51373768b9f669f89a88c32640ac645c6700ffefe89939943a6d9219f431090b

Analysis

max time kernel
78s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 16:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

804805d0920a10d5da0c9b5662055693.exe
Size

184KB
MD5

804805d0920a10d5da0c9b5662055693
SHA1

e8242dace1be0651b2db7423094eb25e0610053a
SHA256

51373768b9f669f89a88c32640ac645c6700ffefe89939943a6d9219f431090b
SHA512

cd93bf3371c14dbf60979e04e3b991fb1f03106898daeede54f2bc39130700006a2ea445f663185636063f2cbdf5958d356d233447fa3357dccd98ba1c1fd8dc
SSDEEP

3072:lOnZom1+2ofQpOjyoghHvJ0L6OmM92fZ4KxvbFeMNlvvpFj:lOZouOQp1oMHvJMcbVNlvvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1824	Unicorn-29343.exe
2164	Unicorn-34662.exe
2844	Unicorn-27048.exe
2720	Unicorn-9711.exe
2912	Unicorn-51299.exe
2180	Unicorn-17880.exe
3028	Unicorn-10946.exe
1568	Unicorn-52534.exe
2836	Unicorn-23391.exe
1880	Unicorn-19115.exe
1780	Unicorn-11693.exe
2264	Unicorn-37034.exe
2496	Unicorn-53370.exe
1328	Unicorn-4361.exe
2284	Unicorn-50033.exe
2972	Unicorn-58201.exe
1932	Unicorn-8445.exe
2976	Unicorn-8445.exe
820	Unicorn-4916.exe
908	Unicorn-38269.exe
2692	Unicorn-34931.exe
2352	Unicorn-45560.exe
1656	Unicorn-47184.exe
1376	Unicorn-1403.exe
1268	Unicorn-25908.exe
1944	Unicorn-62856.exe
1528	Unicorn-59519.exe
612	Unicorn-58772.exe
1404	Unicorn-22016.exe
2904	Unicorn-2150.exe
2340	Unicorn-42628.exe
1788	Unicorn-35014.exe
2208	Unicorn-22291.exe
1996	Unicorn-6509.exe
2948	Unicorn-42711.exe
2608	Unicorn-2638.exe
2780	Unicorn-27335.exe
2880	Unicorn-27889.exe
2776	Unicorn-56115.exe
2636	WerFault.exe
2680	Unicorn-2830.exe
2240	Unicorn-29845.exe
2348	Unicorn-26951.exe
2924	Unicorn-4541.exe
1708	Unicorn-47563.exe
1280	Unicorn-55745.exe
804	WerFault.exe
2712	Unicorn-7646.exe
2848	Unicorn-13409.exe
2268	Unicorn-27572.exe
1504	Unicorn-3562.exe
2448	Unicorn-14987.exe
2584	Unicorn-37448.exe
1744	Unicorn-40677.exe
1872	Unicorn-55179.exe
792	Unicorn-50410.exe
2912	Unicorn-36155.exe
1004	Unicorn-28595.exe
2368	Unicorn-20235.exe
776	Unicorn-27157.exe
1292	Unicorn-12259.exe
1012	Unicorn-44569.exe
2400	WerFault.exe
1556	Unicorn-412.exe

Loads dropped DLL 64 IoCs

pid	Process
2996	804805d0920a10d5da0c9b5662055693.exe
2996	804805d0920a10d5da0c9b5662055693.exe
1824	Unicorn-29343.exe
1824	Unicorn-29343.exe
2996	804805d0920a10d5da0c9b5662055693.exe
2996	804805d0920a10d5da0c9b5662055693.exe
2164	Unicorn-34662.exe
2164	Unicorn-34662.exe
1824	Unicorn-29343.exe
1824	Unicorn-29343.exe
2844	Unicorn-27048.exe
2844	Unicorn-27048.exe
2720	Unicorn-9711.exe
2720	Unicorn-9711.exe
2164	Unicorn-34662.exe
2164	Unicorn-34662.exe
2180	Unicorn-17880.exe
2180	Unicorn-17880.exe
2912	Unicorn-51299.exe
2912	Unicorn-51299.exe
2844	Unicorn-27048.exe
2844	Unicorn-27048.exe
1568	Unicorn-52534.exe
1568	Unicorn-52534.exe
2836	Unicorn-23391.exe
2836	Unicorn-23391.exe
3028	Unicorn-10946.exe
3028	Unicorn-10946.exe
2180	Unicorn-17880.exe
2180	Unicorn-17880.exe
2720	Unicorn-9711.exe
2720	Unicorn-9711.exe
1780	Unicorn-11693.exe
1880	Unicorn-19115.exe
1780	Unicorn-11693.exe
1880	Unicorn-19115.exe
2912	Unicorn-51299.exe
2912	Unicorn-51299.exe
2264	Unicorn-37034.exe
2264	Unicorn-37034.exe
1568	Unicorn-52534.exe
1568	Unicorn-52534.exe
2496	Unicorn-53370.exe
2496	Unicorn-53370.exe
2836	Unicorn-23391.exe
2836	Unicorn-23391.exe
2284	Unicorn-50033.exe
2284	Unicorn-50033.exe
2972	Unicorn-58201.exe
2972	Unicorn-58201.exe
1328	Unicorn-4361.exe
1328	Unicorn-4361.exe
3028	Unicorn-10946.exe
2976	Unicorn-8445.exe
3028	Unicorn-10946.exe
2976	Unicorn-8445.exe
1880	Unicorn-19115.exe
820	Unicorn-4916.exe
1880	Unicorn-19115.exe
820	Unicorn-4916.exe
1932	Unicorn-8445.exe
1780	Unicorn-11693.exe
1932	Unicorn-8445.exe
1780	Unicorn-11693.exe

Program crash 32 IoCs

pid	pid_target	Process	procid_target
1888	2948	WerFault.exe	62
2276	2512	WerFault.exe	97
2328	2384	WerFault.exe	114
1692	2856	WerFault.exe	124
2400	2316	WerFault.exe	125
804	2504	WerFault.exe	132
2636	916	WerFault.exe	143
1928	1604	WerFault.exe	142
2336	2816	WerFault.exe	169
3032	1640	WerFault.exe	150
1984	1608	WerFault.exe	226
3116	2256	WerFault.exe	273
3120	352	WerFault.exe	271
3428	1672	WerFault.exe	290
3704	1536	WerFault.exe	225
3336	2292	WerFault.exe	291
3832	2224	WerFault.exe	329
2696	1652	WerFault.exe	367
2240	3496	WerFault.exe	354
2024	3308	WerFault.exe	349
3540	1800	WerFault.exe	380
940	4028	WerFault.exe	381
1824	4008	WerFault.exe	467
3372	2312	WerFault.exe	435
2704	1952	WerFault.exe	292
1484	1792	WerFault.exe	379
3624	2380	WerFault.exe	426
620	1772	WerFault.exe	314
1964	3560	WerFault.exe	453
1264	3368	WerFault.exe	465
1788	1936	WerFault.exe	457
4136	4060	WerFault.exe	382

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2996	804805d0920a10d5da0c9b5662055693.exe
1824	Unicorn-29343.exe
2164	Unicorn-34662.exe
2844	Unicorn-27048.exe
2720	Unicorn-9711.exe
2912	Unicorn-51299.exe
2180	Unicorn-17880.exe
1568	Unicorn-52534.exe
3028	Unicorn-10946.exe
2836	Unicorn-23391.exe
1780	Unicorn-11693.exe
1880	Unicorn-19115.exe
2264	Unicorn-37034.exe
2496	Unicorn-53370.exe
2284	Unicorn-50033.exe
2972	Unicorn-58201.exe
1328	Unicorn-4361.exe
1932	Unicorn-8445.exe
2976	Unicorn-8445.exe
820	Unicorn-4916.exe
908	Unicorn-38269.exe
2692	Unicorn-34931.exe
2352	Unicorn-45560.exe
1656	Unicorn-47184.exe
1376	Unicorn-1403.exe
1268	Unicorn-25908.exe
1944	Unicorn-62856.exe
612	Unicorn-58772.exe
1404	Unicorn-22016.exe
2904	Unicorn-2150.exe
2340	Unicorn-42628.exe
1788	Unicorn-35014.exe
1528	Unicorn-59519.exe
1996	Unicorn-6509.exe
2208	Unicorn-22291.exe
2780	Unicorn-27335.exe
2608	Unicorn-27572.exe
2948	Unicorn-42711.exe
2880	Unicorn-7706.exe
2680	Unicorn-2830.exe
2636	WerFault.exe
2776	Unicorn-56115.exe
2348	Unicorn-26951.exe
1280	Unicorn-55745.exe
2240	WerFault.exe
2924	Unicorn-4541.exe
2712	Unicorn-7646.exe
2268	Unicorn-27572.exe
1708	Unicorn-60338.exe
804	WerFault.exe
2848	Unicorn-13409.exe
1504	Unicorn-3562.exe
2448	Unicorn-14987.exe
792	Unicorn-50410.exe
1744	Unicorn-40677.exe
2584	Unicorn-37448.exe
1872	Unicorn-55179.exe
2368	Unicorn-20235.exe
2912	Unicorn-36155.exe
776	Unicorn-27157.exe
896	Unicorn-52320.exe
1012	Unicorn-44569.exe
1004	Unicorn-28595.exe
2400	WerFault.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 1824	2996	804805d0920a10d5da0c9b5662055693.exe	28
PID 2996 wrote to memory of 1824	2996	804805d0920a10d5da0c9b5662055693.exe	28
PID 2996 wrote to memory of 1824	2996	804805d0920a10d5da0c9b5662055693.exe	28
PID 2996 wrote to memory of 1824	2996	804805d0920a10d5da0c9b5662055693.exe	28
PID 1824 wrote to memory of 2164	1824	Unicorn-29343.exe	29
PID 1824 wrote to memory of 2164	1824	Unicorn-29343.exe	29
PID 1824 wrote to memory of 2164	1824	Unicorn-29343.exe	29
PID 1824 wrote to memory of 2164	1824	Unicorn-29343.exe	29
PID 2996 wrote to memory of 2844	2996	804805d0920a10d5da0c9b5662055693.exe	30
PID 2996 wrote to memory of 2844	2996	804805d0920a10d5da0c9b5662055693.exe	30
PID 2996 wrote to memory of 2844	2996	804805d0920a10d5da0c9b5662055693.exe	30
PID 2996 wrote to memory of 2844	2996	804805d0920a10d5da0c9b5662055693.exe	30
PID 2164 wrote to memory of 2720	2164	Unicorn-34662.exe	31
PID 2164 wrote to memory of 2720	2164	Unicorn-34662.exe	31
PID 2164 wrote to memory of 2720	2164	Unicorn-34662.exe	31
PID 2164 wrote to memory of 2720	2164	Unicorn-34662.exe	31
PID 1824 wrote to memory of 2912	1824	Unicorn-29343.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-29343.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-29343.exe	32
PID 1824 wrote to memory of 2912	1824	Unicorn-29343.exe	32
PID 2844 wrote to memory of 2180	2844	Unicorn-27048.exe	33
PID 2844 wrote to memory of 2180	2844	Unicorn-27048.exe	33
PID 2844 wrote to memory of 2180	2844	Unicorn-27048.exe	33
PID 2844 wrote to memory of 2180	2844	Unicorn-27048.exe	33
PID 2720 wrote to memory of 3028	2720	Unicorn-9711.exe	34
PID 2720 wrote to memory of 3028	2720	Unicorn-9711.exe	34
PID 2720 wrote to memory of 3028	2720	Unicorn-9711.exe	34
PID 2720 wrote to memory of 3028	2720	Unicorn-9711.exe	34
PID 2164 wrote to memory of 1568	2164	Unicorn-34662.exe	35
PID 2164 wrote to memory of 1568	2164	Unicorn-34662.exe	35
PID 2164 wrote to memory of 1568	2164	Unicorn-34662.exe	35
PID 2164 wrote to memory of 1568	2164	Unicorn-34662.exe	35
PID 2180 wrote to memory of 2836	2180	Unicorn-17880.exe	38
PID 2180 wrote to memory of 2836	2180	Unicorn-17880.exe	38
PID 2180 wrote to memory of 2836	2180	Unicorn-17880.exe	38
PID 2180 wrote to memory of 2836	2180	Unicorn-17880.exe	38
PID 2912 wrote to memory of 1880	2912	Unicorn-51299.exe	37
PID 2912 wrote to memory of 1880	2912	Unicorn-51299.exe	37
PID 2912 wrote to memory of 1880	2912	Unicorn-51299.exe	37
PID 2912 wrote to memory of 1880	2912	Unicorn-51299.exe	37
PID 2844 wrote to memory of 1780	2844	Unicorn-27048.exe	36
PID 2844 wrote to memory of 1780	2844	Unicorn-27048.exe	36
PID 2844 wrote to memory of 1780	2844	Unicorn-27048.exe	36
PID 2844 wrote to memory of 1780	2844	Unicorn-27048.exe	36
PID 1568 wrote to memory of 2264	1568	Unicorn-52534.exe	39
PID 1568 wrote to memory of 2264	1568	Unicorn-52534.exe	39
PID 1568 wrote to memory of 2264	1568	Unicorn-52534.exe	39
PID 1568 wrote to memory of 2264	1568	Unicorn-52534.exe	39
PID 2836 wrote to memory of 2496	2836	Unicorn-23391.exe	40
PID 2836 wrote to memory of 2496	2836	Unicorn-23391.exe	40
PID 2836 wrote to memory of 2496	2836	Unicorn-23391.exe	40
PID 2836 wrote to memory of 2496	2836	Unicorn-23391.exe	40
PID 3028 wrote to memory of 1328	3028	Unicorn-10946.exe	46
PID 3028 wrote to memory of 1328	3028	Unicorn-10946.exe	46
PID 3028 wrote to memory of 1328	3028	Unicorn-10946.exe	46
PID 3028 wrote to memory of 1328	3028	Unicorn-10946.exe	46
PID 2180 wrote to memory of 2284	2180	Unicorn-17880.exe	41
PID 2180 wrote to memory of 2284	2180	Unicorn-17880.exe	41
PID 2180 wrote to memory of 2284	2180	Unicorn-17880.exe	41
PID 2180 wrote to memory of 2284	2180	Unicorn-17880.exe	41
PID 2720 wrote to memory of 2972	2720	Unicorn-9711.exe	42
PID 2720 wrote to memory of 2972	2720	Unicorn-9711.exe	42
PID 2720 wrote to memory of 2972	2720	Unicorn-9711.exe	42
PID 2720 wrote to memory of 2972	2720	Unicorn-9711.exe	42

C:\Users\Admin\AppData\Local\Temp\804805d0920a10d5da0c9b5662055693.exe
"C:\Users\Admin\AppData\Local\Temp\804805d0920a10d5da0c9b5662055693.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62856.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32068.exe
        8⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26814.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        11⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2476.exe
        12⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        13⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56626.exe
        14⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46757.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35024.exe
        10⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15221.exe
        12⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27560.exe
        13⤵
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        14⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
        15⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63989.exe
        13⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15043.exe
        14⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14197.exe
        15⤵
        
        PID:4012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59519.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
        8⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        9⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        10⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53368.exe
        11⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
        13⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        14⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12375.exe
        15⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40482.exe
        16⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        8⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        9⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62470.exe
        10⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        11⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7660.exe
        12⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27804.exe
        13⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42589.exe
        14⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58183.exe
        15⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25908.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53121.exe
        8⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        9⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        10⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23348.exe
        12⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57767.exe
        13⤵
        
        PID:3140
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 380
        10⤵
        Program crash
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        8⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
        9⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        10⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
        11⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        12⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25180.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
        14⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30266.exe
        15⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52396.exe
        16⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        17⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        9⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55501.exe
        10⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59378.exe
        12⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3149.exe
        13⤵
        
        PID:4000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52586.exe
        6⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        7⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37940.exe
        8⤵
        
        PID:412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33690.exe
        10⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33647.exe
        13⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
        14⤵
        
        PID:1960
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 376
        14⤵
        Program crash
        
        PID:1964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 376
        13⤵
        Program crash
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 376
        12⤵
        Program crash
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51915.exe
        11⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        13⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        15⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48940.exe
        16⤵
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39906.exe
        17⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25226.exe
        14⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37789.exe
        15⤵
        
        PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
        9⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41448.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
        12⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64977.exe
        13⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        14⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19287.exe
        15⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62334.exe
        16⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37448.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31134.exe
        8⤵
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13409.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
        9⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        11⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        13⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38299.exe
        14⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8444.exe
        15⤵
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        16⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24903.exe
        17⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27037.exe
        15⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        16⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12699.exe
        14⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13849.exe
        15⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
        13⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58151.exe
        14⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27913.exe
        15⤵
        
        PID:3440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        7⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1455.exe
        8⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
        9⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62195.exe
        10⤵
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27157.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        12⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60303.exe
        7⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
        8⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16503.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        10⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        11⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        13⤵
        
        PID:3816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42711.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2948
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 188
        7⤵
        Program crash
        
        PID:1888
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58772.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26951.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
        9⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7096.exe
        10⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49891.exe
        11⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        12⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8241.exe
        13⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        14⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        15⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        16⤵
        
        PID:3476
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 376
        14⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
        13⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45818.exe
        14⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51075.exe
        15⤵
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        16⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2170.exe
        17⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
        18⤵
        
        PID:3368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
        19⤵
        
        PID:556
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 376
        19⤵
        Program crash
        
        PID:1264
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 376
        18⤵
        Program crash
        
        PID:3624
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 368
        17⤵
        Program crash
        
        PID:3540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 376
        16⤵
        Program crash
        Suspicious use of SetWindowsHookEx
        
        PID:2240
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 376
        15⤵
        Program crash
        
        PID:3832
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 376
        14⤵
        Program crash
        
        PID:3428
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 376
        13⤵
        Program crash
        
        PID:1984
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 380
        12⤵
        Program crash
        
        PID:2336
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 380
        11⤵
        Executes dropped EXE
        Program crash
        Suspicious use of SetWindowsHookEx
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59766.exe
        10⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        11⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
        12⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41350.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        14⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        15⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        16⤵
        
        PID:3788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48684.exe
        9⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55869.exe
        10⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        11⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        13⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        14⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1831.exe
        15⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63126.exe
        8⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        9⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55179.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        11⤵
        
        PID:1116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
        12⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        13⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
        14⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        15⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51499.exe
        16⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26656.exe
        14⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
        15⤵
        
        PID:1428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe
        6⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8855.exe
        7⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
        8⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        9⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45147.exe
        12⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19159.exe
        13⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
        14⤵
        
        PID:3528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2150.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
        6⤵
        Executes dropped EXE
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59613.exe
        7⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        10⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27090.exe
        11⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        12⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
        13⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        14⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60715.exe
        15⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        16⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27040.exe
        13⤵
        
        PID:296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4916.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22016.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36235.exe
        6⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21731.exe
        8⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40262.exe
        9⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50049.exe
        10⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        11⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
        13⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
        14⤵
        
        PID:3780
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
        11⤵
        Program crash
        
        PID:3032
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
        10⤵
        Executes dropped EXE
        Program crash
        Suspicious use of SetWindowsHookEx
        
        PID:804
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
        9⤵
        Program crash
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
        8⤵
        Program crash
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23245.exe
        7⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
        10⤵
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        11⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11028.exe
        12⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37583.exe
        13⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
        14⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        12⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
        13⤵
        
        PID:3452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37723.exe
        6⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        7⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        9⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        10⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47925.exe
        11⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56062.exe
        12⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8335.exe
        13⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30762.exe
        15⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        16⤵
        
        PID:676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
        14⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28734.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42371.exe
        13⤵
        
        PID:1332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32897.exe
        5⤵
        
        PID:2268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-412.exe
        6⤵
        Executes dropped EXE
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        7⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37556.exe
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        9⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
        11⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62097.exe
        12⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
        13⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
        9⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        10⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15886.exe
        11⤵
        
        PID:2916
- C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2844
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17880.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45560.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
        8⤵
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
        9⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52130.exe
        10⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22071.exe
        11⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34266.exe
        12⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        13⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        14⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        15⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        16⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
        9⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38599.exe
        10⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-659.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
        12⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7826.exe
        13⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12259.exe
        7⤵
        Executes dropped EXE
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
        8⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30898.exe
        9⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        11⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        12⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42895.exe
        13⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9340.exe
        14⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        10⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        11⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63462.exe
        12⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
        13⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
        6⤵
        Executes dropped EXE
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
        8⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49857.exe
        9⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18070.exe
        10⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        11⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
        12⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65247.exe
        13⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60338.exe
        14⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46829.exe
        9⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
        11⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
        12⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
        13⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24395.exe
        14⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49535.exe
        8⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        9⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59336.exe
        11⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        13⤵
        
        PID:3596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47184.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
        6⤵
        Executes dropped EXE
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37937.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31199.exe
        9⤵
        
        PID:640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29845.exe
        10⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55745.exe
        11⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54635.exe
        12⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45668.exe
        13⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33393.exe
        14⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        15⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        16⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35837.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32331.exe
        10⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56584.exe
        12⤵
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35656.exe
        13⤵
        
        PID:3156
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1403.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40677.exe
        7⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
        8⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24118.exe
        9⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        10⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32180.exe
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4541.exe
        12⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25097.exe
        13⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38012.exe
        14⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7425.exe
        15⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49979.exe
        9⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3591.exe
        10⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
        11⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5060.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
        14⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
        15⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12886.exe
        16⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        17⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe
        18⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
        19⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
        20⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22847.exe
        17⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
        8⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63570.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
        10⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40321.exe
        11⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
        13⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
        14⤵
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 380
        12⤵
        Program crash
        
        PID:620
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 376
        11⤵
        Program crash
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26514.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3863.exe
        8⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45968.exe
        9⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        10⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        11⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
        12⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55595.exe
        13⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64041.exe
        14⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41431.exe
        15⤵
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13891.exe
        16⤵
        
        PID:2548
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 376
        16⤵
        Program crash
        
        PID:1788
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 376
        15⤵
        Program crash
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
        14⤵
        
        PID:1104
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 376
        14⤵
        Program crash
        
        PID:1484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28595.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        7⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33363.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
        9⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
        10⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43851.exe
        11⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31091.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26675.exe
        13⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38317.exe
        14⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
        8⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54541.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
        10⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64012.exe
        11⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26322.exe
        12⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40624.exe
        13⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43565.exe
        13⤵
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11223.exe
        14⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46906.exe
        15⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25869.exe
        17⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55821.exe
        14⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20150.exe
        15⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2023.exe
        16⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30088.exe
        17⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24842.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
        13⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        14⤵
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30025.exe
        7⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5485.exe
        8⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe
        9⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
        10⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16919.exe
        11⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        12⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60891.exe
        13⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        14⤵
        
        PID:3296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43842.exe
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
        6⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        7⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 220
        8⤵
        Executes dropped EXE
        Program crash
        Suspicious use of SetWindowsHookEx
        
        PID:2400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
        6⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        7⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-851.exe
        8⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        9⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50836.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63322.exe
        11⤵
        
        PID:3156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41623.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39740.exe
        13⤵
        
        PID:2832
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    PID:1780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42628.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52571.exe
        6⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44569.exe
        7⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
        8⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1157.exe
        9⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16612.exe
        10⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
        11⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47790.exe
        12⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
        13⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47750.exe
        7⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
        6⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36453.exe
        7⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30239.exe
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
        9⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52320.exe
        10⤵
        Suspicious use of SetWindowsHookEx
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35232.exe
        11⤵
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18372.exe
        12⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
        13⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
        5⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
        6⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
        7⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52405.exe
        8⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
        9⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
        10⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        11⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19072.exe
        12⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
        13⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
        14⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
        10⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2543.exe
        11⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
        12⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11789.exe
        13⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54338.exe
        8⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1017.exe
        9⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55361.exe
        10⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62045.exe
        11⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
        12⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45761.exe
        13⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51485.exe
        14⤵
        
        PID:572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
        15⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54114.exe
        16⤵
        
        PID:1332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36403.exe
        17⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
        18⤵
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47031.exe
        19⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34248.exe
        15⤵
        
        PID:4008
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 220
        16⤵
        Program crash
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47738.exe
        11⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7383.exe
        12⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37820.exe
        13⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61320.exe
        7⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61484.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36181.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21272.exe
        10⤵
        
        PID:356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
        11⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
        12⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29565.exe
        13⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38780.exe
        14⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50410.exe
        10⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
        11⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
        12⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4920.exe
        13⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34983.exe
        14⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
        15⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42710.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        17⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
        18⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        15⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17836.exe
        16⤵
        
        PID:2080
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 376
        15⤵
        Program crash
        
        PID:940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 376
        14⤵
        Program crash
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18132.exe
        13⤵
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
        14⤵
        
        PID:3856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 368
        14⤵
        Program crash
        
        PID:4136
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 368
        13⤵
        Program crash
        
        PID:2024
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 376
        12⤵
        Program crash
        
        PID:3336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10417.exe
        6⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16835.exe
        7⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        8⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
        9⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28906.exe
        10⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51568.exe
        11⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49845.exe
        12⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29371.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25386.exe
        14⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13076.exe
        15⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        16⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3114.exe
        10⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
        11⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1405.exe
        12⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16310.exe
        13⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
        14⤵
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53505.exe
        6⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7122.exe
        7⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 220
        8⤵
        Program crash
        
        PID:1692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18071.exe
        5⤵
        
        PID:1768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
        6⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20836.exe
        7⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51785.exe
        8⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
        9⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14987.exe
        10⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe
        11⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25287.exe
        12⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1680.exe
        13⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        14⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27078.exe
        15⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        14⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50233.exe
        15⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47544.exe
        12⤵
        
        PID:2868

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe

Filesize
184KB

MD5
43961d448c0e45942d6de0d6d167a3b5

SHA1
d4d2d96c39ac7e30323830ba4882a6933ee6fadb

SHA256
672c16f9f9a70b816c76649764610e2392572e0b4c9087ef8209d0d68d97217f

SHA512
b78e85c8c4f8d8b15f4759f06545e692bd8696e41147139afbda04eb8dd969f580f0b9c0df6d16c62c2bf3cb82624b2c549b45c9ebc3a3df5208a40c6bbc40a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11693.exe

Filesize
184KB

MD5
bd522d6793d149420aa6baa194919c18

SHA1
bd05d42c11fb1a0c977e8b53550389bb88236c41

SHA256
396973da5acf0548bf095da67512e5b4b3e4e92edef54912cff235f2e53308f2

SHA512
feecb28e4e8fc70517792b744a9e1a372235ad4325ed54d5e3766873069829086ee198fa414a10d16307e69b4cbea27e5ff200f5562c19117734000f05c47faf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14904.exe

Filesize
184KB

MD5
072767ddae80c5d62bf695f709d04a37

SHA1
cad011c58a95325b28ca3f4c2c249c1d0992012c

SHA256
c5918af6365ab5accfc40b4f38f982b03623ad298b7f6d111f06332c0ecc0e7b

SHA512
759e8219cddb63b1705fd9f72253065d8a707c0424cc475f6f99a5333c7bc39c63e2da78447eeb2089920c32d126270002a49ae51ad347350a389bc597561cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17880.exe

Filesize
184KB

MD5
b1e7fff97706ddb2aa0bb05ebe2b5d05

SHA1
ef154ad68167322387920dcf1c03a673b5db3c77

SHA256
4639bd98966fcd6c652c799d0bebb4fc5ab33ad5411856bc341d77068b5cde7b

SHA512
b26f3660006f5bc65c85e711f4b821f298a05a0e31f261d02f8613098851b7f1ff810664575bab0165eb1f36e35e911603777cebfd0a3f2e90994cf543a7af52

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19115.exe

Filesize
184KB

MD5
2ef79463ebd6089f960db7ca44ac55bb

SHA1
c547e9edae01b239e1abe7812a0da9127f55319c

SHA256
8e4658af79b81f3e11f0458daa32a927a042325092a477d81adec6f18959d1b0

SHA512
f6f184df853743281b0de506b0023fd66738a6a310406c7239bb7eef8ea61e2a3d1efe1e0e3ba771c94339e84016a1d09c1992e02b8a880bc4d6ca64fbff27ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27048.exe

Filesize
184KB

MD5
acf92d2ec25d108e8077fee62105fdaa

SHA1
eba3a3d203039be7d964f48adfeb6c477fadbda5

SHA256
8fd34a068bcd5aeb0a69f5a1637b4c3f49a2caa93b77e0a7e81f9402e77cddb7

SHA512
8ca3f1a3f14952d591390b59515d0c05b3033b217f7b5d4709e2bcc1eb0ae0e6076111ba4473c4eb4539e66326a6358d5147ac9aecf661f0db56008f49dba838

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34662.exe

Filesize
184KB

MD5
774283d4ccf9520da5573baa3728646c

SHA1
735316e313bd6c3b48da8f4d12f74f6f2d77812b

SHA256
bdb7336434105e659c99db58fe1e91d8cd20d03c21c44ae215422bd517ebec50

SHA512
9a959d7bde00ce4cae67531b93eb5c386b3f189fd1db6c584f3f52b59279550114230fc15909338f4b19100222d22f0dbb5d825d2d325ceb90d5c2a5d8bee9b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39949.exe

Filesize
184KB

MD5
7e3ae4ce51eb517209dd79ea17c014ed

SHA1
50075bb15d312c7fcad70ccb33140c9e63305076

SHA256
d3a96dbf2e3e0434839887963077d8ccd8fa5fed9d33b77718166f5dbb80156a

SHA512
3c6d8bf6ee433099b5a6b803a5a7d15d2f391059f9b333009060dd533a7d236492c78f4e7fb1932f53f1d04380057996e62990766c3140660a1a4287b9dc8f4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe

Filesize
49KB

MD5
5fc49fe57ec993407104e80dc7a42d52

SHA1
8a3ded04db4910a8e065c93b375e90912fb9f6d1

SHA256
5c943f56f1701f23c59f1bcc39c241417eeb24bfd6461b99008db4760709e9de

SHA512
3ee9b0059ba47c5723074f5d77eb5e091a24bd4fc23ebeb4d636c07d0c094885a2db68b34c154911d89c7c69e5cb99b240c91874b576781135016d108cddb801

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe

Filesize
6KB

MD5
cd3ec88e5b5d5c495f9e13144f1c5b03

SHA1
e86b5a484ed49d5bad88b0375b8e051bfd9a5f5f

SHA256
fbc66a371d43e0efb8d62d1bfd5ed41dd37b3da274fbf490d1eeec7b3f2b73ff

SHA512
d0656d03312fdc2bba11ced6f2f25348cf2cdaf6642fc3b774a07199b9ac3351031c21411d6ed3edded4c1bfa56d41828618eda60756559a529863087ae97206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe

Filesize
184KB

MD5
37c0d8e9655680fea4b83c1ea33ceb92

SHA1
e0c80eeb805f7db05b5f03ff36e5430022ceff95

SHA256
64d6c47ae6c035936fd2e11fd3508599f40fd575121eff5a171cec960d697c15

SHA512
8f9a6fae61d76dce7c7d8d807c86741e5a8181e92120dfc41ee5ab5a31931e3fc887b170e69a8e6fbc10ede51ec9652a3aacb921aaf826c451f7d3afabc336f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe

Filesize
184KB

MD5
3f821ff442f74fab5c4a57e2815a6544

SHA1
3c7dc2d4aff8706f8289de63a4e6228e66e6c9a7

SHA256
497f73bfc35742321dff3f9a9691dc5bf95a38f4549ac4186bd08d7b28bbf0ce

SHA512
666af73bcc177c96d03643acde6fd1e251f77e99163c139a9a91c6757eaa9fa45c2096ba43f6ec8775946457bd99807452720f240aa8b81f6a25748f25b9a961

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe

Filesize
162KB

MD5
d28fcaa9d8d6fe6d6a2cadf9373e54a5

SHA1
93915bf92450bf6fc69185e079c6f81d53a42122

SHA256
1a8599051dc8f374466ea9e3dfc906ee798132a74cffaf89b52f8dd8f8d3c9d9

SHA512
0fa7194f136aff1d6b9cc26f0399650057fde010ead03d0fc3f30b893dc127a36a05e73353a34121299ddec22f0a6cd8420bbe2f02727f8df6973c3a3af1d412

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe

Filesize
1KB

MD5
59af9def5e4bdfc2a245067277a7f650

SHA1
2cdcd98226e37882886c48d68d56ae14cf9e790e

SHA256
acb47a405124400f65cc440c0576245548836f131621d4e946467cb8c03a4da0

SHA512
51034ae4909829704ceca126531e603642498f12c04fe7cbc447d8973297c0057f1700e71f7d0612fb1116b0c6b305d508f6f8ba41c5718d169fb378706a0241

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58966.exe

Filesize
184KB

MD5
99363095f768711cd5d87f33b241de9d

SHA1
299e90dd825c7016eda5b6e9116cf8fba18fdb3d

SHA256
2a13bf9c37a35698b2159da6d630babb40806db5c4c3464125c7ff6b1c63db01

SHA512
d1e7727b13c9f48115b335d068bd4110115b76b0d0e0c612c4fb70fb5f53306e9674662a036d119fcf11facf60eaeeb4485f553ae6e5e32ce2c2f65c51f7c5f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5927.exe

Filesize
184KB

MD5
6d0e246c99086ea85c4d4d1589205f4c

SHA1
4bdc86e081fdc71e54b91f50c4a10bf23d74b706

SHA256
77d8a3b14539be6d77cc374fc61dd6be8d8655e6e00248793f7977c5bc754fa5

SHA512
2a533ede6750ba3968b20452e81b0db91c8f0575081baa9bbf25a020ec973987ee1842148215dd38cf5964a89cd2006566f87103558cfc612c458d41024ab62d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23391.exe

Filesize
184KB

MD5
39e6a55d699f8600fd5ff63a01e0c77a

SHA1
4cf706de30f6cb1ea1ea0e3a8955a4aac4f92aa1

SHA256
f1d4678c5092966a32244e4df5420b71f074bad13a4f23b8f5788d4f858086cf

SHA512
d0032e7f77513b44ee5ae56ca054de88ed978fa27e21e3584d06cdc6d57d0372551a75474562e9369f76cb360b07f605915a2457d0e00f4f859ef31b10d4beb2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe

Filesize
184KB

MD5
ee3e72c163e45147b32646629b010aa5

SHA1
d48d2b8a9353a6a1afa8891e110cba731da7ac58

SHA256
1e5e56512fdc2c88dc4716cceaa62ed7c77f54416bcd24035442fea1a5c6f18a

SHA512
a990752fa3f7c1a32f4d143b01e4bc2eb45df1325638f3869b33e0e24b440aeb468b25a4646b5404fa51e3f82f2f0b0a7be8202813976b4b83bbb510df8a3259

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37034.exe

Filesize
184KB

MD5
af1cbbbead01dc2edd2af774aaabde36

SHA1
21948ccd538b7d4df4b64a763e902e6a6676b9d1

SHA256
54e5799a17585684bbe4238bd1529ccf4b6b12615c95054b0b8b50703ccfb2da

SHA512
59f1e96903b7d9be307152653257912aa1c9722444bff4ae90354eb91082942d44c16d79702fb7c47f2bef28dbac93144538c31748d211f755a6ce954fa7a443

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe

Filesize
184KB

MD5
860db1b0372bd8e80a8dabe06b4d9f10

SHA1
1928452151c1603157ce11d339cdaf513c7eb056

SHA256
c4f2ccbd68db5afc7bc557d9b676e4c979d530151fce5f46143efc737d2b8a51

SHA512
f7991a518647658a3f1a1f5aae5f6eb9bafb51a475fe82a35b5b20867a766b45980b3bf669e349b723c820764fbf02d9182acb3d510da59093cb1c4615fa054c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe

Filesize
45KB

MD5
8643dd8a8c6222947951cd0384b1857d

SHA1
894311a7b9087b039b3cfc5c28f947470e69fa36

SHA256
7817eb77db3db1ae4a718d2d2585e4c0ddb5d2708314b0fd56aee7eddf285365

SHA512
8ff997e534faf4a0a82ac5b19f1087c119cdba80e671874509b3c8d768e93f61ca2309223c6c4c4a05cbcd62aaeec34de782ffbbcedf47dd1f7fd25048fe4b42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50033.exe

Filesize
35KB

MD5
a64b7481c53b1b7272aacf608a632372

SHA1
2dba50f72983df91b718d4a0e5423f469aa0b77b

SHA256
146e6ea287207f0ef891e616611f58eb21d709adf2ee5d345d69075f3076d61c

SHA512
73a91c924ffa2300b7f5048348237999702cf55ffac0e057a6bca7a817b5f18598f79b8d0d9c27834ab2dde478865c65a7be3ac947d1229072dff8ae25d7985f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe

Filesize
184KB

MD5
7e4dbc6bf1add747af79beb42a1af265

SHA1
96df0b08bd66e0b2647bba28a11d6814ca40a5ac

SHA256
dfa60c3262475f034682fb41f3764905eec889844eac6c7d6da57eedcba6996c

SHA512
77779263d8203812623144d0e4e65005ff497ac249f5622918cddf4f2cff7d5f097fe3790915805eab972e2bef9529ca93f5d62f2ae09e35ca782cded4fa9de7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53370.exe

Filesize
175KB

MD5
98c808a5f48e669a31f371d6b03f1c38

SHA1
e64977006e6a947ad087a112dfb4f5523a4f8691

SHA256
47e0e448f15c15bc562d99aa41de2280e06b7614b5a0cac09712940e294b05d9

SHA512
cc84736e55a2a374273b32a634e52df24d8b4a40b30ac21cae5160ae7ceb565b1883077726a0bb47cdaa4b11be3c6280f396b4dacba12e62dcda8bd2b32e426b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe

Filesize
11KB

MD5
8773a1ea9d51ba8301feb2c033ef213a

SHA1
d2ea311fc8d1c8552a20d67ddd5d5e73e98844c8

SHA256
71905aa2ab96ed67a0d306113cf89dceb46b29c3175d7f1a27a7e5b28d1b4281

SHA512
d78cd1d57edcac6f5cf2f24243702c1d7de9dc5ad43728382a81bb1cf49da24f9cd2b99ede483667b806b4f29d834ebb4fb672c7b922c61759356ea4b3a2e654

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe

Filesize
9KB

MD5
541add8c6d02035c2ec76c0f4ac395f6

SHA1
f4b7a552499de382ff7920467e2af7c70e316ea6

SHA256
bee20bb31d72158387d2a6efcd659e674f2aa7c2bd6cd3ab0c4e2fbd4726441b

SHA512
7499a705db05220828c2a483587dc9882e9d72ea2fd62e7c97265ad4f1104bbd74556ef7e8529b8e0e001c0f5898c1599424596471cf3aaf97f0e7dc36a14e33

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe

Filesize
184KB

MD5
291e61b3d52c80c6c5b1b47e62fd924e

SHA1
17278f7b2ccb9eb504d41269617b09cd6dabdbb4

SHA256
11342c1f192a770a6fd547a447e9339c06f61cd2bb3011fc983f92c8770a9518

SHA512
096964cc9e5d1543d4504fb41d0f630fb86bc90d87d35d34460165a69e16fea60af0fb8bd16654020659fa555d2b6177319bb00c643ee6b4b7839b01f795a430

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9711.exe

Filesize
184KB

MD5
40eb759bdd66cb11d813c330b6a68134

SHA1
ab32a42af9c35597ad1e94e9f55dc2efff4cecf4

SHA256
d0fe2d8cd70e97ecfa4a4260d481f643b70a944efe5fbdd527c097d3edee9160

SHA512
c7aba4a8aaa064826ee969cf40546419b8fb217cff405fa930df36eb98be18a06dc808c05658f65ca0d91945afafadb50c61c4c7c9ce9af268c19c0202f5c416

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads