40b4ff4be1046ab7ceddec16ed63869c0540e82d5dba1f13ac7321cb8e8426a0

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
27/02/2024, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa500fde3e44cf3f68e3304b8a8fa4c3.exe
Size

184KB
MD5

aa500fde3e44cf3f68e3304b8a8fa4c3
SHA1

17db6a72135d3852de5af7b84f6c5ae24936569e
SHA256

40b4ff4be1046ab7ceddec16ed63869c0540e82d5dba1f13ac7321cb8e8426a0
SHA512

bcbc9a27083d951ba9b15448f80e180a271acd169ea813760d5b9ee7e84bffcf227bea8fc4e5454c6bcfaacd00ea187730e53ba3d9f99d4b8ba0fcd1210db414
SSDEEP

3072:SvEGoAZU50AUk1OHpdsjL088bP+prvQuTUpax7QtCaBlPvwFF:Sv1odFj1udWL08YMTGBlPvwF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2824	Unicorn-28681.exe
1404	Unicorn-50964.exe
2740	Unicorn-36019.exe
2568	Unicorn-11405.exe
2472	Unicorn-33964.exe
2572	Unicorn-10014.exe
2856	Unicorn-52521.exe
2372	Unicorn-24487.exe
2332	Unicorn-36185.exe
1928	Unicorn-12043.exe
2040	Unicorn-31909.exe
2200	Unicorn-6610.exe
1952	Unicorn-17471.exe
448	Unicorn-55619.exe
1708	Unicorn-39283.exe
1680	Unicorn-964.exe
2384	Unicorn-23523.exe
2680	Unicorn-3657.exe
2800	Unicorn-34383.exe
1152	Unicorn-43450.exe
3040	Unicorn-19500.exe
2976	Unicorn-35282.exe
1532	Unicorn-27114.exe
1368	Unicorn-30382.exe
1808	Unicorn-42080.exe
1936	Unicorn-44773.exe
1384	Unicorn-48110.exe
636	Unicorn-46719.exe
788	Unicorn-31774.exe
3060	Unicorn-35858.exe
2188	Unicorn-45972.exe
2324	Unicorn-17938.exe
2120	Unicorn-36434.exe
2652	Unicorn-35042.exe
2644	Unicorn-30944.exe
2656	Unicorn-14607.exe
2928	Unicorn-41058.exe
2524	Unicorn-4856.exe
2936	Unicorn-25791.exe
2824	Unicorn-46766.exe
2032	Unicorn-11955.exe
1204	Unicorn-15292.exe
1252	Unicorn-52796.exe
2196	Unicorn-7124.exe
2340	Unicorn-7124.exe
1828	Unicorn-59594.exe
1976	Unicorn-44649.exe
2248	Unicorn-16615.exe
2740	Unicorn-59039.exe
1068	Unicorn-36481.exe
2036	Unicorn-61540.exe
2968	Unicorn-53585.exe
2808	Unicorn-4939.exe
2716	Unicorn-2801.exe
2708	Unicorn-22667.exe
2604	Unicorn-33527.exe
1696	Unicorn-2246.exe
1812	Unicorn-9023.exe
928	Unicorn-24613.exe
616	Unicorn-15074.exe
872	Unicorn-44410.exe
1948	Unicorn-25189.exe
896	Unicorn-684.exe
2260	Unicorn-41525.exe

Loads dropped DLL 64 IoCs

pid	Process
2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe
2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe
2824	Unicorn-28681.exe
2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe
2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe
2824	Unicorn-28681.exe
1404	Unicorn-50964.exe
1404	Unicorn-50964.exe
2740	Unicorn-36019.exe
2740	Unicorn-36019.exe
2824	Unicorn-28681.exe
2824	Unicorn-28681.exe
2568	Unicorn-11405.exe
2568	Unicorn-11405.exe
1404	Unicorn-50964.exe
1404	Unicorn-50964.exe
2472	Unicorn-33964.exe
2472	Unicorn-33964.exe
2740	Unicorn-36019.exe
2740	Unicorn-36019.exe
2572	Unicorn-10014.exe
2572	Unicorn-10014.exe
2856	Unicorn-52521.exe
2856	Unicorn-52521.exe
2568	Unicorn-11405.exe
2568	Unicorn-11405.exe
2372	Unicorn-24487.exe
2372	Unicorn-24487.exe
1928	Unicorn-12043.exe
1928	Unicorn-12043.exe
2040	Unicorn-31909.exe
2040	Unicorn-31909.exe
2572	Unicorn-10014.exe
2332	Unicorn-36185.exe
2572	Unicorn-10014.exe
2332	Unicorn-36185.exe
2472	Unicorn-33964.exe
2472	Unicorn-33964.exe
2200	Unicorn-6610.exe
2200	Unicorn-6610.exe
2856	Unicorn-52521.exe
2856	Unicorn-52521.exe
1952	Unicorn-17471.exe
1952	Unicorn-17471.exe
448	Unicorn-55619.exe
448	Unicorn-55619.exe
2372	Unicorn-24487.exe
2372	Unicorn-24487.exe
1708	Unicorn-39283.exe
1708	Unicorn-39283.exe
1928	Unicorn-12043.exe
1928	Unicorn-12043.exe
1680	Unicorn-964.exe
1680	Unicorn-964.exe
2040	Unicorn-31909.exe
2040	Unicorn-31909.exe
2680	Unicorn-3657.exe
2680	Unicorn-3657.exe
2800	Unicorn-34383.exe
2800	Unicorn-34383.exe
2384	Unicorn-23523.exe
2384	Unicorn-23523.exe
2332	Unicorn-36185.exe
2332	Unicorn-36185.exe

Program crash 8 IoCs

pid	pid_target	Process	procid_target
2312	2644	WerFault.exe	62
2892	2340	WerFault.exe	73
2888	2196	WerFault.exe	72
3056	2160	WerFault.exe	142
2288	1932	WerFault.exe	201
1692	404	WerFault.exe	263
916	1368	WerFault.exe	318
1836	1856	WerFault.exe	502

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe
2824	Unicorn-28681.exe
1404	Unicorn-50964.exe
2740	Unicorn-36019.exe
2568	Unicorn-11405.exe
2472	Unicorn-33964.exe
2572	Unicorn-10014.exe
2856	Unicorn-52521.exe
2372	Unicorn-24487.exe
1928	Unicorn-12043.exe
2332	Unicorn-36185.exe
2040	Unicorn-31909.exe
2200	Unicorn-6610.exe
1952	Unicorn-17471.exe
448	Unicorn-55619.exe
1708	Unicorn-39283.exe
1680	Unicorn-964.exe
2680	Unicorn-3657.exe
2800	Unicorn-34383.exe
2384	Unicorn-23523.exe
1152	Unicorn-43450.exe
3040	Unicorn-19500.exe
2976	Unicorn-35282.exe
1532	Unicorn-27114.exe
1368	Unicorn-30382.exe
1808	Unicorn-42080.exe
1936	Unicorn-44773.exe
1384	Unicorn-48110.exe
788	Unicorn-31774.exe
636	Unicorn-46719.exe
3060	Unicorn-35858.exe
2188	Unicorn-45972.exe
2120	Unicorn-36434.exe
2652	Unicorn-35042.exe
2644	Unicorn-30944.exe
2656	Unicorn-14607.exe
2928	Unicorn-41058.exe
2524	Unicorn-4856.exe
2936	Unicorn-25791.exe
2032	Unicorn-11955.exe
2824	Unicorn-46766.exe
1036	Unicorn-58463.exe
1204	Unicorn-15292.exe
1252	Unicorn-52796.exe
2340	Unicorn-7124.exe
2196	Unicorn-7124.exe
1068	Unicorn-36481.exe
1976	Unicorn-44649.exe
1828	Unicorn-59594.exe
2740	Unicorn-59039.exe
2248	Unicorn-16615.exe
2036	Unicorn-61540.exe
2968	Unicorn-53585.exe
2808	Unicorn-4939.exe
2716	Unicorn-2801.exe
2708	Unicorn-22667.exe
2604	Unicorn-33527.exe
1696	Unicorn-2246.exe
1812	Unicorn-9023.exe
928	Unicorn-24613.exe
616	Unicorn-15074.exe
872	Unicorn-44410.exe
1948	Unicorn-25189.exe
1604	Unicorn-42271.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2824	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	28
PID 2732 wrote to memory of 2824	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	28
PID 2732 wrote to memory of 2824	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	28
PID 2732 wrote to memory of 2824	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	28
PID 2732 wrote to memory of 1404	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	30
PID 2732 wrote to memory of 1404	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	30
PID 2732 wrote to memory of 1404	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	30
PID 2732 wrote to memory of 1404	2732	aa500fde3e44cf3f68e3304b8a8fa4c3.exe	30
PID 2824 wrote to memory of 2740	2824	Unicorn-28681.exe	29
PID 2824 wrote to memory of 2740	2824	Unicorn-28681.exe	29
PID 2824 wrote to memory of 2740	2824	Unicorn-28681.exe	29
PID 2824 wrote to memory of 2740	2824	Unicorn-28681.exe	29
PID 1404 wrote to memory of 2568	1404	Unicorn-50964.exe	31
PID 1404 wrote to memory of 2568	1404	Unicorn-50964.exe	31
PID 1404 wrote to memory of 2568	1404	Unicorn-50964.exe	31
PID 1404 wrote to memory of 2568	1404	Unicorn-50964.exe	31
PID 2740 wrote to memory of 2472	2740	Unicorn-36019.exe	32
PID 2740 wrote to memory of 2472	2740	Unicorn-36019.exe	32
PID 2740 wrote to memory of 2472	2740	Unicorn-36019.exe	32
PID 2740 wrote to memory of 2472	2740	Unicorn-36019.exe	32
PID 2824 wrote to memory of 2572	2824	Unicorn-28681.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-28681.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-28681.exe	33
PID 2824 wrote to memory of 2572	2824	Unicorn-28681.exe	33
PID 2568 wrote to memory of 2856	2568	Unicorn-11405.exe	34
PID 2568 wrote to memory of 2856	2568	Unicorn-11405.exe	34
PID 2568 wrote to memory of 2856	2568	Unicorn-11405.exe	34
PID 2568 wrote to memory of 2856	2568	Unicorn-11405.exe	34
PID 1404 wrote to memory of 2372	1404	Unicorn-50964.exe	35
PID 1404 wrote to memory of 2372	1404	Unicorn-50964.exe	35
PID 1404 wrote to memory of 2372	1404	Unicorn-50964.exe	35
PID 1404 wrote to memory of 2372	1404	Unicorn-50964.exe	35
PID 2472 wrote to memory of 2332	2472	Unicorn-33964.exe	36
PID 2472 wrote to memory of 2332	2472	Unicorn-33964.exe	36
PID 2472 wrote to memory of 2332	2472	Unicorn-33964.exe	36
PID 2472 wrote to memory of 2332	2472	Unicorn-33964.exe	36
PID 2740 wrote to memory of 1928	2740	Unicorn-36019.exe	37
PID 2740 wrote to memory of 1928	2740	Unicorn-36019.exe	37
PID 2740 wrote to memory of 1928	2740	Unicorn-36019.exe	37
PID 2740 wrote to memory of 1928	2740	Unicorn-36019.exe	37
PID 2572 wrote to memory of 2040	2572	Unicorn-10014.exe	38
PID 2572 wrote to memory of 2040	2572	Unicorn-10014.exe	38
PID 2572 wrote to memory of 2040	2572	Unicorn-10014.exe	38
PID 2572 wrote to memory of 2040	2572	Unicorn-10014.exe	38
PID 2856 wrote to memory of 2200	2856	Unicorn-52521.exe	39
PID 2856 wrote to memory of 2200	2856	Unicorn-52521.exe	39
PID 2856 wrote to memory of 2200	2856	Unicorn-52521.exe	39
PID 2856 wrote to memory of 2200	2856	Unicorn-52521.exe	39
PID 2568 wrote to memory of 1952	2568	Unicorn-11405.exe	40
PID 2568 wrote to memory of 1952	2568	Unicorn-11405.exe	40
PID 2568 wrote to memory of 1952	2568	Unicorn-11405.exe	40
PID 2568 wrote to memory of 1952	2568	Unicorn-11405.exe	40
PID 2372 wrote to memory of 448	2372	Unicorn-24487.exe	41
PID 2372 wrote to memory of 448	2372	Unicorn-24487.exe	41
PID 2372 wrote to memory of 448	2372	Unicorn-24487.exe	41
PID 2372 wrote to memory of 448	2372	Unicorn-24487.exe	41
PID 1928 wrote to memory of 1708	1928	Unicorn-12043.exe	42
PID 1928 wrote to memory of 1708	1928	Unicorn-12043.exe	42
PID 1928 wrote to memory of 1708	1928	Unicorn-12043.exe	42
PID 1928 wrote to memory of 1708	1928	Unicorn-12043.exe	42
PID 2040 wrote to memory of 1680	2040	Unicorn-31909.exe	43
PID 2040 wrote to memory of 1680	2040	Unicorn-31909.exe	43
PID 2040 wrote to memory of 1680	2040	Unicorn-31909.exe	43
PID 2040 wrote to memory of 1680	2040	Unicorn-31909.exe	43

C:\Users\Admin\AppData\Local\Temp\aa500fde3e44cf3f68e3304b8a8fa4c3.exe
"C:\Users\Admin\AppData\Local\Temp\aa500fde3e44cf3f68e3304b8a8fa4c3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45972.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15292.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1317.exe
        10⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
        11⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
        12⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        13⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        14⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        15⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe
        16⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        17⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45638.exe
        18⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51601.exe
        19⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
        20⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
        21⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30092.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        13⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        14⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
        15⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe
        16⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        17⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        8⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42459.exe
        9⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
        11⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        12⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63118.exe
        13⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31640.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32574.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63277.exe
        16⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38446.exe
        17⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52796.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5894.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
        11⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        12⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        13⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        14⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35872.exe
        15⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31269.exe
        16⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        17⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        18⤵
        
        PID:2408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
        6⤵
        Executes dropped EXE
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58463.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35962.exe
        9⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11815.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
        11⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11364.exe
        12⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33762.exe
        13⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41951.exe
        14⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14104.exe
        15⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
        17⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        18⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
        19⤵
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42909.exe
        20⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37476.exe
        8⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52848.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
        10⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
        11⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
        12⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50311.exe
        13⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        14⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25750.exe
        15⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        16⤵
        
        PID:900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
        17⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23527.exe
        18⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
        19⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62770.exe
        9⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40730.exe
        11⤵
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        12⤵
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24515.exe
        13⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        14⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
        15⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
        7⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        8⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34665.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5002.exe
        12⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        13⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47190.exe
        14⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        15⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22821.exe
        16⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40823.exe
        17⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17061.exe
        18⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34383.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2800
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31774.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2340
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
        8⤵
        Program crash
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59594.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        7⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
        8⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        9⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
        10⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
        11⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe
        13⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63666.exe
        14⤵
        
        PID:2484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
        8⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        9⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-710.exe
        10⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
        11⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8811.exe
        12⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
        14⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41757.exe
        15⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        7⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        8⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        9⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
        10⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49958.exe
        11⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        12⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        13⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
        14⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        15⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4294.exe
        16⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
        17⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
        18⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42890.exe
        11⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18241.exe
        12⤵
        
        PID:284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44940.exe
        13⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6486.exe
        14⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        15⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25042.exe
        16⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        13⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        14⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
        15⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37683.exe
        16⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        17⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        15⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        16⤵
        
        PID:1552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11955.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        7⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        8⤵
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2708.exe
        9⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
        10⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
        11⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62833.exe
        14⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27949.exe
        15⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        16⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
        9⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        10⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        11⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62646.exe
        12⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11878.exe
        13⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
        14⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63770.exe
        16⤵
        
        PID:1856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 188
        17⤵
        Program crash
        
        PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2196
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
        7⤵
        Program crash
        
        PID:2888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        6⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
        7⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61395.exe
        8⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
        9⤵
        
        PID:404
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 220
        10⤵
        Program crash
        
        PID:1692
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17680.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
        10⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26502.exe
        11⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42174.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21344.exe
        13⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        14⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        16⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
        17⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
        18⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8430.exe
        19⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        20⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
        21⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7797.exe
        22⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
        20⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64216.exe
        18⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
        16⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
        17⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45334.exe
        12⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-809.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18677.exe
        14⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        15⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56484.exe
        16⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        17⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52063.exe
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
        8⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39766.exe
        9⤵
        
        PID:792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57887.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40036.exe
        11⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe
        12⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
        13⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        14⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19370.exe
        15⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        16⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        17⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31472.exe
        7⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
        8⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4524.exe
        9⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54540.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
        11⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61883.exe
        12⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25506.exe
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52999.exe
        14⤵
        
        PID:384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28599.exe
        15⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21858.exe
        16⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7003.exe
        17⤵
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
        18⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33506.exe
        19⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39017.exe
        20⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61722.exe
        13⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29533.exe
        15⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20304.exe
        16⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9094.exe
        17⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64880.exe
        16⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        17⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        18⤵
        
        PID:312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47875.exe
        17⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
        18⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62760.exe
        14⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        15⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39541.exe
        16⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9978.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        10⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
        11⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63912.exe
        12⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
        13⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
        14⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26246.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
        17⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57460.exe
        18⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39785.exe
        19⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58892.exe
        17⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27201.exe
        18⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        19⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7025.exe
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20197.exe
        9⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35812.exe
        12⤵
        
        PID:560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16051.exe
        13⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
        15⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29863.exe
        16⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
        16⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
        17⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53905.exe
        18⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38971.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
        13⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19557.exe
        14⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44860.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30901.exe
        16⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28410.exe
        17⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21149.exe
        15⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16615.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41525.exe
        7⤵
        Executes dropped EXE
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38951.exe
        8⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46128.exe
        10⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
        11⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33482.exe
        12⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
        13⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        14⤵
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
        16⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59039.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
        8⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51245.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        13⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
        14⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
        15⤵
        
        PID:2560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        6⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
        7⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        8⤵
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43605.exe
        9⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        10⤵
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe
        12⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32368.exe
        13⤵
        
        PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35858.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41560.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20368.exe
        8⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3647.exe
        9⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
        10⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        11⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38469.exe
        12⤵
        
        PID:1244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        13⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31204.exe
        14⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32281.exe
        15⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14932.exe
        16⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56657.exe
        8⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
        9⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
        10⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40472.exe
        11⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
        12⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65420.exe
        13⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10480.exe
        14⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1985.exe
        15⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44493.exe
        6⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63647.exe
        7⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        8⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43736.exe
        9⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
        10⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        11⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
        12⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        13⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8809.exe
        14⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
        9⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42553.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
        11⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        14⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35265.exe
        15⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6780.exe
        14⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35919.exe
        15⤵
        
        PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26642.exe
        6⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55526.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22610.exe
        8⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44883.exe
        10⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        11⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57078.exe
        12⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7117.exe
        13⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27284.exe
        14⤵
        
        PID:1444
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43450.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36434.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53585.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
        9⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14877.exe
        10⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        11⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49335.exe
        12⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41380.exe
        13⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56896.exe
        14⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53383.exe
        15⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        16⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
        17⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61819.exe
        18⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54986.exe
        10⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-243.exe
        11⤵
        
        PID:1932
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
        12⤵
        Program crash
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36132.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52018.exe
        9⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4939.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61509.exe
        8⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        9⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
        10⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65199.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7140.exe
        12⤵
        
        PID:1368
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 244
        13⤵
        Program crash
        
        PID:916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22667.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
        8⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16440.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe
        10⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50918.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27732.exe
        12⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        13⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5931.exe
        14⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        15⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37107.exe
        16⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16132.exe
        17⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45275.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34087.exe
        17⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
        18⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7352.exe
        7⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        8⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13673.exe
        9⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16034.exe
        11⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48448.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26845.exe
        13⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22686.exe
        14⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3028.exe
        15⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
        16⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
        17⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43079.exe
        16⤵
        
        PID:1508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19500.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30944.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2644
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
        7⤵
        Program crash
        
        PID:2312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33527.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
        7⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41712.exe
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45827.exe
        9⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
        10⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22133.exe
        11⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11416.exe
        12⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        13⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50472.exe
        14⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2265.exe
        15⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33039.exe
        16⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
        11⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
        12⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22460.exe
        13⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20299.exe
        14⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28332.exe
        15⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47128.exe
        16⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
        17⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55249.exe
        16⤵
        
        PID:1820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35282.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14607.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2246.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        8⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57939.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8795.exe
        10⤵
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11099.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57628.exe
        12⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28110.exe
        13⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40358.exe
        14⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
        15⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
        16⤵
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31494.exe
        7⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10409.exe
        8⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
        9⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33300.exe
        10⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        11⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10840.exe
        12⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28088.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        16⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44476.exe
        17⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
        18⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        19⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19151.exe
        18⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63538.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64109.exe
        9⤵
        
        PID:360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
        10⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
        11⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        12⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55952.exe
        13⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        14⤵
        
        PID:336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41954.exe
        15⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
        16⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4856.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
        7⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56294.exe
        8⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35438.exe
        9⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49823.exe
        10⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1577.exe
        11⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32683.exe
        12⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47431.exe
        13⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5290.exe
        14⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        15⤵
        
        PID:692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11628.exe
        6⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45775.exe
        7⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15453.exe
        8⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33575.exe
        9⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21427.exe
        10⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
        11⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19341.exe
        12⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55132.exe
        13⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43743.exe
        14⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12986.exe
        15⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44196.exe
        16⤵
        
        PID:1584
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27114.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54602.exe
        7⤵
        
        PID:2160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
        8⤵
        Program crash
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26506.exe
        7⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44229.exe
        8⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5853.exe
        10⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        11⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30247.exe
        12⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
        13⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
        14⤵
        
        PID:2852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46766.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-684.exe
        6⤵
        Executes dropped EXE
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
        7⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25516.exe
        8⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33103.exe
        9⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
        10⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47016.exe
        11⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51240.exe
        12⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        13⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
        14⤵
        
        PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41058.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15074.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3948.exe
        7⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45879.exe
        8⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10165.exe
        9⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63253.exe
        10⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
        12⤵
        
        PID:624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58365.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58230.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22826.exe
        15⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32416.exe
        16⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        8⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3388.exe
        9⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22989.exe
        10⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15256.exe
        12⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43072.exe
        13⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44410.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:872
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31577.exe
        6⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
        7⤵
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62215.exe
        8⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
        7⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63834.exe
        8⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17478.exe
        9⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4514.exe
        10⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17722.exe
        11⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        12⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15857.exe
        13⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52639.exe
        14⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42017.exe
        9⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        11⤵
        
        PID:804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28791.exe
        12⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4595.exe
        13⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41382.exe
        14⤵
        
        PID:804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
        6⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1613.exe
        7⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
        8⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        9⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61520.exe
        10⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65168.exe
        11⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60778.exe
        12⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27756.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
        14⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
        13⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
        14⤵
        
        PID:2440

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17471.exe

Filesize
184KB

MD5
d09dd0808ea62e4c9ba2e2f0388e138d

SHA1
a36f2cc90f084feb8afa8afff60e48bd1fb6256b

SHA256
36c2a3129ced74adfddf4e9908e4181ea296280d662ccf6f42ad1743b54c2e5b

SHA512
8baf2a3de354a9f2edffab83168eb9bcdd47cd56665db96dc0d4f10e54026459d1e7669a28717fe6d2f81841b827356aacc48f96ce812029bdecf5f77a491489

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23523.exe

Filesize
184KB

MD5
1feafb9e4f0dc99d42f0f11e75b01c68

SHA1
d4f392ddc3ef7d819d6cf3f6bab21bb2c191796a

SHA256
97c02ed53502d2e5e6acd511a9e26a9fd00a603fa7e371740e2160c6c79adec5

SHA512
84b5dd2e6737ad3837e0cd834f308c8de5c6b10dffcc572d6d1cb801eac33dc0b3ea8ed69e3b51bb1db60a319408f4bf48ec37c16c6b0d7a5e249bdb9a4ea687

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31909.exe

Filesize
184KB

MD5
ccc436909446dfd0b0c8e707718c94c3

SHA1
238d655d13070dda374bec7fb9e388be763146c9

SHA256
c62cf49201fb4b7381a25a5e2d2aebf15c0bf7841ffcd64402f549af051553c7

SHA512
3304a413607789875c051e2b69d6d4f36daf4aad2cbd4f29ff240030498666456c9df8cb82952a73f8a40dbd442a12b14e9614d4546602be196994b7e418cdc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe

Filesize
184KB

MD5
88da2594e9654dc2f32911e24f8cac2a

SHA1
b25d69de2896fbb7291912c19806f4db744936c4

SHA256
f758c1cad3841ada22fd40e27ea9d2e7ea9c3412ef42bdf1bcf70d11e2f96dc3

SHA512
d44b67b4b7cc24b468f49fc94ea9b7cd71262aa5be8e68a6536bb0548a45df792f98f23f4d1a2addb149576aa5b0bdba670144a5be6846116c38bcf51a6863f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40206.exe

Filesize
184KB

MD5
897f96c060eee810ef91fe53e80d322c

SHA1
f1a84a5a60c16b6c5a68cfedfce67c8bdc617d5c

SHA256
4ab353406d259f1bbf5b3b23161fc25a9dd7213874ab2dccdff9b454119f3ccd

SHA512
e9fb6258ab539bbb8a8878107caf5ae020c9276b4379bbb452ec9dd8169e71d1d68eb5ba59fd3b0f553fe7dc1f74b4b28e459c48502afa47694b4c8faec92d26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5464.exe

Filesize
184KB

MD5
685f1da00de5302f25ca0d6494addf12

SHA1
c5047cd8a44051e51a8365d631bc57adf02d580e

SHA256
703a1bd4941a76ce4ec822d48f8cf00c7a40ab8f35dbc4946876e8abe8e659ae

SHA512
b7a88a9a5e01b97202954249fedfa3d3a3446fb3f49bcbf0806e6156e4e8a1f720719ab1c3397c49c1c233a841f3fc75231d313820e2ef28118a19f4c7592fbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe

Filesize
184KB

MD5
9212f1cdca5beef22c74ed99884c4e7c

SHA1
59c6d381f0b7757f294fae499359f5f7e3f5632f

SHA256
cc879b78aae7522c68c806c56498832c1ffea2041b6817252f591873f4951c65

SHA512
068ed2744e13849aa75a027a7df7f8d4bcc41b44f0e15ac026e5234abcb24385b6ac40054d11a2d6aa1b9873b838936e10cde2584dbda82b0c44c3ab47f07577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5742.exe

Filesize
184KB

MD5
64e6e1133e933ea4e2c4cc6576e67244

SHA1
f3691e320f8c979f4e5ccec4f450740125f84046

SHA256
f0e9a2a7359aa4ca71f87890ca0d28cbccb156c300aed27c2a12edca972ee24f

SHA512
5c8192624f5f0551dce17d43c2b5ee16c97825766d13c0c1b463ba046dbf158c1ee83c6c22404b03106dfb23a41967e61f64402c4c0cb2d7faa58ff3c058ae7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5941.exe

Filesize
184KB

MD5
d4207ccd613ff225e409c2c62fec828b

SHA1
24f0fdc0ab3a43c1217bfcbf80e150365cc4ac29

SHA256
bdef54d13ed14314d38d8c50d2b2568ae2d9687df0897aca24ef2b6b33b5b8cd

SHA512
2c6d7cb73554e91c4d37e2d3cd3b88407c0f38b7fa7bbc023af5ce40395ecfd9738a6283430bdf58fcb141aafb0c2cd8d91865861309b226a6eb4f9d8a1e7400

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6507.exe

Filesize
184KB

MD5
fe8bed58e55b0d5bf6d065782f91d7e8

SHA1
416055755ebcdcedc1560cecae3103e6cbf19279

SHA256
f73050b48cec068d4c046b97d617854c0f170752539856cff3b8e93ee43a03fa

SHA512
ad0e4472c794fd2ca72b3046f3dca3da1bbe2a0c9c2d59f0084a922d1e6c59da2f61df2f6f8c4dce5fbd8558897db66a2d07bfcb0c1c35e208383dc4bef2abfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe

Filesize
184KB

MD5
e226be676a30336696143a52f9812bc8

SHA1
bd5511aee2c7bbb4fdf22e7f2f167f58c8b1df7c

SHA256
1d7c55f0e0192be6da3a63ac74c5ad721a4e8d1fb1b5234ff24c5e26dcfc32c0

SHA512
91e54d3bb7a9f712ead8bb6f3350de89a2f50f35ccc270766a2b28a4f41628b0f2d0f5ad4c53c7691bfaa4a0ed6de2cb6bd6c70c4d673f9e64fdca5465bbf341

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6657.exe

Filesize
184KB

MD5
cd2c26f02959853370841ddc521ffb17

SHA1
5c3614c0e1c145e67131ee9161ec41729b41f3ff

SHA256
f0fd503b3ceb9c086ca816032792cc617fecabc9fb4b98a8e3c9c39d5194ee25

SHA512
18808ae40fba4a95a13ca3c244e95564796a274b0d4c68566bd3e1127926056bc3c3d93eff066f0ca78d1ab2b936c8fbc6dc5326210c80f6aabdaf640926f48e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6782.exe

Filesize
184KB

MD5
96cb27e271a72a68020d6363de9a2f93

SHA1
f6520f7bbb2cb0fa9f485726f0aaaabe4caf36bb

SHA256
ab7137490b51d9f42c1ded8d68a252f8ec1f9ca221140a832daab145bfa17364

SHA512
3cd411fe4c3c758cf0433ae37b9c181f72f790eb201754fd06e20d7bff2d591a5cc0d89c8765e14e936bc7f7e89dbbffb60c2884f2abb2e5b1b17228875fbf9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-964.exe

Filesize
184KB

MD5
0dcf84e7ea5318b7f736fb6f53db585c

SHA1
fd5e200732b7a0074eba9fd777497198a8a74e1f

SHA256
70605b8f27656f32dc09eb4e91139d0ab74a1457dc197324f82847c84f774b37

SHA512
cf4d19a9d5f0cef4a27ddf1e3a5071c14baeddd24ebb02f78ff1af4ffe4568ad78042bf9051ad9b1cd6f2af6806753daed7e7d2739445b6bbbae8b5122f42c9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe

Filesize
184KB

MD5
196593745b5fb1bbdc406dcbebf597c8

SHA1
330384cae62b111c3f6e8c9bb330f4713239ea80

SHA256
7f1172ff3fdc049db0a11906d32d7f29ef5f9493167ace5ac8d8fe3af2e112cf

SHA512
e2700f5af1d2960b8c40f431e3c0de9ef7bb437bb60f83149edc3f9bbd9e035ef94f49cbf8019e92a997f7335179e60e953079dcea7834019663f484c271dced

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe

Filesize
184KB

MD5
2df51342b4029d384bb9eee8ceb9382d

SHA1
c50d7068ac26d5ffe719bfe2b675952357da3a50

SHA256
157adeff18e00b44d45c849c6ecf88264b5af24295ede421ec69c67621abcd36

SHA512
7b38029eb5ec7354bcfe4b80c587b95623af1318ba444cdc8e4c86611b75e015e36caaf586162ea91a1bf7dd90c0806f94e81ba11ce8bf22fb19aa1b10409c6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12043.exe

Filesize
184KB

MD5
9eb9411b43f57bea3cf504ebc9655b38

SHA1
3793816b46d498b8563f391730496ef5c63ad3bd

SHA256
e45ec149a5d4b21afdeaf48265c492b1d3f9a1b78de3cbcd0dd10c5f82c1e977

SHA512
bb134b58364bf0870bd650453f449f912b4a20759e2e2bf71f1b12fe3468ddb29f3ef49687a8358b4eb67667c1805eb264f8c7374359713afe1ae766e527041d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24487.exe

Filesize
184KB

MD5
0b9fc6895ea9c0cd66a0f7e527dd7a97

SHA1
db245cde6826c41ac6a6d3f93b0d8fce391ea46f

SHA256
997a81158a742598b0cf748421d72a8bbbcfcd90ea2d193c15ed790f640a7234

SHA512
bd03cd6e4d67605e1b7e4791b9c8a45485b8b18a9b3ca576ef73fdecc6baea36372d80ae7b432e61d99fb1b2dcf8ab9dcf41f8377917943229381adccda481ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe

Filesize
184KB

MD5
a889b5ed74577e65b016804a2f4d282f

SHA1
51cfce08f8e96c9f6c562b10beccaa553e73a7c9

SHA256
7d14b53c4fe7efbec96abc5aab5600641ec0348a401419d23944bcb54bee12c1

SHA512
d0bce759f35c43e97c3f9b5aa1333739436ac641ed30dd9ea6c31b235e0245bde8e5e2f80b3538fae371749361b21b148a7c08f46bcf3aca280a04042daf9210

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33964.exe

Filesize
184KB

MD5
d5a1c841bab70f955cbc961176ef65dd

SHA1
d4850ff92389419910baff618f12fd59ec40b21f

SHA256
62a38a679a5181c08b6dc0467d12ac4a92e366d453527513923e0f08b45963ea

SHA512
94a328d4e154a026c766e9146fe16e2ccc79eb8430dfc793c4661e5537c5234ff45430802f36d4249b199aee56daf610fdd3c9d084df0ef89eb47b1226f0ed51

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36019.exe

Filesize
184KB

MD5
a07e951406dc79bf035e549176db682e

SHA1
d536ed8124eedfe95ee5b85df0f67ab8c1d8d836

SHA256
59ce7544387c6a7264301433006275b5fb18a80ace91cec5a4a7ffe8e666f55d

SHA512
723d4766dd49e4bd9cb1d8e97ea35d781f3827076265f250f994016478df7a57931c14080bf28561755f0b9139937cb2b7238663d8df1c0a6e5bb834f5f78fa3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe

Filesize
184KB

MD5
ebabd187520da3a5b606a9d1c2a4ea8e

SHA1
b4aa2f3c1c81152c8d67e3fd96723fb5a15022e9

SHA256
e9a3460e0326890555e247a9d4cd1028a8252cdbf72a8dd2342856413f94beca

SHA512
a8f40467cc63006c10a1d2c582c66178b87070f238546b4916c2b7330ede0a2b4dc4db871e33c8b4718221cc6ea78c778264a5ba5f47a0e77efb63a49364d5c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3657.exe

Filesize
184KB

MD5
b92bf3d49d358629756cda4cd2d133e4

SHA1
097010ed00cc969657a9d916611dba9cfda1a02a

SHA256
18363836285cac3d5469e1d4a600930f018e2e39f34b3ab0d89a55a858c29e4d

SHA512
f5f012fafd684794685f71380766502c85c106991d669d446e215789c6aceb55db8474d38bcdcd9251d15c57cb02235b905c4101000a2f78b220442ab0e356a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39283.exe

Filesize
184KB

MD5
4727233099826e040b596a4341004129

SHA1
7720d3833b470093166446a9e6fe33db112e810c

SHA256
d504fb3014e247d5d00093deadd8de06061db5c60fb1e92f10f4d682336ef9da

SHA512
8bdc2cae792886c47cadc42c52c326f57d2685f7b8d6ae4d68b947b7b2aab22dfc4452a98306a256bde5931884e26025ae5ced9194db87217bf8c1dca9e561c9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe

Filesize
184KB

MD5
52f2f5651e55951fbcd1631a852b2815

SHA1
5136a5b4a3161066a6c9ef1dc5b3ec02c7124bf2

SHA256
a5b5bf54fe5c5070eef0ac2dcef32c24e499324c4a43188af5f401f58d1157df

SHA512
f1598479e214133b2473e7b921a05e493e7180f2d5ecd2851a2298cb6e3abfafd2d16a5d13ed08d8087f15e3047e48f26a19767b6868474fcfabe11bf274e312

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe

Filesize
184KB

MD5
66bd985e58b1f07a289971cb25e24046

SHA1
e6d49b6137dd477ff4cedb58c4c4f0718f999b8e

SHA256
0e0c202b6e4e2526f564686c699af45f26d4d49e092e6540fc3d2a538368b76a

SHA512
90ecd5b2a5d1e9684da654ed476ddfa635fb4bd248cdcacc2cb599b45ff179d2b1e8ee4117392f8c1750a8142c05b66a7f6f8d7ea9ac52d5c2ff88af747e9b35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55619.exe

Filesize
184KB

MD5
fa1e1ff7976ae4f0537ca79e9aec584e

SHA1
5dc9a95e88ae06ffffbb483d4e16e10bc66bf5ab

SHA256
c1d54fc494fcbbf0b554d258dec724a0641ff405b7c7bf952c2436cabec39fc9

SHA512
2c7c6dbb757a8246b2c82393f23897f8d1463f9f8d553b5cc639f9bf1bc9317f4d232c502e10d5ef88538a779dbf17093333d86f94cbeb4e2eb56b1e9ae923f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe

Filesize
184KB

MD5
a8b9ddb7c9c567171bceb648417c0883

SHA1
7590731feb9caea39e877a3641d38cdae6166c5f

SHA256
908f4b06a298790fd6de941194f1e4b5d317ece50b0604d630617b2ebc96a1f3

SHA512
e8509898f23af9d6bb897f53277e1126c7d3f5984fb4ce36a879432d329bd68951c10828072dc31d66de47009d1095b057760cdb37312f5693f1ea29e132d820

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads