5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41

Analysis

max time kernel
161s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
Size

184KB
MD5

f485397ac62148b97964bd00aaefb7a1
SHA1

cfd7631da02f3aaafa68a7d605c3cb22668cd642
SHA256

5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41
SHA512

9a5192aa17c244d5b1958c8d3f62ca1b291b840d5dc4be4f742ac2f72cd3262ccdb33cd3b0b7815903fa9da2399d1d0b6a54c2ae3696491634a26e8fcd2ed2e4
SSDEEP

3072:z3di0koR83jxq4xtWh38hhm+lvMqnvEe/:z3MoS04xO8Pm+lEqnvEe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
1732	Unicorn-13683.exe
1420	Unicorn-59724.exe
3368	Unicorn-30320.exe
3272	Unicorn-20996.exe
3064	Unicorn-61928.exe
2392	Unicorn-21550.exe
4752	Unicorn-12827.exe
4588	Unicorn-34208.exe
3120	Unicorn-57342.exe
4336	Unicorn-6750.exe
2384	Unicorn-38603.exe
4520	Unicorn-30700.exe
2264	Unicorn-10087.exe
792	Unicorn-30599.exe
3764	Unicorn-55759.exe
2228	Unicorn-61187.exe
5048	Unicorn-58494.exe
456	Unicorn-28130.exe
4948	Unicorn-21354.exe
2804	Unicorn-62962.exe
3156	Unicorn-60916.exe
4960	Unicorn-15708.exe
5032	Unicorn-46989.exe
728	Unicorn-7353.exe
2856	Unicorn-46242.exe
4412	Unicorn-21738.exe
2428	Unicorn-56859.exe
5088	Unicorn-32620.exe
4420	Unicorn-63346.exe
5020	Unicorn-5301.exe
1484	Unicorn-43480.exe
2188	Unicorn-65448.exe
1560	Unicorn-20423.exe
908	Unicorn-61940.exe
4568	Unicorn-9210.exe
2656	Unicorn-15261.exe
4564	Unicorn-15261.exe
3448	Unicorn-33736.exe
5136	Unicorn-56194.exe
5160	Unicorn-54711.exe
5188	Unicorn-21846.exe
5196	Unicorn-37363.exe
5220	Unicorn-33544.exe
5352	Unicorn-42672.exe
5376	Unicorn-54924.exe
5392	Unicorn-17976.exe
5412	Unicorn-58816.exe
5440	Unicorn-58816.exe
5456	Unicorn-49278.exe
5448	Unicorn-49278.exe
5476	Unicorn-77.exe
5508	Unicorn-16968.exe
5528	Unicorn-11368.exe
5552	Unicorn-23190.exe
5608	Unicorn-43056.exe
5668	Unicorn-38972.exe
5728	Unicorn-35272.exe
5760	Unicorn-10767.exe
5772	Unicorn-45478.exe
5792	Unicorn-17352.exe
5820	Unicorn-45386.exe
5840	Unicorn-6391.exe
5876	Unicorn-6802.exe
5884	Unicorn-52739.exe

Program crash 9 IoCs

pid	pid_target	Process	procid_target
2108	5528	WerFault.exe	153
7728	5868	WerFault.exe	186
4444	5476	WerFault.exe	151
4072	5868	WerFault.exe	186
7912	5528	WerFault.exe	153
8044	5476	WerFault.exe	151
12820	6884	WerFault.exe	256
15328	7252	WerFault.exe	290
17148	6884	WerFault.exe	256

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
1732	Unicorn-13683.exe
1420	Unicorn-59724.exe
3368	Unicorn-30320.exe
3272	Unicorn-20996.exe
3064	Unicorn-61928.exe
4752	Unicorn-12827.exe
2392	Unicorn-21550.exe
4588	Unicorn-34208.exe
3120	Unicorn-57342.exe
4336	Unicorn-6750.exe
4520	Unicorn-30700.exe
2384	Unicorn-38603.exe
2264	Unicorn-10087.exe
3764	Unicorn-55759.exe
792	Unicorn-30599.exe
2228	Unicorn-61187.exe
5048	Unicorn-58494.exe
456	Unicorn-28130.exe
4948	Unicorn-21354.exe
2804	Unicorn-62962.exe
3156	Unicorn-60916.exe
5032	Unicorn-46989.exe
2856	Unicorn-46242.exe
4960	Unicorn-15708.exe
728	Unicorn-7353.exe
4412	Unicorn-21738.exe
4420	Unicorn-63346.exe
2428	Unicorn-56859.exe
1484	Unicorn-43480.exe
5020	Unicorn-5301.exe
5088	Unicorn-32620.exe
1560	Unicorn-20423.exe
2188	Unicorn-65448.exe
4568	Unicorn-9210.exe
908	Unicorn-61940.exe
4564	Unicorn-15261.exe
5136	Unicorn-56194.exe
3448	Unicorn-33736.exe
2656	Unicorn-15261.exe
5196	Unicorn-37363.exe
5188	Unicorn-21846.exe
5160	Unicorn-54711.exe
5220	Unicorn-33544.exe
5352	Unicorn-42672.exe
5528	Unicorn-11368.exe
5392	Unicorn-17976.exe
5376	Unicorn-54924.exe
5448	Unicorn-49278.exe
5476	Unicorn-77.exe
5440	Unicorn-58816.exe
5508	Unicorn-16968.exe
5552	Unicorn-23190.exe
5456	Unicorn-49278.exe
5412	Unicorn-58816.exe
5668	Unicorn-38972.exe
5608	Unicorn-43056.exe
5792	Unicorn-17352.exe
5760	Unicorn-10767.exe
5884	Unicorn-52739.exe
5728	Unicorn-35272.exe
5820	Unicorn-45386.exe
5772	Unicorn-45478.exe
5840	Unicorn-6391.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4396 wrote to memory of 1732	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	98
PID 4396 wrote to memory of 1732	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	98
PID 4396 wrote to memory of 1732	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	98
PID 1732 wrote to memory of 1420	1732	Unicorn-13683.exe	99
PID 1732 wrote to memory of 1420	1732	Unicorn-13683.exe	99
PID 1732 wrote to memory of 1420	1732	Unicorn-13683.exe	99
PID 4396 wrote to memory of 3368	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	100
PID 4396 wrote to memory of 3368	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	100
PID 4396 wrote to memory of 3368	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	100
PID 1420 wrote to memory of 3272	1420	Unicorn-59724.exe	101
PID 1420 wrote to memory of 3272	1420	Unicorn-59724.exe	101
PID 1420 wrote to memory of 3272	1420	Unicorn-59724.exe	101
PID 4396 wrote to memory of 3064	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	102
PID 4396 wrote to memory of 3064	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	102
PID 4396 wrote to memory of 3064	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	102
PID 3368 wrote to memory of 4752	3368	Unicorn-30320.exe	104
PID 3368 wrote to memory of 4752	3368	Unicorn-30320.exe	104
PID 3368 wrote to memory of 4752	3368	Unicorn-30320.exe	104
PID 1732 wrote to memory of 2392	1732	Unicorn-13683.exe	103
PID 1732 wrote to memory of 2392	1732	Unicorn-13683.exe	103
PID 1732 wrote to memory of 2392	1732	Unicorn-13683.exe	103
PID 3272 wrote to memory of 4588	3272	Unicorn-20996.exe	105
PID 3272 wrote to memory of 4588	3272	Unicorn-20996.exe	105
PID 3272 wrote to memory of 4588	3272	Unicorn-20996.exe	105
PID 3064 wrote to memory of 3120	3064	Unicorn-61928.exe	106
PID 3064 wrote to memory of 3120	3064	Unicorn-61928.exe	106
PID 3064 wrote to memory of 3120	3064	Unicorn-61928.exe	106
PID 1420 wrote to memory of 4336	1420	Unicorn-59724.exe	107
PID 1420 wrote to memory of 4336	1420	Unicorn-59724.exe	107
PID 1420 wrote to memory of 4336	1420	Unicorn-59724.exe	107
PID 4396 wrote to memory of 2384	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	108
PID 4396 wrote to memory of 2384	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	108
PID 4396 wrote to memory of 2384	4396	5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe	108
PID 4752 wrote to memory of 4520	4752	Unicorn-12827.exe	109
PID 4752 wrote to memory of 4520	4752	Unicorn-12827.exe	109
PID 4752 wrote to memory of 4520	4752	Unicorn-12827.exe	109
PID 2392 wrote to memory of 2264	2392	Unicorn-21550.exe	110
PID 2392 wrote to memory of 2264	2392	Unicorn-21550.exe	110
PID 2392 wrote to memory of 2264	2392	Unicorn-21550.exe	110
PID 1732 wrote to memory of 792	1732	Unicorn-13683.exe	112
PID 1732 wrote to memory of 792	1732	Unicorn-13683.exe	112
PID 1732 wrote to memory of 792	1732	Unicorn-13683.exe	112
PID 3368 wrote to memory of 3764	3368	Unicorn-30320.exe	111
PID 3368 wrote to memory of 3764	3368	Unicorn-30320.exe	111
PID 3368 wrote to memory of 3764	3368	Unicorn-30320.exe	111
PID 3272 wrote to memory of 2228	3272	Unicorn-20996.exe	116
PID 3272 wrote to memory of 2228	3272	Unicorn-20996.exe	116
PID 3272 wrote to memory of 2228	3272	Unicorn-20996.exe	116
PID 4588 wrote to memory of 5048	4588	Unicorn-34208.exe	117
PID 4588 wrote to memory of 5048	4588	Unicorn-34208.exe	117
PID 4588 wrote to memory of 5048	4588	Unicorn-34208.exe	117
PID 3064 wrote to memory of 456	3064	Unicorn-61928.exe	118
PID 3064 wrote to memory of 456	3064	Unicorn-61928.exe	118
PID 3064 wrote to memory of 456	3064	Unicorn-61928.exe	118
PID 3120 wrote to memory of 4948	3120	Unicorn-57342.exe	119
PID 3120 wrote to memory of 4948	3120	Unicorn-57342.exe	119
PID 3120 wrote to memory of 4948	3120	Unicorn-57342.exe	119
PID 4336 wrote to memory of 2804	4336	Unicorn-6750.exe	120
PID 4336 wrote to memory of 2804	4336	Unicorn-6750.exe	120
PID 4336 wrote to memory of 2804	4336	Unicorn-6750.exe	120
PID 1420 wrote to memory of 3156	1420	Unicorn-59724.exe	121
PID 1420 wrote to memory of 3156	1420	Unicorn-59724.exe	121
PID 1420 wrote to memory of 3156	1420	Unicorn-59724.exe	121
PID 4520 wrote to memory of 4960	4520	Unicorn-30700.exe	122

C:\Users\Admin\AppData\Local\Temp\5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe
"C:\Users\Admin\AppData\Local\Temp\5eba1a73a193a333fbb297d223e8dd6eef4d50554993f53159fd935082edba41.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4396
- C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1732
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
        8⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
        9⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59112.exe
        10⤵
        
        PID:9096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51990.exe
        10⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
        10⤵
        
        PID:16264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
        9⤵
        
        PID:8360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
        9⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59784.exe
        9⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62401.exe
        9⤵
        
        PID:7368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23076.exe
        8⤵
        
        PID:6412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
        9⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        9⤵
        
        PID:13856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
        8⤵
        
        PID:8464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57965.exe
        8⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        8⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49731.exe
        8⤵
        
        PID:10112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        7⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
        8⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39398.exe
        9⤵
        
        PID:10652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
        9⤵
        
        PID:13440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        9⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
        8⤵
        
        PID:5980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7611.exe
        8⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
        8⤵
        
        PID:12460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31674.exe
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
        7⤵
        
        PID:6288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
        8⤵
        
        PID:9564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        8⤵
        
        PID:15288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11417.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61226.exe
        7⤵
        
        PID:12852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9838.exe
        7⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9210.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16558.exe
        7⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        8⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60475.exe
        9⤵
        
        PID:14840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        8⤵
        
        PID:11332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        8⤵
        
        PID:13472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        8⤵
        
        PID:15980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47081.exe
        8⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
        8⤵
        
        PID:13528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33025.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48174.exe
        7⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60702.exe
        7⤵
        
        PID:11620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7404.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6391.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42942.exe
        7⤵
        
        PID:6884
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 636
        8⤵
        Program crash
        
        PID:12820
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 656
        8⤵
        Program crash
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46865.exe
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39848.exe
        7⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13837.exe
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39241.exe
        7⤵
        
        PID:16176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51037.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28246.exe
        7⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
        8⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3554.exe
        7⤵
        
        PID:11308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65533.exe
        7⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39868.exe
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
        6⤵
        
        PID:8088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60419.exe
        6⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7264.exe
        6⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32630.exe
        6⤵
        
        PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10767.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29133.exe
        8⤵
        
        PID:8756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17011.exe
        8⤵
        
        PID:11468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
        8⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25957.exe
        8⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42240.exe
        7⤵
        
        PID:6928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45083.exe
        8⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6766.exe
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12351.exe
        7⤵
        
        PID:11324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46389.exe
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8468.exe
        7⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2089.exe
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51302.exe
        7⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        8⤵
        
        PID:14616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10842.exe
        8⤵
        
        PID:17192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        7⤵
        
        PID:8824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3033.exe
        7⤵
        
        PID:14988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17378.exe
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        7⤵
        
        PID:11536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
        7⤵
        
        PID:12504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
        7⤵
        
        PID:14864
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20659.exe
        6⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30818.exe
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
        6⤵
        
        PID:8352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        6⤵
        
        PID:16160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20423.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35272.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30690.exe
        7⤵
        
        PID:7120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24110.exe
        8⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5835.exe
        8⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
        8⤵
        
        PID:12768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
        8⤵
        
        PID:16068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        7⤵
        
        PID:8976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
        7⤵
        
        PID:4616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11202.exe
        7⤵
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22692.exe
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
        7⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34668.exe
        7⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        6⤵
        
        PID:8300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38343.exe
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25149.exe
        6⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
        5⤵
        Executes dropped EXE
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30616.exe
        6⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
        6⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19789.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
        6⤵
        
        PID:13464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        6⤵
        
        PID:15280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11453.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
        6⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
        6⤵
        
        PID:9124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16376.exe
        5⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
        5⤵
        
        PID:10556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60014.exe
        5⤵
        
        PID:13140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17949.exe
        5⤵
        
        PID:10948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37410.exe
        7⤵
        
        PID:6136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32636.exe
        8⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        9⤵
        
        PID:11572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
        9⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
        9⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10351.exe
        8⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        8⤵
        
        PID:12172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12354.exe
        8⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
        8⤵
        
        PID:15940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55260.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10080.exe
        8⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        8⤵
        
        PID:15048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
        7⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58105.exe
        7⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
        7⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
        7⤵
        
        PID:11768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
        7⤵
        
        PID:14412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13075.exe
        6⤵
        
        PID:6604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62981.exe
        7⤵
        
        PID:13280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
        7⤵
        
        PID:16480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        6⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22657.exe
        6⤵
        
        PID:2000
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        6⤵
        
        PID:13840
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54711.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
        6⤵
        
        PID:3228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31924.exe
        7⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
        8⤵
        
        PID:16340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2759.exe
        7⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65290.exe
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
        7⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
        7⤵
        
        PID:12548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-983.exe
        7⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25625.exe
        6⤵
        
        PID:9108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        6⤵
        
        PID:11268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        6⤵
        
        PID:14548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24647.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49164.exe
        6⤵
        
        PID:608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45716.exe
        7⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1913.exe
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
        6⤵
        
        PID:12604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
        6⤵
        
        PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50051.exe
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61025.exe
        6⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25293.exe
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17531.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14830.exe
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23284.exe
        5⤵
        
        PID:8752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33544.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
        6⤵
        
        PID:5208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31218.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25831.exe
        8⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51192.exe
        7⤵
        
        PID:9732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3200.exe
        7⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13935.exe
        7⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13651.exe
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        7⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21838.exe
        7⤵
        
        PID:14824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
        6⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12735.exe
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55339.exe
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28618.exe
        5⤵
        
        PID:5816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52407.exe
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
        7⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
        6⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
        6⤵
        
        PID:5656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50513.exe
        5⤵
        
        PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        5⤵
        
        PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
        5⤵
        
        PID:6496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37363.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64052.exe
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16492.exe
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
        7⤵
        
        PID:10248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
        7⤵
        
        PID:12500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19919.exe
        7⤵
        
        PID:14984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52982.exe
        6⤵
        
        PID:10216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
        6⤵
        
        PID:13420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48157.exe
        5⤵
        
        PID:4500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
        6⤵
        
        PID:12760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        5⤵
        
        PID:8292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52755.exe
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11700.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37147.exe
        5⤵
        
        PID:14816
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35085.exe
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18438.exe
        5⤵
        
        PID:6916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31780.exe
        6⤵
        
        PID:2876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
        6⤵
        
        PID:14608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        5⤵
        
        PID:8800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7778.exe
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        5⤵
        
        PID:13624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21527.exe
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
      4⤵
      PID:4092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        5⤵
        
        PID:10544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43359.exe
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26036.exe
        5⤵
        
        PID:13708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60096.exe
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63784.exe
      4⤵
      PID:1460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49347.exe
      4⤵
      PID:9848
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40351.exe
      4⤵
      PID:5864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9155.exe
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2264
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
        7⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
        8⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33704.exe
        8⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        8⤵
        
        PID:12772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        8⤵
        
        PID:14460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
        7⤵
        
        PID:8120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11119.exe
        7⤵
        
        PID:10444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30480.exe
        7⤵
        
        PID:5240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
        7⤵
        
        PID:8608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
        7⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        7⤵
        
        PID:13568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20687.exe
        7⤵
        
        PID:15944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30475.exe
        6⤵
        
        PID:7792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56811.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64102.exe
        7⤵
        
        PID:15784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        6⤵
        
        PID:10720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60901.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37531.exe
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23190.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11701.exe
        6⤵
        
        PID:5368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
        7⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
        8⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
        8⤵
        
        PID:12720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34474.exe
        8⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe
        7⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
        7⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        7⤵
        
        PID:13756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        7⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65261.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44891.exe
        7⤵
        
        PID:12636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35321.exe
        7⤵
        
        PID:3956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3781.exe
        6⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50516.exe
        6⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
        6⤵
        
        PID:5924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2669.exe
        6⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37414.exe
        5⤵
        
        PID:6332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18634.exe
        6⤵
        
        PID:8220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21761.exe
        6⤵
        
        PID:14436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
        5⤵
        
        PID:3972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21039.exe
        5⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63741.exe
        5⤵
        
        PID:15176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10923.exe
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        7⤵
        
        PID:11384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
        7⤵
        
        PID:13520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9587.exe
        7⤵
        
        PID:16304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61343.exe
        6⤵
        
        PID:7952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16957.exe
        6⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11621.exe
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5146.exe
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
        6⤵
        
        PID:16636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3450.exe
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
        6⤵
        
        PID:9024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
        7⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
        6⤵
        
        PID:12008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-703.exe
        6⤵
        
        PID:15064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
        5⤵
        
        PID:7824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        5⤵
        
        PID:10712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        5⤵
        
        PID:12492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39669.exe
        5⤵
        
        PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45478.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
        5⤵
        
        PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        6⤵
        
        PID:13288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41735.exe
        6⤵
        
        PID:15704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44561.exe
        5⤵
        
        PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52017.exe
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61024.exe
        5⤵
        
        PID:15920
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
        5⤵
        
        PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40863.exe
        5⤵
        
        PID:10172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
      4⤵
      PID:8172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
      4⤵
      PID:10584
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9470.exe
      4⤵
      PID:16488
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43056.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7747.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        7⤵
        
        PID:11376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
        7⤵
        
        PID:14372
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
        7⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        6⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51822.exe
        6⤵
        
        PID:11456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        6⤵
        
        PID:13552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        6⤵
        
        PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53035.exe
        5⤵
        
        PID:6588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27983.exe
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
        6⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65286.exe
        5⤵
        
        PID:7788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20185.exe
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62795.exe
        5⤵
        
        PID:11548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54610.exe
        5⤵
        
        PID:15660
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11706.exe
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1909.exe
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
        6⤵
        
        PID:12484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11367.exe
        6⤵
        
        PID:16352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7970.exe
        5⤵
        
        PID:1636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52100.exe
        5⤵
        
        PID:384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57392.exe
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
        5⤵
        
        PID:10176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
      4⤵
      PID:6616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        5⤵
        
        PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59634.exe
        5⤵
        
        PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
      4⤵
      PID:9088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
      4⤵
      PID:4436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61932.exe
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
      4⤵
      PID:6112
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2428
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7503.exe
        6⤵
        
        PID:7840
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
        7⤵
        
        PID:5132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39213.exe
        7⤵
        
        PID:3040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36867.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13811.exe
        6⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49931.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
        5⤵
        
        PID:7856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        5⤵
        
        PID:10696
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
        5⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37593.exe
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        5⤵
        
        PID:17208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58489.exe
      4⤵
      PID:6316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19964.exe
        5⤵
        
        PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
        5⤵
        
        PID:6348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
      4⤵
      PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33497.exe
      4⤵
      PID:13616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
      4⤵
      PID:10080
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43062.exe
    3⤵
    PID:5964
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1001.exe
        5⤵
        
        PID:9012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41513.exe
        6⤵
        
        PID:13364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63692.exe
        6⤵
        
        PID:16276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1416.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-188.exe
        5⤵
        
        PID:13428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26500.exe
        5⤵
        
        PID:16132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18494.exe
      4⤵
      PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18520.exe
      4⤵
      PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-365.exe
      4⤵
      PID:14524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25644.exe
    3⤵
    PID:5364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
      4⤵
      PID:6796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46628.exe
    3⤵
    PID:9060
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
    3⤵
    PID:12180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29189.exe
    3⤵
    PID:13500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
    3⤵
    PID:15764
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        7⤵
        
        PID:448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43124.exe
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61066.exe
        8⤵
        
        PID:11964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
        8⤵
        
        PID:13492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18249.exe
        8⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
        8⤵
        
        PID:8140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47684.exe
        7⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46022.exe
        7⤵
        
        PID:12588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25094.exe
        7⤵
        
        PID:14828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15510.exe
        6⤵
        
        PID:6360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18276.exe
        7⤵
        
        PID:9832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
        7⤵
        
        PID:11316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48369.exe
        7⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6765.exe
        6⤵
        
        PID:7252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9888.exe
        7⤵
        
        PID:13116
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 664
        7⤵
        Program crash
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        6⤵
        
        PID:10516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        6⤵
        
        PID:12072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29669.exe
        6⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        6⤵
        
        PID:10348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16968.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65204.exe
        6⤵
        
        PID:5868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 488
        7⤵
        Program crash
        
        PID:7728
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 488
        7⤵
        Program crash
        
        PID:4072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20528.exe
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24295.exe
        7⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15806.exe
        6⤵
        
        PID:10876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7843.exe
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64310.exe
        5⤵
        
        PID:5912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22278.exe
        6⤵
        
        PID:7924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27241.exe
        7⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64483.exe
        6⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
        6⤵
        
        PID:13508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
        6⤵
        
        PID:15888
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52355.exe
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-968.exe
        6⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26409.exe
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43789.exe
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51203.exe
        5⤵
        
        PID:13684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52064.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58816.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44566.exe
        6⤵
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10347.exe
        7⤵
        
        PID:8340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29070.exe
        7⤵
        
        PID:3844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
        7⤵
        
        PID:14756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14280.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25125.exe
        6⤵
        
        PID:10380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30027.exe
        6⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13564.exe
        5⤵
        
        PID:6248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        6⤵
        
        PID:8876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        6⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
        6⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27870.exe
        6⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57118.exe
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37574.exe
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
        5⤵
        
        PID:9756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25441.exe
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46512.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10835.exe
        6⤵
        
        PID:2376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57558.exe
        6⤵
        
        PID:11420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48377.exe
        6⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49091.exe
        5⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14512.exe
        6⤵
        
        PID:16656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
        5⤵
        
        PID:8368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62176.exe
        5⤵
        
        PID:9824
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35111.exe
      4⤵
      PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58562.exe
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65119.exe
        6⤵
        
        PID:13256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
        6⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38364.exe
        5⤵
        
        PID:1840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
        5⤵
        
        PID:13804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
        5⤵
        
        PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54318.exe
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
        5⤵
        
        PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
        5⤵
        
        PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51675.exe
      4⤵
      PID:10632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23714.exe
      4⤵
      PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12926.exe
      4⤵
      PID:14272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
      4⤵
      PID:10400
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3764
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-77.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-77.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5476
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 628
        6⤵
        Program crash
        
        PID:4444
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 628
        6⤵
        Program crash
        
        PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21986.exe
        5⤵
        
        PID:5680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16418.exe
        6⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
        6⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52846.exe
        6⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
        6⤵
        
        PID:14128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38273.exe
        6⤵
        
        PID:15544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27631.exe
        5⤵
        
        PID:7624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63855.exe
        5⤵
        
        PID:9900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65177.exe
        5⤵
        
        PID:11972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
        5⤵
        
        PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52739.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39002.exe
        5⤵
        
        PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        5⤵
        
        PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29712.exe
        5⤵
        
        PID:11724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24030.exe
        5⤵
        
        PID:13772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1299.exe
        5⤵
        
        PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
      4⤵
      PID:7108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29709.exe
      4⤵
      PID:8840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52232.exe
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4729.exe
      4⤵
      PID:14396
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38972.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9318.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
        5⤵
        
        PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51466.exe
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31243.exe
      4⤵
      PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
      4⤵
      PID:11216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
      4⤵
      PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18237.exe
      4⤵
      PID:16116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21000.exe
    3⤵
    PID:5948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61416.exe
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58422.exe
        5⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
      4⤵
      PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45713.exe
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
      4⤵
      PID:14168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      4⤵
      PID:15960
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
    3⤵
    PID:6980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15230.exe
      4⤵
      PID:10376
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7972.exe
      4⤵
      PID:5316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52950.exe
      4⤵
      PID:9720
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
    3⤵
    PID:8264
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11947.exe
    3⤵
    PID:4824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51270.exe
    3⤵
    PID:6528
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
    3⤵
    PID:10088
- C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3064
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33736.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54083.exe
        6⤵
        
        PID:6132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22522.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61336.exe
        8⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15974.exe
        8⤵
        
        PID:15644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52319.exe
        7⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21591.exe
        7⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23288.exe
        7⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
        6⤵
        
        PID:6232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16303.exe
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56649.exe
        7⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56189.exe
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60256.exe
        6⤵
        
        PID:7280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
        5⤵
        
        PID:5516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12215.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37456.exe
        6⤵
        
        PID:9964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
        6⤵
        
        PID:11684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49520.exe
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24473.exe
        5⤵
        
        PID:8472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47354.exe
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
        5⤵
        
        PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
        5⤵
        
        PID:9844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15427.exe
        5⤵
        
        PID:5304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42558.exe
        6⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
        7⤵
        
        PID:11580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
        7⤵
        
        PID:13740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        7⤵
        
        PID:15852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41271.exe
        6⤵
        
        PID:10892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22442.exe
        6⤵
        
        PID:13896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7309.exe
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        5⤵
        
        PID:8308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14196.exe
        5⤵
        
        PID:12836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28185.exe
        5⤵
        
        PID:14476
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38462.exe
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14353.exe
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33961.exe
        6⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
        6⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60024.exe
        5⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45600.exe
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34137.exe
        5⤵
        
        PID:13780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
      4⤵
      PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51108.exe
        5⤵
        
        PID:8052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24359.exe
      4⤵
      PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19002.exe
      4⤵
      PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5702.exe
      4⤵
      PID:6396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62973.exe
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15261.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60160.exe
        5⤵
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30872.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
        7⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
        7⤵
        
        PID:5328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20583.exe
        7⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23845.exe
        6⤵
        
        PID:8348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21046.exe
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
        6⤵
        
        PID:8320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
        6⤵
        
        PID:15908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31244.exe
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48617.exe
        6⤵
        
        PID:12476
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7937.exe
        6⤵
        
        PID:15208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-517.exe
        5⤵
        
        PID:8284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56839.exe
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60465.exe
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27199.exe
        5⤵
        
        PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
      4⤵
      PID:5424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
        6⤵
        
        PID:13748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52731.exe
        6⤵
        
        PID:15988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
        5⤵
        
        PID:184
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52703.exe
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50673.exe
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27749.exe
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34162.exe
        5⤵
        
        PID:10568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30120.exe
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62872.exe
        5⤵
        
        PID:16208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
      4⤵
      PID:8240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14515.exe
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2259.exe
      4⤵
      PID:13248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-12552.exe
      4⤵
      PID:15900
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59858.exe
        5⤵
        
        PID:7212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64047.exe
        5⤵
        
        PID:10528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58450.exe
        5⤵
        
        PID:12448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25983.exe
        5⤵
        
        PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
      4⤵
      PID:7896
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
      4⤵
      PID:9932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4511.exe
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41182.exe
      4⤵
      PID:11568
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42381.exe
    3⤵
    PID:5616
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47415.exe
      4⤵
      PID:9192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-671.exe
      4⤵
      PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50461.exe
      4⤵
      PID:15872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
      4⤵
      PID:15300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30693.exe
      4⤵
      PID:6040
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
      4⤵
      PID:16088
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
    3⤵
    PID:10800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2516.exe
    3⤵
    PID:13160
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49278.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26532.exe
        5⤵
        
        PID:7976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59936.exe
        5⤵
        
        PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3453.exe
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15478.exe
        5⤵
        
        PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6753.exe
        5⤵
        
        PID:15632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22308.exe
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23752.exe
        5⤵
        
        PID:8868
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22604.exe
        5⤵
        
        PID:11400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15730.exe
        5⤵
        
        PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26910.exe
        5⤵
        
        PID:15844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34559.exe
      4⤵
      PID:7736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
      4⤵
      PID:11036
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64741.exe
      4⤵
      PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
      4⤵
      PID:14580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17352.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64540.exe
      4⤵
      PID:6456
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28992.exe
      4⤵
      PID:3692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11503.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46240.exe
      4⤵
      PID:12228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32006.exe
      4⤵
      PID:13972
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29311.exe
      4⤵
      PID:9880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58986.exe
    3⤵
    PID:6940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
      4⤵
      PID:11588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3530.exe
      4⤵
      PID:9684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6382.exe
    3⤵
    PID:8208
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
      4⤵
      PID:996
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-58288.exe
    3⤵
    PID:11072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6981.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6981.exe
    3⤵
    PID:13132
- C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42672.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34260.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12205.exe
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
        5⤵
        
        PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17100.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40014.exe
      4⤵
      PID:7812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62997.exe
        5⤵
        
        PID:15268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60539.exe
      4⤵
      PID:10704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34066.exe
      4⤵
      PID:12256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37837.exe
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23818.exe
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38068.exe
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56759.exe
        5⤵
        
        PID:13296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40469.exe
        5⤵
        
        PID:17280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39978.exe
      4⤵
      PID:10276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63125.exe
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26090.exe
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
      4⤵
      PID:15104
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-20467.exe
    3⤵
    PID:8744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6724.exe
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
    3⤵
    PID:6188
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
    3⤵
    PID:15144
- C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 488
    3⤵
    - Program crash
    PID:2108
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 488
    3⤵
    - Program crash
    PID:7912
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33774.exe
  2⤵
  PID:6572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54478.exe
    3⤵
    PID:8904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46533.exe
    3⤵
    PID:4072
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34806.exe
    3⤵
    PID:6516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
    3⤵
    PID:15488
- C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-33317.exe
  2⤵
  PID:7260
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50426.exe
  2⤵
  PID:10540
- C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
  2⤵
  PID:9980
- C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-53728.exe
  2⤵
  PID:15160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1036 --field-trial-handle=3240,i,13319578961094268484,16557498665191861597,262144 --variations-seed-version /prefetch:8
1⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 5528 -ip 5528
1⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 5476 -ip 5476
1⤵
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5868 -ip 5868
1⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 540 -p 6884 -ip 6884
1⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 7252 -ip 7252
1⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 6884 -ip 6884
1⤵
PID:17028

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe

Filesize
184KB

MD5
f0c37f9fc42858cf1736223e2f950e0b

SHA1
07c6cd153a63d71d13c4ab7e83ac6727a1538872

SHA256
2fe8ae37e177efe09fb33abb946bc4afd0c1659558e629a0c7241b6258154cb7

SHA512
0a969cec1c499d3f2c82d145b0df14791c1776103559e7a2c1d6a92824c617061557a73cd6a797cfb6eb55658b5e4a35d59bb313384c569498880e364049fb31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12827.exe

Filesize
184KB

MD5
19fd90b76b3ca2cd5082fd078b84d15c

SHA1
0100a7c07a05887c2850dd007af865e470cae51c

SHA256
c4975c8e6be2afc193c372d0f1d0683610d0f087c9a5eea2df1c51c0ae3774e5

SHA512
19bec83b5627f9af514b815afd8eedd51a84f1433c630f4910c794c50dc8bd74254e55782f9b8ed6ae3d285aef91f1f261111ef8e9f72cdd5df1b3d1b6a39df8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe

Filesize
184KB

MD5
91e16cc677b9678f6513837ac8021a9b

SHA1
b20ba4448cb26c55f4d40a588467edf18f495095

SHA256
5c1236f7640e2f990f0995197586e3a2fa6a106a707ad56e6407ebecf712e308

SHA512
501fa7ad6aa0732d8dc4b528df4e541890e37b565a00d99441abdfa189939fca32e609447a29a2767fae0cff9102a2d259057de416b71c40e0188fb4ee16d0d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15708.exe

Filesize
184KB

MD5
9f4e9a81db94eea5a70c3fb7edcebb1e

SHA1
5e09c8b653a7a15930bff700dd6c7e0ef48eb1e4

SHA256
c66c5576da2f7da1cc5db26f389d0f53c12013c26ecab26581041475e4219878

SHA512
f931385c27363500eb9b0cacc2267ae9eeb55148989c1f1fd56c98b6e4036fb8a3a4e6336c8bb8f44ab6bf1af95b317e094b4c9206df7abc27de060a0e36bb7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20996.exe

Filesize
184KB

MD5
60c6362dbcfdaee30cff264ce49fdf82

SHA1
862985b21b553f90b61854542336cb1f38c3da87

SHA256
376f1b71fca7a859a62cc6b0e12c869096cdd749049ed4cacd6eeb8b1fbdb254

SHA512
224fd2f8456ef803c7c7b532be1897481dde60cafa25872cbe75288e88bba84f60272325ff565dfda1dffa6788db51f3cb0d819d066fb8b8792d75f9baa33b70

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21354.exe

Filesize
184KB

MD5
4b98d49db0af79ffcfb1096abab0656a

SHA1
769f3e3e023cf1f76c9536e9145b873402907a16

SHA256
08b78b8d90b8ae28c033e003c8d9f74aab67a37c341dfed1676cc92e7226a2bf

SHA512
4b2e905d3f8f0d6a01a724a66f59f00ae06b939353ae1d0da4c3bec7ee7b290a33a51f5b93ca974f1b42a7a46ae9df7538d96188c4d1672e0128fed0f94f3344

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21550.exe

Filesize
184KB

MD5
888cdc19a365c5617726388776d7a9a8

SHA1
a625c850eef00210419a7150c46ba2eccb894278

SHA256
26e4b0b89c3f851a9ef2f94ea9000a1022bb691f94bea2c5ffbdd4711ccabcab

SHA512
75bd90e63be2d2329dad73d98083259aa31a9c8cab2e66e5e3f88cc493abff4a26cdbbc7d7a74e15067da5f63b27f6758a97de1d555a8523560ee2598a289704

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe

Filesize
184KB

MD5
4dec9c2110f404d7e611baafbcd18b3b

SHA1
6f34e0a4cc5172837e9b5c3af5e9913e82a8b021

SHA256
a02022fe98f9c6ce761e8b9e2dc8487710d79c29cff818bfbea8cd8c573da8ef

SHA512
bf752d60bcef60b7cee893bba7b394e1e2c55bcc8b05ed7dceafd221b4b2e36c7558870f6e104ace051d4ba1adb01e16d70d42d80adae6edf3fca4ff94d28124

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe

Filesize
184KB

MD5
a6846fea257894d6ed67e537c63f696a

SHA1
f258c233c726e200570f51eff7986a9243acd445

SHA256
441212166d6c947e152c0bab6f40a023410e7f4f888baed908a937d340122bc7

SHA512
98e17ae0b461213932cec7bff2b8b74df5e742b29235768ea8c88fa8e5f41af06fa63112546d6bfc627759c0d9339b378ee8953318cb7853e9433a6f1f330214

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe

Filesize
184KB

MD5
fe5e7c956f141b789b0795fd5286a78d

SHA1
bc605407d13f7362e1b9093b00f72892cf883a73

SHA256
94c275fa852ea9587136e0eb5ee3202fa1edeeab9e61d4b019390becab128764

SHA512
03f0f4126fb188fdfc073a845d3c317937366c404e40de82b715cd4579fd8187b9ebbbffc0e33d6b08f8fc364300a8060a5eceb248beaf6d69e7836c724fdebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe

Filesize
184KB

MD5
85139963ab508d1ec9c5d8e4d6ee3786

SHA1
b151d41760bcdac0567448cd417c385c04661ed5

SHA256
b10ae7837b39a1a00bfc6602a1bf1517d9a194dd8cefaa4e8955ab99bcdcecc9

SHA512
38642d34d9c1a3220fff6aaf936eb761568367e76f7ef9cb099c891ce39ad8c27f3e99267417578e61d3241b55c39a84f613e6a8335a55a58bd610ec030dd97b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe

Filesize
184KB

MD5
903ca9914eea5f1a00583f6d965551e6

SHA1
2002733952d1a6723f39ecd22722c18275fb6d90

SHA256
bacedcf193d855e535f210a7d30c33eb270461904f56c3d0e94e5c3ddd9ae97d

SHA512
6e82656a414e489bd400d367c559dcd4a671367a7ae2f6173e1e91e2db10d1574b484914f4835eb494213869fc2e328d8f9237915b75a9053603cd3da1511cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32620.exe

Filesize
184KB

MD5
676547191663e916211f82e5c034f2b3

SHA1
df9729a91b9e88b8b9d8e6efbc35d428874c54aa

SHA256
109321ac99b5198c1fd7f895158acdf9466606b876dace6f1d1206cd2fe77695

SHA512
fbdcec678a9984baadd050c058c61ff2dfe7dae53b3eddb0fcd7d36ffa694f4489404ef9c8a17ccf529e11381b1bdde26269bb942275b2ceac427743aa1f9e49

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe

Filesize
184KB

MD5
7db2b3ad6f19ee01c6be5ec4d19c4fa5

SHA1
38d9429a4c69ef85473450a9631bdf32c48beac8

SHA256
6a8cf12f4ca0099c5796b291359bf9b6ff964a2b8af014c4a4e0d73a61ccb0fc

SHA512
d976e197d4c37a2915c715d1a6d926f81ab0f33cb4f1372dc593fcc3b9dac00a98305774c6281282c5d9ed1824ebdb728ed9c6c419dd3d0d39cf67f72830b251

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38603.exe

Filesize
184KB

MD5
ca19386b4d0859ab2dfac41c0533293f

SHA1
1ec6e4091a097ebfe360c6912f6255878c0aa492

SHA256
0859448ec939bdec63b5a8bd73972231e435961536abb9578c1bec976515b917

SHA512
5e1c3d84771d0ce00911fdd64381f5827566a6adff36a30230def33a0d910dc329eefedd6b23cd2a5da341fc37cce9088d23b95904fc2f4a10ecdb6bb8da0a9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe

Filesize
184KB

MD5
8608d82477ec3e97b32420b4c15d0b78

SHA1
1c2395e15de3d31335ed22cb50308050628be726

SHA256
532c3ffe04887bd15514b1a8bec657c07f4a718ebc74b1f9d86081e40a419b38

SHA512
ef3dfc24c33dc59d966f83bec189465feab01c66e1e82c35976f85f2779add1814c43f0ab9f575e079e9e080929380dfa9506d8595f1b2cd99f4861ddf0bf8f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe

Filesize
184KB

MD5
d64c7dcf112432e5f1fdec054ca78a5c

SHA1
df5658db64c940c705c6bf7b3c2453df2eb458e8

SHA256
983a14a156e2ef4719bff18629416b8b2f865bb3c484c253c8f576529398a826

SHA512
393ffdf488ebfc080796a35f6d44d0d741913070ef83a7b81b30d032333c1537ad98b493e608a1364d2be5a0a6f57be077467eaaa0fce106a521b498d13a580d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe

Filesize
184KB

MD5
e116ee14bcc6137707f9e73eb90a043a

SHA1
8257eed8683c93986f760d81d2eb5895ab262254

SHA256
12ede40ce6b014b2a57d4d43d5aca8c10e4d7e357ab7d110960ec801c444e1e6

SHA512
90e7d8d99b989e83f93ecef255e080154e1581f56e577e85bd3ba90b9badbee35add8f3a381cfd30c047794d5045f5112365607055036855194149fbf3c8546a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4872.exe

Filesize
64KB

MD5
fbd785e6200d54e16351def07fb88e13

SHA1
fac0385e08ef8b87303b8f6adc52907a923788bb

SHA256
846f236a5db8c9a4dabd531036b28524d92e8c4aeeb02e4a3c092a8077c3186f

SHA512
397958252005d36e71183a5b7df164821b20ef448fe731c7f52d4471cc3923ead9d11bde139be7d5e3a305150d86810597361c842540c1a0f57edba0d359ee6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe

Filesize
184KB

MD5
3a8b70e975046688857cd1fcc7560f18

SHA1
f539d58d13bf77c29963638eac4d9b05abb2b056

SHA256
c40ee4a629c3108e1fb2220c1c3e0984a72e75e373781a7dbc4c102bfad4db69

SHA512
bf1680223a17fc7f7a08bd9d2dff26a6ae8d0013ed72955f339be96fd945ca8e92d5a508647760d16d49f366f3888077e806a945feedce3058bd8d77db988986

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55759.exe

Filesize
184KB

MD5
14358a48a8e3649690eaf65f23d680df

SHA1
5f60f3bc044295ba9d57c7efae69d2114f10cd4d

SHA256
817ea0b249c4de13ecb5b6a11d172e9dacfc09fb6e183d62a6c0cfcb2742b379

SHA512
cbd893699c243703d7c96e135eb191e935ceedc2f109297037de1bd82ea56247e2157d53a5450c21dd3a274ebd4b395bbd082df65af9f16da3d26cc1ef8b87a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56859.exe

Filesize
184KB

MD5
450c3fa0f29375fdf608edf8d18cd929

SHA1
cfaef9d1a200131d04a4b93e3e402e03a0d29aee

SHA256
656797ddffbd7f3148a7cb4f662bf9e52be8bdd19e371a40ea374d86376af9d4

SHA512
1e62e6c5dbce558e7613a66867642fcff93dd1d3253f55b621f92464aca962ad5405672450b695ef178c41393e82aab92793b685621199ea5debbebeaecf3795

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57342.exe

Filesize
184KB

MD5
047f5948de2f23de1ec683da3ab5c7e8

SHA1
a05d75cd6f1a0898086f7538e92333dc03e2bb15

SHA256
17cd16072163dcaa1cd8c46272bb602edaaf9979ba999a212cffb70472d034de

SHA512
bbd88e7cc9892ae42cefbebf32e25ddf510aad46b67a4a6794ad903b2665386d8112268948c4a93ee39abadcc0b759dd0efdaeb90fc729cd1c0367c6a16cc3e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe

Filesize
184KB

MD5
162eb00a68a113d951e914de78a26958

SHA1
ab228276c81bdcb56fe970f90d48a05d0c3d20df

SHA256
a2f2353cfa2faa36444506bcaea97108ccfd43bae3c66c46d885bc0788f24b3c

SHA512
b4ae38cbf5386d16ccd0934f58e2f479801eac876106a7b926cbc48fb24800af4698f7a00a59ae83757c9f2e13f75f1c8e2c67af11ccc210ee0505f98c806423

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59724.exe

Filesize
184KB

MD5
ea5c7d72c250b08a3ca15cdef6d0188d

SHA1
56b0f95e790a206c99bc4ff7608e928755dfe38b

SHA256
c30f50a6c915dce59637288b36df74b57d41c8f8a8adc00ea78e126b335f0066

SHA512
7799c4562369c3e468697303c747275d010778690e0f3b1a6c70119123d44454b343b5e17a3532b2a0f514ce265097095c5c7b2e40cfe9b822700129b4c0d9c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe

Filesize
184KB

MD5
6898e2e9adaab767fe844c8836d6edca

SHA1
b0246a6b551eab7675f346caaf7397d0e8a7308a

SHA256
4e33682ec87fb54fd6ff99ee6269cb0d846782a896bee97270c68c645e86d79e

SHA512
02f2bcb14b666c90632373fe0f80bb126969b5cb522b6ce2bef6774636325fe1e635389cddc04557de7b8a0602341eec88819a46978ed922ccd52587221e459f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe

Filesize
184KB

MD5
1e3cc231fda3c26ab59a46677b17ae38

SHA1
85e3daee8672ef85b583b2acc61f86386cb8c986

SHA256
daf536acb6c9b39b62c212830108786aada1d6df82f3fe82f1e5ba4473881eac

SHA512
eabc76b3be7f3b4a92fd0b391461d2774389974f542a07e2d08852eeb7f4f1d7a1c1a20ede3b72cdbd5083952482cb3fde4fcf2432c92c027e8986977bb95c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61928.exe

Filesize
184KB

MD5
51d532ee855c52e95200af6a661e8077

SHA1
72e2a5e122c10bb62594202d53514d118bb0ee72

SHA256
851d1fa9010d3cefa4b391fa414335fdb43a58f99daeb6bf32d5d0a81cd512b9

SHA512
c1b7c104cacab1f217ad78e6310fd858a31a140f0a55760e59d79ec7d4c4ce13bbe1821d4e78a24327d49cfa7ea1640b4b77670eaf86caeea67822264f225c10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62962.exe

Filesize
184KB

MD5
e7b302cd602cf7d08a285b816d1524d2

SHA1
26c17adcd07317be8571d0c1ac108d067a425f9d

SHA256
3595eb9b0b7834c6b0fd609568ce1675e4e0256701e1e43d878b8d42f1e6d8fb

SHA512
4f6fa0dd5c07265abdc962f8b53e8178d9d51496ab7aa9ecd1fecf12a14589b6fe6caf67f69aff550415834d59e5313ea3b8b60228065331187d64e2c54c1f9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63346.exe

Filesize
184KB

MD5
915f59362a8ece7b23921e9ac4c71cf1

SHA1
af3467c36750c21e8b0a5f5e9f7382cf8a7f404e

SHA256
7efc4a0f0dce334a5d643054ce3ab1ed4ca31a1073fc74d57f7a28dd79d5e416

SHA512
976825f244819b7edfba36d216f195ac3eb980d35f80aa90cc35e3c331e9f1c4451a47a538203d6ad0d6139d9a8daaa96986e46e3236b0f64438734cfd9752c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65448.exe

Filesize
184KB

MD5
b0d87858357ea3b14f243271b7e22e53

SHA1
f2ebd3c186b7e21e24cd160140e3e3d32d672786

SHA256
04457cc52698a9ef98e397a0e1c3807217db30e5efc77c5b7b31dc29546ed963

SHA512
4cc012f7fe85c5d5b15aab1bcff878d558a718de98c4734d180e8cff44f5e67af559c49d21093c50d92f26d47d5a24016e946a000e88e7b058ec8fb3ce5d0a38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe

Filesize
184KB

MD5
72bc2aaaa1aa89d25f1e77ffce0fe80d

SHA1
23166e6f98eef1713ffd912a0d39d55d7bc94a53

SHA256
c259338f766583a4614d8d777fb8c4d5a4acab291541cdad01d008b851ad2f5f

SHA512
d39b46f431452d582213e8e989a4aad7cd29cf2cb6a0b3b1c7ad0ce21a51e6f1c495ec394501c626648c222c510fb017c6855eba855f513e947b8147abf7e7f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7353.exe

Filesize
184KB

MD5
1109d0cb71d9707eccac4265c9541b5f

SHA1
50afc97f6d6afe63dabad54d6523580c171d813c

SHA256
1ddfa86c963e04e1290ecd32d2e37fe28bdd46b8a54c9b8237e2fc064d4fdef6

SHA512
2b66dbf267f18af0fef7e6cb154c7d3e6694af099e2f888de17e581f1942212a6608e5801648b525107bea8072954c32a6d549928dff73c240630ba9fbaf66ee

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads