610cd3d54436d2a58afd9325476eef5b5646f5419400b514d44ff1fae7181b5d

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 16:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac4c6a1912bcd5ed23cafdd54e39b939.exe
Size

184KB
MD5

ac4c6a1912bcd5ed23cafdd54e39b939
SHA1

338419ffab1457bb8865e7a0bae56eb36a06ba45
SHA256

610cd3d54436d2a58afd9325476eef5b5646f5419400b514d44ff1fae7181b5d
SHA512

bafb24bc8d5ae317d37830e807bb6c291ca8084eb063c9e5cca8298136a9fbd9b2d66e535967c0e05431c922748069d0e156d5dbe5449897c1245d7655cbf1c6
SSDEEP

3072:B+MGoET8gJ08MejWwzOSM8dbPB86dSphfDMx+YdfSNlPupFO:B+houi8M5wKSM8ATdpNlPupF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
532	Unicorn-45140.exe
3040	Unicorn-65342.exe
2656	Unicorn-53645.exe
2632	Unicorn-44271.exe
2572	Unicorn-45786.exe
1564	Unicorn-60856.exe
2840	Unicorn-61603.exe
2620	Unicorn-41505.exe
1088	Unicorn-48962.exe
2704	Unicorn-53025.exe
2748	Unicorn-19798.exe
1356	Unicorn-44302.exe
2736	Unicorn-40964.exe
1472	Unicorn-47831.exe
2380	Unicorn-20011.exe
2204	Unicorn-36539.exe
1816	Unicorn-337.exe
2120	Unicorn-24479.exe
1892	Unicorn-25033.exe
2300	Unicorn-57706.exe
1036	Unicorn-48983.exe
2140	Unicorn-12200.exe
952	Unicorn-45812.exe
1324	Unicorn-32237.exe
2192	Unicorn-24815.exe
1932	Unicorn-48765.exe
2212	Unicorn-13523.exe
868	Unicorn-37473.exe
1700	Unicorn-12968.exe
1584	Unicorn-33581.exe
1712	Unicorn-13715.exe
1748	Unicorn-38219.exe
3024	Unicorn-62361.exe
2524	Unicorn-60654.exe
2520	Unicorn-15708.exe
2576	Unicorn-51910.exe
2980	Unicorn-31490.exe
1644	Unicorn-48765.exe
660	Unicorn-19430.exe
2876	Unicorn-16306.exe
2828	Unicorn-29304.exe
2280	Unicorn-29304.exe
1660	Unicorn-24666.exe
1620	Unicorn-140.exe
2156	Unicorn-654.exe
1544	Unicorn-654.exe
1940	Unicorn-42132.exe
1008	Unicorn-13866.exe
1348	Unicorn-5890.exe
1632	Unicorn-18335.exe
1468	Unicorn-6061.exe
1500	Unicorn-13482.exe
1104	Unicorn-47094.exe
1312	Unicorn-6850.exe
2504	Unicorn-52522.exe
768	Unicorn-53783.exe
2312	Unicorn-45060.exe
1688	Unicorn-33576.exe
3028	Unicorn-33192.exe
1452	Unicorn-9434.exe
680	Unicorn-62164.exe
1192	Unicorn-30260.exe
776	Unicorn-10394.exe
1588	Unicorn-55319.exe

Loads dropped DLL 64 IoCs

pid	Process
2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe
2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe
532	Unicorn-45140.exe
532	Unicorn-45140.exe
2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe
2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe
2656	Unicorn-53645.exe
2656	Unicorn-53645.exe
532	Unicorn-45140.exe
532	Unicorn-45140.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2544	WerFault.exe
2632	Unicorn-44271.exe
2632	Unicorn-44271.exe
2656	Unicorn-53645.exe
2656	Unicorn-53645.exe
2572	Unicorn-45786.exe
2572	Unicorn-45786.exe
1564	Unicorn-60856.exe
1564	Unicorn-60856.exe
2632	Unicorn-44271.exe
2632	Unicorn-44271.exe
2840	Unicorn-61603.exe
2840	Unicorn-61603.exe
2620	Unicorn-41505.exe
2620	Unicorn-41505.exe
2572	Unicorn-45786.exe
2572	Unicorn-45786.exe
2704	Unicorn-53025.exe
2704	Unicorn-53025.exe
1088	Unicorn-48962.exe
1088	Unicorn-48962.exe
2748	Unicorn-19798.exe
2748	Unicorn-19798.exe
1564	Unicorn-60856.exe
1564	Unicorn-60856.exe
2840	Unicorn-61603.exe
1356	Unicorn-44302.exe
2840	Unicorn-61603.exe
1356	Unicorn-44302.exe
2620	Unicorn-41505.exe
2736	Unicorn-40964.exe
2620	Unicorn-41505.exe
2736	Unicorn-40964.exe
1472	Unicorn-47831.exe
1472	Unicorn-47831.exe
2704	Unicorn-53025.exe
2704	Unicorn-53025.exe
2204	Unicorn-36539.exe
2204	Unicorn-36539.exe
2748	Unicorn-19798.exe
2748	Unicorn-19798.exe
2380	Unicorn-20011.exe
2380	Unicorn-20011.exe
1088	Unicorn-48962.exe
1088	Unicorn-48962.exe
2300	Unicorn-57706.exe
2300	Unicorn-57706.exe
1036	Unicorn-48983.exe
1036	Unicorn-48983.exe
2120	Unicorn-24479.exe

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2544	3040	WerFault.exe	29
2820	1048	WerFault.exe	325
1036	2564	WerFault.exe	335

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe
532	Unicorn-45140.exe
3040	Unicorn-65342.exe
2656	Unicorn-53645.exe
2632	Unicorn-44271.exe
2572	Unicorn-45786.exe
1564	Unicorn-60856.exe
2840	Unicorn-61603.exe
2620	Unicorn-41505.exe
1088	Unicorn-48962.exe
2704	Unicorn-53025.exe
2748	Unicorn-19798.exe
2736	Unicorn-40964.exe
1356	Unicorn-44302.exe
1472	Unicorn-47831.exe
2204	Unicorn-36539.exe
2380	Unicorn-20011.exe
1816	Unicorn-337.exe
1892	Unicorn-25033.exe
2120	Unicorn-24479.exe
1036	Unicorn-48983.exe
2300	Unicorn-57706.exe
2140	Unicorn-12200.exe
952	Unicorn-45812.exe
1324	Unicorn-32237.exe
2192	Unicorn-24815.exe
1932	Unicorn-48765.exe
868	Unicorn-37473.exe
2212	Unicorn-13523.exe
1700	Unicorn-12968.exe
1584	Unicorn-33581.exe
3024	Unicorn-62361.exe
1712	Unicorn-13715.exe
1748	Unicorn-38219.exe
2576	Unicorn-51910.exe
2524	Unicorn-60654.exe
2980	Unicorn-31490.exe
2520	Unicorn-15708.exe
1644	Unicorn-48765.exe
660	Unicorn-19430.exe
2876	Unicorn-16306.exe
2280	Unicorn-29304.exe
1660	Unicorn-24666.exe
2828	Unicorn-29304.exe
1620	Unicorn-140.exe
1544	Unicorn-654.exe
2156	Unicorn-654.exe
1940	Unicorn-42132.exe
1008	Unicorn-13866.exe
1348	Unicorn-5890.exe
1632	Unicorn-18335.exe
1500	Unicorn-13482.exe
1468	Unicorn-6061.exe
1104	Unicorn-47094.exe
2504	Unicorn-52522.exe
1312	Unicorn-6850.exe
768	Unicorn-53783.exe
2312	Unicorn-45060.exe
1688	Unicorn-33576.exe
3028	Unicorn-33192.exe
1452	Unicorn-9434.exe
680	Unicorn-62164.exe
1192	Unicorn-30260.exe
776	Unicorn-10394.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 532	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	28
PID 2944 wrote to memory of 532	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	28
PID 2944 wrote to memory of 532	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	28
PID 2944 wrote to memory of 532	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	28
PID 532 wrote to memory of 3040	532	Unicorn-45140.exe	29
PID 532 wrote to memory of 3040	532	Unicorn-45140.exe	29
PID 532 wrote to memory of 3040	532	Unicorn-45140.exe	29
PID 532 wrote to memory of 3040	532	Unicorn-45140.exe	29
PID 2944 wrote to memory of 2656	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	30
PID 2944 wrote to memory of 2656	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	30
PID 2944 wrote to memory of 2656	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	30
PID 2944 wrote to memory of 2656	2944	ac4c6a1912bcd5ed23cafdd54e39b939.exe	30
PID 2656 wrote to memory of 2632	2656	Unicorn-53645.exe	31
PID 2656 wrote to memory of 2632	2656	Unicorn-53645.exe	31
PID 2656 wrote to memory of 2632	2656	Unicorn-53645.exe	31
PID 2656 wrote to memory of 2632	2656	Unicorn-53645.exe	31
PID 532 wrote to memory of 2572	532	Unicorn-45140.exe	32
PID 532 wrote to memory of 2572	532	Unicorn-45140.exe	32
PID 532 wrote to memory of 2572	532	Unicorn-45140.exe	32
PID 532 wrote to memory of 2572	532	Unicorn-45140.exe	32
PID 3040 wrote to memory of 2544	3040	Unicorn-65342.exe	33
PID 3040 wrote to memory of 2544	3040	Unicorn-65342.exe	33
PID 3040 wrote to memory of 2544	3040	Unicorn-65342.exe	33
PID 3040 wrote to memory of 2544	3040	Unicorn-65342.exe	33
PID 2632 wrote to memory of 1564	2632	Unicorn-44271.exe	34
PID 2632 wrote to memory of 1564	2632	Unicorn-44271.exe	34
PID 2632 wrote to memory of 1564	2632	Unicorn-44271.exe	34
PID 2632 wrote to memory of 1564	2632	Unicorn-44271.exe	34
PID 2656 wrote to memory of 2840	2656	Unicorn-53645.exe	35
PID 2656 wrote to memory of 2840	2656	Unicorn-53645.exe	35
PID 2656 wrote to memory of 2840	2656	Unicorn-53645.exe	35
PID 2656 wrote to memory of 2840	2656	Unicorn-53645.exe	35
PID 2572 wrote to memory of 2620	2572	Unicorn-45786.exe	36
PID 2572 wrote to memory of 2620	2572	Unicorn-45786.exe	36
PID 2572 wrote to memory of 2620	2572	Unicorn-45786.exe	36
PID 2572 wrote to memory of 2620	2572	Unicorn-45786.exe	36
PID 1564 wrote to memory of 1088	1564	Unicorn-60856.exe	37
PID 1564 wrote to memory of 1088	1564	Unicorn-60856.exe	37
PID 1564 wrote to memory of 1088	1564	Unicorn-60856.exe	37
PID 1564 wrote to memory of 1088	1564	Unicorn-60856.exe	37
PID 2632 wrote to memory of 2704	2632	Unicorn-44271.exe	38
PID 2632 wrote to memory of 2704	2632	Unicorn-44271.exe	38
PID 2632 wrote to memory of 2704	2632	Unicorn-44271.exe	38
PID 2632 wrote to memory of 2704	2632	Unicorn-44271.exe	38
PID 2840 wrote to memory of 2748	2840	Unicorn-61603.exe	39
PID 2840 wrote to memory of 2748	2840	Unicorn-61603.exe	39
PID 2840 wrote to memory of 2748	2840	Unicorn-61603.exe	39
PID 2840 wrote to memory of 2748	2840	Unicorn-61603.exe	39
PID 2620 wrote to memory of 1356	2620	Unicorn-41505.exe	40
PID 2620 wrote to memory of 1356	2620	Unicorn-41505.exe	40
PID 2620 wrote to memory of 1356	2620	Unicorn-41505.exe	40
PID 2620 wrote to memory of 1356	2620	Unicorn-41505.exe	40
PID 2572 wrote to memory of 2736	2572	Unicorn-45786.exe	41
PID 2572 wrote to memory of 2736	2572	Unicorn-45786.exe	41
PID 2572 wrote to memory of 2736	2572	Unicorn-45786.exe	41
PID 2572 wrote to memory of 2736	2572	Unicorn-45786.exe	41
PID 2704 wrote to memory of 1472	2704	Unicorn-53025.exe	42
PID 2704 wrote to memory of 1472	2704	Unicorn-53025.exe	42
PID 2704 wrote to memory of 1472	2704	Unicorn-53025.exe	42
PID 2704 wrote to memory of 1472	2704	Unicorn-53025.exe	42
PID 1088 wrote to memory of 2380	1088	Unicorn-48962.exe	43
PID 1088 wrote to memory of 2380	1088	Unicorn-48962.exe	43
PID 1088 wrote to memory of 2380	1088	Unicorn-48962.exe	43
PID 1088 wrote to memory of 2380	1088	Unicorn-48962.exe	43

C:\Users\Admin\AppData\Local\Temp\ac4c6a1912bcd5ed23cafdd54e39b939.exe
"C:\Users\Admin\AppData\Local\Temp\ac4c6a1912bcd5ed23cafdd54e39b939.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45140.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45140.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3040
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
      4⤵
      Loads dropped DLL
      Program crash
      PID:2544
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24479.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33581.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        10⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
        11⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        12⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
        14⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3891.exe
        15⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59776.exe
        16⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5417.exe
        17⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49045.exe
        18⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        19⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1312.exe
        16⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59273.exe
        17⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8261.exe
        18⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        19⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55319.exe
        8⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        9⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        10⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
        12⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        13⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
        14⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-612.exe
        16⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22961.exe
        17⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42132.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62164.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
        9⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14484.exe
        10⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        11⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        14⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        15⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37492.exe
        16⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49631.exe
        17⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38713.exe
        18⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        19⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38219.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13866.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44536.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        9⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        10⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
        12⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32490.exe
        13⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39195.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44447.exe
        15⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        16⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25033.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        8⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17495.exe
        9⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61677.exe
        11⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5717.exe
        12⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        13⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
        14⤵
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
        15⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        16⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42914.exe
        17⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39407.exe
        15⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17717.exe
        16⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        17⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48983.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12968.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18335.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        8⤵
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        9⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        11⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        12⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
        13⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        14⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
        15⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35104.exe
        16⤵
        
        PID:1148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
        7⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        8⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23773.exe
        9⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56423.exe
        10⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53237.exe
        11⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11296.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
        13⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51276.exe
        14⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
        15⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12288.exe
        16⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64408.exe
        17⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50668.exe
        10⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54763.exe
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4140.exe
        12⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30861.exe
        13⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12656.exe
        14⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe
        15⤵
        
        PID:2868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38558.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46202.exe
        8⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe
        9⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
        11⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38411.exe
        12⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
        13⤵
        
        PID:2564
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
        14⤵
        Program crash
        
        PID:1036
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48962.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        9⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15392.exe
        10⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15772.exe
        11⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        12⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42827.exe
        13⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
        14⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        15⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20083.exe
        16⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4509.exe
        17⤵
        
        PID:344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
        18⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        19⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
        14⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
        15⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        16⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        17⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53783.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41739.exe
        9⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        10⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
        11⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31065.exe
        12⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1436.exe
        13⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24644.exe
        14⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59065.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44395.exe
        16⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13829.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31099.exe
        18⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14898.exe
        17⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38088.exe
        18⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49226.exe
        15⤵
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57467.exe
        16⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
        17⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29513.exe
        8⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        9⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        10⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
        12⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61597.exe
        13⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
        15⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15562.exe
        16⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        17⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
        13⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
        14⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
        15⤵
        
        PID:424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33290.exe
        16⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
        17⤵
        
        PID:332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
        8⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23561.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        10⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46776.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6117.exe
        13⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        14⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30472.exe
        15⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
        16⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
        17⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
        18⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3695.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50473.exe
        9⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64534.exe
        11⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1789.exe
        12⤵
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        13⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-746.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        15⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54042.exe
        16⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        17⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22735.exe
        18⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55472.exe
        19⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62946.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44597.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
        15⤵
        
        PID:1196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        16⤵
        
        PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-337.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62361.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13482.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10394.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
        8⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48636.exe
        9⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        11⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8867.exe
        11⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7980.exe
        12⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-944.exe
        13⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41383.exe
        15⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47094.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
        7⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61412.exe
        8⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
        9⤵
        
        PID:944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46441.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19278.exe
        12⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-580.exe
        13⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
        14⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11224.exe
        15⤵
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26853.exe
        16⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
        7⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        8⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        9⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23196.exe
        11⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
        12⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
        13⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27331.exe
        13⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42039.exe
        14⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        15⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40328.exe
        9⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
        10⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33196.exe
        11⤵
        
        PID:240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35277.exe
        12⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18744.exe
        13⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46808.exe
        14⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        15⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        16⤵
        
        PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60654.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        8⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
        9⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28787.exe
        10⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31343.exe
        12⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
        13⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42734.exe
        14⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50560.exe
        15⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        16⤵
        
        PID:2596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30966.exe
        8⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
        9⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
        10⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52559.exe
        11⤵
        
        PID:1180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
        12⤵
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
        13⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
        14⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
        15⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        16⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3124.exe
        7⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        8⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34872.exe
        10⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9433.exe
        11⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47373.exe
        12⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
        13⤵
        
        PID:1976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53635.exe
        15⤵
        
        PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45812.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33192.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        8⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33976.exe
        9⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25066.exe
        10⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
        12⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61623.exe
        14⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33243.exe
        15⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22164.exe
        16⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        17⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        8⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3711.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
        10⤵
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
        11⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
        12⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
        13⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
        14⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13948.exe
        15⤵
        
        PID:968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9919.exe
        16⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18220.exe
        9⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
        11⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
        12⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37327.exe
        13⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe
        14⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        15⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        16⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8168.exe
        7⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
        8⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
        9⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23943.exe
        11⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
        12⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        13⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61826.exe
        14⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19921.exe
        15⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        16⤵
        
        PID:2024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9434.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        8⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
        9⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4996.exe
        11⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38427.exe
        12⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        13⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
        14⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
        15⤵
        
        PID:1744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32237.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31490.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6850.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46534.exe
        9⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
        10⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18242.exe
        11⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        12⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48447.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39890.exe
        14⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
        15⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
        16⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
        17⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24855.exe
        18⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10524.exe
        8⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4043.exe
        9⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56996.exe
        10⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        11⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1104.exe
        12⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
        13⤵
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
        14⤵
        
        PID:1048
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
        15⤵
        Program crash
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52522.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22990.exe
        8⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
        9⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
        10⤵
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53792.exe
        12⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54000.exe
        13⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        14⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48863.exe
        15⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe
        16⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60324.exe
        17⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3882.exe
        9⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54033.exe
        10⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        11⤵
        
        PID:628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30072.exe
        12⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14524.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
        14⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55568.exe
        15⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30007.exe
        16⤵
        
        PID:920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33273.exe
        13⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
        14⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1743.exe
        15⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48765.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12787.exe
        8⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36384.exe
        9⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36379.exe
        10⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        11⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        12⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
        13⤵
        
        PID:1356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
        14⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        15⤵
        
        PID:2408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19430.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
        7⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41433.exe
        8⤵
        
        PID:1040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57188.exe
        9⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        10⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24921.exe
        11⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46221.exe
        12⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28785.exe
        13⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33990.exe
        14⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
        15⤵
        
        PID:1184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57223.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18737.exe
        17⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24349.exe
        15⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57743.exe
        8⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        9⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        10⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34732.exe
        11⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28951.exe
        12⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39937.exe
        13⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-98.exe
        14⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39105.exe
        15⤵
        
        PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57706.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37473.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24666.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39845.exe
        7⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15236.exe
        8⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54806.exe
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
        10⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61384.exe
        11⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18562.exe
        12⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38661.exe
        13⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
        14⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43848.exe
        15⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23982.exe
        14⤵
        
        PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57525.exe
        6⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
        7⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
        8⤵
        
        PID:1380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62030.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50253.exe
        10⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23196.exe
        11⤵
        
        PID:1436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10414.exe
        12⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36606.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
        14⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
        15⤵
        
        PID:852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-41505.exe

Filesize
184KB

MD5
23058e43fdeac1e98418785579d9ffc1

SHA1
f17367ed23cd13bf1d29531f938b65b25f7a831d

SHA256
78041fb5d65ae2c1eec495a199b8d0054860c4316af12d987e228b7e53643bdd

SHA512
53e27492ae5f8e7937d17949dbd269f09f2dc07235ab35227877958bcb2c7e4ffc97b66bb4992ed903381c0454e191d40acd89e30faeaa0d73e4ea9286377ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44302.exe

Filesize
184KB

MD5
3b1c0e4772fc4e1829d9c7d25a39c9df

SHA1
58dc49c2130910ea4633c56470076b794c460306

SHA256
64372799470c1499865970da259c304e5997746d41a08b6a4c21cb9cd2a4eb46

SHA512
ceb6850674a05888a668683373b7bbf6be47c48cfb5f783c2b92a6282218520393af520b934af4e1331594a8372ba6276e2bb2b694ed1501ab3baf589af199c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5801.exe

Filesize
184KB

MD5
feb8f1d112058ceec3067607df6ed413

SHA1
0e7b685a1407f456afc22589eb9176e8b0412164

SHA256
15f400399c8d2f41dbf83f7d6b42b3f1055361e15d484ed60d2a75d0f87a2b4f

SHA512
5c7f0e7d75ce2b182a44223c46b1d275fd0678452c311a1830707786019715a6fd221d606295dd1ebff773cff65aed17978d1dee28750c20c2a90a9ef4bdb8ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5890.exe

Filesize
184KB

MD5
d26ade4f453ba03784e2cbad76c43e16

SHA1
5a935dd3faec767fa7204796044844a69b3a82a1

SHA256
70ff8c9c8aca49177cf55f23115dd9b653e73b4a66304d0f9fd4f90994695ffb

SHA512
0065ff4086fd5a55efa78c63f2fdb5d654f682015eb435e6efb1d9cb5b7db0b65c9ff11a691ec097565140dd96fab366c1884e9ab56e2fefeedfb73606c75de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63025.exe

Filesize
184KB

MD5
2c6a437f36f7906be709a013d2273aa2

SHA1
1d56c25291d07d01c1ce4adc0a9b08455f50f7a6

SHA256
6f1cae4a6f45d4c84ff52ced6a2bd0d011fd185d7e5d38e4275631e9549072cd

SHA512
f1a8678072ef66f549447595b2bf1f1b2b3f2b23f35151916ab4c5b5ec88ada4bfa523786d009444865a49382a551fb674ee4c7f8fd531c3b2396d54ea65139c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6559.exe

Filesize
184KB

MD5
91978070cbd66dedeca73b69e6c007e3

SHA1
ae66a57b27a6b834542f0ca475fdaacadb480afb

SHA256
660ee28a80dd7184048761ab9c1c3aec5c6cae1fabdfce3929efea78c0b00ee6

SHA512
60a9cb798948170aa135192f941c00e1a40a48d64c40b6c1e05acf03d924153a8639a14060572c2f89bcba370489aed9ecc88d9d11c35180071af4089da2124d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe

Filesize
184KB

MD5
9c45c6e5e878b615defcadf459ee31e0

SHA1
b19686f82185551980928b567100c00602982af9

SHA256
3f3c4ba5ec882dd1ba3382a71e30fcb69ad3bf0049312576b9655255fc584b40

SHA512
200020dde024be4c23a4a84d9c5547809be63029d3c393221f098a9f444decaa9ed3e77f7bacf99749fb604df506b1da16e5e154a0169ad165338c3b8bc9eef6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19798.exe

Filesize
184KB

MD5
8df0b6a9ae6a6ba3618024ea27e042d7

SHA1
2c1ad967a00307758c86be6d987db5547c237a08

SHA256
dade205e8ca5b04f71669feb79678719818c304395c5f1e58ef1933a86839b62

SHA512
3a678785c96eb7bac4d09e1e1df8a2e86c998ae2f0419bc1d31adff5a496bcfa1ca82c13cdcb7a335825d140ccf86e7e5bdb96635db2d4c05999d1f9d86199cd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20011.exe

Filesize
184KB

MD5
17c7f1144a9078fbd40fe10c0f7b218f

SHA1
1fb4aa45e3e387fdf3d5697b82e88ca482da3812

SHA256
46ab8bc92dbe94af522913c9ea2e53ed69b9af7f1820a751d94609df856e169e

SHA512
a8dd65ec83b4194fa9f55ac36f1536b9fa056f387c4dc5a8615e478b624ff0e833280076b648d3d174a59f5345961a1624d0d2fce17569510ad2174f78e54e30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36539.exe

Filesize
184KB

MD5
6e605758fa7f67e7f4c5940791e5064f

SHA1
54af71840a87771ce0ce96aad21086bb7c1f81b5

SHA256
beb22b58a23f93d11ff9e0282af15ab903ad13b2d24b4193657478bc67b7dce9

SHA512
3d3b323ad4853e74a23a1a26fd4f7773a6fde90190078f2fa8bda25b77df3caf605927b1b278bbaa77afbd46cbb3a7e4f1b8ba87234cc121db0a9f14fcaadc7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40964.exe

Filesize
184KB

MD5
710f85f211de34214e1c4260b835af35

SHA1
cd616659e16c394b1bb48404ad7b605ac73610b6

SHA256
25d5097440bccdd7e8db83bc4c5acc4d7e00a6219cbb9612cff4acca77a73e01

SHA512
813a6f4f31834c9ad205a700245538d4347021def658e766a2b1fcfcd8227aa1ec763b297a26369629ece8f99681e9842b89f8c833e363a933273fdacc96c28c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe

Filesize
184KB

MD5
873f12df0beb78977c287ca83d573069

SHA1
703b77c0ff4ea6753fb0bd4844db008f3b4e711f

SHA256
fa682a0b17a905c7f3c67815565216b00fdeea03ec7c1e36e953563ee2b8395b

SHA512
0b7a47a11a03a69953c4ac49aa6a420ce2b6e95af751abb838a4f2208dd04152be41bbdd65aa68f7f49b1390db2a2490b899032218c564fb988fc9fbcbcaed4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45140.exe

Filesize
184KB

MD5
e4de2cf6b9651f0eec7114a1e18a398a

SHA1
163e85d7f740bfaad180503b1f8a52f1df60ae66

SHA256
8d109df8aed8001730e25751ab2880491e19bcfdd7708216ac126029e16f88e6

SHA512
6e67c618d22d6e92aeeea67cb60d41cb725a654e8813ab11f9293c4da5e5359dd0058da17639433c2ce67cae28b9867bbaa529a8f8bdffa505698b5f5ca939f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45786.exe

Filesize
184KB

MD5
2511d3961476b134ca62ac5da6318847

SHA1
083aaeabcd21763961b6758d9027e7c1de1d3f26

SHA256
a5eb8694fdd181850555ffe1450cb3834756b40ec2ff41a48208b8372aaecac3

SHA512
dcd4a7c9a26363a8b609ad9bf33acab28ee7d5e41cfc90c4f6a2b5446c27cb9c0fbdf158e332415f656368ca230a87d222294efe0ab62a4e6e151dac059ac215

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe

Filesize
184KB

MD5
58c9444b9f13778ca3f2db9898b0652d

SHA1
dfcdccfa8dfd10022dcf92af9c0671051b4e1d58

SHA256
5dcdde552271702f7640d64d9bdfacd63cfb24d3577ffb47624b12728c3ba2e5

SHA512
3f4ab8eae9486674a3709db28e88b7c087b404a2b7843d36802cd325a27d91b32317a468d5e8eadc8b8e5696c2507b4047fac7fd039bea02f075cbb5cbe29a93

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48962.exe

Filesize
184KB

MD5
daf24d528b152fa0b250d2e634df1816

SHA1
82f2c86c5eebf54f3f11696f4a263c7e4dbd3be9

SHA256
698fe667674c218892826daf1defd21ecd61e89109f77f2872fbc3f5185f8237

SHA512
114218150c28973de5191b6b8f1f304b3288dfa6263e48278288d9ca5eac7e04433ef05433514d8d25392dbc5c4133292aeeb8da37dd6bbf7906f991c80a82ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53025.exe

Filesize
184KB

MD5
6ba6a0bcdffee102ed19bed727ce6eca

SHA1
1df8e5c6ef2e663fe3684d3a679909842c276ff9

SHA256
3ca28b62aaa0959d4e405fdd665bf505e8442c28cc902fa5174b9c982cbe24ba

SHA512
6314feb62ed47fffae0034c2de3a1d856b83ca281fccc00c2230685035815ca333d5b73f9762a53b0b2ad90184b71220c52e4c19dd15be133f89ab31008c787d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe

Filesize
184KB

MD5
a81f95699d632b325f1744bb1b97f204

SHA1
ee0c2dd5df1e2fcfdee5e3a6874c2952d4466f8c

SHA256
2f0d12dea62b42fd245e501f5a8b9283050a037b58ef97068a8c3a912649a248

SHA512
a9bd20946db971c1044232bdbcd197405742cfae6144a58860bb02f90541bdbe4fd6d9fd01f42091afaf00df8146cee993ddb1033c75f1df96b861bf0af00dde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe

Filesize
184KB

MD5
2b3e5078157956f8f2753a86d78f790d

SHA1
496ec51406dcc40ed5a69d762c479630d082c3d4

SHA256
0828856f591ffce3013ba647abde02f8469f4d6b86d935a71f0708a2e245ce8f

SHA512
f66826f5706a22868d92a0b1619c9a8ca77901f73ef3a393d6afc6b988ae1410dcdb14655913275d532f97436d2d33df0f789ef4d6e6f62e3bf7c4f1a0713590

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe

Filesize
184KB

MD5
08424f8ac3ee4bc908b143f7aeea1ff2

SHA1
e159bac318aeaa835f73fb51b4fc2546dfb6f7ad

SHA256
c9394727da57257722b4838862414adf7a734a68d2f9084e963aae69a8f1af89

SHA512
a11ce4a3fa80df6daf273876e96c9b1c67c03fe563dba5c143872f236af53ad862d2927766406402dc95014ef792d504f0307bee5d8fa8ba61cfbf4254872941

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe

Filesize
184KB

MD5
e92b28bc89052a4471b6ca180b229b40

SHA1
7c722c57e22b1298c52fd1ee794fb3f45199023e

SHA256
53bf994c40386d3353788710a0bd1b6fb84c438889c4562af8e9086800423269

SHA512
a49a236b79372265b377cecef54f73c3fe2b5b742ea172a4145070eddd9551e314eaa3e23b424006d48084e4f199816265260239212866104c22ececbdc95c18

Download Submit
memory/1736-1109-0x00000000027C0000-0x000000000291C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads