57674bd157ca717ef2a84e16931f3aab2d2eb84f89dd70d3ae6d2f5334c9d62f

Analysis

max time kernel
146s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
23/01/2024, 21:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

708d4905acc234f53ed27bab739270d9.exe
Size

184KB
MD5

708d4905acc234f53ed27bab739270d9
SHA1

d68ce39c59a35bf3f0b82afafb6e297c301204c7
SHA256

57674bd157ca717ef2a84e16931f3aab2d2eb84f89dd70d3ae6d2f5334c9d62f
SHA512

c63c730485f87251220f690112d9273d02a4e772fa6d945d498e534c274cfde3479ff41840e9dcff32371020a0b48bf292d0f9aa5f868df221ff2141756c07ef
SSDEEP

3072:2xHcoz/wfyAc1Ojkd7sWE8Fb+sX6O3fIMDExx9PAQalPvpF+:2x8oQXc1XdgWE8nQtjalPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3028	Unicorn-48593.exe
2728	Unicorn-26118.exe
3052	Unicorn-41062.exe
2832	Unicorn-36507.exe
2632	Unicorn-57482.exe
1732	Unicorn-35521.exe
1612	Unicorn-46382.exe
2968	Unicorn-45635.exe
1616	Unicorn-15724.exe
1772	Unicorn-42920.exe
292	Unicorn-34198.exe
2564	Unicorn-3471.exe
528	Unicorn-57311.exe
1624	Unicorn-48671.exe
1512	Unicorn-27736.exe
2256	Unicorn-15807.exe
1020	Unicorn-54701.exe
2408	Unicorn-64815.exe
980	Unicorn-42257.exe
800	Unicorn-57202.exe
2204	Unicorn-6055.exe
1644	Unicorn-10736.exe
2300	Unicorn-25681.exe
2456	Unicorn-29211.exe
912	Unicorn-33103.exe
636	Unicorn-21405.exe
1228	Unicorn-9174.exe
1640	Unicorn-19481.exe
2664	Unicorn-31733.exe
2524	Unicorn-42593.exe
536	Unicorn-11120.exe
1708	Unicorn-17343.exe
2276	Unicorn-36371.exe
1320	Unicorn-15759.exe
2712	Unicorn-8873.exe
1724	Unicorn-33932.exe
2580	Unicorn-513.exe
2208	Unicorn-14903.exe
1796	Unicorn-50269.exe
1412	Unicorn-19564.exe
2900	Unicorn-11950.exe
2760	Unicorn-42122.exe
2728	Unicorn-48152.exe
824	Unicorn-11758.exe
1312	Unicorn-50098.exe
1212	Unicorn-36262.exe
268	Unicorn-39792.exe
1660	Unicorn-38976.exe
928	Unicorn-58842.exe
2936	Unicorn-50674.exe
1500	Unicorn-45007.exe
2844	Unicorn-30062.exe
1352	Unicorn-5557.exe
2316	Unicorn-8058.exe
2480	Unicorn-3274.exe
2308	Unicorn-48391.exe
2416	Unicorn-48391.exe
112	Unicorn-9859.exe
2616	Unicorn-18027.exe
1732	Unicorn-17473.exe
1540	Unicorn-42531.exe
1364	Unicorn-41977.exe
1004	Unicorn-10435.exe
1048	Unicorn-32993.exe

Loads dropped DLL 64 IoCs

pid	Process
1724	708d4905acc234f53ed27bab739270d9.exe
1724	708d4905acc234f53ed27bab739270d9.exe
3028	Unicorn-48593.exe
3028	Unicorn-48593.exe
1724	708d4905acc234f53ed27bab739270d9.exe
1724	708d4905acc234f53ed27bab739270d9.exe
2728	Unicorn-26118.exe
2728	Unicorn-26118.exe
3028	Unicorn-48593.exe
3028	Unicorn-48593.exe
2832	Unicorn-36507.exe
2832	Unicorn-36507.exe
2728	Unicorn-26118.exe
2728	Unicorn-26118.exe
2632	Unicorn-57482.exe
2632	Unicorn-57482.exe
1732	Unicorn-35521.exe
1732	Unicorn-35521.exe
2832	Unicorn-36507.exe
2832	Unicorn-36507.exe
1612	Unicorn-46382.exe
1612	Unicorn-46382.exe
2968	Unicorn-45635.exe
2968	Unicorn-45635.exe
2632	Unicorn-57482.exe
2632	Unicorn-57482.exe
1616	Unicorn-15724.exe
1616	Unicorn-15724.exe
1732	Unicorn-35521.exe
1732	Unicorn-35521.exe
1772	Unicorn-42920.exe
1772	Unicorn-42920.exe
528	Unicorn-57311.exe
528	Unicorn-57311.exe
2564	Unicorn-3471.exe
2564	Unicorn-3471.exe
292	Unicorn-34198.exe
292	Unicorn-34198.exe
2968	Unicorn-45635.exe
1612	Unicorn-46382.exe
2968	Unicorn-45635.exe
1612	Unicorn-46382.exe
1624	Unicorn-48671.exe
1624	Unicorn-48671.exe
1616	Unicorn-15724.exe
1616	Unicorn-15724.exe
1512	Unicorn-27736.exe
1512	Unicorn-27736.exe
2256	Unicorn-15807.exe
2256	Unicorn-15807.exe
1772	Unicorn-42920.exe
1772	Unicorn-42920.exe
2204	Unicorn-6055.exe
2204	Unicorn-6055.exe
2408	Unicorn-64815.exe
2408	Unicorn-64815.exe
800	Unicorn-57202.exe
800	Unicorn-57202.exe
2564	Unicorn-3471.exe
2564	Unicorn-3471.exe
1020	Unicorn-54701.exe
1020	Unicorn-54701.exe
980	Unicorn-42257.exe
980	Unicorn-42257.exe

Program crash 15 IoCs

pid	pid_target	Process	procid_target
2312	1724	WerFault.exe	63
944	1048	WerFault.exe	92
1592	2580	WerFault.exe	64
1684	2480	WerFault.exe	83
1096	2736	WerFault.exe	137
2296	868	WerFault.exe	172
2668	1940	WerFault.exe	199
2976	2812	WerFault.exe	253
2008	2144	WerFault.exe	215
2716	1764	WerFault.exe	240
1152	2676	WerFault.exe	214
1488	2076	WerFault.exe	329
1512	1976	WerFault.exe	363
580	3068	WerFault.exe	254
2836	1412	WerFault.exe	356

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1724	708d4905acc234f53ed27bab739270d9.exe
3028	Unicorn-48593.exe
2728	Unicorn-26118.exe
3052	Unicorn-41062.exe
2832	Unicorn-36507.exe
2632	Unicorn-57482.exe
1732	Unicorn-35521.exe
1612	Unicorn-46382.exe
2968	Unicorn-45635.exe
1616	Unicorn-15724.exe
1772	Unicorn-42920.exe
2564	Unicorn-3471.exe
528	Unicorn-57311.exe
292	Unicorn-34198.exe
1624	Unicorn-48671.exe
1512	Unicorn-27736.exe
2256	Unicorn-15807.exe
980	Unicorn-42257.exe
2408	Unicorn-64815.exe
2204	Unicorn-6055.exe
800	Unicorn-57202.exe
1020	Unicorn-54701.exe
1644	Unicorn-10736.exe
2300	Unicorn-25681.exe
2456	Unicorn-29211.exe
912	Unicorn-33103.exe
636	Unicorn-21405.exe
1228	Unicorn-9174.exe
1640	Unicorn-19481.exe
2664	Unicorn-31733.exe
2524	Unicorn-42593.exe
2276	Unicorn-36371.exe
536	Unicorn-11120.exe
1320	Unicorn-15759.exe
1708	Unicorn-17343.exe
2712	Unicorn-8873.exe
1724	Unicorn-33932.exe
2580	Unicorn-513.exe
2208	Unicorn-14903.exe
1796	Unicorn-50269.exe
1412	Unicorn-19564.exe
2900	Unicorn-11950.exe
2760	Unicorn-42122.exe
2728	Unicorn-48152.exe
1312	Unicorn-50098.exe
268	Unicorn-39792.exe
2936	Unicorn-50674.exe
1212	Unicorn-36262.exe
1500	Unicorn-45007.exe
928	Unicorn-58842.exe
1352	Unicorn-5557.exe
1660	Unicorn-38976.exe
2844	Unicorn-30062.exe
2316	Unicorn-8058.exe
2308	Unicorn-48391.exe
112	Unicorn-9859.exe
2480	Unicorn-3274.exe
1540	Unicorn-42531.exe
2416	Unicorn-48391.exe
1364	Unicorn-41977.exe
1732	Unicorn-17473.exe
2616	Unicorn-18027.exe
1004	Unicorn-10435.exe
1048	Unicorn-32993.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 3028	1724	708d4905acc234f53ed27bab739270d9.exe	28
PID 1724 wrote to memory of 3028	1724	708d4905acc234f53ed27bab739270d9.exe	28
PID 1724 wrote to memory of 3028	1724	708d4905acc234f53ed27bab739270d9.exe	28
PID 1724 wrote to memory of 3028	1724	708d4905acc234f53ed27bab739270d9.exe	28
PID 3028 wrote to memory of 2728	3028	Unicorn-48593.exe	29
PID 3028 wrote to memory of 2728	3028	Unicorn-48593.exe	29
PID 3028 wrote to memory of 2728	3028	Unicorn-48593.exe	29
PID 3028 wrote to memory of 2728	3028	Unicorn-48593.exe	29
PID 1724 wrote to memory of 3052	1724	708d4905acc234f53ed27bab739270d9.exe	30
PID 1724 wrote to memory of 3052	1724	708d4905acc234f53ed27bab739270d9.exe	30
PID 1724 wrote to memory of 3052	1724	708d4905acc234f53ed27bab739270d9.exe	30
PID 1724 wrote to memory of 3052	1724	708d4905acc234f53ed27bab739270d9.exe	30
PID 2728 wrote to memory of 2832	2728	Unicorn-26118.exe	31
PID 2728 wrote to memory of 2832	2728	Unicorn-26118.exe	31
PID 2728 wrote to memory of 2832	2728	Unicorn-26118.exe	31
PID 2728 wrote to memory of 2832	2728	Unicorn-26118.exe	31
PID 3028 wrote to memory of 2632	3028	Unicorn-48593.exe	32
PID 3028 wrote to memory of 2632	3028	Unicorn-48593.exe	32
PID 3028 wrote to memory of 2632	3028	Unicorn-48593.exe	32
PID 3028 wrote to memory of 2632	3028	Unicorn-48593.exe	32
PID 2832 wrote to memory of 1732	2832	Unicorn-36507.exe	33
PID 2832 wrote to memory of 1732	2832	Unicorn-36507.exe	33
PID 2832 wrote to memory of 1732	2832	Unicorn-36507.exe	33
PID 2832 wrote to memory of 1732	2832	Unicorn-36507.exe	33
PID 2728 wrote to memory of 1612	2728	Unicorn-26118.exe	34
PID 2728 wrote to memory of 1612	2728	Unicorn-26118.exe	34
PID 2728 wrote to memory of 1612	2728	Unicorn-26118.exe	34
PID 2728 wrote to memory of 1612	2728	Unicorn-26118.exe	34
PID 2632 wrote to memory of 2968	2632	Unicorn-57482.exe	35
PID 2632 wrote to memory of 2968	2632	Unicorn-57482.exe	35
PID 2632 wrote to memory of 2968	2632	Unicorn-57482.exe	35
PID 2632 wrote to memory of 2968	2632	Unicorn-57482.exe	35
PID 1732 wrote to memory of 1616	1732	Unicorn-35521.exe	36
PID 1732 wrote to memory of 1616	1732	Unicorn-35521.exe	36
PID 1732 wrote to memory of 1616	1732	Unicorn-35521.exe	36
PID 1732 wrote to memory of 1616	1732	Unicorn-35521.exe	36
PID 2832 wrote to memory of 1772	2832	Unicorn-36507.exe	37
PID 2832 wrote to memory of 1772	2832	Unicorn-36507.exe	37
PID 2832 wrote to memory of 1772	2832	Unicorn-36507.exe	37
PID 2832 wrote to memory of 1772	2832	Unicorn-36507.exe	37
PID 1612 wrote to memory of 292	1612	Unicorn-46382.exe	38
PID 1612 wrote to memory of 292	1612	Unicorn-46382.exe	38
PID 1612 wrote to memory of 292	1612	Unicorn-46382.exe	38
PID 1612 wrote to memory of 292	1612	Unicorn-46382.exe	38
PID 2968 wrote to memory of 2564	2968	Unicorn-45635.exe	39
PID 2968 wrote to memory of 2564	2968	Unicorn-45635.exe	39
PID 2968 wrote to memory of 2564	2968	Unicorn-45635.exe	39
PID 2968 wrote to memory of 2564	2968	Unicorn-45635.exe	39
PID 2632 wrote to memory of 528	2632	Unicorn-57482.exe	40
PID 2632 wrote to memory of 528	2632	Unicorn-57482.exe	40
PID 2632 wrote to memory of 528	2632	Unicorn-57482.exe	40
PID 2632 wrote to memory of 528	2632	Unicorn-57482.exe	40
PID 1616 wrote to memory of 1624	1616	Unicorn-15724.exe	41
PID 1616 wrote to memory of 1624	1616	Unicorn-15724.exe	41
PID 1616 wrote to memory of 1624	1616	Unicorn-15724.exe	41
PID 1616 wrote to memory of 1624	1616	Unicorn-15724.exe	41
PID 1732 wrote to memory of 1512	1732	Unicorn-35521.exe	42
PID 1732 wrote to memory of 1512	1732	Unicorn-35521.exe	42
PID 1732 wrote to memory of 1512	1732	Unicorn-35521.exe	42
PID 1732 wrote to memory of 1512	1732	Unicorn-35521.exe	42
PID 1772 wrote to memory of 2256	1772	Unicorn-42920.exe	43
PID 1772 wrote to memory of 2256	1772	Unicorn-42920.exe	43
PID 1772 wrote to memory of 2256	1772	Unicorn-42920.exe	43
PID 1772 wrote to memory of 2256	1772	Unicorn-42920.exe	43

C:\Users\Admin\AppData\Local\Temp\708d4905acc234f53ed27bab739270d9.exe
"C:\Users\Admin\AppData\Local\Temp\708d4905acc234f53ed27bab739270d9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48671.exe
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8873.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10643.exe
        12⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15560.exe
        13⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58643.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        15⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        17⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38696.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        11⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28215.exe
        12⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15124.exe
        13⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        15⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        16⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60060.exe
        15⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
        16⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1724
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
        9⤵
        Program crash
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25681.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-513.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3274.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41370.exe
        10⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
        11⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14792.exe
        12⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        13⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe
        14⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3537.exe
        15⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
        16⤵
        
        PID:696
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
        15⤵
        Program crash
        
        PID:2836
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
        14⤵
        Program crash
        
        PID:1152
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
        13⤵
        Program crash
        
        PID:2668
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
        12⤵
        Program crash
        
        PID:2296
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
        11⤵
        Program crash
        
        PID:1096
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
        10⤵
        Program crash
        
        PID:1684
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
        9⤵
        Program crash
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18027.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        9⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
        11⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        12⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40610.exe
        15⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
        16⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        13⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24767.exe
        14⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47237.exe
        15⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18016.exe
        16⤵
        
        PID:528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10335.exe
        17⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37144.exe
        18⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40756.exe
        19⤵
        
        PID:1136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29211.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14903.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41178.exe
        11⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
        12⤵
        
        PID:2452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
        13⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        14⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35151.exe
        15⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25328.exe
        16⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        17⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29310.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11110.exe
        11⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49790.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63085.exe
        13⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60127.exe
        14⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
        15⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54393.exe
        16⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
        17⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
        18⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26442.exe
        15⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
        16⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20616.exe
        17⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43347.exe
        11⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31461.exe
        13⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17585.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        15⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
        16⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
        17⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe
        18⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        19⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63978.exe
        20⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13619.exe
        15⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        16⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12177.exe
        17⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        18⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
        14⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
        15⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
        16⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50269.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48391.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10622.exe
        9⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31448.exe
        10⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
        11⤵
        
        PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19564.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17473.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
        11⤵
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65472.exe
        12⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37543.exe
        13⤵
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46884.exe
        14⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30844.exe
        15⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        16⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4663.exe
        17⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29737.exe
        12⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
        14⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        15⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30272.exe
        16⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        17⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42531.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        9⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
        10⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
        11⤵
        
        PID:3068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
        12⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33252.exe
        13⤵
        
        PID:2508
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 376
        12⤵
        Program crash
        
        PID:580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11950.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
        8⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43077.exe
        9⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
        10⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        11⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15114.exe
        12⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36210.exe
        13⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54248.exe
        14⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7581.exe
        10⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
        11⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17310.exe
        12⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-454.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60086.exe
        16⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48723.exe
        9⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2698.exe
        10⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1170.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
        12⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
        13⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        14⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55452.exe
        15⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
        11⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46199.exe
        12⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64896.exe
        13⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21424.exe
        14⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
        15⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        16⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5400.exe
        17⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        18⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16904.exe
        11⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10184.exe
        12⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
        13⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8939.exe
        14⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21405.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42122.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58697.exe
        8⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29502.exe
        9⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18987.exe
        7⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34525.exe
        8⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14426.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14426.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        10⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        11⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
        13⤵
        
        PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42257.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17343.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50674.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        9⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58557.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57143.exe
        11⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47844.exe
        12⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61907.exe
        13⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
        15⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14777.exe
        16⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
        17⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36087.exe
        8⤵
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23939.exe
        9⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42963.exe
        10⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44751.exe
        11⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
        13⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
        14⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        15⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
        16⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7397.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28270.exe
        15⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        16⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64969.exe
        17⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        18⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe
        17⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27594.exe
        12⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15966.exe
        13⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53117.exe
        14⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        11⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe
        12⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44966.exe
        8⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
        9⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36902.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        11⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64343.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        13⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6339.exe
        14⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7045.exe
        15⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24612.exe
        16⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56782.exe
        10⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        11⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
        12⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
        13⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29941.exe
        14⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        15⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12952.exe
        9⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
        11⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29733.exe
        12⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-340.exe
        13⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        14⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39588.exe
        15⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
        16⤵
        
        PID:1976
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 200
        17⤵
        Program crash
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63728.exe
        11⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63173.exe
        12⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27466.exe
        14⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        15⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48152.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15776.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55376.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54857.exe
        11⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        12⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55685.exe
        13⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35390.exe
        14⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10435.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
        8⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
        9⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20434.exe
        10⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
        12⤵
        
        PID:2700
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
        12⤵
        Program crash
        
        PID:1488
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
        11⤵
        Program crash
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
        10⤵
        Program crash
        
        PID:2008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
        6⤵
        Executes dropped EXE
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19144.exe
        7⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9701.exe
        8⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        9⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58119.exe
        10⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31446.exe
        12⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6915.exe
        13⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
        14⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36058.exe
        12⤵
        
        PID:1752
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        9⤵
        Program crash
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45007.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19196.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32089.exe
        9⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59136.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
        11⤵
        
        PID:1068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58842.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6756.exe
        8⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21526.exe
        9⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18493.exe
        10⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62597.exe
        11⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
        12⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11658.exe
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57372.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
        11⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53739.exe
        12⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8534.exe
        13⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58768.exe
        14⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31114.exe
        15⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52428.exe
        7⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        8⤵
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
        9⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54919.exe
        10⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22904.exe
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
        12⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44530.exe
        9⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24873.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8098.exe
        11⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28207.exe
        12⤵
        
        PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57202.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50721.exe
        8⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42250.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
        14⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        15⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20549.exe
        7⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49517.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
        9⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
        10⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
        12⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
        13⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
        14⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31427.exe
        7⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14763.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
        9⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8046.exe
        10⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe
        11⤵
        
        PID:1616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11120.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39792.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60679.exe
        8⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51484.exe
        10⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10342.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        12⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41352.exe
        13⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52125.exe
        14⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        15⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5197.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63620.exe
        17⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39666.exe
        18⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21779.exe
        10⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
        11⤵
        
        PID:672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11092.exe
        12⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11834.exe
        13⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13225.exe
        14⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48742.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
        16⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
        17⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58897.exe
        13⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26905.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
        15⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25385.exe
        17⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        18⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36027.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17036.exe
        9⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
        10⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51793.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26625.exe
        12⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        13⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58368.exe
        14⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19599.exe
        15⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51747.exe
        16⤵
        
        PID:108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25420.exe
        13⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
        7⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
        8⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
        9⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        10⤵
        
        PID:1356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36371.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30062.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        7⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57898.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        9⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
        10⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55389.exe
        11⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34223.exe
        8⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
        9⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38389.exe
        10⤵
        
        PID:2812
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 200
        11⤵
        Program crash
        
        PID:2976
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3052

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe

Filesize
184KB

MD5
650466de92881cdac1fbf3a823037746

SHA1
78a2c58537dce600eeb5392b5740ec758d24e1a7

SHA256
c68c617bf4b07a8e278696caae022c1ba8cfdaa6b4e3db30255c0afe1026dd4d

SHA512
ee722076010a356b2a7952a085095f9663811f1c50e2e1f17901cc70e3b64a552fc741e6704bd46ca65a96a27d170f49f458eddde5a8eea819cd37572c844b0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27990.exe

Filesize
184KB

MD5
7ebf4be853119795cf796dc054cedae5

SHA1
bfee8c1206d7a76b70aa84066f3b92e232d47b72

SHA256
4d144e50001ab75da44829981bdef2587546b34fdef5d9f40215b62ee10b051b

SHA512
a75036cdc2bea9151c84620a7a3e2b078d2f2b717215ff388cbf19188df6aa4b0dc92cba5ebd9c468272a177a1602a5f19d022425134e5d82c8eff52477b3db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28934.exe

Filesize
184KB

MD5
58867a13875ef6accd255296bb35b982

SHA1
d8416603c0477fe71ed8e11893f67e573f8383a9

SHA256
c9db12792af40d119687ee805356bf14515133aa2ebc29d28c359e9c310718b3

SHA512
f85f46f596538196c6b01c5f983965b1dbabdd48a49b507fc67728625a1c4792b8521cf27486039ac99d669937361bc25733424fc2253ee6ff4e1797344faa8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30158.exe

Filesize
184KB

MD5
a42c0e85cc1dfd6157ca12b00f406f8e

SHA1
6791bed8033e401f486c47f901623f1089a4723a

SHA256
2b9926a39c0be6b822c417f1796491fffc0764a9493cb8b3afab1114e9393d61

SHA512
9daf8c3992cf8483fa54616f984497684a2dbc228ad3da356178b7ec9478802c638d11bd8e940b01872a1a68b7d63e99bf2489c8f2275efe691982240fd805a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37336.exe

Filesize
184KB

MD5
3ea4025800d9eb3230419f0f23caefe0

SHA1
4c32039ba8b920c9009916e1f186b19569451a8f

SHA256
f73f3d8b191095995e8547132028fd5310f09adf911bbaac0f2e09fc80652b71

SHA512
4617834a54e63cdc717e6e2c0f3d290096c45799cf0c2dcc1d28eb4c3096b0dccb8d78c7b6b3ab639f12bd92414bc9e616fbf07d83dd216d241ac5cf2931383a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42920.exe

Filesize
184KB

MD5
26d995a69492c332d8e77921e053f969

SHA1
f6a1fcb4cb96ed1b2f119fa084e5a0a48f0ec9fb

SHA256
78a9e3b734850207549f6f5552e951bc8ce5ce4570610ae5c7a98cf111627516

SHA512
d44fc81a6a0dfcbc89d9e6e42c3769acb2b80953025e6c24abbc74d848d6c1b2156ee2973fc1c07a92f0cc6b7a57478bcf92da105b58116b52521d2a7f6aab26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6206.exe

Filesize
184KB

MD5
997e2a956d658e7fc7a5514fd0857167

SHA1
23fc67ea2a92e2267342ed5981a3986897c7a328

SHA256
d58dff749abc2668a917b9c91bc394406cd00fd63226faa91a16d1aa65bbbfbe

SHA512
b62df38cbec79d951000208cfea16c6dbd890a34b265a6554c001a83076013309690d69f823dc97f1be8d265ebac4c9c291abcfed39ff779dadb238dbd58f2b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63324.exe

Filesize
184KB

MD5
1470bfe219765a3853f89b162389fc38

SHA1
044319b7733a40ce6888f227920cefb025b939ac

SHA256
9fe9a2d720b4231679b437cc4b0616998c419b2c35a3febb7fb7e871b2848ab5

SHA512
1e04f39ef4da13995ed371d7c3edf30eb98ced264c8f28ea74945de3e081fa2b302d5fdc1c71ea6834bb973ed32b8a652771f9d6a5c0c594b8deb03d59c22532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6614.exe

Filesize
184KB

MD5
4f0e03eb9cf582b419a070d182268de4

SHA1
b718853cc2df3b7a32cb69e53bd8af187ff94397

SHA256
68bb0a90f6ca18317799c0a8dd2e4f81b09528f0cc2f6bc170c5128d83e2dd77

SHA512
9d530bc0e076f9cc4dd986cca2f400c7629855106f93c6907a1586379425b7249730bda5ba6ab5ed55fd29bd36feec997af3d955a65cddab85415eec4239f392

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15724.exe

Filesize
184KB

MD5
1cffaf85bcf929fdbb3eded3fa4aaf00

SHA1
a7a836532f72c0b4d44c2de89d544ca10e2be8ec

SHA256
a01134f753725b74d9d15a71b7fde6868e519f05e4bee37e4d004df9aa0bb8fa

SHA512
9cbde7f01ed7ac6226fda8e338ea5ef73320e6eeb724c897771bace5a1e02322b75d6f8742892a56571ceffcd48137d35027e2c6761a65185a444900f14c6ecc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26118.exe

Filesize
184KB

MD5
d32de5c42057883ff0062a179595b61e

SHA1
5c3d344d1d37a9c34d42c082d49043520fc5158b

SHA256
7f211b7e2a31b424645fde1b54b8ae66b92d33109d5415f3cf04fc7acb8f5c52

SHA512
74f26d708f11410fa0a042beb0ff5f61139417f21452b75b7a9d3fcf456869de041977f2a7f42145ed9d36f6b705e1d1c6da25b8b8703702e840326ba552c7ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27736.exe

Filesize
184KB

MD5
7311ee8799ae0533b395c3f63be6abd6

SHA1
cccffb3178f6d305bc2c18c481613564a375354f

SHA256
f8ec461d0cd96452a9c87c7b70a1af6d26961babed29634275db0ced02c0d455

SHA512
2414b93562bf4d0bfaffe2a21302d709b51d1f732d1edf54fd5ac790d595e26337c3ab5b5d639d3d99de593b21a4bce9f79ef41a6ef4ffe9523bafbe6b9be195

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34198.exe

Filesize
184KB

MD5
c3ce842d4713a90836ff69c925c904d1

SHA1
a41a7fe4a64a78d9b704b8f4acc1c59ecf5ab5e7

SHA256
887baef7b705eea874891a8df6206c7c223ab9325c8a16bcde4061e47e11a42c

SHA512
536632679cb1b3b5c1d82a4146f9943076d1ec39b5489e7b607ef64157bd4842fad350092ee34f3a36a4fdf65136b7f27ba2b657e80909566f9a3109ba8d9752

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3471.exe

Filesize
184KB

MD5
9d375d1e10351e91c4401376a200df3d

SHA1
067b3d6fd44eefc8a9ba314cb551e1a941871ee3

SHA256
37d62f35afa7737ace750fb8ee5c753f5004f4342165e18af68e6a9c8821413f

SHA512
83646c062e2348606b185efe6b1f4331311f5b8a02eddd35e4f20d7aa92727c8e1b0bdad01babc2790e5d43fc8857240b7eb8e29eb4821b99b916e7f867a0e48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe

Filesize
184KB

MD5
6f0047f13637c5e0fc7a8eb6efd1a238

SHA1
ac13b6598486c01631bae9586766aad81cfc1593

SHA256
0aeb4c3cd1fb3e3171894cf95e7b4f333619deecceec74890a7b0a8c816ee555

SHA512
9b890e69ac7bd33afa02d1fa354a2d12fae44b84f0370dba528e2c9554c9573ccfea58041e763525cc52988f72972a26d97534059c2cb36b252385a9bdb8ab1b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36507.exe

Filesize
184KB

MD5
25dbec6a98980a24927c0e0a0fce9602

SHA1
d1b6b78ee3f8bf2f0ae137cd835b2e5a436aea52

SHA256
bc60ebbe5f7d2471d66f2d16e19ecc9766d29b1c90768fb0e15168c59aea9a8b

SHA512
26b15b105668be911ce97f30d64da3325fb0a0f01886b061fa10e1f03433ec1656cd5832bf6468da4dc6bd69cfaa9c74c97748985ff5b1115239c37966357476

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41062.exe

Filesize
184KB

MD5
3359ae0e51aa5d732413402d03420513

SHA1
f315a708dc041ecf37a896e264c1fe4fbcd19621

SHA256
8b04afc90211b9c9c61648bdb4cb0394a95001cf37b50c4c278b8f80cee54206

SHA512
dd3d30a74c6241e3fda00fcf5878b30f2564f60206a949e1c5b0f3d378f78663ede119b5c1a4789fddd5e36e6bc1182e1e78e4946b4781d7147f683774621d93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe

Filesize
184KB

MD5
c190922a580bc1fd9dbd7010e8cb7e4a

SHA1
211c3327cc96702a11455b84208ac7a035d0bbd6

SHA256
e2bfb78e064dc29be2c7bb33d1aaf8e17d16a8e32541287965daf13b65bf3013

SHA512
5296ebea022945ff4f6859b0d49169e967f1bf53b9b298a048d8b93891bd2efcabb3d4763151e4162fd4ac4dc3d6e332eb9ab155818b89377e75fadfb93f1357

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46382.exe

Filesize
184KB

MD5
a2a3e37a796aa342a79e601a39001510

SHA1
97c28a4f5c778000a0f2a2870b78a4e93999eeae

SHA256
ac7e4f36f45daf132c87bab62098d447022ab6488ef742b8f98392963e65c48d

SHA512
4fe4bdad88ffcaffc2f44004ead812427a0476eca857f157e6081d61a01d96e8efb57f89dddd671933907495784e9506fa7d1acdd4405abaad2b61da8a28495a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48593.exe

Filesize
184KB

MD5
49fb26cd50b85694e761c3e12288d89f

SHA1
57c0cda31cd64eef88d06553a3c0882c096580f5

SHA256
3a45b8c51ae5b4c139ba9952172334764452f423626028812a1a30c94a7b23ca

SHA512
1d90deb02be7bac46c7239f8198980ee60c720f4a9fe1b14f3c114d88c7fc933b9e0f8764683e47d2e167e7d0edce8e86714fc5cd60a3d1c93213ac427a0aff2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48671.exe

Filesize
184KB

MD5
edb935e4abb66a67c5af7dc50fb4af9c

SHA1
0dbafa760cfeb8b881e3beb8379fd5be7595a6ad

SHA256
e0995cfb3649e287bb1c18438b4f7bf4b71f268c82d47c95271378e6285aa609

SHA512
7b30f9f2949befa4513dd6aee396da005781e4ded50367fd2ffe5c26ac4195d86e00098de34cee97f50b7b0687e07f397cf62b0c31282ff6f630ac7f7884f572

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe

Filesize
184KB

MD5
af03f6841a412d252605d977b4fb0de0

SHA1
1e435396fda7f8737064f9caa68768f16036aa14

SHA256
b3648b3e38182b9e1361e49244010a42221578fcfbbefa0ab17d6835a7961b2a

SHA512
c182d76ca470c591a7055c5f7154827075d9388e17949d3d28c03ff50a59436bbcc27192e509f3c1052c02bfc2cfcc11b599b03bac4e11234662f4b17fad3701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57311.exe

Filesize
184KB

MD5
91e8d61f3559713f2319c9175687eb93

SHA1
f49b3177f02d61ecfdaca8a4965a8474fca36c60

SHA256
3312a9e08899ae166396f6f5415977b48cc28a442b9e39321232bec0fcc620d9

SHA512
a1ad6eedeaf380693e694fe2b4ea20eb253a4d2f563b33bc2d31b03ebc088bccbed95740abc59072a009485d543827ca16f757374ba712ee9207ed1352c00aaa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57482.exe

Filesize
184KB

MD5
58626b0cb94b55d66883f7368e638d17

SHA1
068b3f3013b84a58ff8637b6d56a644a8d9784d9

SHA256
81e7016c3bf87d11338941df9778efd6fb7bf6e4da6549367049fb2281eee320

SHA512
687b7f7e83aead4551c59ff74ab3634219a7ffc8c664170662c7ea7585b8725d8b43ce2fb2d5836e06415eaecbee278d054c668ee391df646cd6b9a36d3a6901

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64815.exe

Filesize
184KB

MD5
546af599de9d980490fd8f226b19257b

SHA1
fa9233fe2a23830c3e9cfa5b0f921bca1ea29766

SHA256
13df3f027591af710626d50ffc55d0dd6e554521d6f8774a1ba664f9d607bb97

SHA512
e30e2f57f99f89246b0e0ff00cd4c042e41ffd4bee5ade38ce7c3971b69857fa084acb6654a5ce87a0e77817c8c3346d88215e56221767fc421a6fcf73935757

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads