2a468ecdc0fcce65c3f209ebaf30648ae4244eb08110df3fab9c6f4a5ae5c3ef

Analysis

max time kernel
151s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 15:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bb9bd960e10fdedc409af7a53309bad8.exe
Size

184KB
MD5

bb9bd960e10fdedc409af7a53309bad8
SHA1

f24fd47c6fa7fa2dd7764b2ae19261eba9eeab8d
SHA256

2a468ecdc0fcce65c3f209ebaf30648ae4244eb08110df3fab9c6f4a5ae5c3ef
SHA512

87da76c4fe8c62bfc5f61c24de8da928f215ee2267d1012d7d7357f3955c90e2a11246c23b59fcda6e325363970f247f3a82c0d0b89c5624d8d09406f9fb5ab7
SSDEEP

3072:lVDQomFFn+Ag8rj9Mf0Dq8vbmqgMs+llMe4xJWXwUylPvpFW:lV8oIzg8tMsDq8734KylPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
3580	Unicorn-41695.exe
772	Unicorn-56407.exe
2776	Unicorn-40625.exe
4232	Unicorn-13594.exe
2276	Unicorn-62219.exe
4656	Unicorn-30101.exe
4668	Unicorn-3034.exe
400	Unicorn-40537.exe
4724	Unicorn-44259.exe
3292	Unicorn-61150.exe
1324	Unicorn-15478.exe
4360	Unicorn-58815.exe
4324	Unicorn-31741.exe
4228	Unicorn-64414.exe
1008	Unicorn-27103.exe
4948	Unicorn-55883.exe
2992	Unicorn-47715.exe
1484	Unicorn-19681.exe
2944	Unicorn-8794.exe
884	Unicorn-42213.exe
4556	Unicorn-41467.exe
4020	Unicorn-53719.exe
2000	Unicorn-45551.exe
2884	Unicorn-21601.exe
2280	Unicorn-50019.exe
5000	Unicorn-41253.exe
1588	Unicorn-5073.exe
3176	Unicorn-29023.exe
3512	Unicorn-20553.exe
5048	Unicorn-16683.exe
3520	Unicorn-57715.exe
2040	Unicorn-33403.exe
3968	Unicorn-33403.exe
1968	Unicorn-13537.exe
4800	Unicorn-12790.exe
1308	Unicorn-50294.exe
4060	Unicorn-8706.exe
1740	Unicorn-46210.exe
1744	Unicorn-46210.exe
3100	Unicorn-50315.exe
3956	Unicorn-25811.exe
1312	Unicorn-62567.exe
376	Unicorn-13366.exe
3088	Unicorn-42701.exe
3328	Unicorn-7754.exe
3292	Unicorn-56934.exe
2756	Unicorn-11646.exe
1324	Unicorn-24837.exe
2332	Unicorn-35323.exe
2908	Unicorn-44511.exe
696	Unicorn-19431.exe
2232	Unicorn-60655.exe
3992	Unicorn-48211.exe
4892	Unicorn-28345.exe
3012	Unicorn-56127.exe
4804	Unicorn-51851.exe
3320	Unicorn-36705.exe
1420	Unicorn-15265.exe
4560	Unicorn-48130.exe
2772	Unicorn-60655.exe
2172	Unicorn-36261.exe
2560	Unicorn-24453.exe
3856	Unicorn-7562.exe
4640	Unicorn-23455.exe

Program crash 22 IoCs

pid	pid_target	Process	procid_target
2992	5000	WerFault.exe	123
4568	3956	WerFault.exe	138
4860	2276	WerFault.exe	159
3120	4636	WerFault.exe	247
5680	4656	WerFault.exe	411
6840	1828	WerFault.exe	381
3088	5972	WerFault.exe	473
1476	6648	WerFault.exe	436
3748	5628	WerFault.exe	560
3592	2256	WerFault.exe	490
5848	680	WerFault.exe	543
2548	1940	WerFault.exe	551
6664	5628	WerFault.exe	560
7160	2328	WerFault.exe	663
5224	220	WerFault.exe	604
6416	6956	WerFault.exe	603
8168	6024	WerFault.exe	606
7828	6944	WerFault.exe	600
6236	2328	WerFault.exe	663
1880	4752	WerFault.exe	645
6324	6628	WerFault.exe	647
7876	4640	WerFault.exe	651

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
556	bb9bd960e10fdedc409af7a53309bad8.exe
3580	Unicorn-41695.exe
2776	Unicorn-40625.exe
772	Unicorn-56407.exe
4232	Unicorn-13594.exe
2276	Unicorn-62219.exe
4656	Unicorn-30101.exe
400	Unicorn-40537.exe
4668	Unicorn-3034.exe
4724	Unicorn-44259.exe
3292	Unicorn-61150.exe
1324	Unicorn-15478.exe
4360	Unicorn-58815.exe
4324	Unicorn-31741.exe
4228	Unicorn-64414.exe
1008	Unicorn-27103.exe
1484	Unicorn-19681.exe
4948	Unicorn-55883.exe
2992	Unicorn-47715.exe
884	Unicorn-42213.exe
2944	Unicorn-8794.exe
4020	Unicorn-53719.exe
2884	Unicorn-21601.exe
4556	Unicorn-41467.exe
2000	Unicorn-45551.exe
2280	Unicorn-50019.exe
5000	Unicorn-41253.exe
1588	Unicorn-5073.exe
3176	Unicorn-29023.exe
3512	Unicorn-20553.exe
5048	Unicorn-16683.exe
3520	Unicorn-57715.exe
3968	Unicorn-33403.exe
1968	Unicorn-13537.exe
2040	Unicorn-33403.exe
1308	Unicorn-50294.exe
4060	Unicorn-8706.exe
1740	Unicorn-46210.exe
4800	Unicorn-12790.exe
1744	Unicorn-46210.exe
3100	Unicorn-50315.exe
376	Unicorn-13366.exe
1312	Unicorn-62567.exe
3956	Unicorn-25811.exe
3088	Unicorn-42701.exe
2332	Unicorn-35323.exe
1324	Unicorn-24837.exe
2908	Unicorn-44511.exe
3292	Unicorn-56934.exe
2772	Unicorn-60655.exe
3320	Unicorn-36705.exe
3012	Unicorn-56127.exe
4804	Unicorn-51851.exe
1420	Unicorn-15265.exe
2232	Unicorn-60655.exe
2172	Unicorn-36261.exe
4560	Unicorn-48130.exe
2756	Unicorn-11646.exe
696	Unicorn-19431.exe
4640	Unicorn-23455.exe
3856	Unicorn-7562.exe
2276	Unicorn-40789.exe
2560	Unicorn-24453.exe
3328	Unicorn-7754.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3580	556	bb9bd960e10fdedc409af7a53309bad8.exe	90
PID 556 wrote to memory of 3580	556	bb9bd960e10fdedc409af7a53309bad8.exe	90
PID 556 wrote to memory of 3580	556	bb9bd960e10fdedc409af7a53309bad8.exe	90
PID 556 wrote to memory of 2776	556	bb9bd960e10fdedc409af7a53309bad8.exe	96
PID 556 wrote to memory of 2776	556	bb9bd960e10fdedc409af7a53309bad8.exe	96
PID 556 wrote to memory of 2776	556	bb9bd960e10fdedc409af7a53309bad8.exe	96
PID 3580 wrote to memory of 772	3580	Unicorn-41695.exe	97
PID 3580 wrote to memory of 772	3580	Unicorn-41695.exe	97
PID 3580 wrote to memory of 772	3580	Unicorn-41695.exe	97
PID 2776 wrote to memory of 4232	2776	Unicorn-40625.exe	99
PID 2776 wrote to memory of 4232	2776	Unicorn-40625.exe	99
PID 2776 wrote to memory of 4232	2776	Unicorn-40625.exe	99
PID 772 wrote to memory of 2276	772	Unicorn-56407.exe	100
PID 772 wrote to memory of 2276	772	Unicorn-56407.exe	100
PID 772 wrote to memory of 2276	772	Unicorn-56407.exe	100
PID 3580 wrote to memory of 4656	3580	Unicorn-41695.exe	101
PID 3580 wrote to memory of 4656	3580	Unicorn-41695.exe	101
PID 3580 wrote to memory of 4656	3580	Unicorn-41695.exe	101
PID 4232 wrote to memory of 4668	4232	Unicorn-13594.exe	103
PID 4232 wrote to memory of 4668	4232	Unicorn-13594.exe	103
PID 4232 wrote to memory of 4668	4232	Unicorn-13594.exe	103
PID 2776 wrote to memory of 400	2776	Unicorn-40625.exe	104
PID 2776 wrote to memory of 400	2776	Unicorn-40625.exe	104
PID 2776 wrote to memory of 400	2776	Unicorn-40625.exe	104
PID 2276 wrote to memory of 4724	2276	Unicorn-62219.exe	105
PID 2276 wrote to memory of 4724	2276	Unicorn-62219.exe	105
PID 2276 wrote to memory of 4724	2276	Unicorn-62219.exe	105
PID 772 wrote to memory of 3292	772	Unicorn-56407.exe	106
PID 772 wrote to memory of 3292	772	Unicorn-56407.exe	106
PID 772 wrote to memory of 3292	772	Unicorn-56407.exe	106
PID 4656 wrote to memory of 1324	4656	Unicorn-30101.exe	107
PID 4656 wrote to memory of 1324	4656	Unicorn-30101.exe	107
PID 4656 wrote to memory of 1324	4656	Unicorn-30101.exe	107
PID 400 wrote to memory of 4360	400	Unicorn-40537.exe	109
PID 400 wrote to memory of 4360	400	Unicorn-40537.exe	109
PID 400 wrote to memory of 4360	400	Unicorn-40537.exe	109
PID 4232 wrote to memory of 4324	4232	Unicorn-13594.exe	110
PID 4232 wrote to memory of 4324	4232	Unicorn-13594.exe	110
PID 4232 wrote to memory of 4324	4232	Unicorn-13594.exe	110
PID 2276 wrote to memory of 4228	2276	Unicorn-62219.exe	112
PID 2276 wrote to memory of 4228	2276	Unicorn-62219.exe	112
PID 2276 wrote to memory of 4228	2276	Unicorn-62219.exe	112
PID 4724 wrote to memory of 1008	4724	Unicorn-44259.exe	111
PID 4724 wrote to memory of 1008	4724	Unicorn-44259.exe	111
PID 4724 wrote to memory of 1008	4724	Unicorn-44259.exe	111
PID 3292 wrote to memory of 4948	3292	Unicorn-61150.exe	113
PID 3292 wrote to memory of 4948	3292	Unicorn-61150.exe	113
PID 3292 wrote to memory of 4948	3292	Unicorn-61150.exe	113
PID 1324 wrote to memory of 2992	1324	Unicorn-15478.exe	114
PID 1324 wrote to memory of 2992	1324	Unicorn-15478.exe	114
PID 1324 wrote to memory of 2992	1324	Unicorn-15478.exe	114
PID 4656 wrote to memory of 1484	4656	Unicorn-30101.exe	115
PID 4656 wrote to memory of 1484	4656	Unicorn-30101.exe	115
PID 4656 wrote to memory of 1484	4656	Unicorn-30101.exe	115
PID 4360 wrote to memory of 2944	4360	Unicorn-58815.exe	116
PID 4360 wrote to memory of 2944	4360	Unicorn-58815.exe	116
PID 4360 wrote to memory of 2944	4360	Unicorn-58815.exe	116
PID 400 wrote to memory of 884	400	Unicorn-40537.exe	117
PID 400 wrote to memory of 884	400	Unicorn-40537.exe	117
PID 400 wrote to memory of 884	400	Unicorn-40537.exe	117
PID 4948 wrote to memory of 4556	4948	Unicorn-55883.exe	118
PID 4948 wrote to memory of 4556	4948	Unicorn-55883.exe	118
PID 4948 wrote to memory of 4556	4948	Unicorn-55883.exe	118
PID 1008 wrote to memory of 4020	1008	Unicorn-27103.exe	119

C:\Users\Admin\AppData\Local\Temp\bb9bd960e10fdedc409af7a53309bad8.exe
"C:\Users\Admin\AppData\Local\Temp\bb9bd960e10fdedc409af7a53309bad8.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:556
- C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
        9⤵
        
        PID:4916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        10⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14163.exe
        11⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
        12⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        13⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        14⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
        15⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42623.exe
        16⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        17⤵
        
        PID:4996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        18⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45387.exe
        19⤵
        
        PID:4524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59663.exe
        20⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        21⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56783.exe
        22⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        23⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
        15⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
        16⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8393.exe
        14⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50407.exe
        15⤵
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11974.exe
        16⤵
        
        PID:6352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5158.exe
        17⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        18⤵
        
        PID:4384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        19⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
        20⤵
        
        PID:6680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
        21⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49383.exe
        22⤵
        
        PID:6816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        23⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61610.exe
        11⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        12⤵
        
        PID:5384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56914.exe
        13⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        14⤵
        
        PID:4636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11678.exe
        15⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53775.exe
        16⤵
        
        PID:556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        17⤵
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        18⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29051.exe
        19⤵
        
        PID:6744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63171.exe
        20⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        21⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        22⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
        23⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24485.exe
        14⤵
        
        PID:5228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        15⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20971.exe
        16⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24775.exe
        17⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        18⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        19⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51267.exe
        20⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        21⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48130.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        9⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        10⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50095.exe
        11⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37215.exe
        12⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
        13⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        14⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
        12⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        13⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7562.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6934.exe
        9⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52798.exe
        8⤵
        
        PID:4012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
        9⤵
        
        PID:4140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58211.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
        11⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33457.exe
        12⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        13⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        14⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37719.exe
        15⤵
        
        PID:6520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        16⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        17⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        18⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61946.exe
        19⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        20⤵
        
        PID:6960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58127.exe
        21⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41781.exe
        14⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2602.exe
        15⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        16⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        17⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53119.exe
        18⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        19⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        20⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54339.exe
        21⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46083.exe
        22⤵
        
        PID:3088
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 832
        18⤵
        Program crash
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        13⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        14⤵
        
        PID:6508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        15⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62091.exe
        16⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        17⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
        18⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        19⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2922.exe
        20⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        21⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        10⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21663.exe
        11⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45923.exe
        12⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
        13⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13074.exe
        14⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
        15⤵
        
        PID:6552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63186.exe
        16⤵
        
        PID:5300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        17⤵
        
        PID:6888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38133.exe
        13⤵
        
        PID:4020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50438.exe
        14⤵
        
        PID:5880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26731.exe
        15⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        16⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        17⤵
        
        PID:5148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15594.exe
        18⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        19⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        20⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        17⤵
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        18⤵
        
        PID:1128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33403.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13366.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        9⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        10⤵
        
        PID:1148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        11⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
        12⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53567.exe
        13⤵
        
        PID:5188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8782.exe
        14⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        15⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        16⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
        16⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53570.exe
        17⤵
        
        PID:6396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
        18⤵
        
        PID:4504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60571.exe
        19⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14013.exe
        15⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62031.exe
        16⤵
        
        PID:6452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10962.exe
        17⤵
        
        PID:5972
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 464
        18⤵
        Program crash
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1605.exe
        12⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13058.exe
        13⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4418.exe
        14⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        15⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        16⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43495.exe
        17⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        18⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        19⤵
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        20⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
        21⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        22⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        23⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45232.exe
        24⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23717.exe
        15⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
        16⤵
        
        PID:5428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        14⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
        15⤵
        
        PID:6404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22063.exe
        16⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        17⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32559.exe
        18⤵
        
        PID:6120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26991.exe
        19⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60727.exe
        20⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        21⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
        22⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
        13⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        14⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23023.exe
        16⤵
        
        PID:5432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
        17⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18615.exe
        18⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
        19⤵
        
        PID:2328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 464
        20⤵
        Program crash
        
        PID:7160
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 424
        20⤵
        Program crash
        
        PID:6236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8341.exe
        14⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        15⤵
        
        PID:5276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        16⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43887.exe
        17⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        18⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24453.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
        8⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12274.exe
        9⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33759.exe
        10⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
        11⤵
        
        PID:5180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27423.exe
        12⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        13⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39255.exe
        14⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7646.exe
        15⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
        16⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27543.exe
        17⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        18⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4058.exe
        19⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8054.exe
        20⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63982.exe
        15⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12166.exe
        16⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36413.exe
        17⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10690.exe
        18⤵
        
        PID:4896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23549.exe
        19⤵
        
        PID:4232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33845.exe
        20⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18211.exe
        21⤵
        
        PID:7144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19311.exe
        22⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24853.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51595.exe
        12⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
        13⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14890.exe
        14⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-438.exe
        15⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
        16⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47527.exe
        17⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58007.exe
        18⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        19⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
        20⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        21⤵
        
        PID:4572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        22⤵
        
        PID:7624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        23⤵
        
        PID:7436
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 696
        19⤵
        Program crash
        
        PID:5848
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 760
        18⤵
        Program crash
        
        PID:3592
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 848
        16⤵
        Program crash
        
        PID:6840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
        14⤵
        
        PID:684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
        15⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        16⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40903.exe
        17⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
        18⤵
        
        PID:5628
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
        19⤵
        Program crash
        
        PID:3748
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 444
        19⤵
        Program crash
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
        12⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15082.exe
        13⤵
        
        PID:5040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        14⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50127.exe
        15⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
        16⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53347.exe
        17⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
        18⤵
        
        PID:5508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27847.exe
        19⤵
        
        PID:5168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
        20⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        21⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37427.exe
        22⤵
        
        PID:6892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        13⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34943.exe
        14⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35275.exe
        15⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        16⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        17⤵
        
        PID:5440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        18⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
        19⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19431.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:696
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12790.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        8⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
        9⤵
        
        PID:4808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46011.exe
        10⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32939.exe
        11⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        12⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
        13⤵
        
        PID:5528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        14⤵
        
        PID:4584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30179.exe
        15⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
        16⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        17⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-446.exe
        18⤵
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
        19⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
        20⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        21⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        22⤵
        
        PID:7412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        23⤵
        
        PID:6916
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 844
        20⤵
        Program crash
        
        PID:8168
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 844
        19⤵
        Program crash
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51154.exe
        14⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        15⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47911.exe
        16⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        17⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        18⤵
        
        PID:6944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55174.exe
        19⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31407.exe
        20⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        21⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53187.exe
        22⤵
        
        PID:6540
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 736
        19⤵
        Program crash
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
        7⤵
        Executes dropped EXE
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31823.exe
        8⤵
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        9⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7365.exe
        10⤵
        
        PID:4948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
        11⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        12⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
        13⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        14⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64579.exe
        15⤵
        
        PID:4656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 488
        16⤵
        Program crash
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44906.exe
        14⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24803.exe
        15⤵
        
        PID:4644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32735.exe
        16⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26399.exe
        17⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
        18⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        13⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11294.exe
        14⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        15⤵
        
        PID:5304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24863.exe
        16⤵
        
        PID:5264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48895.exe
        17⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
        18⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7754.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56135.exe
        8⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8766.exe
        9⤵
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57495.exe
        10⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
        12⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41839.exe
        13⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12778.exe
        14⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
        15⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28015.exe
        16⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        17⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42765.exe
        18⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        19⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        20⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
        21⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        22⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        23⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
        19⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        20⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        21⤵
        
        PID:7608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29067.exe
        22⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
        23⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36737.exe
        15⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17005.exe
        16⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        17⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16415.exe
        18⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
        19⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        20⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23809.exe
        21⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49606.exe
        19⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26763.exe
        20⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27287.exe
        21⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        14⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        15⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60163.exe
        16⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15438.exe
        17⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27411.exe
        18⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64307.exe
        19⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44951.exe
        20⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
        9⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19933.exe
        7⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39659.exe
        8⤵
        
        PID:3244
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        8⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62051.exe
        9⤵
        
        PID:4228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
        10⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        11⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61735.exe
        12⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
        13⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61979.exe
        14⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61507.exe
        15⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        16⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56058.exe
        17⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
        18⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28947.exe
        19⤵
        
        PID:5768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        20⤵
        
        PID:7060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46975.exe
        21⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        22⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15663.exe
        23⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41257.exe
        14⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
        15⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58243.exe
        16⤵
        
        PID:7148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        17⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46819.exe
        18⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        19⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2050.exe
        20⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        21⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        22⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20811.exe
        23⤵
        
        PID:7432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62567.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60655.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        8⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22171.exe
        9⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59607.exe
        10⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
        11⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
        12⤵
        
        PID:5056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54247.exe
        13⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
        14⤵
        
        PID:5412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29411.exe
        15⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
        16⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
        17⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        18⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        19⤵
        
        PID:220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        20⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        21⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
        22⤵
        
        PID:7296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        23⤵
        
        PID:7560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        24⤵
        
        PID:6256
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 220 -s 736
        20⤵
        Program crash
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
        14⤵
        
        PID:656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16059.exe
        15⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13326.exe
        16⤵
        
        PID:5124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
        17⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        18⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8085.exe
        19⤵
        
        PID:6008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12486.exe
        20⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
        21⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38003.exe
        22⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
        23⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42361.exe
        22⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60774.exe
        7⤵
        
        PID:4892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39467.exe
        8⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61096.exe
        7⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37023.exe
        9⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47843.exe
        10⤵
        
        PID:5004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44823.exe
        11⤵
        
        PID:5444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33671.exe
        12⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47179.exe
        13⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25519.exe
        14⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49779.exe
        15⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
        14⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6686.exe
        15⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        16⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        17⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        18⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
        19⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        20⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20987.exe
        21⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18351.exe
        22⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1734.exe
        23⤵
        
        PID:4936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26793.exe
        22⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38325.exe
        13⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        14⤵
        
        PID:6648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 640
        15⤵
        Program crash
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7557.exe
        9⤵
        
        PID:4264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45015.exe
        10⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
        11⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25223.exe
        12⤵
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
        13⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63427.exe
        14⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        15⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
        16⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
        17⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        18⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55143.exe
        19⤵
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        20⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61163.exe
        21⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
        13⤵
        
        PID:5252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49691.exe
        14⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
        15⤵
        
        PID:4676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8585.exe
        12⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
        13⤵
        
        PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        8⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51911.exe
        9⤵
        
        PID:3088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23827.exe
        11⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23967.exe
        12⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7926.exe
        13⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
        14⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43583.exe
        15⤵
        
        PID:5784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        16⤵
        
        PID:6448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47255.exe
        17⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
        18⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
        14⤵
        
        PID:3460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
        15⤵
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10778.exe
        16⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39471.exe
        17⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33244.exe
        18⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28615.exe
        19⤵
        
        PID:4752
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 724
        20⤵
        Program crash
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
        11⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
        12⤵
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        13⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        14⤵
        
        PID:5856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47579.exe
        15⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54551.exe
        16⤵
        
        PID:5648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        17⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12138.exe
        18⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        13⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
        14⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17773.exe
        15⤵
        
        PID:6868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57343.exe
        16⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
        17⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        18⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        19⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33343.exe
        20⤵
        
        PID:6044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49015.exe
        21⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55943.exe
        7⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3665.exe
        9⤵
        
        PID:4348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        10⤵
        
        PID:5800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11646.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
        7⤵
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
        9⤵
        
        PID:4168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        10⤵
        
        PID:456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12866.exe
        11⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        12⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5015.exe
        13⤵
        
        PID:5268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
        14⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43059.exe
        15⤵
        
        PID:3856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18563.exe
        16⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32839.exe
        17⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        18⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20743.exe
        19⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61495.exe
        20⤵
        
        PID:4368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
        21⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21029.exe
        12⤵
        
        PID:4976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
        13⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
        14⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60939.exe
        15⤵
        
        PID:6564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29715.exe
        16⤵
        
        PID:7068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46347.exe
        17⤵
        
        PID:5908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5942.exe
        18⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        19⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        20⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
        16⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
        17⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40115.exe
        18⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
        19⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63083.exe
        20⤵
        
        PID:5772
- C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2776
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25811.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 712
        7⤵
        Program crash
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40789.exe
        6⤵
        Suspicious use of SetWindowsHookEx
        
        PID:2276
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 636
        7⤵
        Program crash
        
        PID:4860
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 728
        6⤵
        Program crash
        
        PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50315.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48211.exe
        7⤵
        Executes dropped EXE
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27355.exe
        8⤵
        
        PID:4380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24719.exe
        9⤵
        
        PID:436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7334.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12902.exe
        11⤵
        
        PID:4320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        11⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62503.exe
        12⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
        12⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
        13⤵
        
        PID:4128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21627.exe
        14⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48819.exe
        15⤵
        
        PID:6432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27107.exe
        16⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
        17⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
        18⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
        19⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
        20⤵
        
        PID:6968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56207.exe
        21⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19865.exe
        22⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17469.exe
        14⤵
        
        PID:6684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        15⤵
        
        PID:4864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23415.exe
        16⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        17⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21516.exe
        18⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19155.exe
        19⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46695.exe
        20⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47183.exe
        21⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7406.exe
        22⤵
        
        PID:4372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
        19⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6342.exe
        20⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23395.exe
        21⤵
        
        PID:5604
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 760
        19⤵
        Program crash
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55046.exe
        13⤵
        
        PID:4776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16723.exe
        14⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
        15⤵
        
        PID:4668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30343.exe
        16⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56295.exe
        17⤵
        
        PID:5488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61479.exe
        18⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        19⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        20⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
        21⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
        9⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11750.exe
        10⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7106.exe
        11⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15849.exe
        7⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
        8⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10214.exe
        9⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
        10⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        11⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23111.exe
        12⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
        13⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1398.exe
        14⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35327.exe
        15⤵
        
        PID:6336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47535.exe
        16⤵
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
        17⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52403.exe
        18⤵
        
        PID:5284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        19⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10026.exe
        20⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32087.exe
        21⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11578.exe
        22⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8366.exe
        23⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        13⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43687.exe
        14⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        15⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
        16⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16799.exe
        17⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
        18⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43165.exe
        19⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46799.exe
        20⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52139.exe
        21⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34277.exe
        10⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47391.exe
        7⤵
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12357.exe
        8⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28087.exe
        9⤵
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14978.exe
        10⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
        11⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
        12⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59239.exe
        13⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
        14⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60858.exe
        14⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42409.exe
        13⤵
        
        PID:5152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52711.exe
        14⤵
        
        PID:6380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
        15⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27499.exe
        16⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51095.exe
        17⤵
        
        PID:5200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27463.exe
        18⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
        19⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24495.exe
        20⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
        21⤵
        
        PID:5588
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19571.exe
        7⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
        8⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19705.exe
        9⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-998.exe
        10⤵
        
        PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13537.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6742.exe
        7⤵
        
        PID:1220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
        8⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37843.exe
        9⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5533.exe
        8⤵
        
        PID:5532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
        9⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28413.exe
        10⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
        11⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28259.exe
        12⤵
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
        13⤵
        
        PID:4328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2462.exe
        14⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
        15⤵
        
        PID:5296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
        12⤵
        
        PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47967.exe
        7⤵
        
        PID:644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40287.exe
        8⤵
        
        PID:488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52103.exe
        9⤵
        
        PID:4112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
        10⤵
        
        PID:4236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
        11⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32497.exe
        12⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23405.exe
        9⤵
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20489.exe
        10⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
        11⤵
        
        PID:5236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15711.exe
        12⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40127.exe
        13⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27247.exe
        14⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
        15⤵
        
        PID:6636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
        16⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8142.exe
        17⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
        18⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37079.exe
        19⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        20⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
        21⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49103.exe
        22⤵
        
        PID:6776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24909.exe
        19⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        20⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10758.exe
        21⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
        13⤵
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
        14⤵
        
        PID:6580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7078.exe
        15⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23083.exe
        16⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
        17⤵
        
        PID:4640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44007.exe
        18⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44531.exe
        19⤵
        
        PID:7844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13498.exe
        20⤵
        
        PID:5440
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 752
        18⤵
        Program crash
        
        PID:7876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24069.exe
        8⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65227.exe
        9⤵
        
        PID:4636
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 632
        10⤵
        Program crash
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 3956 -ip 3956
1⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 496 -p 5000 -ip 5000
1⤵
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 2276 -ip 2276
1⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 4636 -ip 4636
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 632 -p 5108 -ip 5108
1⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 500 -p 5800 -ip 5800
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 656 -p 3196 -ip 3196
1⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 5932 -ip 5932
1⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 680 -p 2200 -ip 2200
1⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 5272 -ip 5272
1⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4656 -ip 4656
1⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 6648 -ip 6648
1⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 5972 -ip 5972
1⤵
PID:1376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 1828 -ip 1828
1⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 5428 -ip 5428
1⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 616 -p 3184 -ip 3184
1⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5628 -ip 5628
1⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 480 -p 2256 -ip 2256
1⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 680 -ip 680
1⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1940 -ip 1940
1⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 2328 -ip 2328
1⤵
PID:2040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 664 -p 5628 -ip 5628
1⤵
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 604 -p 220 -ip 220
1⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 7008 -ip 7008
1⤵
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 6956 -ip 6956
1⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 452 -p 5440 -ip 5440
1⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 6192 -ip 6192
1⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 7064 -ip 7064
1⤵
PID:1184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 688 -p 6944 -ip 6944
1⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 6976 -ip 6976
1⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 704 -p 5004 -ip 5004
1⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 608 -p 6028 -ip 6028
1⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 6024 -ip 6024
1⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 4868 -ip 4868
1⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 2328 -ip 2328
1⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 636 -p 4752 -ip 4752
1⤵
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 684 -p 5308 -ip 5308
1⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 7028 -ip 7028
1⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 5152 -ip 5152
1⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 2676 -ip 2676
1⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 576 -p 4256 -ip 4256
1⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 720 -p 4640 -ip 4640
1⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 6628 -ip 6628
1⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 556 -p 3088 -ip 3088
1⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 504 -p 6008 -ip 6008
1⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 624 -p 5632 -ip 5632
1⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 4572 -ip 4572
1⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 5920 -ip 5920
1⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 672 -p 7124 -ip 7124
1⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 564 -p 2240 -ip 2240
1⤵
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7220 -ip 7220
1⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6484 -ip 6484
1⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 640 -p 7844 -ip 7844
1⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 740 -p 5972 -ip 5972
1⤵
PID:4932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13594.exe

Filesize
184KB

MD5
f09909cf8791033313d635cf9d6a73c5

SHA1
3518791302e80fc9fcd4b81b606517ac0e8b529c

SHA256
83df360d4608b8e0899b7e4e3751a35c20bbef0d6c80b4d408c7351e814d4fca

SHA512
a21d63d233092a3619708521a3e8bc744a4ef221dc08c2ca57e39f37d765d7fc92c88c3fdc311979442547e8e3596f686fc96c8664c4d45673954dc9fd69283c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe

Filesize
184KB

MD5
7dcf664b980bce800a632cdfa3dfd19f

SHA1
964badc26f89c0c14fe64fd90be236061615fbc3

SHA256
02027f3cd819f6d11e93280e14cf58d50aee3dac4d1703f7202de06639b31ab6

SHA512
1b79081b47e9a25725e1ff49392fc96a3cf870b9517481eb52db3eb83b0431f261e720e45fac39bfcde2be939032c76f2e83f15d7504e920914ffcb02a8e5f08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe

Filesize
184KB

MD5
88262bc96119e7dbdbd2a5602ed4dd90

SHA1
2c0c5e7fdfcbf2ba069069a740c842245b9e45ce

SHA256
87225187f19cd4a26aff7650efd62f61d755e8b95e448d1aaef3025f19207687

SHA512
97aeb05f85ee92d90c936e62e95e3deef3726c4383d8c8dd828b7c1ecd58ed76563124d7e63af33a97b0308e01ff6cdf62e609094016601175b9f8f555c64ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19681.exe

Filesize
184KB

MD5
b37ed121edadbeee96ae826fbf101bac

SHA1
ac801f955d0d54efaa392540d39744d6d97c2e84

SHA256
3b9ecc15391947336f5ca4a5637c4d15d1b4009072e00715d79f250de26dd065

SHA512
df1649bdb2740bccfd252dbacf481e5d9ce1c907cb652808f85eee5dc8afdf8765b3676320cbd7ebefd08b17f5cdf1e62760ce382a4b6af66a4758cfb070ac86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20553.exe

Filesize
184KB

MD5
6cf66aec9134d03d861a49b5d9c758a6

SHA1
dad22f282acb1da815b4a593cab6bb286dcd01b5

SHA256
a680f7476a1bc3770b5bb326bf712226a6dc46a4c27bf64c31d5a1258d3008aa

SHA512
f3781c5903aa8afb2071cc0cea449da8bc485255163879957f182c7619d50edc9885afb27e8dbf198de93f0ae0d85eb51a3db431ca1bf6e153c492906bd7141c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe

Filesize
184KB

MD5
953d3447150c6902b8086fffbe7a6bb7

SHA1
d054ded0d40d5cd6dd4847cc1a96932b7a4c9090

SHA256
ec45b8bef8a94adeac9f1a89b98589ac1221a081df566a8f0011eaa183429df0

SHA512
bc5b002fe09819ffd8417ae2733a3af228aed09bb2aaf548427e98b7fff3fa08ea3bfc3210d2008a27dad3e984f46fd8d6f810e150c983cf29f35a9f43874afa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe

Filesize
184KB

MD5
2fbe3fa8d69b6e3dfe28926fbc2c6e56

SHA1
9d1d586ce37ffe4f642b2e055a53792fb0560375

SHA256
0aadd0b22648960dd1f427dea982cdb7eadffd98a975531ac1f91987b07565f4

SHA512
ec88ee5c8727bc12b740bdb11e93afe199bbc5db63a5d4439c13408cfa0e27a40d924ba2043a941d2b26ee17d45329ee544ebd9c381f03b14b896198631250c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21601.exe

Filesize
184KB

MD5
f58b099ea627e49043ac750f536ea6a5

SHA1
4f0d26d2677ad1d3265c80c8ee2d4945de150de7

SHA256
73869c1680ad4ad5c2b333feb15ea2940d4422914858a2382d64466394f2fd32

SHA512
769bb79cc459c899c18a455798bc24ae3f7aa33734ea0b1a2f084ef4930014591df1b8a56fa4649434283593a43d6950312f178c527f5ad25e8bf481ab39942e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27103.exe

Filesize
184KB

MD5
fd1007abacc39388cfed6f322623377b

SHA1
3b8dd48a36e500e3c6037f7a39356add4ef60368

SHA256
7fe6add5772232c330295fa194fb903090afd8ef96454b3e2c7f739a9cc1d6ef

SHA512
201b75747cf57df85527242782a86b7210db04cc1365371ce5d3de0b8e44d2fc88056af3e99ead63966c867ee20ddf9cf02780e38b63fbe18bde8c38529baaa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe

Filesize
184KB

MD5
d2e6deae9fcbeb84f45ae71bc946be59

SHA1
3c12a10fecd630c52deeec7ead050c4dfad9773d

SHA256
0278ad12b34bdedec0237084b2cb4f7c0dc3dacfdce8d1ae8a6c55d376ed6c66

SHA512
ba2539c3d19f29bd992b3395bbde550ca66f2892d44d30d065a107df9b50317720331b47259b72a6020eb4811c49ec434346377a050bd92b3b540940c195a5b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe

Filesize
184KB

MD5
44698179d09f30e60f7f0bf076a0b925

SHA1
e1a4b4bd2a6ebab928be5724d9e05055cc3cbd59

SHA256
8ec443d9a38d45aa26d4dc84f3814f8065e453d8f95ba890af89a3148c2af8fa

SHA512
9ea71605c75a35cc11f42745cf5aa096cfa89866c5f8415585de27d32de17bf6f940d389d2259cc491e4c3777f52a432208389c99d7a489fd9ace8b9b988c835

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3034.exe

Filesize
184KB

MD5
0a8972f8f4460e03f0d51a7e0a8cb298

SHA1
d4357c3726ef7a7df477503161e8f9815b95684e

SHA256
d4eeae093343e0607dec5683cd9ecae29136e6150e17c87917feb3bdec8e64df

SHA512
f7ea8f3de500e2cdec07e3b78abab4226c94d88db171eed22b8eca7172ddcade08ee14b4a319c2dbde13b80366d671cfdf07e649b70302e911c29458b87e45bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe

Filesize
184KB

MD5
1ba670fa9e5d9ff03dc36f84cd2488fe

SHA1
c9fa0fffa48bfbeb259715ad1f49c9b5f53a5f15

SHA256
5e9c016daee6868d809f962f1133edc0c586d30e08231c96f8cf792092c5e6a6

SHA512
5075b9dba9fc22f8af628a6ddcc79423f5f3bec20ef1c3fe029b3602e3328f0fc6ac739acf7413b243a3f48faa89433a0084455d8d74e95f057816e87d5eda50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe

Filesize
184KB

MD5
750f61de09c06d41aecc6a224c61d000

SHA1
25961ac349deac149faa4ee3a37c4846f4810db0

SHA256
5671257b0aa6ec13067a9306f4551af7c36c0cb5fb1d55195f9521f25da730fe

SHA512
b176bcc9d27e6cbcf3b950a16a498623eaa44c66cc6c1ef0376937f359d8f1092689e541a7d11e957eacbbbaa98c3f868410bbe3de5f31f984618f549cff1d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40537.exe

Filesize
184KB

MD5
1adb14ca0772b96a9698e04cef82931f

SHA1
fbc3062647f8f52ba6ae0cdf2803966bad8b98ce

SHA256
bf6121603c4e406e2abf5d1fc653e99b4d056c1d4987aa8b666722d85122ac74

SHA512
76ac255df42614209b41ebb5f40c2c77fdadbfa3c3f61bd893a35eb55f7da886d249282a018c5fdb08b2e4aacc4a2f0225631e6ab88bc7a69231181af52582f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe

Filesize
184KB

MD5
c9ca3400c34574810e722f216fa3a8e4

SHA1
7de6473c770c0da4720c0310d710d791f67301d8

SHA256
91e8d09017cab8186f83a4131e0e088cfa737f322ab9ad8274b96f16ddb1b01f

SHA512
d014b88cda0546246adddeccfca4c979d05e110e2cb3e7053779273963b51f62dc24e6aea23b8d5ac1d5e5d7b5dd6289d35db73b0ab839bc5af443f653ac1274

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe

Filesize
184KB

MD5
402bb5ce72d5840e6c2a6eaf3b9755d6

SHA1
43f52a68c02a3fded539e2a6979463d7cb8d014c

SHA256
1aff3bd7c049c9f2bb97aa7f31dab05ec398f9797d0b32c50767245313e97285

SHA512
0fb8ae53c87b33b2b713d3d99a7033f9ff6e98b7e173d1ada07d9f40347d236f3d4d2f07c09f038005529898c487be496fc8c843a3d952571a734da4c796fda0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe

Filesize
184KB

MD5
5b2fa70ba63db0da97599e87f1482d0a

SHA1
7debcae4af94c9c3bcd598f8319f9fd4b4f2bf9c

SHA256
edd2a5105681fa894b3a2097ede01844895558392134cd913f854297b30ee82d

SHA512
13115d3d19c347771747e256452dbb3287ec4ec99a86841c50e90144345b79508ee206c91a9b0531a7a054c2649f1ad8f622e3b35a7a107a6379d0c880a157b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41695.exe

Filesize
184KB

MD5
189ff441f55a4fa73bf3f224ac20a536

SHA1
4ff1348baef73c1026901015d5a56484cc4f277a

SHA256
ae0a49101ae3d2aeb26681094bd989a5d28ec4988aa4eeb280c93b962475cba6

SHA512
dd95cb3b4cea5bc8eb761c6eae3530a3ec3f2d2c85a0003fb8b0757165b8030ad258ff5ec752b893aa33bd46c9295ab644919d3b5b4fdb291702fa467be4a02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe

Filesize
184KB

MD5
c6ef9c202bc094fb61b7560b9046c063

SHA1
e432c455eb0a9211c0d9a7960c21c663d1c8010b

SHA256
994bfaa8b82ed032bce1bd06e48fdd6013cb74b8f3d260933596f36c36611395

SHA512
ca637fb6a4ec7023d68779d228c848aac0565a407956822320432476241fdb58d2d7569e89ce3f30243e29d0e9548dce377377141c2115ed3e7c211b9e1d7f0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe

Filesize
64KB

MD5
ae96c66511e11082d87a39b67e105bae

SHA1
0ceb474b29963fdcd48c967c2c75680326f072eb

SHA256
dd34116514e5237d028593f285242e28e2f4d0bc7ae2e8b21bdc78f9db888dfe

SHA512
9b5563b49462cd7428497c02d38b42c56428f4ec804a596c7a76d62c33935360f88ca10334d4c71851dc53045194e98c180d425e5dfe3fbc167512ad188e82e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44259.exe

Filesize
184KB

MD5
ce243862fe1b92e07f9542455e974d34

SHA1
85db547a192f446b1639cfaedce546817c5f10ea

SHA256
d9628c81cdde756f3bf4fcbe765a4628ed44874ac3b3918d438db6b10de857e7

SHA512
4fadcc49e8621e7ba04dc17a0be87152a4bf92092a9bcdc66a9e3f0b22a8eda1803efd71c390ad67ad44e1470d6024c0e8924e76e92a59fd3e1592951d7fa452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45551.exe

Filesize
184KB

MD5
392e6713911cead96f00782e288bdd7c

SHA1
14ad676da2b7d106b53c267e6e358821b31378f6

SHA256
524a016cd2493f9e3f507a6f33d9bd999ea934afffd80bc3449a0cd321478288

SHA512
3349c82a05e581dfaf33e1d0b94a6e701d143ffd59144198aa36ed6592234efd1ab18b5efb51af4b84bc90f96f0a199f1959894d4a25f0dd613ab97afe4fa142

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe

Filesize
184KB

MD5
f241e0389cbafc33f002fbe5a19b08e8

SHA1
29f66180a331d7c083f99ec9db0c7af2f11bd722

SHA256
115f057d3decd9017088b98adab60a9fd6a47c7494867fe049ae3daedc30e2bc

SHA512
4862ee3808e0dd10a65896cd64ba274e23027ec567bfb26840241d0c76ccf45fc71c55bc023afc74f21c0a14786f364139d3ae0e2f56f8ad85dbdfed5fe995f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe

Filesize
184KB

MD5
119a5e8490e0bb57595ebbac50ca99ca

SHA1
2214c8f5b71b1241e323ab04083a75ac580278fd

SHA256
c9937f9131a691a31b620152eddbd37d6fa0c34f278ece9bedd4a9a7a5b90f88

SHA512
14c59b4baae79123bacdc58f50524884407a8b820fdcefc75082011e202fecfcc389e550ee0bba1c5521a52484b04ac2f0620137f2efb883652da927754ebf89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5073.exe

Filesize
184KB

MD5
ca0475b01b3274a26e9489e1da205198

SHA1
201150e437947c219854208c2a485db27e93ff09

SHA256
9ccf36843e8e6cbff9c0f328cd0c4af9a8c0e70510001b0b19d1f4071f09d627

SHA512
59b839c29cd9391d8eaa482bd4e1ab847edf6c171ff20d18812a03bdb8521e268c943f472cf04f3f2473370d5cabe405c34901e7db5a15768ec84e5564908ce3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe

Filesize
184KB

MD5
4cedb4f5ae816ad6bc33714de9ae3b9f

SHA1
3a56c5a468e4e6e34cf82f2fccca1d0a78259a2c

SHA256
5f039a23d9446a465f74747f1bfc8057d21d74a5bbf4f015a53b76f7fb9ca3a7

SHA512
000541edc6b3e5e0020fddb1224c86546bcfdeb59ddcfb57c4f3b0dc52f00a7b3d3f8eeef12b1fb338884646d8f7ad627545943f6ab8e1a4bbecfbc496035b53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53719.exe

Filesize
14KB

MD5
649a782fd6f82bf89de6f6e0be60cb55

SHA1
be9f30a5fda2de2bc9864a146480c4c5e58a12b2

SHA256
45b8df71c28f2883a2d4245d42a69a447934956596e4d1343f5cfc271722e4c7

SHA512
f0b64498f2fb48081a8c2112bb01977ed190ac697bccfacaa7e580afb78890cbe95defe5cfe325bfbf92baa960fa2faddfb70ceb50eaf74f5461b4a0e9ba8b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55883.exe

Filesize
184KB

MD5
d63d9994d2bf5a16017a350d6e5e748d

SHA1
61b481f7bd876318e5fab8c251216dffe4c3ba32

SHA256
e244ccf98dc425f87bb192778595f950c894f94473564aa90b6365531ceab899

SHA512
6cf1de5aa2e8c58bdd1851c3b4dd9d1d50f2c06c77b615386e0bd52949c58617348b2d47a70eaa269ac4c7981b2ac9381329d2fc9a9d822a170ff807afdbcd84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56407.exe

Filesize
184KB

MD5
5f3f005a7afb81cea2ace037153aa9d8

SHA1
f61fb81485526df74afd1e15c1c156a4fac0bb35

SHA256
eabaf6e27ef483ebeed4965d49ee259c30efe9921f3d35e5752008b74e9613af

SHA512
803ee9e1f5487f18e8dfda61e25cea6aaf80b6bcbd8bbfa8ffc66cb5b4967c640dd79affcf156b20b59cc3d23913327b871cfc5e7e2ff55343edc4c292f75a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe

Filesize
184KB

MD5
dbb74738a6d5afb5ce6124cc21fd5e7e

SHA1
9a7c16264ea16109d82f11759277c05235451afa

SHA256
cfa1e480c1caa2615a2c3f63a01a8fdf451adc4495e3083857fd7eb09f9f03f6

SHA512
5a71147ff41a46783f382abb2b2e17250a3a519d379ac9520caf23e255566b60e4b04960cb83abb0a1d5fc1cef4cfc7af9287b8e67b94d59c54604bf87035ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe

Filesize
184KB

MD5
e54c581cbaf9dd73cffd512ca5ed7524

SHA1
251416da84fb08b565a9d0cc2d0edc84cd13b6a9

SHA256
3ecbda5750fb7047db0131bfb6d7b120ae540cbd858ed33e8fae6278b88aa4f6

SHA512
931f1384e085d996c7af699086fb1c5d201e812ad27f50025bbf4c6e39ad8e54cb8f0197cfffea5c6f26721e8a926b61c9253e05d7f10d22075aaad1d72030ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61150.exe

Filesize
184KB

MD5
20c5123551e94fb5a8708bc47ddbbc5d

SHA1
5ff3a2bf720d2ceb1469ac14373ec482426be448

SHA256
fdc0bda7b2a76321cbab0206a7e3f8d0ea79006d5c105cbf533b97fd138fd908

SHA512
ed7a0f86c30acbbcc175aba9ec247c2e7272ecd7662addea102b574df7cba9dc54aa51ddabe7fcb77585266c380e28471b8ae62a83ce739a788f85fd84857f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62219.exe

Filesize
184KB

MD5
0967ec9dc63ca2308dddafd803a9128a

SHA1
cd1cf75e7477694fae2cad4406b385d7091e03bc

SHA256
68e5d5a569fa02d4d18d011d9002f15bccf70a3fa10be4bff3800dec14662608

SHA512
c110fac1de124f91bc0fbab8919e445bcabecd3348e1fbed7a1b5bf8ac5ab7d4256f3f6c3c5eab9c86b555eb00c4fe1356dbf62fb8cb71495639afd3d8ab2848

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64414.exe

Filesize
184KB

MD5
7af9019659117886c05575431ad7f752

SHA1
66632ef0d1f8457c69f3a9a055903e5752de0e1c

SHA256
c2e30cb76d41dff97989a8d1731068bc76e853468e50db00fbaff07b35dc49a3

SHA512
ad0bada26b989e0d59dc1c969884c0e58b0d94474b73b1bd943d0e26bb044bcd45e6e3888d7de6b642b46e8033d659c363854ea516381f964778ccc1a72817f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8794.exe

Filesize
184KB

MD5
71df51c64968889d097cb0d703dfbdf5

SHA1
5a4c21d8ca66272b8590dc2503ff987fd4bc7e29

SHA256
1ae0b438778821a3dde73410ee146b295fb576506d8f3a57ffc68976f43855c2

SHA512
42dc36b7c9738af21b868aed30a250f2dd51c4ab31b2b6e48d51588115b87828bef9a3c182b5dcf43a8e682110ecbc61ddd3ef69f20c3231d4249f1624eed562

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads