f56f511c064aa70a297f89e7d5f1cc581a6483dd2ffe2fa0740397ec154380ed

Analysis

max time kernel
144s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 14:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c21ce2866c13850b3e4c80537402c8ce.exe
Size

188KB
MD5

c21ce2866c13850b3e4c80537402c8ce
SHA1

7893d30f3a95b699ec6bbf870c43b429485202f1
SHA256

f56f511c064aa70a297f89e7d5f1cc581a6483dd2ffe2fa0740397ec154380ed
SHA512

bc27f181c03473db610017f250127e656fb5ff42eff61d0a4127d5a427dbd53b85f553c8caa15dabed8a2a5471cf22c2635ce1ca24f2618a683c4e6437572d35
SSDEEP

3072:OqgSomq/mJwQdOjTq7aDeZSUPTPJsXI/kjx02o6+xlv1pFT:OqRo4iQdoqeDeZS4ZJxlv1pF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2364	Unicorn-45421.exe
2712	Unicorn-51212.exe
2860	Unicorn-58825.exe
2612	Unicorn-56962.exe
2572	Unicorn-18068.exe
2140	Unicorn-41720.exe
436	Unicorn-33635.exe
652	Unicorn-41249.exe
2900	Unicorn-61669.exe
1872	Unicorn-408.exe
2968	Unicorn-2909.exe
1008	Unicorn-44539.exe
344	Unicorn-36925.exe
2748	Unicorn-46293.exe
1636	Unicorn-54461.exe
2476	Unicorn-58545.exe
3024	Unicorn-10091.exe
2460	Unicorn-60683.exe
2120	Unicorn-14751.exe
2836	Unicorn-13895.exe
1108	Unicorn-63459.exe
3028	Unicorn-34124.exe
916	Unicorn-57258.exe
1668	Unicorn-10750.exe
1344	Unicorn-61342.exe
672	Unicorn-14834.exe
3064	Unicorn-20502.exe
484	Unicorn-21056.exe
2020	Unicorn-49090.exe
1512	Unicorn-34508.exe
2544	Unicorn-28478.exe
2244	Unicorn-59759.exe
2816	Unicorn-44513.exe
2676	Unicorn-45068.exe
2804	Unicorn-15925.exe
2820	Unicorn-50735.exe
2680	Unicorn-51866.exe
1060	Unicorn-4248.exe
896	Unicorn-51695.exe
1488	Unicorn-30891.exe
2948	Unicorn-25031.exe
1052	Unicorn-56142.exe
1084	Unicorn-65317.exe
1480	Unicorn-45836.exe
2964	Unicorn-10662.exe
2976	Unicorn-28753.exe
1968	Unicorn-4632.exe
1692	Unicorn-1103.exe
1376	Unicorn-41197.exe
2064	Unicorn-9811.exe
2668	Unicorn-7310.exe
1200	Unicorn-62733.exe
2092	Unicorn-41943.exe
2248	Unicorn-4803.exe
2108	Unicorn-18255.exe
1104	Unicorn-36152.exe
2652	Unicorn-56018.exe
1600	Unicorn-55032.exe
2184	Unicorn-55032.exe
2160	Unicorn-55032.exe
1956	Unicorn-55032.exe
2716	Unicorn-55032.exe
2376	Unicorn-55032.exe
1984	Unicorn-55032.exe

Loads dropped DLL 64 IoCs

pid	Process
2192	c21ce2866c13850b3e4c80537402c8ce.exe
2192	c21ce2866c13850b3e4c80537402c8ce.exe
2364	Unicorn-45421.exe
2192	c21ce2866c13850b3e4c80537402c8ce.exe
2364	Unicorn-45421.exe
2192	c21ce2866c13850b3e4c80537402c8ce.exe
2712	Unicorn-51212.exe
2712	Unicorn-51212.exe
2860	Unicorn-58825.exe
2860	Unicorn-58825.exe
2364	Unicorn-45421.exe
2364	Unicorn-45421.exe
2612	Unicorn-56962.exe
2712	Unicorn-51212.exe
2712	Unicorn-51212.exe
2612	Unicorn-56962.exe
2572	Unicorn-18068.exe
2572	Unicorn-18068.exe
2140	Unicorn-41720.exe
2140	Unicorn-41720.exe
2860	Unicorn-58825.exe
2860	Unicorn-58825.exe
652	Unicorn-41249.exe
652	Unicorn-41249.exe
2612	Unicorn-56962.exe
2612	Unicorn-56962.exe
2968	Unicorn-2909.exe
2968	Unicorn-2909.exe
436	Unicorn-33635.exe
436	Unicorn-33635.exe
2900	Unicorn-61669.exe
2900	Unicorn-61669.exe
2572	Unicorn-18068.exe
2572	Unicorn-18068.exe
1872	Unicorn-408.exe
1872	Unicorn-408.exe
2140	Unicorn-41720.exe
2140	Unicorn-41720.exe
1008	Unicorn-44539.exe
1008	Unicorn-44539.exe
652	Unicorn-41249.exe
652	Unicorn-41249.exe
344	Unicorn-36925.exe
344	Unicorn-36925.exe
2748	Unicorn-46293.exe
2748	Unicorn-46293.exe
2968	Unicorn-2909.exe
2968	Unicorn-2909.exe
1636	Unicorn-54461.exe
1636	Unicorn-54461.exe
436	Unicorn-33635.exe
436	Unicorn-33635.exe
2476	Unicorn-58545.exe
2476	Unicorn-58545.exe
2900	Unicorn-61669.exe
2900	Unicorn-61669.exe
2120	Unicorn-14751.exe
2120	Unicorn-14751.exe
3024	Unicorn-10091.exe
3024	Unicorn-10091.exe
2460	Unicorn-60683.exe
2460	Unicorn-60683.exe
1872	Unicorn-408.exe
1872	Unicorn-408.exe

Program crash 10 IoCs

pid	pid_target	Process	procid_target
2720	436	WerFault.exe	35
1788	1636	WerFault.exe	41
2068	1344	WerFault.exe	52
1620	672	WerFault.exe	53
2508	2976	WerFault.exe	69
1716	2948	WerFault.exe	73
1472	1084	WerFault.exe	68
1984	1644	WerFault.exe	203
2760	2836	WerFault.exe	204
2928	2304	WerFault.exe	202

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2192	c21ce2866c13850b3e4c80537402c8ce.exe
2364	Unicorn-45421.exe
2860	Unicorn-58825.exe
2712	Unicorn-51212.exe
2612	Unicorn-56962.exe
2572	Unicorn-18068.exe
2140	Unicorn-41720.exe
652	Unicorn-41249.exe
436	Unicorn-33635.exe
2968	Unicorn-2909.exe
1872	Unicorn-408.exe
2900	Unicorn-61669.exe
1008	Unicorn-44539.exe
344	Unicorn-36925.exe
2748	Unicorn-46293.exe
1636	Unicorn-54461.exe
2476	Unicorn-58545.exe
3024	Unicorn-10091.exe
2120	Unicorn-14751.exe
2460	Unicorn-60683.exe
2836	Unicorn-13895.exe
1108	Unicorn-63459.exe
3028	Unicorn-34124.exe
916	Unicorn-57258.exe
1668	Unicorn-10750.exe
1344	Unicorn-61342.exe
672	Unicorn-14834.exe
484	Unicorn-21056.exe
3064	Unicorn-20502.exe
2020	Unicorn-49090.exe
1512	Unicorn-34508.exe
2544	Unicorn-28478.exe
2244	Unicorn-59759.exe
2816	Unicorn-44513.exe
2676	Unicorn-45068.exe
2804	Unicorn-15925.exe
2680	Unicorn-51866.exe
2820	Unicorn-50735.exe
1060	Unicorn-4248.exe
2964	Unicorn-10662.exe
1480	Unicorn-45836.exe
896	Unicorn-51695.exe
2948	Unicorn-25031.exe
1052	Unicorn-56142.exe
1084	Unicorn-65317.exe
1488	Unicorn-30891.exe
2976	Unicorn-28753.exe
1968	Unicorn-4632.exe
1692	Unicorn-1103.exe
1376	Unicorn-41197.exe
2668	Unicorn-7310.exe
2064	Unicorn-9811.exe
2108	Unicorn-18255.exe
1200	Unicorn-62733.exe
2092	Unicorn-41943.exe
2248	Unicorn-4803.exe
2160	Unicorn-55032.exe
1956	Unicorn-55032.exe
2652	Unicorn-56018.exe
1104	Unicorn-36152.exe
1600	Unicorn-55032.exe
2716	Unicorn-55032.exe
2184	Unicorn-55032.exe
2376	Unicorn-55032.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2192 wrote to memory of 2364	2192	c21ce2866c13850b3e4c80537402c8ce.exe	28
PID 2192 wrote to memory of 2364	2192	c21ce2866c13850b3e4c80537402c8ce.exe	28
PID 2192 wrote to memory of 2364	2192	c21ce2866c13850b3e4c80537402c8ce.exe	28
PID 2192 wrote to memory of 2364	2192	c21ce2866c13850b3e4c80537402c8ce.exe	28
PID 2192 wrote to memory of 2712	2192	c21ce2866c13850b3e4c80537402c8ce.exe	30
PID 2192 wrote to memory of 2712	2192	c21ce2866c13850b3e4c80537402c8ce.exe	30
PID 2192 wrote to memory of 2712	2192	c21ce2866c13850b3e4c80537402c8ce.exe	30
PID 2192 wrote to memory of 2712	2192	c21ce2866c13850b3e4c80537402c8ce.exe	30
PID 2364 wrote to memory of 2860	2364	Unicorn-45421.exe	29
PID 2364 wrote to memory of 2860	2364	Unicorn-45421.exe	29
PID 2364 wrote to memory of 2860	2364	Unicorn-45421.exe	29
PID 2364 wrote to memory of 2860	2364	Unicorn-45421.exe	29
PID 2712 wrote to memory of 2612	2712	Unicorn-51212.exe	31
PID 2712 wrote to memory of 2612	2712	Unicorn-51212.exe	31
PID 2712 wrote to memory of 2612	2712	Unicorn-51212.exe	31
PID 2712 wrote to memory of 2612	2712	Unicorn-51212.exe	31
PID 2860 wrote to memory of 2572	2860	Unicorn-58825.exe	32
PID 2860 wrote to memory of 2572	2860	Unicorn-58825.exe	32
PID 2860 wrote to memory of 2572	2860	Unicorn-58825.exe	32
PID 2860 wrote to memory of 2572	2860	Unicorn-58825.exe	32
PID 2364 wrote to memory of 2140	2364	Unicorn-45421.exe	33
PID 2364 wrote to memory of 2140	2364	Unicorn-45421.exe	33
PID 2364 wrote to memory of 2140	2364	Unicorn-45421.exe	33
PID 2364 wrote to memory of 2140	2364	Unicorn-45421.exe	33
PID 2712 wrote to memory of 436	2712	Unicorn-51212.exe	35
PID 2712 wrote to memory of 436	2712	Unicorn-51212.exe	35
PID 2712 wrote to memory of 436	2712	Unicorn-51212.exe	35
PID 2712 wrote to memory of 436	2712	Unicorn-51212.exe	35
PID 2612 wrote to memory of 652	2612	Unicorn-56962.exe	34
PID 2612 wrote to memory of 652	2612	Unicorn-56962.exe	34
PID 2612 wrote to memory of 652	2612	Unicorn-56962.exe	34
PID 2612 wrote to memory of 652	2612	Unicorn-56962.exe	34
PID 2572 wrote to memory of 2900	2572	Unicorn-18068.exe	36
PID 2572 wrote to memory of 2900	2572	Unicorn-18068.exe	36
PID 2572 wrote to memory of 2900	2572	Unicorn-18068.exe	36
PID 2572 wrote to memory of 2900	2572	Unicorn-18068.exe	36
PID 2140 wrote to memory of 1872	2140	Unicorn-41720.exe	38
PID 2140 wrote to memory of 1872	2140	Unicorn-41720.exe	38
PID 2140 wrote to memory of 1872	2140	Unicorn-41720.exe	38
PID 2140 wrote to memory of 1872	2140	Unicorn-41720.exe	38
PID 2860 wrote to memory of 2968	2860	Unicorn-58825.exe	37
PID 2860 wrote to memory of 2968	2860	Unicorn-58825.exe	37
PID 2860 wrote to memory of 2968	2860	Unicorn-58825.exe	37
PID 2860 wrote to memory of 2968	2860	Unicorn-58825.exe	37
PID 652 wrote to memory of 1008	652	Unicorn-41249.exe	39
PID 652 wrote to memory of 1008	652	Unicorn-41249.exe	39
PID 652 wrote to memory of 1008	652	Unicorn-41249.exe	39
PID 652 wrote to memory of 1008	652	Unicorn-41249.exe	39
PID 2612 wrote to memory of 344	2612	Unicorn-56962.exe	40
PID 2612 wrote to memory of 344	2612	Unicorn-56962.exe	40
PID 2612 wrote to memory of 344	2612	Unicorn-56962.exe	40
PID 2612 wrote to memory of 344	2612	Unicorn-56962.exe	40
PID 2968 wrote to memory of 2748	2968	Unicorn-2909.exe	42
PID 2968 wrote to memory of 2748	2968	Unicorn-2909.exe	42
PID 2968 wrote to memory of 2748	2968	Unicorn-2909.exe	42
PID 2968 wrote to memory of 2748	2968	Unicorn-2909.exe	42
PID 436 wrote to memory of 1636	436	Unicorn-33635.exe	41
PID 436 wrote to memory of 1636	436	Unicorn-33635.exe	41
PID 436 wrote to memory of 1636	436	Unicorn-33635.exe	41
PID 436 wrote to memory of 1636	436	Unicorn-33635.exe	41
PID 2900 wrote to memory of 2476	2900	Unicorn-61669.exe	43
PID 2900 wrote to memory of 2476	2900	Unicorn-61669.exe	43
PID 2900 wrote to memory of 2476	2900	Unicorn-61669.exe	43
PID 2900 wrote to memory of 2476	2900	Unicorn-61669.exe	43

C:\Users\Admin\AppData\Local\Temp\c21ce2866c13850b3e4c80537402c8ce.exe
"C:\Users\Admin\AppData\Local\Temp\c21ce2866c13850b3e4c80537402c8ce.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2364
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2860
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2572
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20502.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10662.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        9⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        10⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        11⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44368.exe
        12⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        13⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        14⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
        15⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        16⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
        17⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        18⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        19⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        20⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9555.exe
        18⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36482.exe
        13⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8377.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        16⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        16⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14838.exe
        17⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        18⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
        19⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18280.exe
        11⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        12⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
        14⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41943.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        8⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        9⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26906.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        11⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38730.exe
        12⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13862.exe
        13⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        15⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36738.exe
        16⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32135.exe
        17⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        18⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21056.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18255.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        9⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20056.exe
        11⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
        12⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2871.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
        14⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
        15⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        16⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14895.exe
        17⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64838.exe
        18⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33121.exe
        19⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15497.exe
        20⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7817.exe
        21⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18574.exe
        19⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60526.exe
        20⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44231.exe
        16⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        17⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29317.exe
        18⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
        19⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
        20⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
        13⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        15⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16235.exe
        16⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
        17⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38440.exe
        18⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        19⤵
        
        PID:1516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        8⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        9⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        10⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
        11⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11703.exe
        12⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55362.exe
        13⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41439.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21014.exe
        15⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        16⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46857.exe
        17⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61159.exe
        18⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2394.exe
        19⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53816.exe
        20⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        21⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61169.exe
        19⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50220.exe
        20⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46078.exe
        13⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
        10⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        11⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        12⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        13⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53873.exe
        14⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        15⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        16⤵
        
        PID:2272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45836.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        7⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        8⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4731.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36392.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13457.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        12⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
        13⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
        14⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28907.exe
        15⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        16⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        17⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        18⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        19⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
        20⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20454.exe
        21⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        11⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31232.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
        15⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56582.exe
        16⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        17⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19603.exe
        18⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8009.exe
        19⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8564.exe
        18⤵
        
        PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57258.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4248.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52458.exe
        9⤵
        
        PID:2708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4803.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        7⤵
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48758.exe
        8⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        10⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
        11⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4687.exe
        12⤵
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 200
        13⤵
        Program crash
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
        10⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51449.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        12⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        13⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49706.exe
        14⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51024.exe
        15⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
        16⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
        17⤵
        
        PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36152.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58919.exe
        7⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35266.exe
        8⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        9⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
        10⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43281.exe
        11⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28144.exe
        12⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
        13⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        14⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        15⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56810.exe
        16⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45202.exe
        17⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        18⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8278.exe
        11⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25871.exe
        12⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        13⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35316.exe
        14⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        15⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62202.exe
        16⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
        15⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38352.exe
        16⤵
        
        PID:1512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28478.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        8⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        9⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11721.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
        11⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1397.exe
        12⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2461.exe
        13⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
        14⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52684.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
        14⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53790.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62809.exe
        16⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-344.exe
        17⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57277.exe
        18⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        19⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24469.exe
        15⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        16⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        17⤵
        
        PID:2568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        8⤵
        
        PID:1172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59759.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30891.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62297.exe
        8⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        9⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16635.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1039.exe
        11⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53504.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58870.exe
        13⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62217.exe
        15⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
        16⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        17⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61901.exe
        18⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
        19⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        20⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe
        18⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33884.exe
        19⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46270.exe
        13⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14751.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49090.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        7⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        8⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        9⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38158.exe
        10⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
        12⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        14⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
        15⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
        16⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11330.exe
        17⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60059.exe
        18⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50604.exe
        19⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25092.exe
        18⤵
        
        PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56142.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55914.exe
        8⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        9⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe
        10⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        11⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38066.exe
        12⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-406.exe
        13⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31158.exe
        15⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
        16⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61621.exe
        17⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32322.exe
        18⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51159.exe
        17⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
        10⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20251.exe
        11⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27525.exe
        9⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33852.exe
        10⤵
        
        PID:2304
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 200
        11⤵
        Program crash
        
        PID:2928
- C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13895.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56018.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        9⤵
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7310.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44378.exe
        8⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6568.exe
        10⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        11⤵
        
        PID:292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32700.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27158.exe
        13⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3587.exe
        14⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        15⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35508.exe
        16⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
        17⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49265.exe
        18⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46520.exe
        19⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
        16⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55679.exe
        17⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61538.exe
        18⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15925.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16221.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64902.exe
        9⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58196.exe
        7⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18227.exe
        10⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
        11⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56192.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
        13⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25757.exe
        14⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41346.exe
        15⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        16⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
        17⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29333.exe
        18⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
        19⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48829.exe
        18⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11464.exe
        10⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
        11⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        12⤵
        
        PID:472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
        13⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29788.exe
        14⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
        15⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7568.exe
        16⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34268.exe
        17⤵
        
        PID:840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        7⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36314.exe
        8⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12899.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50795.exe
        10⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
        12⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
        13⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
        14⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22208.exe
        15⤵
        
        PID:312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51866.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63646.exe
        6⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6957.exe
        7⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43661.exe
        8⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21460.exe
        9⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
        10⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
        11⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
        12⤵
        
        PID:2196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61342.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        8⤵
        
        PID:860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37295.exe
        9⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7995.exe
        10⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30095.exe
        11⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63509.exe
        12⤵
        
        PID:1644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 200
        13⤵
        Program crash
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37330.exe
        9⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48761.exe
        10⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
        11⤵
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52539.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57038.exe
        13⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        14⤵
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        15⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33505.exe
        16⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
        17⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43171.exe
        11⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59716.exe
        12⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
        13⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
        14⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6374.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24870.exe
        16⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56826.exe
        17⤵
        
        PID:1988
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
        7⤵
        Program crash
        
        PID:2508
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
        6⤵
        Program crash
        
        PID:2068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25031.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        7⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
        8⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2217.exe
        9⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51091.exe
        10⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-795.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48455.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53027.exe
        13⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56483.exe
        14⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56696.exe
        15⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
        16⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        17⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
        18⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3157.exe
        19⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64516.exe
        11⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36779.exe
        12⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23069.exe
        13⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
        14⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59768.exe
        15⤵
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17745.exe
        16⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46712.exe
        17⤵
        
        PID:2076
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
        6⤵
        Program crash
        
        PID:1716
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
        5⤵
        Program crash
        
        PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14834.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55032.exe
        6⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56926.exe
        7⤵
        
        PID:3060
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
        6⤵
        Program crash
        
        PID:1472
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 236
        5⤵
        Program crash
        
        PID:1620
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 240
      4⤵
      Program crash
      PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24028.exe

Filesize
188KB

MD5
6d5b37b0c84b74457f08c4c466ec0cb0

SHA1
cfa03a44e2d738cf3c8e62eef0822efd54e4c7c8

SHA256
8305c121c6177ada5c0080a35029307229b042c25e733a9ae153b756b874f52c

SHA512
ab34cd68a7f8fdbe5643f2bd79267463379e6afcf20643f1f911c70575eb9cfeb65b94cf65502593cd55c3c6571bc6e1eb042001b715bae33a78ea25d61ae415

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe

Filesize
188KB

MD5
2e9865acccd432b7f65e6d30cfbf6e5b

SHA1
d8bd301bf9d06f68ae0425e410d1b53f05203cf3

SHA256
ec53a9560fd6d9758b4bec9db00562bd9033c683730602d3083ab4ca1b0feac7

SHA512
cce87954ecd9b743ee061575f4f7826cd4b0640ea8a2a95d4920cd8c56079c4843f196d3e2555cecb3a836f51a16d084df6a97e16186be3e56b5ff6778712aa1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe

Filesize
188KB

MD5
d6353a4784a9e23bb00a8daa4805efd5

SHA1
fab93f941d8e1e841113e74d6fcf23fbaef70986

SHA256
dfc72f02e35da9ff36875ce2dad93238c13cfeb9339e8503cc13a07c7253bd11

SHA512
61d164ed05dc91730c0332f0859939f3599d1c9ffe3e67768a452135137e7fbdf2950caec28df097bc2fa35ca4269969f955fd5eacce731d244fc23a28801233

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2909.exe

Filesize
64KB

MD5
eeede27f91084271d82cc0abc76266c8

SHA1
6369f754cf1c3f98449d9cdd5148a5677c009cd9

SHA256
81e3d1749075e2823b386f3c82e5c1b4ccde84601a42299cf0b30de01b0cde6b

SHA512
4f536ed1655cc477cfa4001e6215c309dee977bb0ebee172ecd680aecb793455662b6f6d2804a79a999a360f81ffaab35b78da4bf89fee9ba44ee99a76b0c59d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe

Filesize
188KB

MD5
511835316efa26ad5b09780c889f3f40

SHA1
5c18614db72d2b52faab230bce85acf2835d6624

SHA256
f3b5e9f71453ee6fcd3920ea411938faf44aef00e23fc1cb768fe0301cb24fcd

SHA512
e5aba7100394b8f7e276a225da79462c23a3f4d7606b8cbb8d8f5d6ca1026833868e5ca447a4d1df2bf57dfd9856b8d96471e222da922c07d6bdd2f2cbece418

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe

Filesize
188KB

MD5
be5bbfff6690c2bfbe1ab10c7a759def

SHA1
44b4f7a2f988420277a9e91220b0b4e0a3b29220

SHA256
3b4a05b3065c76b8a4d893eeba470525df7ed245f7cfbe4d3f3d437dc045801b

SHA512
23eafef0a5cf1ae3a7baa4f92747edb61f99afdb5b33741582a5d303bdf910558c8c08857d8dd25dd0d70467a56795e53f215d49ea24468ec7245887f5f33048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41720.exe

Filesize
188KB

MD5
a2a0732019a77a7ff1452b836a90df26

SHA1
79b4487dfeda77f0d59371f219ee501f65e496b9

SHA256
80da512822eaa8e2e7fa506563d4eb4ea64ca6ed5f7f9f65b1497f1c2b677a8f

SHA512
7f8c34758d4dc02b7855800bfb643eb57483c099d8911749d650d7ca8e7aec5becd4820842d3a067cf00bb11d3e6305a21d9674cc294156ccc9765284215a63c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44677.exe

Filesize
188KB

MD5
397038b01125b0877df3f8bd211a63c8

SHA1
7f567732ae8d9d1a324aa878c1b070977c6e4130

SHA256
77311ee51413352a2d0ff4234963d27b293c72eb3a773de7924124fe9a3520d1

SHA512
f66722a12d6d7ecdcc91bb894363336a416c76581d28aedae2ca255b8528e4ceecd36f286956a5c73e3493a54db622d069024cdbcc3c347963b09211c422c152

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46293.exe

Filesize
188KB

MD5
e3d66bad8f2e359b70c89b90b4ad190f

SHA1
e4683bfdf1c550741c3467615ac3fcf53eb94db8

SHA256
a45b1653a887d10307451d6bac6809277e2ed63881bb7bdfa01b43180f876ae1

SHA512
b588135a4078b4fa4c8ed512d403c58e6ad7c12601075f37fada7f9b5c2ada21a9a8887a545e70d06b8bd97df00654e3ffab43550118e9ee4c98b296b23c2cd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54461.exe

Filesize
188KB

MD5
e58a1c302f1c2465121a0be499990c5e

SHA1
717fec57789ff59ed482739af04f301e54628fca

SHA256
da1a82ee5cf95deb3ded15eacb1ebcbac4fe23f6088041462f39007c89a7aca3

SHA512
8e6a0194cfbc64265037495e8470f3d44b6112530c900f5b9bf1fcb966457f6bbc6ace72b44a8517b85104373eaf178aaf5dc300c32806e2c39a34ee323635c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe

Filesize
79KB

MD5
f8af78f99da4ae1347f550a1416fb0a5

SHA1
658185bb5038bf29257c28eb3f59c2228ecc14a5

SHA256
e1d11ae0b343de50603f9ee805c744412d10fecc24ca331e574855dd062684f9

SHA512
ac9904945aa9ce8e623fcc85a0245317338d77f351fa5585c148103570cc866cd0cfbf342dec42cfe9548af0921326b7eabba7396c0590f6b434c357269f5c50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61669.exe

Filesize
188KB

MD5
08a25436862f68ea681bbd79ce729fd6

SHA1
af9a30438549a82fae35d943b93fbcf1d18ef13f

SHA256
1a3b496ecd28354535a57992e95e83048e8dbf7ddffd95ce90022d903f49cf12

SHA512
c848c17601e94fa6f0ad6fe1753d143be09fc9e8c3afb717808481ae5f8915856593e286afada5dc51b491350b4fb1d30141aa560455076814eddbc57f98d9a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe

Filesize
188KB

MD5
8e4eddfbaa0312897af4b095eb7cc227

SHA1
bfaa67309f5c759d0c441a3f3b989a70bb087bae

SHA256
11c43c7510b02d3cfd0c7a3d72a7e112b7cb3d1da7b50c8c013c4d0c61bf1a5b

SHA512
459d75c3b9ec4773283f919665b246907533eee831f50d50779218374e8645e8998227b843543b95798ec3b90720a15f00cf4dfbd90c2e9db5769baa5a721ce8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10091.exe

Filesize
188KB

MD5
7326aaa3e61426540675c6d6130e12a9

SHA1
8564b1602cba5c9fa090f4f6f1c66a81b69341d0

SHA256
adcf223826616922d997bc096212af8271552a9b3e9dbc52969e17d830b86571

SHA512
17d140be544a75987055cfeea9095c2c3779f8daf66da0633386145d0a814daf66a538d149c9a70ffa5583fac2ed98ace4ac6a1c994ee3e76de92187f5e47651

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18068.exe

Filesize
188KB

MD5
a7c27fe926dd2de65a39830b96ca8f10

SHA1
f09edcd1dff9a98782b320882eb8602a040346bd

SHA256
ac57c9317c9f410e8e90cd93566dac9ed88f685b7aa6984394e402847c9a8b15

SHA512
c01f708af97db0a40caf60a6907251650391e4438e6da86cc3c5b261bb5feecc96c33b660f83656a430c79e11ae096a82a15b4fddc3b885eb66d2c22f7688514

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33635.exe

Filesize
188KB

MD5
13b273522b130ab8806f29c78500dbed

SHA1
3ddc2d163eaa8de39e2139f750c7017e98c1a186

SHA256
34f514b6c957550a6421ff616ae3a396cba5ee56c5a8fe5bad7d1950027c8de9

SHA512
41db66d9da4c44a65f602d1d7d14d883473bd31d8e6bbaeaef721ffc0872058efa9e777cae3b3c04cd16235c1c1357062c78d6b1357f31ccfdfe127b0ee74a19

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36925.exe

Filesize
188KB

MD5
2d9e2562d4a0aeb6666fe82e4aceb659

SHA1
2713e4ed029e77d1653897c57256e78d66759671

SHA256
b416ef02b8a26a9d04061d7f5ccc2de5c712cd94446dd1a635c5f39a7b70be50

SHA512
7ad56e4214a605b6726ccdbdb43f34a1ba84c5921f93c828bc61d33945877a3ec707c18b03e5ff1ee787971a0ee4f3e6103170277a31dcdd7ac6a39bf92a4b56

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe

Filesize
188KB

MD5
90f9e00289f2fd8fc35bbad711845eb4

SHA1
5e3f39123b46af7f87fdde904dffb4facd160222

SHA256
a0a797ec93e1411c57fdd3f9e4fd10fa8579998fa1277501e33e06ef25e3dc52

SHA512
def8fa9c159b18654ba0fe0fec39569f309d50ba6bde438ffa5871ca4955f1ce00c62839ba82874edabe8fb4b59cdbaa0fa07a78d19079eb7a54a7ba75c66087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44539.exe

Filesize
188KB

MD5
11d6e03bf2e366e76d9cc24fac743b1f

SHA1
56b84761e170c7db2d629dafce8808fa95f18d88

SHA256
892dd4556d4401d05078b33e7c2c14c32cd63e5131a3a10ee552c2ff90d59651

SHA512
8951b01a393f55e87a97eb43f2c32141ad76fc4ecc7578b6453d09c247d9fa4efa3c46afe21784366ec080a9b30cee46c17f4fa72449a5f26b9a658102592e9a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45421.exe

Filesize
188KB

MD5
7058e77f847fbe695978a08a0a7110cb

SHA1
0aaca4d81200b17525aa03ed80734760631aef61

SHA256
bdbc78948636bab98ee34b9021ac3aa72859133484fad5e6bda3894f1f817a49

SHA512
accedaf8b16eff7f5267dbfd6f13a624bd5aa2d94c14b306f97878454274a877ec6d3899473ffcdcfffe5a1c973614764ed8b622191b11c8b76c9f70e64dc0fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe

Filesize
188KB

MD5
2403c49b9dc905b715d2c21187dd1184

SHA1
76d3580b354ec6acd393a6ca7259a42fe2e1a989

SHA256
7d76aeb9e5eafbede7e0ad698d284859356862354f0ba099c6d1daecf8f49bb9

SHA512
88a6b20303007c4d219ef16f8c492bdd3c843e49505bcd39502474ac63ac5905156dcbd65cd5a1d39d998d0434d69e40b691f15198df99c6de7be30d112b802a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe

Filesize
64KB

MD5
02a7781ef7a9076c89bed7006f65abcd

SHA1
1f2182ee0d1f73a5fc3802f509e00d89a943b8c9

SHA256
73a011db50aa033f3110ea50a36e5721e1d4da84433a697a91a96a5a7adc3c02

SHA512
42c17ab8c6b349a4e4bfa796bf02d89b5b81a752ee3d8dda1918b69ee368fe882767cbdc843059d3ad64193c0740360e742af77fec79e2817cc3fdc1cc26d8ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe

Filesize
188KB

MD5
bbfd607c9030852c301a508599da772e

SHA1
0f7c6c063b1b3823e92338c9e2dd5cf9790e47b0

SHA256
e6ff7086117b90ee2cbe92a4711a4b9c657e5aa3744a9298c782203187d58f26

SHA512
879a07d9a872be5144faf1e61c39039d86dc4f41961e8cfa757620ce1872656da856865993ea5018b9ce6928233bae4296706d9c830493189a6f270eaafef1de

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe

Filesize
188KB

MD5
ace5a36e1fb60fd7f4c753bbbcfe14b6

SHA1
ad612d5a40303f4600befd3f29480aee1c2d3b80

SHA256
a61de570601953498001780a19519ef5060770e7ae54feb14ef8904784073e2e

SHA512
9c09d476a098660f9b5b142ee1d2b70c5477b264aeafe204b775ebcae49806689a2697c8382ec919e14c2dd3bfcede5a2fb3c069fbeb422257046e0efeebe1cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe

Filesize
188KB

MD5
cd1a3bda9da8576a6de6ea064a1dd68c

SHA1
5134864626281a565088a64ab449cd76724bb34d

SHA256
dc651f015d1c24a5d0e32e18547092fc5f890d28665c8baa3da0237b20bdb750

SHA512
0ff02994aedc2d477402e27e7172e3150bc782f751d23db1651f087c3cdce10bf42d5a4e320f2eb5154671c20f125a9a0ec5794d4104afac802bf87f1f55bf6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe

Filesize
188KB

MD5
a1e8fd81e54b1bd75245259264105fb6

SHA1
268a9e2fb7ffafb28defe98a6ac02770f076e247

SHA256
5049771863dfabae0948cc206abe843ff51b071a46dfb478a07faf22d6918a79

SHA512
e0bbac3429e276a7ad40cf1fd026c847b2a9ba74c0b2d9507e5984f071acdc84e1daffaff242ee38bc80742993a4f358726170c4840b6dd21f8860fa7320d1bb

Download Submit
memory/1184-844-0x0000000000450000-0x000000000047E000-memory.dmp

Filesize
184KB

Download
memory/1184-840-0x0000000000450000-0x000000000047E000-memory.dmp

Filesize
184KB

Download
memory/1996-1245-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/1996-993-0x0000000000260000-0x000000000028E000-memory.dmp

Filesize
184KB

Download
memory/2836-997-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads