67d6a6ac179f3ca2b477fae2c4885f168727ab48ed28aa6522bdc5296b06b4a6

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
Size

188KB
MD5

4942160e2b605b02a06fdff554b86273
SHA1

cd0224e7d01ec80f5fc793e36b9c093f5bb1fe0b
SHA256

67d6a6ac179f3ca2b477fae2c4885f168727ab48ed28aa6522bdc5296b06b4a6
SHA512

d2bb4b8330d4cd3459151e3ca11f934dd5eb6d7ae119e369d4c20ffdfa18b66176215b1faef719a30186053a9b5f4b7d0d2a4591deca418f1a4c125bca1da38e
SSDEEP

3072:rDLCo8PrO8GE0ljGP7ukF8gulCL6WWzJQgNxmNEB3NlPvpFt:rDuoXvE0YPykF8rNScNlPvpF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2732	Unicorn-17273.exe
2736	Unicorn-12285.exe
2984	Unicorn-49789.exe
2644	Unicorn-57532.exe
3064	Unicorn-44211.exe
2660	Unicorn-24345.exe
3012	Unicorn-28041.exe
808	Unicorn-36763.exe
1964	Unicorn-3344.exe
2300	Unicorn-40847.exe
1796	Unicorn-64797.exe
2684	Unicorn-39390.exe
2000	Unicorn-3977.exe
1764	Unicorn-8616.exe
2136	Unicorn-44818.exe
2352	Unicorn-45373.exe
2052	Unicorn-65238.exe
644	Unicorn-8424.exe
1100	Unicorn-50895.exe
1720	Unicorn-57070.exe
2088	Unicorn-52239.exe
2356	Unicorn-20444.exe
2076	Unicorn-61839.exe
2304	Unicorn-32504.exe
1060	Unicorn-24890.exe
1924	Unicorn-48840.exe
2524	Unicorn-65176.exe
1620	Unicorn-3723.exe
2728	Unicorn-194.exe
2824	Unicorn-27024.exe
2760	Unicorn-40899.exe
2724	Unicorn-60765.exe
1224	Unicorn-40707.exe
2212	Unicorn-60573.exe
1076	Unicorn-7288.exe
2896	Unicorn-7843.exe
1520	Unicorn-35685.exe
1664	Unicorn-48492.exe
2576	Unicorn-2820.exe
1396	Unicorn-60744.exe
940	Unicorn-31409.exe
2080	Unicorn-41113.exe
1084	Unicorn-61533.exe
2412	Unicorn-61533.exe
2468	Unicorn-33307.exe
1872	Unicorn-33307.exe
2420	Unicorn-31334.exe
2388	Unicorn-56393.exe
2232	Unicorn-18890.exe
1052	Unicorn-2169.exe
1600	Unicorn-2169.exe
2284	Unicorn-27228.exe
1516	Unicorn-27228.exe
2876	Unicorn-23934.exe
2040	Unicorn-11489.exe
2528	Unicorn-16128.exe
616	Unicorn-56414.exe
1564	Unicorn-8837.exe
2552	Unicorn-28703.exe
2068	Unicorn-52138.exe
2696	Unicorn-28511.exe
2692	Unicorn-61183.exe
2744	Unicorn-285.exe
2624	Unicorn-46746.exe

Loads dropped DLL 64 IoCs

pid	Process
2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
2732	Unicorn-17273.exe
2732	Unicorn-17273.exe
2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
2736	Unicorn-12285.exe
2736	Unicorn-12285.exe
2732	Unicorn-17273.exe
2984	Unicorn-49789.exe
2984	Unicorn-49789.exe
2732	Unicorn-17273.exe
2644	Unicorn-57532.exe
2644	Unicorn-57532.exe
2736	Unicorn-12285.exe
2736	Unicorn-12285.exe
3064	Unicorn-44211.exe
3064	Unicorn-44211.exe
2984	Unicorn-49789.exe
2984	Unicorn-49789.exe
2660	Unicorn-24345.exe
2660	Unicorn-24345.exe
3012	Unicorn-28041.exe
3012	Unicorn-28041.exe
808	Unicorn-36763.exe
808	Unicorn-36763.exe
2644	Unicorn-57532.exe
2644	Unicorn-57532.exe
2300	Unicorn-40847.exe
2300	Unicorn-40847.exe
2660	Unicorn-24345.exe
2660	Unicorn-24345.exe
1964	Unicorn-3344.exe
1964	Unicorn-3344.exe
3064	Unicorn-44211.exe
3064	Unicorn-44211.exe
1120	WerFault.exe
1120	WerFault.exe
1120	WerFault.exe
1120	WerFault.exe
1120	WerFault.exe
1120	WerFault.exe
1120	WerFault.exe
2684	Unicorn-39390.exe
2684	Unicorn-39390.exe
3012	Unicorn-28041.exe
3012	Unicorn-28041.exe
1764	Unicorn-8616.exe
1764	Unicorn-8616.exe
2136	Unicorn-44818.exe
2136	Unicorn-44818.exe
2300	Unicorn-40847.exe
2300	Unicorn-40847.exe
2052	Unicorn-65238.exe
2052	Unicorn-65238.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1964	Unicorn-3344.exe
1964	Unicorn-3344.exe

Program crash 19 IoCs

pid	pid_target	Process	procid_target
1120	1796	WerFault.exe	40
1452	2076	WerFault.exe	53
2748	2468	WerFault.exe	77
3004	1872	WerFault.exe	76
1168	1940	WerFault.exe	142
2928	2856	WerFault.exe	139
2832	1528	WerFault.exe	141
588	1760	WerFault.exe	140
2120	2716	WerFault.exe	126
3576	3252	WerFault.exe	635
3224	3464	WerFault.exe	639
1748	3120	WerFault.exe	633
1868	2348	WerFault.exe	637
3288	2528	WerFault.exe	634
680	3692	WerFault.exe	632
2816	3572	WerFault.exe	638
3116	2216	WerFault.exe	636
1620	648	WerFault.exe	640
2896	2560	WerFault.exe	561

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
2732	Unicorn-17273.exe
2736	Unicorn-12285.exe
2984	Unicorn-49789.exe
2644	Unicorn-57532.exe
3064	Unicorn-44211.exe
2660	Unicorn-24345.exe
3012	Unicorn-28041.exe
808	Unicorn-36763.exe
2300	Unicorn-40847.exe
1964	Unicorn-3344.exe
1796	Unicorn-64797.exe
2684	Unicorn-39390.exe
1764	Unicorn-8616.exe
2000	Unicorn-3977.exe
2136	Unicorn-44818.exe
2052	Unicorn-65238.exe
644	Unicorn-8424.exe
2352	Unicorn-45373.exe
1100	Unicorn-50895.exe
1720	Unicorn-57070.exe
2088	Unicorn-52239.exe
2356	Unicorn-20444.exe
2076	Unicorn-61839.exe
2304	Unicorn-32504.exe
1060	Unicorn-24890.exe
1924	Unicorn-48840.exe
2524	Unicorn-65176.exe
2728	Unicorn-194.exe
1620	Unicorn-3723.exe
2824	Unicorn-27024.exe
2724	Unicorn-60765.exe
2760	Unicorn-40899.exe
2212	Unicorn-60573.exe
1224	Unicorn-40707.exe
1076	Unicorn-7288.exe
2896	Unicorn-7843.exe
1520	Unicorn-35685.exe
1396	Unicorn-60744.exe
2576	Unicorn-2820.exe
1664	Unicorn-48492.exe
940	Unicorn-31409.exe
2080	Unicorn-41113.exe
2412	Unicorn-61533.exe
1084	Unicorn-61533.exe
2468	Unicorn-33307.exe
1872	Unicorn-33307.exe
2420	Unicorn-31334.exe
2388	Unicorn-56393.exe
2232	Unicorn-18890.exe
1052	Unicorn-2169.exe
1600	Unicorn-2169.exe
2284	Unicorn-27228.exe
1516	Unicorn-27228.exe
2876	Unicorn-23934.exe
2040	Unicorn-11489.exe
2528	Unicorn-16128.exe
616	Unicorn-56414.exe
2552	Unicorn-28703.exe
1564	Unicorn-8837.exe
2068	Unicorn-52138.exe
2696	Unicorn-28511.exe
2692	Unicorn-61183.exe
2744	Unicorn-285.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2732	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2732	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2732	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	30
PID 2016 wrote to memory of 2732	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	30
PID 2732 wrote to memory of 2736	2732	Unicorn-17273.exe	31
PID 2732 wrote to memory of 2736	2732	Unicorn-17273.exe	31
PID 2732 wrote to memory of 2736	2732	Unicorn-17273.exe	31
PID 2732 wrote to memory of 2736	2732	Unicorn-17273.exe	31
PID 2016 wrote to memory of 2984	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	32
PID 2016 wrote to memory of 2984	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	32
PID 2016 wrote to memory of 2984	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	32
PID 2016 wrote to memory of 2984	2016	4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe	32
PID 2736 wrote to memory of 2644	2736	Unicorn-12285.exe	33
PID 2736 wrote to memory of 2644	2736	Unicorn-12285.exe	33
PID 2736 wrote to memory of 2644	2736	Unicorn-12285.exe	33
PID 2736 wrote to memory of 2644	2736	Unicorn-12285.exe	33
PID 2984 wrote to memory of 3064	2984	Unicorn-49789.exe	35
PID 2984 wrote to memory of 3064	2984	Unicorn-49789.exe	35
PID 2984 wrote to memory of 3064	2984	Unicorn-49789.exe	35
PID 2984 wrote to memory of 3064	2984	Unicorn-49789.exe	35
PID 2732 wrote to memory of 2660	2732	Unicorn-17273.exe	34
PID 2732 wrote to memory of 2660	2732	Unicorn-17273.exe	34
PID 2732 wrote to memory of 2660	2732	Unicorn-17273.exe	34
PID 2732 wrote to memory of 2660	2732	Unicorn-17273.exe	34
PID 2644 wrote to memory of 3012	2644	Unicorn-57532.exe	36
PID 2644 wrote to memory of 3012	2644	Unicorn-57532.exe	36
PID 2644 wrote to memory of 3012	2644	Unicorn-57532.exe	36
PID 2644 wrote to memory of 3012	2644	Unicorn-57532.exe	36
PID 2736 wrote to memory of 808	2736	Unicorn-12285.exe	37
PID 2736 wrote to memory of 808	2736	Unicorn-12285.exe	37
PID 2736 wrote to memory of 808	2736	Unicorn-12285.exe	37
PID 2736 wrote to memory of 808	2736	Unicorn-12285.exe	37
PID 3064 wrote to memory of 1964	3064	Unicorn-44211.exe	38
PID 3064 wrote to memory of 1964	3064	Unicorn-44211.exe	38
PID 3064 wrote to memory of 1964	3064	Unicorn-44211.exe	38
PID 3064 wrote to memory of 1964	3064	Unicorn-44211.exe	38
PID 2984 wrote to memory of 2300	2984	Unicorn-49789.exe	39
PID 2984 wrote to memory of 2300	2984	Unicorn-49789.exe	39
PID 2984 wrote to memory of 2300	2984	Unicorn-49789.exe	39
PID 2984 wrote to memory of 2300	2984	Unicorn-49789.exe	39
PID 2660 wrote to memory of 1796	2660	Unicorn-24345.exe	40
PID 2660 wrote to memory of 1796	2660	Unicorn-24345.exe	40
PID 2660 wrote to memory of 1796	2660	Unicorn-24345.exe	40
PID 2660 wrote to memory of 1796	2660	Unicorn-24345.exe	40
PID 3012 wrote to memory of 2684	3012	Unicorn-28041.exe	41
PID 3012 wrote to memory of 2684	3012	Unicorn-28041.exe	41
PID 3012 wrote to memory of 2684	3012	Unicorn-28041.exe	41
PID 3012 wrote to memory of 2684	3012	Unicorn-28041.exe	41
PID 808 wrote to memory of 2000	808	Unicorn-36763.exe	42
PID 808 wrote to memory of 2000	808	Unicorn-36763.exe	42
PID 808 wrote to memory of 2000	808	Unicorn-36763.exe	42
PID 808 wrote to memory of 2000	808	Unicorn-36763.exe	42
PID 2644 wrote to memory of 1764	2644	Unicorn-57532.exe	43
PID 2644 wrote to memory of 1764	2644	Unicorn-57532.exe	43
PID 2644 wrote to memory of 1764	2644	Unicorn-57532.exe	43
PID 2644 wrote to memory of 1764	2644	Unicorn-57532.exe	43
PID 2300 wrote to memory of 2136	2300	Unicorn-40847.exe	44
PID 2300 wrote to memory of 2136	2300	Unicorn-40847.exe	44
PID 2300 wrote to memory of 2136	2300	Unicorn-40847.exe	44
PID 2300 wrote to memory of 2136	2300	Unicorn-40847.exe	44
PID 1796 wrote to memory of 1120	1796	Unicorn-64797.exe	45
PID 1796 wrote to memory of 1120	1796	Unicorn-64797.exe	45
PID 1796 wrote to memory of 1120	1796	Unicorn-64797.exe	45
PID 1796 wrote to memory of 1120	1796	Unicorn-64797.exe	45

C:\Users\Admin\AppData\Local\Temp\4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\4942160e2b605b02a06fdff554b86273_JaffaCakes118.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50895.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31334.exe
        9⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1842.exe
        10⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        11⤵
        
        PID:2856
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 188
        12⤵
        Program crash
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57519.exe
        9⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        10⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
        11⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
        12⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24734.exe
        13⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41485.exe
        14⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31989.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        16⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        17⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        18⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54244.exe
        19⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63938.exe
        20⤵
        
        PID:300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30444.exe
        16⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17851.exe
        17⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        18⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
        19⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        20⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
        21⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56393.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57348.exe
        9⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
        11⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        12⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        13⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
        14⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3649.exe
        15⤵
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26574.exe
        16⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61654.exe
        17⤵
        
        PID:3348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
        18⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29979.exe
        19⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61816.exe
        9⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
        10⤵
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        11⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49414.exe
        12⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        13⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59435.exe
        14⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18157.exe
        16⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
        17⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        18⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        19⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        17⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        18⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51873.exe
        19⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53470.exe
        16⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39008.exe
        17⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61338.exe
        18⤵
        
        PID:3424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21827.exe
        19⤵
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47701.exe
        9⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        10⤵
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
        11⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60011.exe
        12⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        13⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13789.exe
        14⤵
        
        PID:872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
        15⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26211.exe
        16⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        17⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50928.exe
        18⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12703.exe
        19⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41596.exe
        16⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
        17⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        18⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        19⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58749.exe
        20⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        15⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        16⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3071.exe
        17⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        18⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
        19⤵
        
        PID:3140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21338.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35444.exe
        9⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59772.exe
        10⤵
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        11⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20650.exe
        12⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60945.exe
        13⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
        14⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30793.exe
        15⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61275.exe
        16⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35640.exe
        17⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32677.exe
        18⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
        19⤵
        
        PID:3772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        20⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64783.exe
        16⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8172.exe
        17⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40207.exe
        18⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36684.exe
        19⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
        15⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        16⤵
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3756.exe
        17⤵
        
        PID:3340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        18⤵
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
        11⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-452.exe
        12⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        13⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        14⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50715.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        16⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
        17⤵
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        18⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60996.exe
        19⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64591.exe
        14⤵
        
        PID:636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47752.exe
        15⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35355.exe
        16⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
        17⤵
        
        PID:3840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57070.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60765.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-939.exe
        9⤵
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56461.exe
        10⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        11⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        12⤵
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28278.exe
        13⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
        14⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36322.exe
        15⤵
        
        PID:648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        16⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58883.exe
        17⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        18⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        19⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        20⤵
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41980.exe
        17⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43336.exe
        18⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        19⤵
        
        PID:3572
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 188
        20⤵
        Program crash
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10237.exe
        16⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60777.exe
        17⤵
        
        PID:3264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63564.exe
        18⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
        10⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47188.exe
        11⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36825.exe
        12⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37910.exe
        13⤵
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        14⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
        15⤵
        
        PID:3512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57446.exe
        16⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41515.exe
        17⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        8⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
        9⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        10⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48838.exe
        11⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24926.exe
        12⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
        13⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29057.exe
        14⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        15⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27851.exe
        16⤵
        
        PID:3232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
        17⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58043.exe
        18⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
        8⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        9⤵
        
        PID:1940
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 188
        10⤵
        Program crash
        
        PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60573.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26129.exe
        9⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        10⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18221.exe
        11⤵
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10623.exe
        12⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
        13⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53348.exe
        14⤵
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37809.exe
        15⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2069.exe
        16⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65380.exe
        17⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
        18⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        19⤵
        
        PID:3692
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 188
        20⤵
        Program crash
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28986.exe
        16⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        17⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30695.exe
        18⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11027.exe
        19⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18960.exe
        15⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
        16⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
        17⤵
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
        18⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30767.exe
        8⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
        9⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63856.exe
        10⤵
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63181.exe
        10⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
        11⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11676.exe
        8⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        9⤵
        
        PID:1528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 188
        10⤵
        Program crash
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50882.exe
        8⤵
        
        PID:2636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21407.exe
        9⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe
        10⤵
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        11⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe
        12⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5657.exe
        13⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe
        14⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35.exe
        15⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
        16⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        17⤵
        
        PID:3464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 188
        18⤵
        Program crash
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12842.exe
        14⤵
        
        PID:888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        15⤵
        
        PID:3532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48894.exe
        16⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
        17⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        18⤵
        
        PID:340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22433.exe
        7⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        8⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        9⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        10⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53161.exe
        11⤵
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
        12⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56524.exe
        13⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45458.exe
        14⤵
        
        PID:340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
        15⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
        16⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        17⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
        18⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
        19⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        16⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        17⤵
        
        PID:3696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        18⤵
        
        PID:3252
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 188
        19⤵
        Program crash
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
        14⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        15⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
        16⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51567.exe
        17⤵
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21316.exe
        13⤵
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16372.exe
        14⤵
        
        PID:1868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2111.exe
        15⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        16⤵
        
        PID:3120
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 188
        17⤵
        Program crash
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3723.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61183.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7052.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15599.exe
        10⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        11⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
        12⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
        13⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6010.exe
        14⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15710.exe
        15⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
        16⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2775.exe
        17⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19927.exe
        18⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        19⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8950.exe
        16⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
        17⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        18⤵
        
        PID:2216
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 188
        19⤵
        Program crash
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48064.exe
        8⤵
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35849.exe
        9⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        10⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-919.exe
        11⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27147.exe
        12⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59871.exe
        13⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
        14⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65385.exe
        15⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28411.exe
        16⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        17⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        18⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2734.exe
        19⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        16⤵
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36621.exe
        17⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        18⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28965.exe
        15⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7492.exe
        16⤵
        
        PID:3252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32345.exe
        17⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        18⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56606.exe
        9⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9341.exe
        10⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35123.exe
        11⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
        12⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        13⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        14⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52552.exe
        15⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12853.exe
        16⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15703.exe
        17⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
        18⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
        14⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
        15⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        16⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        17⤵
        
        PID:648
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 188
        18⤵
        Program crash
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
        7⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22450.exe
        8⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48101.exe
        9⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29129.exe
        10⤵
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
        11⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59051.exe
        12⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44054.exe
        13⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
        14⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12619.exe
        15⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        16⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        17⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31084.exe
        18⤵
        
        PID:3248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35407.exe
        19⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        16⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34784.exe
        17⤵
        
        PID:3444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11229.exe
        18⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13013.exe
        15⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
        16⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
        17⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45407.exe
        18⤵
        
        PID:3192
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2468
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
        7⤵
        Program crash
        
        PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41113.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        8⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38454.exe
        9⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31734.exe
        10⤵
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32113.exe
        11⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7831.exe
        12⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
        13⤵
        
        PID:680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12235.exe
        14⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49215.exe
        15⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18588.exe
        16⤵
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        17⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
        18⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4653.exe
        14⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        15⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        16⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        17⤵
        
        PID:2348
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 188
        18⤵
        Program crash
        
        PID:1868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8837.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28952.exe
        7⤵
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        8⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14847.exe
        9⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13747.exe
        10⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31615.exe
        11⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17687.exe
        12⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
        13⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
        14⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37731.exe
        15⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61104.exe
        16⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35168.exe
        17⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62651.exe
        18⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2427.exe
        15⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9345.exe
        16⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20877.exe
        17⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
        18⤵
        
        PID:4000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        14⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        15⤵
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47036.exe
        16⤵
        
        PID:3360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
        17⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24907.exe
        13⤵
        
        PID:784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15603.exe
        14⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54441.exe
        15⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31463.exe
        16⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
        17⤵
        
        PID:2388
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1796
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65176.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        8⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41194.exe
        9⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        10⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36965.exe
        11⤵
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
        12⤵
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe
        13⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28437.exe
        14⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
        15⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35500.exe
        16⤵
        
        PID:3892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
        17⤵
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
        18⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28773.exe
        14⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        15⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
        16⤵
        
        PID:4004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
        17⤵
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25008.exe
        18⤵
        
        PID:3844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
        6⤵
        
        PID:2276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        7⤵
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
        8⤵
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        9⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35486.exe
        10⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9004.exe
        11⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45009.exe
        12⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21530.exe
        13⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22620.exe
        14⤵
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
        15⤵
        
        PID:3956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32915.exe
        16⤵
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
        17⤵
        
        PID:2528
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 188
        18⤵
        Program crash
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47679.exe
        13⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        14⤵
        
        PID:3288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
        15⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58370.exe
        16⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1872
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
        6⤵
        Program crash
        
        PID:3004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28511.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
        9⤵
        
        PID:2716
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
        10⤵
        Program crash
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        8⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62190.exe
        9⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
        9⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
        10⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
        11⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        12⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
        13⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3522.exe
        14⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
        15⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36263.exe
        16⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
        17⤵
        
        PID:3992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
        18⤵
        
        PID:1008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26033.exe
        13⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
        14⤵
        
        PID:1064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        15⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7664.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7664.exe
        16⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        17⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48492.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28703.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62584.exe
        8⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        9⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
        10⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
        11⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
        12⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2502.exe
        13⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
        14⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
        15⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        16⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14363.exe
        17⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
        18⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        15⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
        16⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        17⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
        7⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
        8⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60540.exe
        9⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45325.exe
        10⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7473.exe
        11⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8750.exe
        12⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
        13⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-341.exe
        14⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31748.exe
        15⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14887.exe
        16⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        17⤵
        
        PID:4076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1022.exe
        18⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
        14⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
        15⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25703.exe
        16⤵
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10408.exe
        13⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55676.exe
        14⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
        15⤵
        
        PID:4040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64135.exe
        16⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58391.exe
        17⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58537.exe
        10⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19913.exe
        11⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
        12⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50219.exe
        13⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30466.exe
        14⤵
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        15⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        16⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1198.exe
        17⤵
        
        PID:3028
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24890.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
        7⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42486.exe
        8⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36342.exe
        9⤵
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        10⤵
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19176.exe
        11⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        12⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
        13⤵
        
        PID:296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        14⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23969.exe
        15⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        16⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
        17⤵
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
        18⤵
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34058.exe
        19⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        16⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51120.exe
        17⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        18⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19282.exe
        15⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
        16⤵
        
        PID:492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55209.exe
        17⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40534.exe
        18⤵
        
        PID:592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52636.exe
        19⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
        16⤵
        
        PID:3884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-845.exe
        17⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13658.exe
        18⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
        14⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        15⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22485.exe
        16⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
        17⤵
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
        18⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
        15⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
        16⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
        17⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59709.exe
        18⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50446.exe
        6⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60145.exe
        7⤵
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47696.exe
        8⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12060.exe
        9⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8184.exe
        10⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10042.exe
        11⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
        12⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\Temp\22150.exe
        
        22150.exe
        13⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\Temp\14321.exe
        
        14321.exe
        14⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\Temp\32516.exe
        
        32516.exe
        15⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\57565.exe
        
        57565.exe
        16⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\36258.exe
        
        36258.exe
        17⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\Temp\13658.exe
        
        13658.exe
        18⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\42307.exe
        
        42307.exe
        14⤵
        
        PID:2740
        
        C:\Users\Admin\AppData\Local\Temp\2111.exe
        
        2111.exe
        15⤵
        
        PID:3608
        
        C:\Users\Admin\AppData\Local\Temp\51359.exe
        
        51359.exe
        16⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        10⤵
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19031.exe
        11⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        12⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
        13⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        14⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63180.exe
        15⤵
        
        PID:1396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54322.exe
        16⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55904.exe
        13⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
        14⤵
        
        PID:3476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
        15⤵
        
        PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48840.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2820.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62335.exe
        7⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
        8⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59585.exe
        9⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43820.exe
        10⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe
        11⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
        12⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
        13⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55761.exe
        14⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62012.exe
        15⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
        16⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
        17⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46107.exe
        18⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65230.exe
        19⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1214.exe
        20⤵
        
        PID:3320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35618.exe
        16⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54960.exe
        17⤵
        
        PID:3640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
        18⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41323.exe
        19⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        15⤵
        
        PID:1224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63880.exe
        16⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28068.exe
        17⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
        18⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
        6⤵
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21874.exe
        7⤵
        
        PID:600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28236.exe
        8⤵
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57011.exe
        9⤵
        
        PID:892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24718.exe
        10⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32881.exe
        11⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33125.exe
        12⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
        13⤵
        
        PID:404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51462.exe
        14⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
        15⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
        16⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51359.exe
        17⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11468.exe
        18⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-398.exe
        14⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26232.exe
        15⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
        16⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64872.exe
        17⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29969.exe
        18⤵
        
        PID:3148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60744.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
        7⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56056.exe
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27655.exe
        9⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        10⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43104.exe
        11⤵
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55387.exe
        12⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5107.exe
        13⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
        14⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60528.exe
        15⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        16⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
        17⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36092.exe
        18⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40249.exe
        19⤵
        
        PID:3880
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 376
        18⤵
        Program crash
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        15⤵
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
        16⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
        17⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21998.exe
        18⤵
        
        PID:1112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:2136
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20444.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2356
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7288.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
        8⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
        9⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
        10⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53498.exe
        11⤵
        
        PID:1492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        12⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46467.exe
        13⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30759.exe
        14⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14513.exe
        15⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54971.exe
        7⤵
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25569.exe
        8⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43488.exe
        10⤵
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18787.exe
        11⤵
        
        PID:712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60063.exe
        12⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
        13⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        14⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34379.exe
        15⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        16⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6387.exe
        17⤵
        
        PID:704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe
        18⤵
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
        15⤵
        
        PID:3296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
        16⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39434.exe
        17⤵
        
        PID:1136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
        18⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30849.exe
        14⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
        15⤵
        
        PID:4048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56678.exe
        16⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
        17⤵
        
        PID:3936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39569.exe
        10⤵
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53737.exe
        11⤵
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
        12⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
        13⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18728.exe
        14⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19932.exe
        15⤵
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60762.exe
        16⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33347.exe
        17⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47871.exe
        13⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54057.exe
        14⤵
        
        PID:616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
        15⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42034.exe
        16⤵
        
        PID:3436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14862.exe
        7⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11458.exe
        8⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
        9⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
        10⤵
        
        PID:1412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39212.exe
        11⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17500.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
        13⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
        14⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
        15⤵
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60435.exe
        16⤵
        
        PID:3560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35018.exe
        17⤵
        
        PID:1608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23934.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
        7⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62771.exe
        8⤵
        
        PID:1760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 188
        9⤵
        Program crash
        
        PID:588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3850.exe
        6⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7431.exe
        7⤵
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32122.exe
        8⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8376.exe
        9⤵
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38112.exe
        10⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50032.exe
        11⤵
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
        12⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
        13⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42355.exe
        14⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10232.exe
        15⤵
        
        PID:3144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42759.exe
        16⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
        17⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36827.exe
        14⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13787.exe
        15⤵
        
        PID:3588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
        16⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26381.exe
        13⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41805.exe
        14⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
        15⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5142.exe
        16⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54181.exe
        12⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59376.exe
        13⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
        14⤵
        
        PID:3756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
        15⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
        16⤵
        
        PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61839.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2076
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 200
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:1452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36476.exe

Filesize
188KB

MD5
d36e72664816230fe6eabed260c94b5c

SHA1
43ab6991cee3d05462606e32e048b3c46aa82200

SHA256
9549609ec4eb4881327bff197a55f99e1bd56d39c95e02d1e0da120e39204120

SHA512
3c4aaeaa3591a971d02371081c21cca7cec48cdb751f76cd65050d2c1d308a06d60d3bd2e32a3ea294a5492aadf61957a7d7511f83b5a79831e10bc5e0a80cd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36763.exe

Filesize
188KB

MD5
9ed70ab02f109e2683e1f29c8f450e79

SHA1
9af3341127d06836cdf28a7d2f763c69163c7496

SHA256
3a6e15accff9108392249641913fed77879d588cd9d39062e3f8c0e5ecd727c1

SHA512
456a17520d3a414749e8adc6fd2109f2fbc26f92652f0d45ed31595e6fcec6626195e0d62904f960f8e259aede64034b773353d729d6aff812f669123c55e869

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe

Filesize
188KB

MD5
13f949d319730a0b644e1b54aa95f3bd

SHA1
df95585816b5bc68ad0dbb94ecbfa31f3c93455b

SHA256
12919d371352407bbfa1ff6a0838baa90c0cae7e7cc3dc99f76894a04350e731

SHA512
a456ed67d18b4cd36e8dd237af4c588883ae73f2ede2db3be408add7a995ed8cc06c4ae5e2aab156db52c18d2fd862bcc6cf8e3c5a1ee8a84371b8abd0224bc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe

Filesize
188KB

MD5
6b4372155092f948ec92e74f9471d3d2

SHA1
3557160e3b75bafcd3538295ef76b881d0fbc774

SHA256
668ee498de8bc2b90bc14af7188a0645d6b6305259f084a895c23eab96d4d592

SHA512
41b2e261faed91fdd959ed5cd949783e3c424cf9c3b587bbdee5dafa2cc586e362845c659463f0499f56e1fe9a00063ef7ce6afd0b76b98c0af2d5d5cbd4bda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe

Filesize
188KB

MD5
d8aaa4cfd63a3b7ac1eb5be3ab30c40c

SHA1
9bf76fd8d781457e6e2a9f1f594f2d3f11bd0477

SHA256
a3d436e9366b2efbfd92238cc2a523299910062a1e676ff2eae3f93406d0ca24

SHA512
446ab0b6b77c874cfa09e3fe9829e41169735092ae3a84167af146042eab1cb0dc17d10eee7c765ba0ba296234982e179800e22269cd4b783d347998f72db62a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40707.exe

Filesize
188KB

MD5
cdc48be32438b034312f3c436c2cd5d1

SHA1
160ed1150844c006550d0c9f67b6fda9f6827840

SHA256
9a4cd92ec9da240a77b8fc1ccad125050986347fa15a958f09592bf0c3117930

SHA512
38f4863ed6c2dee374ccd4130607226c846a9deb722c09e8c21e443071754d4d0c8cfce097936818f653106c6fca7b5c22df556e0aba24172f2023069ec883ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe

Filesize
188KB

MD5
7970e43dbc2b29ee86b3821f461cb383

SHA1
9c671a4e40801b00fbd7b12bebc612402bf2010b

SHA256
00bf4010f25f2c7b21009afe389ed263228148f553634ac30ee296e9ac22e447

SHA512
eeccbc66d46452da2980502ac28d82483c2c97d9b2472af2cca8b331edef23d9a4eddad6bf553a51beb0ce2b1280aefe7951eded002e72da762eae9c8cf9c630

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41423.exe

Filesize
188KB

MD5
75217f0467ee3325a4bfecf74df63a49

SHA1
060a13aa2f8447fd9ccf808cfbd7804803213d59

SHA256
878a0823a2f25b61e690cb0a5a23ece1a87899cef48575a079fa06f7358ef962

SHA512
1db42915d0594a7b0f4f2dad49dd618255844d6e58e0504bd0787f70082482b02230d7249cd10e98296f9f5bf45caf0fc12b230e470ca7b8e769cff209faf2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55356.exe

Filesize
188KB

MD5
cff56a80e080093ce39b22ab0b3fbca2

SHA1
54ac8217828c04baec0048503b669128b14c6c4f

SHA256
de6b9788c8ef3e84fc0eb75eeb5f5524f091629444e6d4bca3a8ded38df1ab6e

SHA512
30e1d0bba00c842cf2cb06b50f717bf66fe545f5e143d0d8ba4166cc5cfe8a8a0f5267998c1416191b60529d6442b5e7c9912cc58022e1846be3465b2f782258

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5961.exe

Filesize
188KB

MD5
46895289da697c006036498a44b28b42

SHA1
c3baccc6a9ea8063f67d647cbcbfaea98418c1f8

SHA256
6b4b5262783fd23134f81fea44036c891a6d865ea90279a1b6381f97a4bd9956

SHA512
f0cf2f0c6acf34153b410a0bba088bfc88110244134a52397c6777bf4ec176cc1ed2c74c7c50729814ebfb8dcce7411032bc701b97503e07a24661bbe146054e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5963.exe

Filesize
188KB

MD5
8148972bbda2c4ef477ff16b766204ab

SHA1
88c77dd3d7d35bc990c18d60947c97dcef9c5cb1

SHA256
d5029adf6aee6e91df653850c88b8ac9c53c178a18becd25476da966b2b3d249

SHA512
e7ce56da96b7488c6b80782dedfb32a883f6f9ef4779028b24456707380098f51eb12c6f8bbdbe7ed1453f2af0b1b8951c7e165b3c9a50730e3d1c4a664e29af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe

Filesize
188KB

MD5
cea5dcf8236eb2b5ee9fbaa20e1f592d

SHA1
5fd862945129665000e478786c08a76a5cc8676b

SHA256
caa20d160b439ac9a4b715775bb38824b7c540a7a610d58c711f45f3b5d212ba

SHA512
8825857d27967dcf7d59754cb3c5ad88ae6970380381bd05181b9858d66f527628ac8efe7a36aecac14d5364ea8ca89f18c7d470d8308241679bb99d127e9d89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe

Filesize
188KB

MD5
518ad15b6e087fef0ff01e1a9c3f33c5

SHA1
eff9873946830d7c7adc57ab0a75e6fa16edc4a9

SHA256
ddb33b9b28f33ddf309c20d3d6f03dee4185e65e336bbf068ab983b2745b4cdb

SHA512
c0d55705d1320f7c2ebf175604c0329eb23482331ed9310d1701c49b442c0001f49629948fd95d62f374473e79cd96b75759299316904106420feb27caeaf398

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6560.exe

Filesize
188KB

MD5
2eb34c22a7fd893ae8e78fdb0a9a414a

SHA1
2ad59cad836b81fdfc38a9a4e4b004562fa23b46

SHA256
c5e5e75717ab0ff92b47e8f0f886073792e55554414baabb237f9afa177f5218

SHA512
aee4e2623f244659bfab856bc3b48b73f7df765e30d6bc3f1025393ae4e7272d8d4eb9f47fb42f78fbb184161ae80dabb33df55b1e15807b3865885318ca56c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8616.exe

Filesize
188KB

MD5
9b900f094cce6eadb211dc205805a31b

SHA1
c3fd86d2a4debba82083037474020712911a23d9

SHA256
ce4755b703a08b530c5a1c9f2d461a21d4d9bcdf7ffb43e81101b429b97ed1b9

SHA512
d26507f526724e8403e3fb931b1bdffe9935299d02b497611bf91883b2c0ee4c695a23a1031de012a1918313c2635843e4d5d2b6179de03480f0aff3f13776a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12285.exe

Filesize
188KB

MD5
6dc775113c77924c0d9d0c524f3a3572

SHA1
4c4eb4dfe5b05faef9ac1070b7518d92ca0a13e3

SHA256
84caecfd7140ea4cc14b545d13d9d3951675f3f8f52cd1da4dcb7bffa6e31a0e

SHA512
5ae999a6fcba1287d63a747cb1bc0a9cea5451e96f437b8ba510efbb14892d30146053ad0c03431449c67102c52ea73481fa2987852d4e86e131db5ca49e8f95

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17273.exe

Filesize
188KB

MD5
339ae944d600122aa592a13db9023ce6

SHA1
cee40e2eb0abbf84a8c320158c396bd177efb6ce

SHA256
cb516e200cade70d0d803377b0d94ef1d23417368ad799404b8eba1936b06759

SHA512
89fcebc1e1825181f9e82f3c1fe85fc01ef3552a703b8ff1d360477d963a76c843d40eccb7c49586bf5ffc06ec01c7cb772921fc0da066f8967726fdc94cd6e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24345.exe

Filesize
188KB

MD5
9846153ee2a7dfd1cbb3d7c66b8663dd

SHA1
f8f4b76b5ea515e75e8119369cb8dd61e41f64bc

SHA256
356c4f6136505341b2c4bc5aa32a5e0fe709052ebd63c1534b9a836dfcb93224

SHA512
acb49719c703ba109581eca929fb3a295ace0c8ea6c81c94fffd633aabe6ba9fbdc54a662a512fae5d63caafc8f0c5640778df222b85d685a804a893a482e658

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28041.exe

Filesize
188KB

MD5
a5c0f0c944612023e6d655706472fd71

SHA1
025595918c63508526bd4d55db64adb9ad31f7be

SHA256
00d295a1954781f7634c431cd0e0e53cfd29d5c2113f6afc4038a8a95548a48d

SHA512
04e8f6df91a38a859d4d2eadd0adc2e27c3b7702dd1750d3f07a18904ee1ee43bfd188740b625cdca4c42f23d3eccb04036c221853af4149979bc3fc40726045

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3344.exe

Filesize
188KB

MD5
acbdaf65ef8b134c59c049fa7c25d806

SHA1
59d481d7bbf40c7b9dd6c70b4d2b799f68ef0cfd

SHA256
bf6b246bf62004d27310792b7c27e2064f92615bbe8dac67f54f4e3904a0c676

SHA512
d6cdbc2dd95c805f7e439952309ed16533bb1d79d3e700366a743cb14f762882eb7ce5c2672331dcffe1e6c3892074b59c349e6f9d732c8ffbff3887bc668ac1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39390.exe

Filesize
188KB

MD5
2fb15d1ec6e0f9deb23c815801d4f81b

SHA1
4093d421e6aba07c212cf97e575d82cf9cca805c

SHA256
eb94213a529c8599a753ca20bc064d035a577bde19a2c69eb3f1aa40e47abb56

SHA512
75ea8fe6299b404eb10a7dc9612c63662a6f3600f81db9f3bb1c643808e49ab22e4c9b67a8eb7bfa09940451230d59cd4ce1a424492dfb9e34a2220a2a30d76b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3977.exe

Filesize
188KB

MD5
4de9db129339cb86f1d4dcf00cd57077

SHA1
686904bc8fbdd87cb1035d4648b93a4171e22a1e

SHA256
a12061dcc301d05fdda2c954bb8c71c02b269c2bc99839e23379157116890f1a

SHA512
e8c6ad9b1c1da919dc0f787e3f2709b03cb5f3381eca7f3c7a8ed820709b3fba83f8f3f96114a8d78c39dcb280272305403cf277932744c006b1aa4ec66ef962

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44211.exe

Filesize
188KB

MD5
17ffc6e7d90ca28a4c21100e15c6bf1b

SHA1
a2441022929c8f4cd80239c83af98f809ecc2e53

SHA256
c1e1af93c5fd44081def3f115c2879bc784e00fe365a11fc45c8dbf6174e2606

SHA512
adbbab30d7c2797de3fecf608f1f96149a1d7a5205b8862028b361130b26b4a6ba8bd38a1ca4bca590e1654ee8ee258d48018d4fda2d060c40f4406b1d7f5371

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44818.exe

Filesize
188KB

MD5
8892be2427cad27543fcafbbd9f144e6

SHA1
83297c16505cf868c45b309f26b96c225ba54b68

SHA256
411c3fd6debc04412b7bf614829b6c5dd8dd88815418a28670eca3e223e26349

SHA512
595c2f1588340ee65150964000ba635aa024e9f8943c6da77fe23185d6a36c44f68d9b7485e238cdbe70bb898679bf8f67969cfb6950a25411eff0c2a094d3ff

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45373.exe

Filesize
188KB

MD5
df4662d77c9e08616a050f5dca50caea

SHA1
127461da2545d95ef4d137c107cda15db2db957c

SHA256
94f0dfcb4e79f2b63f5c1f6debe1cd72054e279f50293de70e5a207eee2e9f20

SHA512
7967f26249d5a5147905a8771814ae50ed52c59430f5b9a795183d62099804646f04fab441852cd7faf2c314a2d81cefe22dfedcbd22613da0bb3b902ab56a75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49789.exe

Filesize
188KB

MD5
94dbc0fd6e11a6126a1ea9133de7bfb2

SHA1
5e95024b10bc8636a589bbc06d74e702b08d3978

SHA256
17b3841015066491d56737d82ec60927dc914f2dc160b52e58620a1e307d6e40

SHA512
87f1b171ebf608e02a7f815504ec4ffb8f432659b4bf4eed555f75f4208e41c17dec2efc9add2c5eb32189abb980e19c0f443377a75b0940bc1db7e168d6168c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57532.exe

Filesize
188KB

MD5
f87c0f5ed659d11162a4971dd9601ca6

SHA1
8900a25608dcaefcebf68d08b25dc2d9fdb5545f

SHA256
63b845b290abf8b5a493b6a1503d6d318b238ef6b26c57bae015a170acd4c948

SHA512
b3dfa166acbbf734e0a952296355adc990fc60b61e0d4045c1e73f134886c300e19b8df9f99084a7eea7bb7b326c2e01b6ffb8e33d17140c54b7e1a28b17417b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64797.exe

Filesize
188KB

MD5
8470351b0c399bc93ce7e273896581b7

SHA1
43a703b0f7b3145b0b32b2ca506979631c628b0f

SHA256
187de41cc2a812024611095013b87dc6edb86c4c97fac9de547b8bd21221e88e

SHA512
bb953d943a5a833e3847a7f7a77f3a4cd76a1cb909c1a8243cf6d0c29a034cacd3b9ceb19e0fe285912001c3a99c41ba60ed57656b9a532991902b25c722a4b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe

Filesize
188KB

MD5
ddeba06c7626473fc7723ccceeecd92a

SHA1
27b03d0ca3841f0b15c4e7b4a16b6800ed9f64ab

SHA256
6544233b4ecf0958fb92fc2c9223586766f1fd5db10ab5b19d0e79c3a4013852

SHA512
100086206ac6982d67056b0af7cd6d84382ebfa513e5c7d9567a7cd34f76cdcd80f5e3b93299c07f596893db7c41eb9f661734a90e14729f9cba65d340ba0590

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8424.exe

Filesize
188KB

MD5
3f2469723f7467e3ea00892530f2a28b

SHA1
15ca3c6635a6e0f6fc5feb0843b546dd9c53c504

SHA256
f307a706ab00859a60ed47fb42205f1cd779ad47acdba20793841bf8cc1dad28

SHA512
9ba51e9c7e5d43fe719636f47bcef945bbf6d45a0c015c84bcadcd77aff0b65071506990ba8afe4a86a8bd4d64e771e4724516cb48086539425b954686edf9dd

Download Submit
memory/296-894-0x0000000077750000-0x000000007784A000-memory.dmp

Filesize
1000KB

Download
memory/296-1957-0x00000000027F0000-0x000000000294C000-memory.dmp

Filesize
1.4MB

Download
memory/296-1958-0x00000000027F0000-0x0000000002900000-memory.dmp

Filesize
1.1MB

Download
memory/296-896-0x0000000002580000-0x0000000002690000-memory.dmp

Filesize
1.1MB

Download
memory/296-893-0x0000000077850000-0x000000007796F000-memory.dmp

Filesize
1.1MB

Download
memory/296-895-0x0000000002580000-0x00000000026DC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads