        
        PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
        5⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18005.exe
        5⤵
        
        PID:2676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        5⤵
        
        PID:3376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27099.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
        5⤵
        
        PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
      4⤵
      Executes dropped EXE
      PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62441.exe
      4⤵
      PID:864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16726.exe
      4⤵
      PID:3456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27516.exe
      4⤵
      PID:3592
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
      4⤵
      Executes dropped EXE
      PID:1504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48706.exe
      4⤵
      PID:2388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
      4⤵
      PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
      4⤵
      PID:3212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
      4⤵
      PID:1004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49618.exe
    3⤵
    - Executes dropped EXE
    PID:1032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13267.exe
    3⤵
    PID:1820
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5209.exe
    3⤵
    PID:2924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
    3⤵
    PID:3104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
    3⤵
    PID:4056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26796.exe
    3⤵
    PID:3180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40698.exe
    3⤵
    PID:3696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36267.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
      4⤵
      Executes dropped EXE
      PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59204.exe
      4⤵
      PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10861.exe
      4⤵
      PID:3440
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
      4⤵
      PID:696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
    3⤵
    - Executes dropped EXE
    PID:776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
    3⤵
    PID:2920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13874.exe
    3⤵
    PID:2108
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40015.exe
    3⤵
    PID:912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28230.exe
    3⤵
    PID:3936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29806.exe
    3⤵
    PID:3884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35680.exe
    3⤵
    PID:3512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
    3⤵
    PID:2796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43170.exe
    3⤵
    PID:4288
- C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:964
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55748.exe
    3⤵
    - Executes dropped EXE
    PID:1952
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
    3⤵
    PID:1712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
    3⤵
    PID:624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28768.exe
    3⤵
    PID:3804
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
    3⤵
    PID:3728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
    3⤵
    PID:2232
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30282.exe
  2⤵
  - Executes dropped EXE
  PID:1812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5132.exe
  2⤵
  PID:1216
- C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
  2⤵
  PID:2992
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23876.exe
  2⤵
  PID:3116
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55577.exe
  2⤵
  PID:4064
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
  2⤵
  PID:3268
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64499.exe
  2⤵
  PID:3816
- C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-44482.exe
  2⤵
  PID:4092

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe

Filesize
184KB

MD5
3573347c5ebc5899886512864684485b

SHA1
de7f61fab4fed35590556f4328e8581d966b55c5

SHA256
8e7a1971b7f43430e806ed37dd63c22120f8901a65ef5fa4ee3b35c995749880

SHA512
c9ce9bca605332ce902425356a4db0220ca3f2eac29ef8978a3be64b714b7b9965ab86baae385fa3dd00a9141d437b894f1c5cc23043d7929b07c07f4544e12c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe

Filesize
184KB

MD5
ceb1230523e9f03c7837563f19f7572e

SHA1
106882e7f2dbd775e07980bae14ad76e7923d4d5

SHA256
4f3fe4add8114d1b14c5dd326aecf2837392c7b8240ccb91bd6de341ab6cf88a

SHA512
327d779e1289538b48c293582764ac4a5c03f891916d4c1e0aea75babf0b9ecfdf41955b215735b9c458e96032f06132a76efceb2cf3f2b84f124dd6b076cd47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1462.exe

Filesize
184KB

MD5
df167d4f6b34492336cce222c5bbe608

SHA1
cf42a5baa59e81ef16c7e3a84096500a3e6247dd

SHA256
80d3c63b7fc99275a828a154d17b331c1fa3f12493ef6e1b2e2bbf8d69e636d8

SHA512
ca2766eae80b64ec4cddfe898596e1558955903389394d7c9603dee05c6bfbe7d74e616cb1b07debaac537ba95f92dfce343b5b019532e529876c31369638baf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24534.exe

Filesize
184KB

MD5
3c09521777126fae37f2d9a55cf35172

SHA1
19dcde432c8844ae4871cd65e13ac451f3e52fc9

SHA256
9ffc9ff5271eeac7719660cd050a3701b776c3964bfae484e2f6f7757da4e432

SHA512
e9489a64b1588ab7741ba47640bb17cf8a6093988c4a4449c6472f87f2087856fc2faaaec3ecb699c2b982b993c535141e4d540c2e7b6847c1cd9b39eed368d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe

Filesize
184KB

MD5
2238b922756bdbcb25b1b512bb379a6d

SHA1
29b14e80f04fb110531a8cb804f18e92c53a4835

SHA256
2ede3ee20538c09644347bc27d2c1d801910c76e66be9ae6fe65cb2b1fbe75fa

SHA512
bc922b8182b79b19d92bad473ebdabfe6b7b8f6aabbf575ccbffd13b5d1960bbd795f931e5240c47bad408dcbaeb112866b7bdcb8402fed2b74541968f1739ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36786.exe

Filesize
184KB

MD5
3c7f34b555edeb99fbc8ca3d78dc6e10

SHA1
1d00da8f6dcd3184672d187f5948037452a372ad

SHA256
5c2d055ae0efc68845b4e6a722510fecf53dc428a62cd5b3d967819a2e25230c

SHA512
b484b9e1de554b56cc29c244b3d4230ce1117493a2b8d370aa63143025f52875a172a2ceb2378b9e41e5732ef160363e461161c01aacba5dea497ac5bde7a792

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38514.exe

Filesize
184KB

MD5
eab81c5af613ddc882f201391d0e3f93

SHA1
c4a3fb8b30f6e5794448797c781371626ef9187f

SHA256
630b48a45ec21d2b741484f8ec5431ce1a02ea0ae237edba2944d47534e8dd54

SHA512
cfa01afda7deea0add78207e3abf6d2a9b93fe53037e04d9261ad72a1dc8cffdb7c3b4d7b19c5fd7947bfaf902e6719f1ee7206755542bd13ada69551bf73718

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42489.exe

Filesize
184KB

MD5
daef183008c90b1ab1410f105a29455c

SHA1
4a3e1cba91f9477de2556f8f0c720d134ab1171f

SHA256
200af8f5e5a75ff8a0d633933f9ba29ed5e731f47f08f30dfc08e95159ae5ee9

SHA512
0ae849fb951d2c9ebf428753a141370ec5bb1c0c06ca03daa72416b52d0baac41ebf7d1f517d4ca94a15282e5f9abb95f752281ffe1433063a7fe1e528ace974

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45705.exe

Filesize
184KB

MD5
1c65db3e2a0f7d2a6ec206fadbbe4a6e

SHA1
36f3d02d64e65744b35c122f822cb49b4f54db16

SHA256
97e666909aed94df80320b870e681125d83fe1e7155eac6f9b0084423f3bd839

SHA512
5735d8597affd0e48ef2aa85f0c2b79d16b0cdade6d91e1b0daf5ad74cf83888edd7ae3ceeb68e192608c5e4aec1556297151ada519b9188b5bbe7cfdf0766b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe

Filesize
184KB

MD5
6d31792c8057ef5d3883989b6c6441b4

SHA1
3601fb87e1c692b309690ed18e5a33f141a78dbf

SHA256
4783c8887a95f61e9892b503e03d9422de961edbcc65297bc9025a214c2df348

SHA512
5fe076f18f6fc81ec3c8ab312024b5c11b06391458e399d47e3b8fa699a0969a89e9f247cd82b90e003e7f79b6de7ac86194f0dc24d6ae140ca033ecd4fae479

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe

Filesize
184KB

MD5
d9b8360b32695590b6a5067b8408a364

SHA1
d8dbd9b5aa7eae9c3ac0cc02c9db625e27f448cb

SHA256
5a0b62645554e14b96d2afe63f17bd81ea1a94c48a89d525c3bec2c30f76fb20

SHA512
14739769de5811ea01684fcd50c4dd82e2f5e12276644b8d678f4b5a09270c3ba69bfdfeaac1320e518bdbbce83d5ae3a45bf393068277bfe4099ddc3e593674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8752.exe

Filesize
184KB

MD5
eeec8931aefeb9057a49f037b7b39b45

SHA1
955159fa5a93ff0db8d41bfa5623e024a948dba6

SHA256
c63cc2379eb8dff7c1af4a6cec655cd7b4e4a1c54ec5cd2761d0d31c0fde6399

SHA512
9d1670a0a19ad94ee0488a65c37db9195529515075465c2d1f71372af9d8aaa67158be2ddb40d9cc6bbcce5c63d030bf3c57e7816c397a96c13289e4b504f552

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe

Filesize
184KB

MD5
b8c5762091527347167a5cd60568d5d2

SHA1
803a2ceae7cb864bee13fe99a2a9162158ef60c1

SHA256
1a37ab80504b929f01a84ba9827e163a5a292292e7c0a4e8b87a1e963528524c

SHA512
2529ec183b69bd242b630b8c3ff15fb64b679172414e70608456357a1808c8e4a2bc6c71a58c2b090f076feda19bf814d1a0c6c279968ef3edb41b0aa1283025

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12198.exe

Filesize
184KB

MD5
835710e4710ae476a7bea51a36b8a9eb

SHA1
4f827a8b4e6fd53d6efa5ed9f681c7f2f8f163c4

SHA256
7e09c196e8ec951abbdcfbc6a71dbad19ff77e321f3efc70e00c4faa08905b1a

SHA512
0885c0e2db6112c226ba700735f197eb3c9973e3213f614ba49cdb758b038fb673c0eff6796855ce7ee0887bb69636bc18d27ebd511e7dff1a925a6aa7957773

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe

Filesize
184KB

MD5
99de9073067f0dff5af0273e26e24abf

SHA1
a9d3a6ad6d1b3099cab14c404b32f518614f51e7

SHA256
fcbe9d9f787ba1149d23c227a2670e0b86f16a9f5652344dd98ecd8307e2175e

SHA512
ab9c0b38dc44885096fa025b3fe7a5de88853ba6189bf6f7fae13f4fc64f39b667e898109f5a2cf397f5e937c34a6eef63dde7443bb473009469264e78616c94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe

Filesize
184KB

MD5
e01d6427ebf4332715bcfbc67011f97b

SHA1
436dd561cb2ed6545b6be4226bb0b6d878a3965e

SHA256
02861fbe3ce563c6d6a9011c12f6e2ddc8bf5a84d9fcdc0b234da4eb27bfe54b

SHA512
f716bca3b518df22bdbbd127743fb843eff90bb28f2f8ffc7419e66aa092cb4d06f42fdaf4367534f88089258baac9bb90d9ada695201f85857f5b201a94b6b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29277.exe

Filesize
184KB

MD5
b426436b2571dff312be319420408f55

SHA1
5b083af51ed44ba6406f82020470993f436d98ff

SHA256
9a8db4296e1b510cd77d9e13adfd1cbf812fb27395095bef2ba499beaf99795b

SHA512
c2ab24b66c1445eb68b0764ea81c8b2e3fb6a2592a02ace5914239fe5f4edf1def291a3faa0a9d175818e8b69930a475ae3f6ef0ad6888151975f9a7d02c0b73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe

Filesize
184KB

MD5
035bc811ea23cd2240424077be96fd1a

SHA1
2ec782cab4b30072edbadf5bab70e8b991d36320

SHA256
42b3ce60e0bd9e6a12d2c616f2299dbc00f6b7bfd29299ad0bf191e84460742a

SHA512
b9ed56ef96c7750b77689cb2a593978ead840fd14043e7e284b7610bcc2aa8b35e76c9b35a23c042369b56ba04ced696aa1f566cc898bd58152659a7adccf07a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe

Filesize
184KB

MD5
56e2455e55d99fee3e060bc4fd714e1b

SHA1
8464760b99e5a8627c422b72f4716d22a2a4ac94

SHA256
dd738b9a6b0207f83c7e34fadca5216042f64a6d547d2ae22f3162af4a3645d1

SHA512
4ba09968b4729e3c19285ef0d5f7bfd5aaf1a6977140df5e5fa8cab2c841f6ab1061adb1dd9356a9adf1e8c72d0dcddeb0290681e28c07fe7866acc12edda0a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe

Filesize
184KB

MD5
15a8b2bfdd2c12c2784b51a144bcf3e9

SHA1
c83cef29e81a0ab9674fd9b4a169ba90024c83c1

SHA256
150fe7bd61c6eb62b47fede40f3b0bae329059414fb8120bb1e62c4bf8c990e8

SHA512
81f39c2b5a2906d8accb15a8b68d7294e7fc506038356877ea86597994167399871569c129305b1a1c9675165e952e62bab8bd9ea3be5076c79c9df233117236

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe

Filesize
184KB

MD5
b5d10171c07348566f6717f16608f350

SHA1
c767f6eb72fddbd4331508b059fa9d904c49e5f5

SHA256
062cf64d3869bf813f21de0d0aea99684de0d39b31902a60c32383a31f93487f

SHA512
0dffed9bdefa20b86bcc213fd00960da672f8b12eb69ffa95d39e43636906fe2a7074f292b299094899377f148a66a289ff5e7a81326fe9393ab4142242dd5fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe

Filesize
184KB

MD5
40524567824e2430ec35b8004533fbc7

SHA1
c325837e072b2d5216b5ba444d2d732e7a121cd7

SHA256
c8ec35d144acccd91b5203f10ccb28689a8e267827074f539ed9b32309d591f8

SHA512
3f732ff63052c01b9ef9135b61d2fc84bada8fd71cb1ca320e27e37390edf7895c3f39f6a17494b63ea16deed00c0ccd2c6c2dbfe3d07802dd1c89b5587e7b31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe

Filesize
184KB

MD5
2f0f611a6dc78bda2e849d3458c20003

SHA1
2845c5d99e267aaded0c6d9133dfa1f8b8959972

SHA256
242a15356aa92afd2124e5085988e1ace1529912fac06af66c33e1fe753de683

SHA512
186f77d63c4cbc0d2b2e05e9cf36e62df798c5456a862222d46090990a2f68ba8f5dc1e9dc47e5c59cfea78a07aeaca44060909340d7eff3b70f54ca9e253c85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe

Filesize
184KB

MD5
eee46afe1a65fb0424ef3fc75557acd1

SHA1
c98c108d90003a8fdf678ed2ffbf2825b8064009

SHA256
9361d5b437b2bf500320cbf99222fba0f942f9c531ff0fecd6261dcbb54b3908

SHA512
31fdf798b20b365a83b52e7eb8c47e7b8f8f322e9d5b65f36990436f374c57fc76070db7c6c18503df3d814b4089b7c887237d578238238bf232ad732b875fa9

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads