4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 21:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
Size

184KB
MD5

df16bbbf26da1f450f1aba1bc1168c44
SHA1

b28ce0c4ebc612b0b227184a778fbcc85fa7df6c
SHA256

4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126
SHA512

cd3292170e252161e3494cb625b00cf9986a5b932d84d1a2badbd048abaa1548cd03afcbcdd852be225ef7dadd6136e95f0850449055b85feb9b43ec1dd3bd2c
SSDEEP

3072:8t/o6ToPpkeeqhlbIsdBVbN5Dlvnqnvium:8tdo+ilblVp5DlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1664	Unicorn-56052.exe
2544	Unicorn-60966.exe
3060	Unicorn-15294.exe
2576	Unicorn-4002.exe
2612	Unicorn-46004.exe
2808	Unicorn-44521.exe
2564	Unicorn-64386.exe
2960	Unicorn-2103.exe
1408	Unicorn-47775.exe
2920	Unicorn-42944.exe
1592	Unicorn-20386.exe
1988	Unicorn-16302.exe
2764	Unicorn-7868.exe
2428	Unicorn-14255.exe
2540	Unicorn-27162.exe
2072	Unicorn-45720.exe
768	Unicorn-48.exe
2884	Unicorn-2854.exe
772	Unicorn-3317.exe
336	Unicorn-57993.exe
640	Unicorn-50380.exe
1828	Unicorn-31351.exe
2940	Unicorn-31351.exe
2424	Unicorn-25875.exe
1108	Unicorn-45476.exe
1372	Unicorn-41657.exe
2512	Unicorn-45741.exe
2080	Unicorn-4800.exe
1968	Unicorn-63453.exe
1016	Unicorn-19675.exe
2356	Unicorn-13544.exe
1712	Unicorn-61262.exe
2896	Unicorn-899.exe
2028	Unicorn-634.exe
1604	Unicorn-4469.exe
2380	Unicorn-27441.exe
1956	Unicorn-37656.exe
1948	Unicorn-39602.exe
2648	Unicorn-64198.exe
2876	Unicorn-14905.exe
2324	Unicorn-21682.exe
2704	Unicorn-18990.exe
2468	Unicorn-44241.exe
2916	Unicorn-53892.exe
2508	Unicorn-29850.exe
2152	Unicorn-29296.exe
2796	Unicorn-17598.exe
2208	Unicorn-6737.exe
2988	Unicorn-2653.exe
1960	Unicorn-33380.exe
2772	Unicorn-48081.exe
2412	Unicorn-7914.exe
2932	Unicorn-48346.exe
240	Unicorn-59207.exe
2844	Unicorn-49716.exe
1444	Unicorn-51807.exe
1348	Unicorn-9927.exe
2816	Unicorn-9927.exe
2036	Unicorn-16058.exe
2276	Unicorn-16058.exe
1924	Unicorn-24226.exe
2088	Unicorn-40946.exe
588	Unicorn-57666.exe
672	Unicorn-37800.exe

Loads dropped DLL 64 IoCs

pid	Process
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
1664	Unicorn-56052.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
1664	Unicorn-56052.exe
2544	Unicorn-60966.exe
2544	Unicorn-60966.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
1664	Unicorn-56052.exe
1664	Unicorn-56052.exe
3060	Unicorn-15294.exe
3060	Unicorn-15294.exe
2576	Unicorn-4002.exe
2544	Unicorn-60966.exe
2576	Unicorn-4002.exe
2544	Unicorn-60966.exe
2612	Unicorn-46004.exe
2612	Unicorn-46004.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
1664	Unicorn-56052.exe
2808	Unicorn-44521.exe
1664	Unicorn-56052.exe
2808	Unicorn-44521.exe
2564	Unicorn-64386.exe
2564	Unicorn-64386.exe
3060	Unicorn-15294.exe
3060	Unicorn-15294.exe
2576	Unicorn-4002.exe
2576	Unicorn-4002.exe
2960	Unicorn-2103.exe
2960	Unicorn-2103.exe
2544	Unicorn-60966.exe
2544	Unicorn-60966.exe
1988	Unicorn-16302.exe
2612	Unicorn-46004.exe
2612	Unicorn-46004.exe
1988	Unicorn-16302.exe
2564	Unicorn-64386.exe
2564	Unicorn-64386.exe
1592	Unicorn-20386.exe
2428	Unicorn-14255.exe
1592	Unicorn-20386.exe
2428	Unicorn-14255.exe
2808	Unicorn-44521.exe
2540	Unicorn-27162.exe
2808	Unicorn-44521.exe
2540	Unicorn-27162.exe
1664	Unicorn-56052.exe
1664	Unicorn-56052.exe
3060	Unicorn-15294.exe
3060	Unicorn-15294.exe
2764	Unicorn-7868.exe
2764	Unicorn-7868.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2072	Unicorn-45720.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
2856	1108	WerFault.exe	53
2100	768	WerFault.exe	44

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
1664	Unicorn-56052.exe
2544	Unicorn-60966.exe
3060	Unicorn-15294.exe
2576	Unicorn-4002.exe
2612	Unicorn-46004.exe
2808	Unicorn-44521.exe
2564	Unicorn-64386.exe
1408	Unicorn-47775.exe
2960	Unicorn-2103.exe
2428	Unicorn-14255.exe
2920	Unicorn-42944.exe
2540	Unicorn-27162.exe
1988	Unicorn-16302.exe
1592	Unicorn-20386.exe
2764	Unicorn-7868.exe
2072	Unicorn-45720.exe
768	Unicorn-48.exe
2884	Unicorn-2854.exe
772	Unicorn-3317.exe
640	Unicorn-50380.exe
2424	Unicorn-25875.exe
1108	Unicorn-45476.exe
1828	Unicorn-31351.exe
336	Unicorn-57993.exe
1372	Unicorn-41657.exe
2512	Unicorn-45741.exe
2080	Unicorn-4800.exe
2940	Unicorn-31351.exe
1968	Unicorn-63453.exe
1016	Unicorn-19675.exe
1712	Unicorn-61262.exe
2028	Unicorn-634.exe
1604	Unicorn-4469.exe
2896	Unicorn-899.exe
2380	Unicorn-27441.exe
1956	Unicorn-37656.exe
1948	Unicorn-39602.exe
2208	Unicorn-6737.exe
2844	Unicorn-49716.exe
240	Unicorn-59207.exe
1348	Unicorn-9927.exe
2152	Unicorn-29296.exe
2988	Unicorn-2653.exe
2648	Unicorn-64198.exe
1252	Unicorn-33245.exe
2508	Unicorn-29850.exe
1960	Unicorn-33380.exe
2592	Unicorn-36835.exe
2876	Unicorn-14905.exe
2096	Unicorn-3427.exe
2036	Unicorn-16058.exe
1924	Unicorn-24226.exe
2528	Unicorn-19844.exe
672	Unicorn-37800.exe
2704	Unicorn-18990.exe
2772	Unicorn-48081.exe
612	Unicorn-2928.exe
1668	Unicorn-46115.exe
2396	Unicorn-28310.exe
2232	Unicorn-17375.exe
2364	Unicorn-17375.exe
2296	Unicorn-63151.exe
2768	Unicorn-36976.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 1664	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	28
PID 764 wrote to memory of 1664	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	28
PID 764 wrote to memory of 1664	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	28
PID 764 wrote to memory of 1664	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	28
PID 764 wrote to memory of 2544	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	29
PID 764 wrote to memory of 2544	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	29
PID 764 wrote to memory of 2544	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	29
PID 764 wrote to memory of 2544	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	29
PID 1664 wrote to memory of 3060	1664	Unicorn-56052.exe	30
PID 1664 wrote to memory of 3060	1664	Unicorn-56052.exe	30
PID 1664 wrote to memory of 3060	1664	Unicorn-56052.exe	30
PID 1664 wrote to memory of 3060	1664	Unicorn-56052.exe	30
PID 2544 wrote to memory of 2576	2544	Unicorn-60966.exe	31
PID 2544 wrote to memory of 2576	2544	Unicorn-60966.exe	31
PID 2544 wrote to memory of 2576	2544	Unicorn-60966.exe	31
PID 2544 wrote to memory of 2576	2544	Unicorn-60966.exe	31
PID 764 wrote to memory of 2612	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	32
PID 764 wrote to memory of 2612	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	32
PID 764 wrote to memory of 2612	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	32
PID 764 wrote to memory of 2612	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	32
PID 1664 wrote to memory of 2808	1664	Unicorn-56052.exe	33
PID 1664 wrote to memory of 2808	1664	Unicorn-56052.exe	33
PID 1664 wrote to memory of 2808	1664	Unicorn-56052.exe	33
PID 1664 wrote to memory of 2808	1664	Unicorn-56052.exe	33
PID 3060 wrote to memory of 2564	3060	Unicorn-15294.exe	34
PID 3060 wrote to memory of 2564	3060	Unicorn-15294.exe	34
PID 3060 wrote to memory of 2564	3060	Unicorn-15294.exe	34
PID 3060 wrote to memory of 2564	3060	Unicorn-15294.exe	34
PID 2576 wrote to memory of 2960	2576	Unicorn-4002.exe	35
PID 2576 wrote to memory of 2960	2576	Unicorn-4002.exe	35
PID 2576 wrote to memory of 2960	2576	Unicorn-4002.exe	35
PID 2576 wrote to memory of 2960	2576	Unicorn-4002.exe	35
PID 2544 wrote to memory of 1408	2544	Unicorn-60966.exe	36
PID 2544 wrote to memory of 1408	2544	Unicorn-60966.exe	36
PID 2544 wrote to memory of 1408	2544	Unicorn-60966.exe	36
PID 2544 wrote to memory of 1408	2544	Unicorn-60966.exe	36
PID 2612 wrote to memory of 2920	2612	Unicorn-46004.exe	37
PID 2612 wrote to memory of 2920	2612	Unicorn-46004.exe	37
PID 2612 wrote to memory of 2920	2612	Unicorn-46004.exe	37
PID 2612 wrote to memory of 2920	2612	Unicorn-46004.exe	37
PID 764 wrote to memory of 2764	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	38
PID 764 wrote to memory of 2764	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	38
PID 764 wrote to memory of 2764	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	38
PID 764 wrote to memory of 2764	764	4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe	38
PID 1664 wrote to memory of 2428	1664	Unicorn-56052.exe	40
PID 1664 wrote to memory of 2428	1664	Unicorn-56052.exe	40
PID 1664 wrote to memory of 2428	1664	Unicorn-56052.exe	40
PID 1664 wrote to memory of 2428	1664	Unicorn-56052.exe	40
PID 2808 wrote to memory of 1592	2808	Unicorn-44521.exe	39
PID 2808 wrote to memory of 1592	2808	Unicorn-44521.exe	39
PID 2808 wrote to memory of 1592	2808	Unicorn-44521.exe	39
PID 2808 wrote to memory of 1592	2808	Unicorn-44521.exe	39
PID 2564 wrote to memory of 1988	2564	Unicorn-64386.exe	41
PID 2564 wrote to memory of 1988	2564	Unicorn-64386.exe	41
PID 2564 wrote to memory of 1988	2564	Unicorn-64386.exe	41
PID 2564 wrote to memory of 1988	2564	Unicorn-64386.exe	41
PID 3060 wrote to memory of 2540	3060	Unicorn-15294.exe	42
PID 3060 wrote to memory of 2540	3060	Unicorn-15294.exe	42
PID 3060 wrote to memory of 2540	3060	Unicorn-15294.exe	42
PID 3060 wrote to memory of 2540	3060	Unicorn-15294.exe	42
PID 2576 wrote to memory of 2072	2576	Unicorn-4002.exe	43
PID 2576 wrote to memory of 2072	2576	Unicorn-4002.exe	43
PID 2576 wrote to memory of 2072	2576	Unicorn-4002.exe	43
PID 2576 wrote to memory of 2072	2576	Unicorn-4002.exe	43

C:\Users\Admin\AppData\Local\Temp\4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe
"C:\Users\Admin\AppData\Local\Temp\4686d40c9dcf16656a197cf314a1445467fe22b0c6b53de9136e78a852518126.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
        8⤵
        
        PID:3260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32274.exe
        8⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6700.exe
        8⤵
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51266.exe
        8⤵
        
        PID:4552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46764.exe
        8⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
        7⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31979.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14808.exe
        7⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
        7⤵
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        6⤵
        Executes dropped EXE
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
        6⤵
        
        PID:2404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11278.exe
        6⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29296.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36530.exe
        7⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60406.exe
        7⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46363.exe
        7⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
        7⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        6⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23313.exe
        6⤵
        
        PID:864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63810.exe
        6⤵
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43131.exe
        6⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53892.exe
        5⤵
        Executes dropped EXE
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52613.exe
        5⤵
        
        PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53613.exe
        5⤵
        
        PID:3956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
        5⤵
        
        PID:4388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        6⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        6⤵
        
        PID:2480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
        6⤵
        
        PID:3512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56075.exe
        6⤵
        
        PID:3200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29850.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50571.exe
        5⤵
        
        PID:2608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38035.exe
        5⤵
        
        PID:2500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40408.exe
        5⤵
        
        PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16937.exe
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33380.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        6⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        5⤵
        
        PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25342.exe
        5⤵
        
        PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33467.exe
        5⤵
        
        PID:356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48081.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13878.exe
        5⤵
        
        PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
        5⤵
        
        PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
        5⤵
        
        PID:3912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60971.exe
        5⤵
        
        PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52599.exe
        5⤵
        
        PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47771.exe
      4⤵
      PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64095.exe
      4⤵
      PID:2976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42356.exe
        5⤵
        
        PID:4460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64409.exe
      4⤵
      PID:800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60636.exe
      4⤵
      PID:3832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43101.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
      4⤵
      PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
      4⤵
      PID:3752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48346.exe
        6⤵
        Executes dropped EXE
        
        PID:2932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
        6⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39463.exe
        6⤵
        
        PID:2840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5984.exe
        6⤵
        
        PID:3188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22609.exe
        6⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10495.exe
        5⤵
        
        PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42169.exe
        5⤵
        
        PID:1312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        5⤵
        
        PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33833.exe
        5⤵
        
        PID:632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        5⤵
        
        PID:3648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        5⤵
        
        PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25875.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39602.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
        5⤵
        
        PID:880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
        5⤵
        
        PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17286.exe
        5⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
        5⤵
        
        PID:3900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57450.exe
        5⤵
        
        PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64198.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
        5⤵
        
        PID:1832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
        5⤵
        
        PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25319.exe
        5⤵
        
        PID:3160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51875.exe
        5⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
        5⤵
        
        PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61501.exe
        5⤵
        
        PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
      4⤵
      PID:1284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31633.exe
      4⤵
      PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1519.exe
      4⤵
      PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38033.exe
      4⤵
      PID:3584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15612.exe
      4⤵
      PID:3604
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40154.exe
      4⤵
      PID:3852
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31351.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19160.exe
        5⤵
        
        PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58705.exe
        5⤵
        
        PID:1920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
        5⤵
        
        PID:3340
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43740.exe
        5⤵
        
        PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
        5⤵
        
        PID:3868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
        5⤵
        
        PID:3888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
        5⤵
        
        PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21682.exe
      4⤵
      Executes dropped EXE
      PID:2324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19844.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
        5⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        5⤵
        
        PID:4280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37734.exe
      4⤵
      PID:2176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
      4⤵
      PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
      4⤵
      PID:4504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1108
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 188
      4⤵
      Loads dropped DLL
      Program crash
      PID:2856
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
    3⤵
    PID:2228
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
    3⤵
    PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8519.exe
    3⤵
    PID:2496
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53371.exe
    3⤵
    PID:3588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34409.exe
    3⤵
    PID:3448
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42919.exe
    3⤵
    PID:3800
- C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4002.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4002.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
        6⤵
        Program crash
        
        PID:2100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61262.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
        6⤵
        
        PID:848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5413.exe
        6⤵
        
        PID:4044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
        5⤵
        Executes dropped EXE
        
        PID:2816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
        5⤵
        
        PID:1524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22209.exe
        5⤵
        
        PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19675.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40946.exe
        6⤵
        Executes dropped EXE
        
        PID:2088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49063.exe
        7⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1219.exe
        7⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
        6⤵
        
        PID:3008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
        6⤵
        
        PID:3376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        6⤵
        
        PID:3748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51807.exe
        5⤵
        Executes dropped EXE
        
        PID:1444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
        5⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
        5⤵
        
        PID:1812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        5⤵
        
        PID:1616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
        5⤵
        
        PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50029.exe
        5⤵
        
        PID:3916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38835.exe
        5⤵
        
        PID:836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13544.exe
      4⤵
      Executes dropped EXE
      PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63151.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
      4⤵
      PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
      4⤵
      PID:1776
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44752.exe
      4⤵
      PID:3716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18421.exe
      4⤵
      PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41534.exe
      4⤵
      PID:3456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1408
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2884
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
        5⤵
        
        PID:1488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
        5⤵
        
        PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
      4⤵
      PID:2888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
      4⤵
      PID:1532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
      4⤵
      PID:2944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
      4⤵
      PID:3320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11727.exe
      4⤵
      PID:3576
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-634.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2028
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57666.exe
      4⤵
      Executes dropped EXE
      PID:588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38942.exe
      4⤵
      PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58912.exe
      4⤵
      PID:3328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65055.exe
      4⤵
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32211.exe
      4⤵
      PID:924
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11775.exe
    3⤵
    PID:1816
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
    3⤵
    PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16511.exe
    3⤵
    PID:2452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16874.exe
    3⤵
    PID:2280
- C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4469.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
        5⤵
        Executes dropped EXE
        
        PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27297.exe
        5⤵
        
        PID:2804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62600.exe
        5⤵
        
        PID:908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13613.exe
        5⤵
        
        PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
        5⤵
        
        PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
        5⤵
        
        PID:3384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2863.exe
        5⤵
        
        PID:3272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9927.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49234.exe
        5⤵
        
        PID:3880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        5⤵
        
        PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
        5⤵
        
        PID:4696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
      4⤵
      PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        5⤵
        
        PID:3824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16861.exe
        5⤵
        
        PID:2524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59985.exe
        5⤵
        
        PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
      4⤵
      PID:3036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
      4⤵
      PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48436.exe
      4⤵
      PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15151.exe
      4⤵
      PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13450.exe
      4⤵
      PID:4332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3317.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37656.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47599.exe
        6⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
        6⤵
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38226.exe
        6⤵
        
        PID:480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12565.exe
        6⤵
        
        PID:3156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2333.exe
        6⤵
        
        PID:3664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        6⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24064.exe
        5⤵
        
        PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33902.exe
        5⤵
        
        PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31185.exe
        5⤵
        
        PID:3124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
        5⤵
        
        PID:4052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
        5⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13379.exe
      4⤵
      PID:960
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
      4⤵
      PID:2556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48155.exe
        5⤵
        
        PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
        5⤵
        
        PID:4012
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6397.exe
        5⤵
        
        PID:4684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3173.exe
      4⤵
      PID:1704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27027.exe
      4⤵
      PID:3492
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60699.exe
      4⤵
      PID:3336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
      4⤵
      PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34635.exe
      4⤵
      PID:1032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46998.exe
      4⤵
      PID:4664
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27441.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24226.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
      4⤵
      PID:2792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45963.exe
      4⤵
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58502.exe
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
        5⤵
        
        PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
        5⤵
        
        PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46177.exe
      4⤵
      PID:3084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43633.exe
      4⤵
      PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7191.exe
      4⤵
      PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39970.exe
      4⤵
      PID:3988
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50603.exe
    3⤵
    PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28310.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19606.exe
    3⤵
    PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15338.exe
    3⤵
    PID:3668
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
    3⤵
    PID:4536
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:2764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41657.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
        5⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41813.exe
        5⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60745.exe
        5⤵
        
        PID:3424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
        5⤵
        
        PID:3560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
        5⤵
        
        PID:3856
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
      4⤵
      PID:2472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe
      4⤵
      PID:1380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7007.exe
      4⤵
      PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
      4⤵
      PID:3784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52902.exe
      4⤵
      PID:3108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
      4⤵
      PID:3180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36986.exe
      4⤵
      PID:4360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
    3⤵
    - Executes dropped EXE
    PID:2468
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:2768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
    3⤵
    PID:2644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20976.exe
    3⤵
    PID:3280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
    3⤵
    PID:3544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
    3⤵
    PID:2388
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63453.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2653.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8268.exe
      4⤵
      PID:2952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64433.exe
      4⤵
      PID:984
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1142.exe
      4⤵
      PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24766.exe
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
      4⤵
      PID:3396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
    3⤵
    PID:552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51828.exe
    3⤵
    PID:2056
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
    3⤵
    PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26674.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26674.exe
    3⤵
    PID:2292
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
    3⤵
    PID:3148
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46869.exe
    3⤵
    PID:3572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33649.exe
    3⤵
    PID:4032
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7914.exe
  2⤵
  - Executes dropped EXE
  PID:2412
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48301.exe
  2⤵
  PID:2372
- C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
  2⤵
  PID:2624
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
  2⤵
  PID:1572
- C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
  2⤵
  PID:3772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-19566.exe
  2⤵
  PID:4080
- C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-65335.exe
  2⤵
  PID:3944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7313.exe
  2⤵
  PID:3728

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12631.exe

Filesize
184KB

MD5
4222fac083c26ef1ba6195c2123e0cf0

SHA1
059fd28cc8ce00541dd24926a1b7542813dd3bd4

SHA256
eb231ca7416c8e5e825fa527a06a1dce622f2c50bee81bd0c006605f07918a26

SHA512
8184f528ba942b085a98bff47e86116dfec786a46b1127342be4087f6b26a619bbcfddfb86ff83b7607ebd06d72cb8c32526dd87c257b4e608763e06fb44adc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe

Filesize
184KB

MD5
fcd44c17fe66af62660039b7e364150d

SHA1
4cc53078469938f7426d3260c635803b3abe8af2

SHA256
02bd39bb6afc1b68a262df0b5cf761dc93a892d7a6cd126df65919d609ecff0f

SHA512
326bb8991058be8ea53ca4feba8c582e8e8908c3a343a216fbf0da2ebd9c30d4fefc6403db9e8086ba9b8d2087fb701d0bb4eaf05acf1b854588cc25709980ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15294.exe

Filesize
184KB

MD5
2505d0a7a9005392374f4ec1e2eccd42

SHA1
a780ad652125f98bb96e352bc12f8d5881fdfc34

SHA256
0aff499f00cdeeaa87d8490114a4dd54adbf0be079a07e2a668f6ed33b929673

SHA512
67b3c2976f5050403988fe65ce2cbe67b0adbff094241b0d7e13463becd8d8dcc431308f13cd5f2c1a433d62993cd2f8881b5cc918a3055f27c4124b57741ba8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16302.exe

Filesize
184KB

MD5
c1b94f0c9e0d08a247a011bdc50caaf4

SHA1
801a18d846deef7c155169cacbf5bcf3fb1d8dbf

SHA256
02c1167cea156126de578794ccbf837f0bdb95d3c4162836051c440468c12a7a

SHA512
ee221992e4bcd1d5709fd0f8a7bfa6438e104f4b50a4746eacdad3c110c741c9f22b8b333295aa8d8ecf2a6cf456a385edbd7b5684a88ef4a67bb97655280ed3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20386.exe

Filesize
184KB

MD5
928f8010a0293481f8298845fb9eddb5

SHA1
8c21feafecfd75e6c880baf6c1013de7d2ba57da

SHA256
1f64867a6c796fbd3bc327b7a9e075064b3dc35f774e399d60b6ef1e883aae4a

SHA512
5030ec2bae747686d710c5df615a487d8276f39b226ff495593c0c3bb2f924bdcf253f617403e76579380635931309665e7ec1bcbc0d5faa007711d575225179

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44521.exe

Filesize
184KB

MD5
ca6d6b52515b2cc472fea2a73d05b0a6

SHA1
ee97fbff7c05fbf14440ac8439b79da6c6b01b36

SHA256
15d8c4f0990be7ee1d43796c5a8b8aeecedef970e2833f5fa254ac5455d6fe4e

SHA512
05d5fe89da349ea04c5fbf1efeadcb54fcfcc17fe3309b522769bf656187abb6e654a8f33979e0b75037c85c914048db28defe30de4ee9e3590f01f9eb2fc251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe

Filesize
184KB

MD5
a595e44ae1aea3d06aa550f7213de595

SHA1
8901cfb716aa50e6be7b5aea50f560e137504557

SHA256
57ecc63d111965a067891725bfa63cfb08963336f5b1386bd606143a0e4e5f19

SHA512
bf935fb1e358096294a683e4ad4079be2fc1e7af5624ff6c8af69ce9c5d62cf4b1e424c0161f22fb20fb9c3bf55c78712f4f7b224b0fc0ab2c050595c3918b39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe

Filesize
184KB

MD5
f7c403dca6f1fefefc976f5c869661dd

SHA1
f06ee35cdd0919166dbf72c2ae28d75b66177b20

SHA256
d7ac76c071f617966e4ce7feb52b5fd65e5973c7239a3cf004952431ecd8d643

SHA512
0d1196055d669db0a9f83a2f867b4366f889c1db54854f76ce18a59f55d2f60ea76cc3a62d643b64b38047869108328a3d44bf82b733acf5843034db3b516478

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2103.exe

Filesize
184KB

MD5
049bfab223b45254ad40002c0d70ca4a

SHA1
968b3133e1311ae5b65c9c55fb17e4b0dba980f6

SHA256
8992dff710bd18b5bc0dbe98ceb35f0b8a24058e3b8ac3a9c7384eb65e96443b

SHA512
7ecf0dddeb99381d5076f1901527569aba6f4785720cab7ad5b0aa32e335dd46328b5608739646980f32cb276d801be65bff14b8534a1eed942fdf90b53aca17

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27162.exe

Filesize
184KB

MD5
460ffffffb2bd73b96016bb9b4551863

SHA1
5cbf42603da3ff0f46aa20b8f9f0ff168f24f148

SHA256
0b97361237c366f541291efc01766445bb2eb2fcc785542d04a0319400389a40

SHA512
6d06d9396d6b73966aa6e625fc76888197064e901c2977c202d6490a15fb4a0abc89362cb54d4023e5531a77f72451a53912499ca282d8e68752ef9550ed972e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe

Filesize
184KB

MD5
511d25b17395f2d50ee36da525826065

SHA1
60b797ec38e7c91b1b5a5a1fd3d41473db6e163f

SHA256
4adbe95ec4588ebd03fec8e4d23dae6edbe6e4289db2c40bb125e3816dc0eebc

SHA512
90302533ff90832514c695b171b40f2623741bf755ea137fdf7cc0992953a510cb08b5570e9a3177726c4a76ab073351c46410ae34cc098ed1f5bb3b791e4925

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4002.exe

Filesize
184KB

MD5
94da0044101287bbc567d616352d279e

SHA1
53436456021677361db8ac08ae254e6f08901075

SHA256
ce6112096bdcc16546d06c5d837ad3c4f8df330bc8d1fc1e3022849d55e53cd7

SHA512
3b84da83dcf25ef33f3c8ce3321a8644688968f206ce241c763401f7fd7b054c5e6149fc246fd30096d23640753a4abd54b150ce39342d7e90e974b6a0703e99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42944.exe

Filesize
184KB

MD5
b4ac2aaf0773628bd1fdd620cc9bd8bc

SHA1
1fd96275fada044dceb0d1faaddc0781c29a3427

SHA256
4469d9056c4965b28037f60907985d5a8638188e5826b0057490c5e066f8153a

SHA512
90dbbc8a2c18bc5beb8d2c2a33c0c67af7716a62ad22b6d48d6841fa4cea8e40d5037834587b6476be1b1f4e7cac7b5e098cba844cc8e76a05a62dffd67458e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe

Filesize
184KB

MD5
c9ccc2d4d424208d1c3e1dd7fe12ead5

SHA1
cb97a5c5c3f3d44a6c16671bac8b0ca92410d852

SHA256
876881251ef5dcb6fd0e94e8eb4a48d478cb3b72ae271709a6b52620fb7d2170

SHA512
d66db98f963b334722709a7ae32c85e4785374cbe628f45f77b1bcc5d681746d892db242ec5977c3f12e8f69e41ae61b24b424144e354c6d5f954a2eaceff13d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe

Filesize
184KB

MD5
8f7b9f1f363359b3068988054fb0d5be

SHA1
18dcbfac8bc61ceba6fc621ff939ed95f4ab7efb

SHA256
d9af6cb25edc169a76feb5037d9d44e7ee2b9d5584b7e3258f486398fb8ff06e

SHA512
6dd0ae09f3a8643e2b500009f7a047658059f5d6184edd349a4618db091f95a225f6427acd98657c4cf9bdc7b52d526403cbcbc4e1a7c194feb565ec734b8511

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48.exe

Filesize
184KB

MD5
ecaa4e1aad26ec4cfb3019150f49550c

SHA1
86b5bc8cfd62fdb8687b7f9a845d3c0333f69576

SHA256
3f301523c76c3e08a2c566c47aa213e843f85400cb714efc0d6892d43b350d63

SHA512
b2241e57dede2e7e8b66b6cb3de25402ff6ead199dc49f1d733cfcbb88493f66aa89d78628f9c499efd1fc1161284fda3b1af4add0a86566ad3664ea41d645d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe

Filesize
184KB

MD5
510bafe1bfeb626cbb3a81b7288b7655

SHA1
c5cf71b3e8bdc5ed91db3dbc2822119768192fc2

SHA256
4a2ef992214d963d39ad957308a3280bd41cfb3ffd897659f33af504b1ca0f08

SHA512
4d3236e00a0557fc6225c3b60bea98eb24e56d551b9341e2b3b466b5c51468ebe565892ea04ba2b665a5428b2edad118100c054c4752c2be636ddedb51f9ad19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60966.exe

Filesize
184KB

MD5
eff92bb83990965573316e1348732798

SHA1
fed95d29f16125803b13ad13097542745663910d

SHA256
37a5dffcecb8ee45460b25161d3819b950efa47db38d5685d3a43ca178bfe19d

SHA512
f7973c506cc335ae3b79d824efe75215bd051bea36e72008e09477d8c9a0f73b19c4852625899c84f853e452267e11c58910d8373a5f0de689145732a7159289

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe

Filesize
184KB

MD5
b5a1a2dcec39d9c097e09f01c0f58e83

SHA1
00a86cbf6597b726c3c2ba5413f3a6f94f743716

SHA256
7efc861cd13ff745ba95f2333531353b3d41d6974d93e42b530f0caa3d5696d3

SHA512
8e108d223d6dc220684f385073956eac6b807ce4d3b62d396f8ff5ee1861b5e0b8734c57473796716399d1d9cde72d44d118b1e17aa729c1920601eaa7fa3888

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7868.exe

Filesize
184KB

MD5
bf0eef733c36c9c04e1b5c9ff0a85d9a

SHA1
4412e6d8fc1891a85598715380d9e4f549cc1c2a

SHA256
11efceb890d9252b98f64598f1a4a86c976f7fe749c6f0714db1e1060778df1e

SHA512
c75057c064b33d4f0ba5626eca35cdc3c88fcf4b6d6787f6bb977ba802718498d1555c2de868c0b48b52848ceea6f9052e994fd07781219f28435b2eed46635b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads