49794cd18247424e1e5cae3299db5a75f889f9b09826e88971b77aa600c1e5cd

Analysis

max time kernel
150s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 01:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
Size

188KB
MD5

2a81c4118c3d0e4fa8ab50adb28ba3b5
SHA1

239559b7d7882149c74e8dcaec744b508eea436b
SHA256

49794cd18247424e1e5cae3299db5a75f889f9b09826e88971b77aa600c1e5cd
SHA512

3acf434756dbfc2e13bfe564dc81a5416806dc79bfa36eb2ee6c3cb7941c6a3946245393c30ab2397213914cc29d07a678a33e1467f789537eaeef648eb6a54c
SSDEEP

3072:UBccoVOv89xf0OjiZUFbKJOLltQsMuN3IHgxFhs6RNlztpF4:UBToLnf0xZ8bKJpYdNjNlztpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1572	Unicorn-54980.exe
2780	Unicorn-57523.exe
3024	Unicorn-13153.exe
2988	Unicorn-2492.exe
2612	Unicorn-41064.exe
2632	Unicorn-52762.exe
2000	Unicorn-27738.exe
1860	Unicorn-23100.exe
1408	Unicorn-22908.exe
2204	Unicorn-63940.exe
2940	Unicorn-52243.exe
2904	Unicorn-55419.exe
2496	Unicorn-43529.exe
888	Unicorn-4018.exe
2152	Unicorn-61195.exe
2100	Unicorn-4402.exe
1796	Unicorn-41905.exe
2356	Unicorn-61771.exe
548	Unicorn-58050.exe
1704	Unicorn-292.exe
1696	Unicorn-13291.exe
1916	Unicorn-59581.exe
3056	Unicorn-44314.exe
1748	Unicorn-24448.exe
1668	Unicorn-59882.exe
2532	Unicorn-16088.exe
2268	Unicorn-35954.exe
832	Unicorn-35954.exe
1544	Unicorn-1081.exe
1536	Unicorn-46753.exe
2784	Unicorn-14075.exe
2168	Unicorn-46940.exe
2604	Unicorn-35626.exe
2588	Unicorn-13499.exe
2140	Unicorn-42834.exe
2608	Unicorn-62700.exe
1892	Unicorn-9778.exe
2004	Unicorn-9778.exe
2260	Unicorn-5139.exe
3048	Unicorn-44288.exe
2280	Unicorn-17065.exe
2976	Unicorn-12383.exe
2088	Unicorn-48585.exe
2236	Unicorn-40993.exe
2812	Unicorn-45632.exe
1500	Unicorn-65497.exe
2968	Unicorn-38793.exe
784	Unicorn-43431.exe
2128	Unicorn-33038.exe
2156	Unicorn-22985.exe
1664	Unicorn-64978.exe
2528	Unicorn-19307.exe
1448	Unicorn-60147.exe
2676	Unicorn-60147.exe
1488	Unicorn-52171.exe
2616	Unicorn-52363.exe
2504	Unicorn-64018.exe
1732	Unicorn-18347.exe
324	Unicorn-18347.exe
680	Unicorn-40966.exe
2696	Unicorn-54584.exe
2768	Unicorn-43462.exe
2708	Unicorn-63328.exe
2576	Unicorn-25782.exe

Loads dropped DLL 64 IoCs

pid	Process
2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
1572	Unicorn-54980.exe
1572	Unicorn-54980.exe
2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
2780	Unicorn-57523.exe
2780	Unicorn-57523.exe
1572	Unicorn-54980.exe
1572	Unicorn-54980.exe
3024	Unicorn-13153.exe
3024	Unicorn-13153.exe
2988	Unicorn-2492.exe
2780	Unicorn-57523.exe
2988	Unicorn-2492.exe
2780	Unicorn-57523.exe
2612	Unicorn-41064.exe
2612	Unicorn-41064.exe
2632	Unicorn-52762.exe
2632	Unicorn-52762.exe
3024	Unicorn-13153.exe
3024	Unicorn-13153.exe
1860	Unicorn-23100.exe
1860	Unicorn-23100.exe
2988	Unicorn-2492.exe
2988	Unicorn-2492.exe
2000	Unicorn-27738.exe
2000	Unicorn-27738.exe
2940	Unicorn-52243.exe
2940	Unicorn-52243.exe
2204	Unicorn-63940.exe
2204	Unicorn-63940.exe
2632	Unicorn-52762.exe
1408	Unicorn-22908.exe
2632	Unicorn-52762.exe
1408	Unicorn-22908.exe
2612	Unicorn-41064.exe
2612	Unicorn-41064.exe
2904	Unicorn-55419.exe
2904	Unicorn-55419.exe
1860	Unicorn-23100.exe
1860	Unicorn-23100.exe
888	Unicorn-4018.exe
888	Unicorn-4018.exe
2000	Unicorn-27738.exe
2000	Unicorn-27738.exe
2496	Unicorn-43529.exe
2496	Unicorn-43529.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
1616	WerFault.exe
2100	Unicorn-4402.exe
2100	Unicorn-4402.exe
2204	Unicorn-63940.exe
2204	Unicorn-63940.exe
1616	WerFault.exe
2356	Unicorn-61771.exe
1796	Unicorn-41905.exe
1796	Unicorn-41905.exe

Program crash 14 IoCs

pid	pid_target	Process	procid_target
1616	1748	WerFault.exe	52
2020	2608	WerFault.exe	66
1792	2480	WerFault.exe	313
2096	1540	WerFault.exe	318
3576	2000	WerFault.exe	471
3952	4012	WerFault.exe	493
3524	1296	WerFault.exe	474
2816	1772	WerFault.exe	472
1216	2948	WerFault.exe	469
2748	2928	WerFault.exe	475
3908	1916	WerFault.exe	470
3592	2988	WerFault.exe	473
1108	4064	WerFault.exe	503
3356	4068	WerFault.exe	504

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
1572	Unicorn-54980.exe
2780	Unicorn-57523.exe
3024	Unicorn-13153.exe
2988	Unicorn-2492.exe
2612	Unicorn-41064.exe
2632	Unicorn-52762.exe
1860	Unicorn-23100.exe
2000	Unicorn-27738.exe
1408	Unicorn-22908.exe
2940	Unicorn-52243.exe
2204	Unicorn-63940.exe
2904	Unicorn-55419.exe
2496	Unicorn-43529.exe
888	Unicorn-4018.exe
2100	Unicorn-4402.exe
548	Unicorn-58050.exe
2152	Unicorn-61195.exe
1796	Unicorn-41905.exe
2356	Unicorn-61771.exe
1696	Unicorn-13291.exe
1704	Unicorn-292.exe
1916	Unicorn-59581.exe
1748	Unicorn-24448.exe
3056	Unicorn-44314.exe
1668	Unicorn-59882.exe
2268	Unicorn-35954.exe
2532	Unicorn-16088.exe
832	Unicorn-35954.exe
1536	Unicorn-46753.exe
1544	Unicorn-1081.exe
2784	Unicorn-14075.exe
2168	Unicorn-46940.exe
2604	Unicorn-35626.exe
2588	Unicorn-13499.exe
2140	Unicorn-42834.exe
2608	Unicorn-62700.exe
2004	Unicorn-9778.exe
1892	Unicorn-9778.exe
2260	Unicorn-5139.exe
3048	Unicorn-44288.exe
2280	Unicorn-17065.exe
2976	Unicorn-12383.exe
2088	Unicorn-48585.exe
2236	Unicorn-40993.exe
2812	Unicorn-45632.exe
1500	Unicorn-65497.exe
2968	Unicorn-38793.exe
784	Unicorn-43431.exe
2128	Unicorn-33038.exe
2156	Unicorn-22985.exe
1488	Unicorn-52171.exe
1664	Unicorn-64978.exe
2528	Unicorn-19307.exe
2676	Unicorn-60147.exe
1448	Unicorn-60147.exe
2616	Unicorn-52363.exe
1732	Unicorn-18347.exe
2504	Unicorn-64018.exe
324	Unicorn-18347.exe
680	Unicorn-40966.exe
2696	Unicorn-54584.exe
2768	Unicorn-43462.exe
2708	Unicorn-63328.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 1572	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1572	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1572	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	30
PID 2864 wrote to memory of 1572	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	30
PID 1572 wrote to memory of 2780	1572	Unicorn-54980.exe	31
PID 1572 wrote to memory of 2780	1572	Unicorn-54980.exe	31
PID 1572 wrote to memory of 2780	1572	Unicorn-54980.exe	31
PID 1572 wrote to memory of 2780	1572	Unicorn-54980.exe	31
PID 2864 wrote to memory of 3024	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	32
PID 2864 wrote to memory of 3024	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	32
PID 2864 wrote to memory of 3024	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	32
PID 2864 wrote to memory of 3024	2864	2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe	32
PID 2780 wrote to memory of 2988	2780	Unicorn-57523.exe	33
PID 2780 wrote to memory of 2988	2780	Unicorn-57523.exe	33
PID 2780 wrote to memory of 2988	2780	Unicorn-57523.exe	33
PID 2780 wrote to memory of 2988	2780	Unicorn-57523.exe	33
PID 1572 wrote to memory of 2612	1572	Unicorn-54980.exe	34
PID 1572 wrote to memory of 2612	1572	Unicorn-54980.exe	34
PID 1572 wrote to memory of 2612	1572	Unicorn-54980.exe	34
PID 1572 wrote to memory of 2612	1572	Unicorn-54980.exe	34
PID 3024 wrote to memory of 2632	3024	Unicorn-13153.exe	35
PID 3024 wrote to memory of 2632	3024	Unicorn-13153.exe	35
PID 3024 wrote to memory of 2632	3024	Unicorn-13153.exe	35
PID 3024 wrote to memory of 2632	3024	Unicorn-13153.exe	35
PID 2988 wrote to memory of 1860	2988	Unicorn-2492.exe	36
PID 2988 wrote to memory of 1860	2988	Unicorn-2492.exe	36
PID 2988 wrote to memory of 1860	2988	Unicorn-2492.exe	36
PID 2988 wrote to memory of 1860	2988	Unicorn-2492.exe	36
PID 2780 wrote to memory of 2000	2780	Unicorn-57523.exe	37
PID 2780 wrote to memory of 2000	2780	Unicorn-57523.exe	37
PID 2780 wrote to memory of 2000	2780	Unicorn-57523.exe	37
PID 2780 wrote to memory of 2000	2780	Unicorn-57523.exe	37
PID 2612 wrote to memory of 1408	2612	Unicorn-41064.exe	38
PID 2612 wrote to memory of 1408	2612	Unicorn-41064.exe	38
PID 2612 wrote to memory of 1408	2612	Unicorn-41064.exe	38
PID 2612 wrote to memory of 1408	2612	Unicorn-41064.exe	38
PID 2632 wrote to memory of 2204	2632	Unicorn-52762.exe	39
PID 2632 wrote to memory of 2204	2632	Unicorn-52762.exe	39
PID 2632 wrote to memory of 2204	2632	Unicorn-52762.exe	39
PID 2632 wrote to memory of 2204	2632	Unicorn-52762.exe	39
PID 3024 wrote to memory of 2940	3024	Unicorn-13153.exe	40
PID 3024 wrote to memory of 2940	3024	Unicorn-13153.exe	40
PID 3024 wrote to memory of 2940	3024	Unicorn-13153.exe	40
PID 3024 wrote to memory of 2940	3024	Unicorn-13153.exe	40
PID 1860 wrote to memory of 2904	1860	Unicorn-23100.exe	41
PID 1860 wrote to memory of 2904	1860	Unicorn-23100.exe	41
PID 1860 wrote to memory of 2904	1860	Unicorn-23100.exe	41
PID 1860 wrote to memory of 2904	1860	Unicorn-23100.exe	41
PID 2988 wrote to memory of 2496	2988	Unicorn-2492.exe	42
PID 2988 wrote to memory of 2496	2988	Unicorn-2492.exe	42
PID 2988 wrote to memory of 2496	2988	Unicorn-2492.exe	42
PID 2988 wrote to memory of 2496	2988	Unicorn-2492.exe	42
PID 2000 wrote to memory of 888	2000	Unicorn-27738.exe	43
PID 2000 wrote to memory of 888	2000	Unicorn-27738.exe	43
PID 2000 wrote to memory of 888	2000	Unicorn-27738.exe	43
PID 2000 wrote to memory of 888	2000	Unicorn-27738.exe	43
PID 2940 wrote to memory of 2152	2940	Unicorn-52243.exe	44
PID 2940 wrote to memory of 2152	2940	Unicorn-52243.exe	44
PID 2940 wrote to memory of 2152	2940	Unicorn-52243.exe	44
PID 2940 wrote to memory of 2152	2940	Unicorn-52243.exe	44
PID 2204 wrote to memory of 2100	2204	Unicorn-63940.exe	45
PID 2204 wrote to memory of 2100	2204	Unicorn-63940.exe	45
PID 2204 wrote to memory of 2100	2204	Unicorn-63940.exe	45
PID 2204 wrote to memory of 2100	2204	Unicorn-63940.exe	45

C:\Users\Admin\AppData\Local\Temp\2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\2a81c4118c3d0e4fa8ab50adb28ba3b5_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-292.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46940.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52363.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
        10⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        11⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        12⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38589.exe
        13⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10732.exe
        14⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57432.exe
        15⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21769.exe
        16⤵
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        17⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        18⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30453.exe
        19⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
        12⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        13⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8231.exe
        14⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        15⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
        16⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30382.exe
        17⤵
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4137.exe
        18⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        11⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24645.exe
        12⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10218.exe
        13⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        14⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
        15⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        16⤵
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64460.exe
        17⤵
        
        PID:4072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36075.exe
        18⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26743.exe
        19⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31596.exe
        14⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        15⤵
        
        PID:1132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27940.exe
        16⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        17⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27459.exe
        18⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        19⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46406.exe
        9⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
        10⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
        11⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55159.exe
        12⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41397.exe
        13⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
        14⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        15⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46697.exe
        16⤵
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        17⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43546.exe
        18⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52171.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-334.exe
        9⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38215.exe
        10⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59782.exe
        11⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65366.exe
        12⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31968.exe
        13⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        14⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
        15⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        16⤵
        
        PID:3684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe
        17⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48962.exe
        10⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10249.exe
        11⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33955.exe
        12⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
        13⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        14⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54291.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45649.exe
        16⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36810.exe
        17⤵
        
        PID:3876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
        11⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52030.exe
        12⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35651.exe
        14⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
        15⤵
        
        PID:1308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
        16⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
        10⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        11⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        12⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-364.exe
        13⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
        14⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
        15⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45374.exe
        16⤵
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        17⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        18⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61572.exe
        10⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        12⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
        13⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
        14⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
        15⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64277.exe
        16⤵
        
        PID:3484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13291.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
        9⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40628.exe
        10⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
        11⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        12⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1739.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        14⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        15⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
        16⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        17⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-697.exe
        18⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56554.exe
        10⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30260.exe
        11⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        12⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39380.exe
        13⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
        14⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        15⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
        16⤵
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21870.exe
        17⤵
        
        PID:1028
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 368
        16⤵
        Program crash
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41964.exe
        8⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29738.exe
        9⤵
        
        PID:1428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        10⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48848.exe
        11⤵
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19347.exe
        12⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12066.exe
        13⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        14⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
        15⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        16⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
        17⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32111.exe
        9⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        10⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
        11⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36187.exe
        12⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24836.exe
        13⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        14⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19412.exe
        15⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20941.exe
        16⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44314.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13499.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54584.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30776.exe
        9⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27473.exe
        10⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8116.exe
        11⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13197.exe
        13⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49423.exe
        14⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
        15⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        16⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
        16⤵
        
        PID:3544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
        17⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59948.exe
        10⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17448.exe
        11⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
        12⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3740.exe
        13⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        14⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20071.exe
        15⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39581.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43462.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
        8⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-88.exe
        9⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        11⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        12⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39558.exe
        13⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39600.exe
        14⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
        15⤵
        
        PID:3628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        16⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        17⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        8⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48573.exe
        9⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16872.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        11⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        12⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54312.exe
        13⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        14⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3094.exe
        15⤵
        
        PID:2436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42834.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        8⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        9⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47888.exe
        10⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41288.exe
        12⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        13⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13066.exe
        14⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        15⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23053.exe
        16⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53980.exe
        9⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41568.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35855.exe
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
        12⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45791.exe
        13⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29313.exe
        14⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe
        15⤵
        
        PID:548
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62700.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 372
        8⤵
        Program crash
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64978.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55866.exe
        8⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45039.exe
        9⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34654.exe
        10⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33711.exe
        11⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-779.exe
        12⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        13⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
        14⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30503.exe
        15⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40200.exe
        16⤵
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        17⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34911.exe
        18⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
        14⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60942.exe
        15⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        16⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51247.exe
        17⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7908.exe
        9⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7919.exe
        10⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52585.exe
        11⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60144.exe
        12⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46019.exe
        13⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-373.exe
        14⤵
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
        16⤵
        
        PID:2672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19307.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60521.exe
        8⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46266.exe
        9⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24344.exe
        11⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54754.exe
        12⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49158.exe
        13⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
        14⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8243.exe
        15⤵
        
        PID:4012
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 240
        16⤵
        Program crash
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
        10⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16680.exe
        11⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        12⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62910.exe
        13⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22901.exe
        14⤵
        
        PID:964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        15⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        16⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        9⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40104.exe
        10⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27645.exe
        11⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22124.exe
        12⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
        13⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3243.exe
        14⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
        15⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
        16⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10448.exe
        8⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51977.exe
        9⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        10⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20664.exe
        11⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56750.exe
        12⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        13⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22494.exe
        14⤵
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
        15⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10790.exe
        16⤵
        
        PID:3720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
        9⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24635.exe
        10⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        11⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-331.exe
        12⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59086.exe
        13⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37756.exe
        14⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65447.exe
        15⤵
        
        PID:1564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24448.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 200
        6⤵
        Loads dropped DLL
        Program crash
        
        PID:1616
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17065.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63328.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38944.exe
        9⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19222.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55693.exe
        11⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe
        12⤵
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43701.exe
        13⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
        14⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2604.exe
        15⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        16⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49225.exe
        17⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        18⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25782.exe
        7⤵
        Executes dropped EXE
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
        8⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57457.exe
        9⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        10⤵
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20053.exe
        11⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1708.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        13⤵
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
        14⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29564.exe
        15⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64559.exe
        16⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46566.exe
        17⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12383.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12228.exe
        7⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63723.exe
        8⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22447.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
        10⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23793.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        12⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        13⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        14⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
        15⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
        16⤵
        
        PID:2316
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 380
        15⤵
        Program crash
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30404.exe
        9⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5392.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
        11⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
        12⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54504.exe
        13⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        14⤵
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28611.exe
        15⤵
        
        PID:3392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17197.exe
        8⤵
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
        9⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
        10⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        11⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34573.exe
        12⤵
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
        14⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        15⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23993.exe
        16⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        17⤵
        
        PID:2920
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 380
        16⤵
        Program crash
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        10⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        11⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23606.exe
        12⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        13⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
        14⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
        15⤵
        
        PID:3496
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 376
        14⤵
        Program crash
        
        PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46753.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5705.exe
        7⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27901.exe
        8⤵
        
        PID:2960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51017.exe
        9⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18527.exe
        10⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        11⤵
        
        PID:784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58050.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60147.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50879.exe
        7⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
        8⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16638.exe
        9⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8905.exe
        10⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
        11⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
        12⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
        13⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
        14⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28642.exe
        15⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
        9⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
        10⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43284.exe
        12⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51250.exe
        13⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        14⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
        15⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-136.exe
        16⤵
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13492.exe
        8⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-353.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        10⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        11⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
        12⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        13⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        14⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        15⤵
        
        PID:780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
        16⤵
        
        PID:3100
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 372
        15⤵
        Program crash
        
        PID:1108
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 368
        14⤵
        Program crash
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62939.exe
        6⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
        7⤵
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17598.exe
        8⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52564.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        10⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        11⤵
        
        PID:352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
        12⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21420.exe
        13⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12580.exe
        14⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62309.exe
        7⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16358.exe
        8⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
        9⤵
        
        PID:2480
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 200
        10⤵
        Program crash
        
        PID:1792
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2100
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59882.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57916.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48988.exe
        10⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44681.exe
        11⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
        12⤵
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
        13⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
        14⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6107.exe
        15⤵
        
        PID:272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
        16⤵
        
        PID:3800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        17⤵
        
        PID:3964
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 376
        14⤵
        Program crash
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64722.exe
        10⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41386.exe
        11⤵
        
        PID:1260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        12⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        13⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37721.exe
        14⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12874.exe
        15⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
        16⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        17⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
        8⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54852.exe
        9⤵
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
        10⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49715.exe
        11⤵
        
        PID:372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41589.exe
        12⤵
        
        PID:812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
        13⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26222.exe
        14⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
        15⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22861.exe
        16⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
        10⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57380.exe
        11⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
        12⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18749.exe
        13⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40008.exe
        14⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35141.exe
        15⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
        16⤵
        
        PID:3108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18347.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24405.exe
        8⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34235.exe
        9⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27515.exe
        11⤵
        
        PID:548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
        12⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19273.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2293.exe
        14⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47761.exe
        15⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5673.exe
        16⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55314.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
        11⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
        12⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
        13⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
        14⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
        15⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16088.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        7⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
        8⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
        9⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
        10⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19358.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
        12⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30169.exe
        14⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
        15⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
        16⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8121.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        9⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45699.exe
        10⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50876.exe
        11⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
        12⤵
        
        PID:1252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60444.exe
        13⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
        14⤵
        
        PID:2412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
        7⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20885.exe
        8⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
        9⤵
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25242.exe
        10⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
        11⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        12⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59096.exe
        13⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
        14⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4149.exe
        15⤵
        
        PID:4068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54983.exe
        16⤵
        
        PID:2768
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 380
        16⤵
        Program crash
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44183.exe
        9⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        10⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57946.exe
        11⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62033.exe
        12⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5282.exe
        13⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        14⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
        15⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6134.exe
        9⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10836.exe
        10⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35099.exe
        11⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
        12⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60612.exe
        13⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29583.exe
        14⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
        15⤵
        
        PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45632.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45648.exe
        6⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47260.exe
        8⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11266.exe
        9⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16690.exe
        10⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1474.exe
        11⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
        12⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54005.exe
        13⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
        14⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
        15⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
        16⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29880.exe
        9⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe
        10⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55019.exe
        11⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        12⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51089.exe
        13⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
        14⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
        15⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2411.exe
        16⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2731.exe
        17⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48083.exe
        15⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28964.exe
        16⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
        13⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43148.exe
        14⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26608.exe
        15⤵
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26486.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60519.exe
        9⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30582.exe
        10⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13005.exe
        11⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33388.exe
        12⤵
        
        PID:320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65526.exe
        13⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63521.exe
        14⤵
        
        PID:3948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40092.exe
        15⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4660.exe
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24568.exe
        10⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
        11⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49382.exe
        12⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6920.exe
        13⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
        14⤵
        
        PID:3332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22098.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21570.exe
        7⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32673.exe
        8⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40618.exe
        9⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64266.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
        10⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42708.exe
        11⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        12⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3459.exe
        13⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31221.exe
        14⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29304.exe
        8⤵
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26000.exe
        9⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23800.exe
        10⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
        11⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
        12⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
        13⤵
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
        8⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
        9⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46960.exe
        10⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65484.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
        12⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14896.exe
        13⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
        14⤵
        
        PID:3432
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1081.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38793.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
        7⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22564.exe
        8⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32512.exe
        9⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26960.exe
        10⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
        11⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53481.exe
        12⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        13⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
        14⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
        15⤵
        
        PID:2704
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 380
        14⤵
        Program crash
        
        PID:3908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
        8⤵
        
        PID:280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
        9⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28211.exe
        10⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18780.exe
        11⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26777.exe
        12⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4725.exe
        13⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62473.exe
        14⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        15⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
        9⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2635.exe
        10⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2049.exe
        11⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
        12⤵
        
        PID:2632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        13⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40457.exe
        14⤵
        
        PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65378.exe
        6⤵
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43970.exe
        7⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16446.exe
        8⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
        9⤵
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32855.exe
        10⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43317.exe
        11⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46436.exe
        12⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
        13⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55957.exe
        14⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
        15⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
        16⤵
        
        PID:1536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 380
        15⤵
        Program crash
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43215.exe
        11⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
        12⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        13⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34949.exe
        14⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60240.exe
        15⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11240.exe
        8⤵
        
        PID:388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
        9⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
        10⤵
        
        PID:112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        11⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        12⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23065.exe
        13⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
        14⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14369.exe
        7⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33379.exe
        8⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8423.exe
        9⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27633.exe
        10⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
        11⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11710.exe
        12⤵
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
        13⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
        14⤵
        
        PID:3560

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe

Filesize
188KB

MD5
37010058d83ba8afa3a38579b9890189

SHA1
289f3ab325b694126786c01136f1d05f52ed7eda

SHA256
f91fc44a086126edea900e9855fcea377792a10f811b939f7d56661750f8d102

SHA512
16ea78ec2b38a1e149c8f1c758a3e35fe9d4d0a17169e3b73f1d81ec01a1047e3ecfd9112e0cb981704f4f6984a9e041926a135346f53414f67e02d108c7f2f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27738.exe

Filesize
188KB

MD5
1eb6558543351200381dbea6d457c5d3

SHA1
798d149eb6144cfb0fb58c123aabc5f6534f153b

SHA256
66b3246b137ef97e9b1d312cc392d361f13c0d0ca2c116fe66ddfba919ffedd4

SHA512
ae9ac60c39d0975119824e888df82ecacddc90f5e26e5bbc05326fd1e2d8dfe4ba01d09da08dba7599877245c1c35225143b921b53928921f788ecb0f1b83692

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30058.exe

Filesize
188KB

MD5
8b1559b9eb0e37334b2325cff412b114

SHA1
4b2646e9f6d7e5e9609c83e1bf6f8c5db53b7eb5

SHA256
39b6f384521ca4acaa706f1765ad59990029ff67e46067ca6c2e1eb3036c7a5b

SHA512
176954789f4b01de0b6121c5e0159658c97b3bce282d162681424499d452fab3343cd58e8f2e3d4d3a2f9069c3891040a43647dc974707d8b6be67d40d9a282b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37887.exe

Filesize
188KB

MD5
ca07f85824edd538e419edaf48c49a66

SHA1
4a265c17314677cf9072822732fe9fc14694726e

SHA256
a1d542cf960196ec2310805b71821cb2ef441a9e6640ca9a1727d4602cb57d73

SHA512
e47f25b0f8d7ee47c170886ecad86fd62049526928839be3b091eb8e499719889f9497c084a4cd60364e8e78912e18d8eac55c71a2b10917f2fec1ee037aba44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4018.exe

Filesize
188KB

MD5
faa6a38fa0193d2f15b5302354e6d9b5

SHA1
4054687f297bac66b4ae86504fba6df356dadf97

SHA256
389125ba1e5a478750e9554138c6fa50eff966249fc4ce0b68d4764cfdc0a55b

SHA512
9e8c93f3b9832c3de6120aaba1467c4c520bcbb40db786f9a20845213ce81c3468a553b2df895d7eb7000a118f46894810cf0fc5663643df2cabb858d65a54f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe

Filesize
188KB

MD5
e2eab0206bc0342c6268ce7470251fc8

SHA1
46fd609410adadf53cf1a1fdc8fdee453875c92f

SHA256
cd523d37d38c9c1e84c46b2da0e6939cba32d39b605fe8ab716367e832c04b68

SHA512
409f99ccd63230e031d0eb01153276ca22cca623a9539b5756abd38b9ebe71754fd287944ef3217e69f483e52b0c868f5fca8176f026221eaf36dd1a1e8ed95b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4402.exe

Filesize
188KB

MD5
1524202b146c1e737d81701102000642

SHA1
020cbd642f1a4e285b8e93ade4c24d540d588cd7

SHA256
f4cfe38a3c292f5d5a25abeff86ae992337ac134defc772f54f215dfc4172b2d

SHA512
a80adb35ec76584b7ab9cc7a6e5e54d178708947f7970ee90ff76e25fdcefd1cef7da4162cc3c25906f47f01bd2101fd71bbeb518067efadc235ce2523dd9965

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45663.exe

Filesize
188KB

MD5
f6e42c393030181df9160069a7cb0893

SHA1
10d4ed8abf64d07d2b9e29ebd18dd4dea3f89605

SHA256
8034c0f6b228bfcb6c498a6e07fd83a491c9588d75e7d9d18013fec92eca9966

SHA512
732200fbd0fe97d512f4e015fd76b99231e078d6245ba3f1d585a411b5c95d8be877d52b9975d2979a7746b602eecd2ded08a344ce5c27539409af5f04748856

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46623.exe

Filesize
188KB

MD5
c74ea590eb73aa9906cc7d12d991c5cd

SHA1
3fcf54fb9628c48fc526e316c786a848f7ed7347

SHA256
b0081353261363dd02c7ac3d49cec119540baf92d3add2d02f7c51d0395d891b

SHA512
13c3234eaa885de9fb1569bb687c2f1c6202ead8b8a65e3a994931a18d1bff6ee4d82f12eaaa857e8770402a6ccdef7ded099f88059c6243589b895e25086839

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe

Filesize
188KB

MD5
43007452ad9dfcbf0863afddbb0d480a

SHA1
7b770fcb36e06d5c5eb02afa1d0b53f6fd30f841

SHA256
6cbe36bbcb3b95085246aa50131b5e5db8c63d69300f8a2cd0a3de9f3332b8e9

SHA512
271d31d0a19b60c5f3231e9be42160f2403315c42e754a769307804cc32b4568ed130e93c8cffd142ffe7ee58f220ce15a21f0dbdd527b2255f78306345be7f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61195.exe

Filesize
188KB

MD5
36b23033d5347e2d10eefa98d59cefec

SHA1
6d20841e1e20aad754718de203e190daf7056d32

SHA256
6a834c9f6aa8231739d54bde73282cab3dda6d63ba7d95a205cf8ce5642c017a

SHA512
22a52c55e5074e14acb68938c676879ecc2463256ceb7d9e02f6a5a3475d2b2335263022d294d10df177b41800cca9e222efdaa17ab3beced63c17a470056c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6321.exe

Filesize
188KB

MD5
ec62c7b29e79bbe16293fa9e3c27a854

SHA1
39c04152f814418537807d0b42a0e4308234525d

SHA256
8bfe65a7c55362cac362cf61ce96b17a692f9e64462ad31286ae37e0cc3207a4

SHA512
90d8602216476e0a6ae68d3c173bd5a6adca1a4afae3dd93b11ae63ae75e14a762817adfe7e615e6300e1f0f8595a36e6422685bf643d60cd2d3cebbec811870

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13153.exe

Filesize
188KB

MD5
18b000ec8cdc4738cec4b5c0595ceb0b

SHA1
ff92e2b2be651f005949d01df9d54604e8aeadff

SHA256
deb225399b1020a353472a9427f47a44f33afc45d42ddc3317e75481ffa945f7

SHA512
561ffa4565eaf716c6ac68789782722a1a827f781b805e31b64a84cda37cef680ac16f30628e6344c76074843b6a5e16293f491ee85603eb572f8540fd480ca2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22908.exe

Filesize
188KB

MD5
419efc991e07e810d109445c0871b4d4

SHA1
d8ceedbd017051d609e7032e709408fcf9748bba

SHA256
07989d03540338658f19882a4d3354fbebd036f883fadf208b23f38f54e38c67

SHA512
f092db99bb271d269fa4fa982c7514a1449fc7e16b673d3e32ce8b7d6d093fdba7fb393ce0c883904bb2de160231f4f36624f989bef76de614e7d52536e1a45a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23100.exe

Filesize
188KB

MD5
3dac47d55665295b10da8ee1a864cf6b

SHA1
435d27f41701615e9fefc3539bdab560deb9631f

SHA256
68d8af620af7ce28ae5123aa0741517d0e61205dbf598a46a8fcd824d2cee7e3

SHA512
7f65942af73039c0fd7a11a167fe9623739f0fb8c4fa046f4090732660daa6169316b004cbef57026d6d1d4fc2d5c24ff07d268342af767166545fe766fb10e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe

Filesize
188KB

MD5
b4b7871c82d02c27166f8085d916294d

SHA1
90fde488cedc0aa7a7a0fecff67a9aee376377c6

SHA256
eb0c884c7afec2a4768fdd8521efb80b6562ee220478587ec446a4439c24ede1

SHA512
24d0f9e11b37355208fffde4d9b2a0743f63204b988ee69e2f7f0fc8d4f197c3801daec3eca5e36e36c0c7271b80397832235da38b367416000a22eb0ec90093

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41064.exe

Filesize
188KB

MD5
da2acd74a8491fab3a7e335f37a76c82

SHA1
e9128b616bb0b8c71517b9bd0ec7c334183b3bf1

SHA256
c72f25521397672633f18979fc1850837a691bc084b26253e7b651cf4a7cdbd7

SHA512
2e4e8929fd898294b2cda2ebfc750e3da8a4094b27458ddb9d77e59dbf85e885a93b1c940a1d00767efd2beb3aac2626095517c938e3ecc2c82e331276d9e8b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41905.exe

Filesize
188KB

MD5
41c2d20d688d232c3ae4322156070b7f

SHA1
f19600d0a119f1aa7b1fe5a8436a310804fdb75b

SHA256
166e65880fea0d364f8c87459c17bddb321bee10337efc9154cf6e8ea9c0bd1d

SHA512
f8cebed2c394c8defa25ec6442d5539abb0d3044a079121974ec7742a240ca4b8d102bb5b177bc136cb7b5c02a434e8d53f824185f1bbccc6d0e8379c7b521ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe

Filesize
188KB

MD5
9a3c9b996a56fcc0a8c17368f691cda2

SHA1
9ac9ecd1577d5270afae847838e7813a1e185368

SHA256
866c3cdae786ccf7097c6ee0f6c3a18ac2e643e8bbf5dc694dadeb2bb86dc2f1

SHA512
9e58d1c4a7957bf0fcfd306f09f82cf6296813989a6de93277cce8d2f4ed2069e61988333db28231936d76c586f87b2a29a2b0ff936397ccd38a602d784a2816

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52243.exe

Filesize
188KB

MD5
ece3a8b092939b3be41254dd0caeeed3

SHA1
1a841e0b20c5219aa3e264e6b06e73b3c551d833

SHA256
e28db67eeaa946bfc1853f69f8be2b441e9bb08c29ccd776495466bde6b7ede3

SHA512
95a28b6d12424edcaea9ecaacc628e0b648e472afc5d939f122513b55b392224cdbaba7efe84f8235f2015eac415acb245a8aa67cbe508b148efc372f13f0de2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54980.exe

Filesize
188KB

MD5
a7bb9947b67473c25e015e6066813100

SHA1
aad88f3fa7081dbc6797081e92ccd361166208e0

SHA256
54f78392d6e1ca3b3ddebae78e00cdfcc6e0168f8995d2db7eb2b067a3d60215

SHA512
5ba7132032088234d1e1af619f6637ca45da9d2859e81eb9ae98996d6c1798b4230c9250f8820ceffb41117477945267a94e3936a592efddb21d2b09f0904c65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55419.exe

Filesize
188KB

MD5
e15a56ff451fb3f97d32280289d59c87

SHA1
f3e3170487c0ef29e722eaaf6e6d4a49f6527939

SHA256
3c3896dbd160eebe7d5da3857c9a79f165a8fc77cb7cdeb4040083274c9dd2ae

SHA512
17cd6ca7582bcc941213b9704a83f6b18da80aacac4b535b22a6e50c59565e1494c0c1e5f86ea114be61808829b0d6126d9e08afa19058e8f092a05de01abf3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe

Filesize
188KB

MD5
868271f210f1b8b535076c364c6bd9d9

SHA1
2c4bd47ef0f91735e649450693cb355a0c5071a1

SHA256
062941ccb4bd41a0ec556a551c5c06abf4cff6d9dfac8bd2325667d78e1a98ce

SHA512
1ef663ff4f777ea720231a6be7592dcee92e362e09439535d03f08c29cafe7d278062c55e839f69b8a0f24bb9f9d48e92de85c3e6b3e264c890b5a6b51290d40

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61771.exe

Filesize
188KB

MD5
5b2aa282c4cce07b0be0fd7e0a03979c

SHA1
953bd8513dbbabae123ff2ddc2a0018046b5a084

SHA256
b23707c9f01e5f3c6686035715c538128dcf41aec3ec2bad71b30b982ba6894b

SHA512
e406b4017dc95ea710fbbb8cbb6c13a2234391f0e2e74f7a5f2ea217f9635047e6f90e2ded53970c36b43bab8daf0ebe05ea7c4c92a97ff732a1b23f281eb2e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63940.exe

Filesize
188KB

MD5
cd50b2b07059b57ecd184948fbc527f3

SHA1
fa81f77b7fd4ee2d434bd81980a126381c6efce4

SHA256
e5904f23b9a86c78b6e0faf5d1c6b63428d8113c0c6e82fa3987de6193ce8ff7

SHA512
8a871826e3a9911c34d544a9cb37b6b7b9841f70ffe0c0668d584b5d12cf97d969676ab0eeffb215a3ff98c0a17394183a7976975587e0c9d6af8e610f0c23d5

Download Submit
memory/548-3366-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/2852-3365-0x0000000000290000-0x00000000002BE000-memory.dmp

Filesize
184KB

Download
memory/2852-3364-0x0000000000290000-0x00000000002BE000-memory.dmp

Filesize
184KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads