1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91

Analysis

max time kernel
150s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16/04/2024, 19:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe
Size

184KB
MD5

c05ddc7f3005f8505bcd3deda028b0c3
SHA1

635f498ea4673a5e8a4e05aa1edb6a69b45af059
SHA256

1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91
SHA512

0c93ce332fec1fbc19ffdd65c7f0e6b23dc260106279b1976d5282bfca36eaa77b9981356d851067495ea4921c9798ebf4bfdf640af33de96527b1fc8491f36f
SSDEEP

3072:XC1++aonjzQ46AntZDJ8tFMIlvnqnviuj:XCAowbAn98nMIlPqnviu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
968	Unicorn-45309.exe
4012	Unicorn-62797.exe
2932	Unicorn-63352.exe
4840	Unicorn-57727.exe
2628	Unicorn-11219.exe
4820	Unicorn-16695.exe
744	Unicorn-14648.exe
4412	Unicorn-8308.exe
2880	Unicorn-31421.exe
2496	Unicorn-51287.exe
5088	Unicorn-49241.exe
4824	Unicorn-28729.exe
1272	Unicorn-32813.exe
3800	Unicorn-32548.exe
2292	Unicorn-12947.exe
2368	Unicorn-59180.exe
3276	Unicorn-13508.exe
4716	Unicorn-42097.exe
4048	Unicorn-1156.exe
2604	Unicorn-54349.exe
3376	Unicorn-1064.exe
2720	Unicorn-51946.exe
1804	Unicorn-22039.exe
2904	Unicorn-55533.exe
3976	Unicorn-33737.exe
1620	Unicorn-59009.exe
2796	Unicorn-24199.exe
4312	Unicorn-30975.exe
4452	Unicorn-54925.exe
4468	Unicorn-13984.exe
1676	Unicorn-64416.exe
60	Unicorn-270.exe
3128	Unicorn-63761.exe
5028	Unicorn-2216.exe
4620	Unicorn-2216.exe
4540	Unicorn-13077.exe
4636	Unicorn-36762.exe
2324	Unicorn-49279.exe
4736	Unicorn-2771.exe
840	Unicorn-45863.exe
2712	Unicorn-15044.exe
2596	Unicorn-63483.exe
2852	Unicorn-6876.exe
4996	Unicorn-64145.exe
3668	Unicorn-14852.exe
2896	Unicorn-57831.exe
1908	Unicorn-31189.exe
3248	Unicorn-36449.exe
2936	Unicorn-31189.exe
1280	Unicorn-16890.exe
1884	Unicorn-33881.exe
3672	Unicorn-23575.exe
692	Unicorn-42049.exe
2300	Unicorn-40679.exe
1772	Unicorn-35273.exe
2640	Unicorn-61100.exe
3652	Unicorn-46155.exe
2000	Unicorn-2911.exe
928	Unicorn-11344.exe
4456	Unicorn-60829.exe
1088	Unicorn-36233.exe
3572	Unicorn-22397.exe
2016	Unicorn-37914.exe
1892	Unicorn-34095.exe

Program crash 13 IoCs

pid	pid_target	Process	procid_target
1524	3376	WerFault.exe	109
1544	1884	WerFault.exe	142
4860	60	WerFault.exe	122
12856	8156	WerFault.exe	353
12772	7868	WerFault.exe	342
14880	7320	WerFault.exe	320
15004	7836	WerFault.exe	338
16524	8156	WerFault.exe	353
12856	6736	WerFault.exe	356
15752	17464	WerFault.exe	893
17516	15256	WerFault.exe	737
17688	4260	WerFault.exe	489
6472	15576	Process not Found	786

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe
968	Unicorn-45309.exe
4012	Unicorn-62797.exe
2932	Unicorn-63352.exe
4840	Unicorn-57727.exe
2628	Unicorn-11219.exe
4820	Unicorn-16695.exe
744	Unicorn-14648.exe
4412	Unicorn-8308.exe
2880	Unicorn-31421.exe
2496	Unicorn-51287.exe
5088	Unicorn-49241.exe
3800	Unicorn-32548.exe
4824	Unicorn-28729.exe
1272	Unicorn-32813.exe
2292	Unicorn-12947.exe
2368	Unicorn-59180.exe
3276	Unicorn-13508.exe
4716	Unicorn-42097.exe
4048	Unicorn-1156.exe
2604	Unicorn-54349.exe
2720	Unicorn-51946.exe
1804	Unicorn-22039.exe
1620	Unicorn-59009.exe
2904	Unicorn-55533.exe
4312	Unicorn-30975.exe
2796	Unicorn-24199.exe
3976	Unicorn-33737.exe
4452	Unicorn-54925.exe
4468	Unicorn-13984.exe
1676	Unicorn-64416.exe
60	Unicorn-270.exe
3128	Unicorn-63761.exe
4540	Unicorn-13077.exe
4620	Unicorn-2216.exe
5028	Unicorn-2216.exe
4636	Unicorn-36762.exe
4736	Unicorn-2771.exe
2324	Unicorn-49279.exe
840	Unicorn-45863.exe
2596	Unicorn-63483.exe
2712	Unicorn-15044.exe
2852	Unicorn-6876.exe
4996	Unicorn-64145.exe
2896	Unicorn-57831.exe
1884	Unicorn-33881.exe
2936	Unicorn-31189.exe
3668	Unicorn-14852.exe
3248	Unicorn-36449.exe
1908	Unicorn-31189.exe
692	Unicorn-42049.exe
3672	Unicorn-23575.exe
1280	Unicorn-16890.exe
2640	Unicorn-61100.exe
2300	Unicorn-40679.exe
1772	Unicorn-35273.exe
2000	Unicorn-2911.exe
928	Unicorn-11344.exe
3652	Unicorn-46155.exe
4456	Unicorn-60829.exe
3572	Unicorn-22397.exe
1088	Unicorn-36233.exe
2016	Unicorn-37914.exe
1892	Unicorn-34095.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3360 wrote to memory of 968	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	88
PID 3360 wrote to memory of 968	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	88
PID 3360 wrote to memory of 968	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	88
PID 968 wrote to memory of 4012	968	Unicorn-45309.exe	90
PID 968 wrote to memory of 4012	968	Unicorn-45309.exe	90
PID 968 wrote to memory of 4012	968	Unicorn-45309.exe	90
PID 3360 wrote to memory of 2932	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	91
PID 3360 wrote to memory of 2932	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	91
PID 3360 wrote to memory of 2932	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	91
PID 4012 wrote to memory of 4840	4012	Unicorn-62797.exe	92
PID 4012 wrote to memory of 4840	4012	Unicorn-62797.exe	92
PID 4012 wrote to memory of 4840	4012	Unicorn-62797.exe	92
PID 968 wrote to memory of 2628	968	Unicorn-45309.exe	93
PID 968 wrote to memory of 2628	968	Unicorn-45309.exe	93
PID 968 wrote to memory of 2628	968	Unicorn-45309.exe	93
PID 2932 wrote to memory of 4820	2932	Unicorn-63352.exe	94
PID 2932 wrote to memory of 4820	2932	Unicorn-63352.exe	94
PID 2932 wrote to memory of 4820	2932	Unicorn-63352.exe	94
PID 3360 wrote to memory of 744	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	95
PID 3360 wrote to memory of 744	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	95
PID 3360 wrote to memory of 744	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	95
PID 4840 wrote to memory of 4412	4840	Unicorn-57727.exe	96
PID 4840 wrote to memory of 4412	4840	Unicorn-57727.exe	96
PID 4840 wrote to memory of 4412	4840	Unicorn-57727.exe	96
PID 4012 wrote to memory of 2880	4012	Unicorn-62797.exe	98
PID 4012 wrote to memory of 2880	4012	Unicorn-62797.exe	98
PID 4012 wrote to memory of 2880	4012	Unicorn-62797.exe	98
PID 2628 wrote to memory of 2496	2628	Unicorn-11219.exe	97
PID 2628 wrote to memory of 2496	2628	Unicorn-11219.exe	97
PID 2628 wrote to memory of 2496	2628	Unicorn-11219.exe	97
PID 968 wrote to memory of 5088	968	Unicorn-45309.exe	99
PID 968 wrote to memory of 5088	968	Unicorn-45309.exe	99
PID 968 wrote to memory of 5088	968	Unicorn-45309.exe	99
PID 4820 wrote to memory of 4824	4820	Unicorn-16695.exe	100
PID 4820 wrote to memory of 4824	4820	Unicorn-16695.exe	100
PID 4820 wrote to memory of 4824	4820	Unicorn-16695.exe	100
PID 744 wrote to memory of 1272	744	Unicorn-14648.exe	101
PID 744 wrote to memory of 1272	744	Unicorn-14648.exe	101
PID 744 wrote to memory of 1272	744	Unicorn-14648.exe	101
PID 3360 wrote to memory of 3800	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	102
PID 3360 wrote to memory of 3800	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	102
PID 3360 wrote to memory of 3800	3360	1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe	102
PID 2932 wrote to memory of 2292	2932	Unicorn-63352.exe	103
PID 2932 wrote to memory of 2292	2932	Unicorn-63352.exe	103
PID 2932 wrote to memory of 2292	2932	Unicorn-63352.exe	103
PID 4840 wrote to memory of 2368	4840	Unicorn-57727.exe	104
PID 4840 wrote to memory of 2368	4840	Unicorn-57727.exe	104
PID 4840 wrote to memory of 2368	4840	Unicorn-57727.exe	104
PID 4412 wrote to memory of 3276	4412	Unicorn-8308.exe	105
PID 4412 wrote to memory of 3276	4412	Unicorn-8308.exe	105
PID 4412 wrote to memory of 3276	4412	Unicorn-8308.exe	105
PID 2880 wrote to memory of 4716	2880	Unicorn-31421.exe	106
PID 2880 wrote to memory of 4716	2880	Unicorn-31421.exe	106
PID 2880 wrote to memory of 4716	2880	Unicorn-31421.exe	106
PID 4012 wrote to memory of 4048	4012	Unicorn-62797.exe	107
PID 4012 wrote to memory of 4048	4012	Unicorn-62797.exe	107
PID 4012 wrote to memory of 4048	4012	Unicorn-62797.exe	107
PID 2496 wrote to memory of 2604	2496	Unicorn-51287.exe	108
PID 2496 wrote to memory of 2604	2496	Unicorn-51287.exe	108
PID 2496 wrote to memory of 2604	2496	Unicorn-51287.exe	108
PID 5088 wrote to memory of 3376	5088	Unicorn-49241.exe	109
PID 5088 wrote to memory of 3376	5088	Unicorn-49241.exe	109
PID 5088 wrote to memory of 3376	5088	Unicorn-49241.exe	109
PID 968 wrote to memory of 2720	968	Unicorn-45309.exe	112

C:\Users\Admin\AppData\Local\Temp\1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe
"C:\Users\Admin\AppData\Local\Temp\1b5ba627e45f35d61ddaa04d221742c573f5df939a3a430f97db28b1b11f4e91.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3360
- C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:968
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4012
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64416.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17349.exe
        8⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        9⤵
        
        PID:6872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        10⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        10⤵
        
        PID:14184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51220.exe
        10⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        9⤵
        
        PID:3988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
        9⤵
        
        PID:13876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55627.exe
        9⤵
        
        PID:17540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
        8⤵
        
        PID:8660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34754.exe
        8⤵
        
        PID:11400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3224.exe
        8⤵
        
        PID:15780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46247.exe
        8⤵
        
        PID:18288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36967.exe
        8⤵
        
        PID:5864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44546.exe
        7⤵
        
        PID:5636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        8⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        9⤵
        
        PID:9004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        10⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        9⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18730.exe
        9⤵
        
        PID:8796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        8⤵
        
        PID:9416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45329.exe
        8⤵
        
        PID:14772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25137.exe
        8⤵
        
        PID:7436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42652.exe
        7⤵
        
        PID:9052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
        8⤵
        
        PID:18272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36383.exe
        8⤵
        
        PID:6016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26986.exe
        7⤵
        
        PID:13900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
        7⤵
        
        PID:18000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47963.exe
        7⤵
        
        PID:17564
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40708.exe
        7⤵
        
        PID:7808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60829.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62465.exe
        7⤵
        
        PID:5376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        8⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        9⤵
        
        PID:10132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        9⤵
        
        PID:17168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40861.exe
        8⤵
        
        PID:10188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
        8⤵
        
        PID:14512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
        8⤵
        
        PID:17688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
        8⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        7⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        8⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41489.exe
        8⤵
        
        PID:16452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56917.exe
        8⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        7⤵
        
        PID:15292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54647.exe
        7⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64146.exe
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        7⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
        8⤵
        
        PID:16036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
        8⤵
        
        PID:5788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        7⤵
        
        PID:15268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19814.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        7⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54510.exe
        7⤵
        
        PID:16616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2122.exe
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39729.exe
        6⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48513.exe
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
        6⤵
        
        PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:60
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 60 -s 720
        7⤵
        Program crash
        
        PID:4860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5096.exe
        7⤵
        
        PID:5576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        8⤵
        
        PID:7456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
        9⤵
        
        PID:16524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        8⤵
        
        PID:10184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        8⤵
        
        PID:15276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57591.exe
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        8⤵
        
        PID:16764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57888.exe
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-422.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58281.exe
        6⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        7⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3166.exe
        8⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7281.exe
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        7⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        7⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8059.exe
        6⤵
        
        PID:6752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20021.exe
        7⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
        7⤵
        
        PID:812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23784.exe
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16481.exe
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58513.exe
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63761.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34095.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
        7⤵
        
        PID:5740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
        8⤵
        
        PID:6848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
        9⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17059.exe
        10⤵
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9829.exe
        9⤵
        
        PID:13776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        9⤵
        
        PID:15472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
        9⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        8⤵
        
        PID:12232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
        8⤵
        
        PID:16316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8879.exe
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31423.exe
        8⤵
        
        PID:15104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42413.exe
        8⤵
        
        PID:8116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28530.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
        7⤵
        
        PID:13936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
        7⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7597.exe
        6⤵
        
        PID:5764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
        8⤵
        
        PID:752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34832.exe
        7⤵
        
        PID:16596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11574.exe
        7⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34866.exe
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        7⤵
        
        PID:10932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60156.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34396.exe
        6⤵
        
        PID:7976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55165.exe
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37914.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11126.exe
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        7⤵
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        8⤵
        
        PID:8852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
        8⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27186.exe
        8⤵
        
        PID:16348
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        7⤵
        
        PID:13792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        7⤵
        
        PID:17796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        6⤵
        
        PID:7868
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 604
        7⤵
        Program crash
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        6⤵
        
        PID:10812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29840.exe
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32922.exe
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        6⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        7⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        7⤵
        
        PID:15636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5178.exe
        6⤵
        
        PID:11348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        6⤵
        
        PID:15416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28743.exe
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50748.exe
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34813.exe
        5⤵
        
        PID:10688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38632.exe
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:5028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
        7⤵
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
        9⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
        10⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
        10⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30772.exe
        10⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        9⤵
        
        PID:9404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        10⤵
        
        PID:16808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        9⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
        8⤵
        
        PID:7980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        9⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        8⤵
        
        PID:11284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60567.exe
        8⤵
        
        PID:16844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
        7⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        8⤵
        
        PID:8832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
        9⤵
        
        PID:14784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53819.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58900.exe
        8⤵
        
        PID:12820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46491.exe
        7⤵
        
        PID:6856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26325.exe
        7⤵
        
        PID:17496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        6⤵
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
        7⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
        8⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        9⤵
        
        PID:15136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23844.exe
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        8⤵
        
        PID:15400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
        8⤵
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
        7⤵
        
        PID:7600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        8⤵
        
        PID:16608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        7⤵
        
        PID:10404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
        7⤵
        
        PID:15156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
        6⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61993.exe
        7⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        8⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10763.exe
        8⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
        7⤵
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        7⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        7⤵
        
        PID:2636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50436.exe
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:13576
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        7⤵
        
        PID:17472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29781.exe
        6⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63026.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44403.exe
        6⤵
        
        PID:15948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13077.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20281.exe
        6⤵
        
        PID:4324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43799.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        8⤵
        
        PID:7540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12076.exe
        9⤵
        
        PID:12252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19315.exe
        9⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        8⤵
        
        PID:10284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
        8⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16009.exe
        8⤵
        
        PID:7816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        7⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51739.exe
        8⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37379.exe
        8⤵
        
        PID:16176
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41593.exe
        8⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        7⤵
        
        PID:10916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3198.exe
        7⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28017.exe
        6⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        7⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14894.exe
        8⤵
        
        PID:15680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        7⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2578.exe
        6⤵
        
        PID:6572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        7⤵
        
        PID:4528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37265.exe
        7⤵
        
        PID:3896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15895.exe
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19726.exe
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
        5⤵
        
        PID:4392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38153.exe
        6⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
        8⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
        8⤵
        
        PID:17808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38304.exe
        8⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
        8⤵
        
        PID:7440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35906.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        7⤵
        
        PID:16552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27237.exe
        7⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
        6⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:13912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        6⤵
        
        PID:16112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44494.exe
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
        6⤵
        
        PID:6908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16545.exe
        7⤵
        
        PID:10648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49169.exe
        7⤵
        
        PID:15940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14795.exe
        6⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15972.exe
        6⤵
        
        PID:14032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45279.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13140.exe
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50420.exe
        5⤵
        
        PID:10804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36619.exe
        5⤵
        
        PID:16588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2216.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14058.exe
        6⤵
        
        PID:3204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
        7⤵
        
        PID:5584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        8⤵
        
        PID:9148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        9⤵
        
        PID:17636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49912.exe
        8⤵
        
        PID:12744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
        8⤵
        
        PID:17904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
        7⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        8⤵
        
        PID:13584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        8⤵
        
        PID:17456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        7⤵
        
        PID:15376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        7⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
        7⤵
        
        PID:6764
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        8⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        8⤵
        
        PID:14904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        7⤵
        
        PID:9792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50783.exe
        7⤵
        
        PID:13976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
        6⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6436.exe
        6⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11935.exe
        6⤵
        
        PID:17596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33142.exe
        6⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-223.exe
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14032.exe
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16685.exe
        7⤵
        
        PID:4588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        8⤵
        
        PID:10872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21069.exe
        8⤵
        
        PID:16932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        8⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        7⤵
        
        PID:9304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
        7⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
        6⤵
        
        PID:8912
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
        6⤵
        
        PID:13216
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5850.exe
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57295.exe
        5⤵
        
        PID:5236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54853.exe
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        6⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
        5⤵
        
        PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        5⤵
        
        PID:14624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36762.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48869.exe
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        7⤵
        
        PID:7532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44365.exe
        8⤵
        
        PID:11116
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1163.exe
        8⤵
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        7⤵
        
        PID:10052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5964.exe
        7⤵
        
        PID:15224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38337.exe
        7⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        6⤵
        
        PID:7204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41625.exe
        7⤵
        
        PID:10888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
        7⤵
        
        PID:16028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        6⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
        6⤵
        
        PID:3428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
        6⤵
        
        PID:540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45522.exe
        6⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3538.exe
        5⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        6⤵
        
        PID:15080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
        6⤵
        
        PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        5⤵
        
        PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37800.exe
      4⤵
      PID:4364
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42113.exe
        7⤵
        
        PID:15600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63908.exe
        7⤵
        
        PID:18080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
        6⤵
        
        PID:14640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33016.exe
        5⤵
        
        PID:13680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48265.exe
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8672.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30040.exe
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10106.exe
        5⤵
        
        PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33915.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33915.exe
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10708.exe
      4⤵
      PID:13300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
      4⤵
      PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33683.exe
      4⤵
      PID:18096
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49279.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52953.exe
        7⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19679.exe
        8⤵
        
        PID:60
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12858.exe
        9⤵
        
        PID:9156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13477.exe
        9⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41263.exe
        9⤵
        
        PID:18012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        8⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18469.exe
        8⤵
        
        PID:17604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
        8⤵
        
        PID:17936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2335.exe
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-540.exe
        8⤵
        
        PID:7320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2180.exe
        9⤵
        
        PID:10760
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 636
        9⤵
        Program crash
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        8⤵
        
        PID:11096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        8⤵
        
        PID:15368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
        8⤵
        
        PID:9012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5676.exe
        7⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        8⤵
        
        PID:13424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40825.exe
        8⤵
        
        PID:17516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10083.exe
        7⤵
        
        PID:10792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
        7⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47148.exe
        7⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
        6⤵
        
        PID:4424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
        7⤵
        
        PID:908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14162.exe
        8⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        9⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        9⤵
        
        PID:14060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6286.exe
        9⤵
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5319.exe
        8⤵
        
        PID:9424
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        9⤵
        
        PID:17788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        8⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
        8⤵
        
        PID:18008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
        7⤵
        
        PID:7212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        8⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        8⤵
        
        PID:14876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
        7⤵
        
        PID:10472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
        7⤵
        
        PID:15316
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46797.exe
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43856.exe
        7⤵
        
        PID:8680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31911.exe
        8⤵
        
        PID:18092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16845.exe
        8⤵
        
        PID:18072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
        7⤵
        
        PID:11420
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24526.exe
        7⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14447.exe
        7⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54328.exe
        6⤵
        
        PID:7256
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5486.exe
        7⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10546.exe
        6⤵
        
        PID:11304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
        6⤵
        
        PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2771.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36617.exe
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44375.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        8⤵
        
        PID:7104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        9⤵
        
        PID:12068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        9⤵
        
        PID:14020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        9⤵
        
        PID:17440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37214.exe
        9⤵
        
        PID:17528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7316.exe
        8⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32808.exe
        8⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57983.exe
        8⤵
        
        PID:17652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57540.exe
        8⤵
        
        PID:17712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13923.exe
        7⤵
        
        PID:7784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
        8⤵
        
        PID:12956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
        8⤵
        
        PID:15000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4218.exe
        7⤵
        
        PID:10832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        7⤵
        
        PID:15408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
        7⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13228.exe
        8⤵
        
        PID:12776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56622.exe
        8⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
        8⤵
        
        PID:13368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50130.exe
        7⤵
        
        PID:12756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
        7⤵
        
        PID:17828
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
        6⤵
        
        PID:9744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61021.exe
        5⤵
        
        PID:868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        7⤵
        
        PID:8772
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56363.exe
        8⤵
        
        PID:6000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
        7⤵
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51874.exe
        7⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59083.exe
        7⤵
        
        PID:17820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34264.exe
        6⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
        7⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51692.exe
        6⤵
        
        PID:10860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3845.exe
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        7⤵
        
        PID:13856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        6⤵
        
        PID:11320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        6⤵
        
        PID:15392
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2195.exe
        6⤵
        
        PID:8816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10468.exe
        5⤵
        
        PID:7916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30551.exe
        6⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3685.exe
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        5⤵
        
        PID:10672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43251.exe
        5⤵
        
        PID:13736
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6876.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
        6⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44759.exe
        7⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63508.exe
        8⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21615.exe
        9⤵
        
        PID:10296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        9⤵
        
        PID:14912
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33232.exe
        9⤵
        
        PID:17724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1862.exe
        8⤵
        
        PID:10956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52538.exe
        8⤵
        
        PID:15956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        7⤵
        
        PID:6736
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 608
        8⤵
        Program crash
        
        PID:12856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
        7⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43384.exe
        7⤵
        
        PID:16632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
        7⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53866.exe
        6⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54759.exe
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
        7⤵
        
        PID:13052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        7⤵
        
        PID:15972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
        6⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        7⤵
        
        PID:17544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59554.exe
        6⤵
        
        PID:15592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35609.exe
        5⤵
        
        PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
        5⤵
        
        PID:376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
        6⤵
        
        PID:7396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23347.exe
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62433.exe
        6⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
        6⤵
        
        PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35039.exe
        6⤵
        
        PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45165.exe
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
        5⤵
        
        PID:14932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
        5⤵
        
        PID:5840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36432.exe
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
        5⤵
        
        PID:2212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        7⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        7⤵
        
        PID:17432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42703.exe
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        6⤵
        
        PID:11152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        6⤵
        
        PID:15056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42387.exe
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22884.exe
        5⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        5⤵
        
        PID:16080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
        5⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2579.exe
        5⤵
        
        PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14561.exe
      4⤵
      PID:3876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36285.exe
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13565.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        6⤵
        
        PID:592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
        6⤵
        
        PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
        5⤵
        
        PID:12928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54728.exe
        5⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36436.exe
        5⤵
        
        PID:13372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
      4⤵
      PID:7164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6176.exe
        6⤵
        
        PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48916.exe
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        5⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42886.exe
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
      4⤵
      PID:9320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13126.exe
      4⤵
      PID:13524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
      4⤵
      Executes dropped EXE
      PID:3376
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 248
        5⤵
        Program crash
        
        PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14986.exe
        7⤵
        
        PID:14896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57966.exe
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35983.exe
        6⤵
        
        PID:15244
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
        6⤵
        
        PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        5⤵
        
        PID:7836
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 640
        6⤵
        Program crash
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13346.exe
        5⤵
        
        PID:11276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        5⤵
        
        PID:15424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64503.exe
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        5⤵
        
        PID:7096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42891.exe
        6⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        6⤵
        
        PID:14052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
        5⤵
        
        PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64713.exe
      4⤵
      PID:8996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24381.exe
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
      4⤵
      PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
      4⤵
      PID:17644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15044.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        7⤵
        
        PID:9936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        7⤵
        
        PID:14236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
        7⤵
        
        PID:18104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        6⤵
        
        PID:12212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4210.exe
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50332.exe
        6⤵
        
        PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45061.exe
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51677.exe
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59322.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
      4⤵
      PID:1292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38283.exe
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        6⤵
        
        PID:8856
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61075.exe
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12159.exe
        6⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15625.exe
        5⤵
        
        PID:9248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56429.exe
        5⤵
        
        PID:13472
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54012.exe
        5⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
        5⤵
        
        PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33304.exe
      4⤵
      PID:6604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25699.exe
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20256.exe
      4⤵
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
      4⤵
      PID:5960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4318.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
        6⤵
        
        PID:5156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45521.exe
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29638.exe
        5⤵
        
        PID:6284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33688.exe
      4⤵
      PID:8008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25611.exe
        5⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
        5⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42335.exe
        5⤵
        
        PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
      4⤵
      PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
      4⤵
      PID:16200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18141.exe
    3⤵
    PID:5020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60841.exe
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        5⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25371.exe
        5⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
        5⤵
        
        PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41053.exe
      4⤵
      PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
      4⤵
      PID:13768
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53593.exe
    3⤵
    PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27649.exe
      4⤵
      PID:16360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40116.exe
    3⤵
    PID:10444
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19509.exe
    3⤵
    PID:14140
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41877.exe
    3⤵
    PID:17764
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
    3⤵
    PID:18428
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2932
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57831.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38947.exe
        7⤵
        
        PID:3552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51749.exe
        8⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
        9⤵
        
        PID:10120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        9⤵
        
        PID:16364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        9⤵
        
        PID:4656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        8⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50193.exe
        9⤵
        
        PID:18216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31619.exe
        9⤵
        
        PID:18156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
        8⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        8⤵
        
        PID:17416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
        7⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        8⤵
        
        PID:9836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19699.exe
        8⤵
        
        PID:16516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9138.exe
        8⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30668.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37188.exe
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
        6⤵
        
        PID:3096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5034.exe
        7⤵
        
        PID:6632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11780.exe
        8⤵
        
        PID:8688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29517.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
        8⤵
        
        PID:17876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8801.exe
        8⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
        7⤵
        
        PID:9624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
        7⤵
        
        PID:13800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        7⤵
        
        PID:17144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50628.exe
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5382.exe
        7⤵
        
        PID:13340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        7⤵
        
        PID:17464
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 17464 -s 80
        8⤵
        Program crash
        
        PID:15752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21966.exe
        7⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30601.exe
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1884
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 488
        6⤵
        Program crash
        
        PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23470.exe
        5⤵
        
        PID:5592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        6⤵
        
        PID:7492
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        7⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8983.exe
        6⤵
        
        PID:16240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55191.exe
        6⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28480.exe
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25345.exe
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
        6⤵
        
        PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61117.exe
        5⤵
        
        PID:10420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
        5⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45863.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16005.exe
        5⤵
        
        PID:1092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        6⤵
        
        PID:6328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
        7⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57276.exe
        7⤵
        
        PID:14220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        7⤵
        
        PID:17448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57757.exe
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22435.exe
        7⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9201.exe
        6⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23139.exe
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27327.exe
        6⤵
        
        PID:8920
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
        6⤵
        
        PID:12936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13844.exe
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        6⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        5⤵
        
        PID:11452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
        5⤵
        
        PID:16528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17314.exe
        5⤵
        
        PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        6⤵
        
        PID:8428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        7⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        6⤵
        
        PID:10972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        6⤵
        
        PID:13448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        6⤵
        
        PID:17480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62294.exe
        5⤵
        
        PID:13460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34074.exe
      4⤵
      PID:5296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40779.exe
        5⤵
        
        PID:8372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
        5⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24578.exe
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
      4⤵
      PID:8068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5346.exe
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
      4⤵
      PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51180.exe
      4⤵
      PID:17716
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4520.exe
        6⤵
        
        PID:5248
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8516.exe
        7⤵
        
        PID:6484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
        8⤵
        
        PID:3864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13467.exe
        8⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12849.exe
        7⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22526.exe
        7⤵
        
        PID:15740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55340.exe
        6⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25393.exe
        7⤵
        
        PID:15504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27535.exe
        7⤵
        
        PID:13372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        6⤵
        
        PID:11488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
        6⤵
        
        PID:18128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
        6⤵
        
        PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
        5⤵
        
        PID:5428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
        6⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39055.exe
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1976.exe
        5⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:15124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47137.exe
        5⤵
        
        PID:17196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61100.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4281.exe
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41163.exe
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13529.exe
        7⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15153.exe
        6⤵
        
        PID:11036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6024.exe
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
        6⤵
        
        PID:18088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
        5⤵
        
        PID:8256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
        6⤵
        
        PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
        5⤵
        
        PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41945.exe
      4⤵
      PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32637.exe
        5⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38169.exe
        6⤵
        
        PID:9608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55495.exe
        6⤵
        
        PID:17480
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63768.exe
        6⤵
        
        PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19568.exe
        5⤵
        
        PID:10480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
        5⤵
        
        PID:15384
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33524.exe
      4⤵
      PID:7776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
        5⤵
        
        PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
      4⤵
      PID:10680
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      4⤵
      PID:2884
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46155.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
        5⤵
        
        PID:5264
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        6⤵
        
        PID:5928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
        7⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
        6⤵
        
        PID:9328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15396.exe
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25616.exe
        6⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17187.exe
        6⤵
        
        PID:6660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
        5⤵
        
        PID:8156
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 604
        6⤵
        Program crash
        
        PID:12856
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 604
        6⤵
        Program crash
        
        PID:16524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        5⤵
        
        PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
        5⤵
        
        PID:6944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        7⤵
        
        PID:16580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53514.exe
        7⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26357.exe
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        5⤵
        
        PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29430.exe
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31916.exe
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22614.exe
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33073.exe
        5⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
        5⤵
        
        PID:13308
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4245.exe
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33182.exe
      4⤵
      PID:13636
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59751.exe
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52242.exe
        5⤵
        
        PID:7464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
        6⤵
        
        PID:13412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6015.exe
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18800.exe
        5⤵
        
        PID:10300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35626.exe
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44117.exe
        5⤵
        
        PID:5908
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        5⤵
        
        PID:17780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2263.exe
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55366.exe
      4⤵
      PID:12912
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39145.exe
    3⤵
    PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      4⤵
      PID:10020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      4⤵
      PID:14656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10484.exe
      4⤵
      PID:5180
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3279.exe
    3⤵
    PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27955.exe
      4⤵
      PID:12704
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5719.exe
      4⤵
      PID:5512
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
    3⤵
    PID:9376
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12016.exe
    3⤵
    PID:13696
- C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:744
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61650.exe
        6⤵
        
        PID:5936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21297.exe
        7⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
        7⤵
        
        PID:12180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44571.exe
        6⤵
        
        PID:6832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        7⤵
        
        PID:16816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53830.exe
        6⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30032.exe
        6⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63020.exe
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21807.exe
        7⤵
        
        PID:12032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
        7⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16933.exe
        6⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14629.exe
        6⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        6⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48079.exe
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23343.exe
        6⤵
        
        PID:12880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
        6⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28112.exe
        5⤵
        
        PID:16136
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23575.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
        5⤵
        
        PID:4508
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37437.exe
        7⤵
        
        PID:9472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
        8⤵
        
        PID:6104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61744.exe
        7⤵
        
        PID:14524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40529.exe
        7⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45138.exe
        6⤵
        
        PID:10040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22798.exe
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13295.exe
        6⤵
        
        PID:18092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19467.exe
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51386.exe
        5⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44021.exe
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
      4⤵
      PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11832.exe
        5⤵
        
        PID:6672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        6⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        6⤵
        
        PID:14516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        6⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
        6⤵
        
        PID:3936
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
        6⤵
        
        PID:7960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9943.exe
        5⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16597.exe
        6⤵
        
        PID:17852
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
        6⤵
        
        PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
        5⤵
        
        PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59206.exe
      4⤵
      PID:4192
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7992.exe
        5⤵
        
        PID:11300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57826.exe
        5⤵
        
        PID:15772
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56457.exe
      4⤵
      PID:9956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4229.exe
      4⤵
      PID:3028
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31189.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
        5⤵
        
        PID:220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64925.exe
        6⤵
        
        PID:6784
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3358.exe
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13119.exe
        7⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20789.exe
        7⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29298.exe
        6⤵
        
        PID:10980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9917.exe
        6⤵
        
        PID:16052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7272.exe
        6⤵
        
        PID:17708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
        6⤵
        
        PID:9944
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48698.exe
        6⤵
        
        PID:14976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30904.exe
        6⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4131.exe
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60498.exe
      4⤵
      PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
        6⤵
        
        PID:8448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        7⤵
        
        PID:17536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38287.exe
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49937.exe
        6⤵
        
        PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45019.exe
        6⤵
        
        PID:16944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36393.exe
        5⤵
        
        PID:14192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30398.exe
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        5⤵
        
        PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36237.exe
        5⤵
        
        PID:3756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
      4⤵
      PID:8088
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50889.exe
      4⤵
      PID:16260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
        6⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
        6⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11696.exe
        5⤵
        
        PID:14156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44885.exe
        5⤵
        
        PID:5404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        5⤵
        
        PID:14496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
        5⤵
        
        PID:6468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60365.exe
        5⤵
        
        PID:17804
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26584.exe
      4⤵
      PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        5⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33861.exe
        5⤵
        
        PID:7588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47110.exe
      4⤵
      PID:14420
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60535.exe
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
        5⤵
        
        PID:14176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65007.exe
        5⤵
        
        PID:5980
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
      4⤵
      PID:4200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18252.exe
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19835.exe
      4⤵
      PID:1588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
      4⤵
      PID:16380
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44581.exe
    3⤵
    PID:10464
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27491.exe
    3⤵
    PID:15452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-11440.exe
    3⤵
    PID:3756
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3800
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35273.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1772
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22995.exe
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39989.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23063.exe
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25834.exe
        7⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        6⤵
        
        PID:4260
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 644
        7⤵
        Program crash
        
        PID:17688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41682.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16950.exe
        6⤵
        
        PID:16336
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56518.exe
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
        6⤵
        
        PID:12092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63498.exe
        6⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
        5⤵
        
        PID:8092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
        5⤵
        
        PID:14000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43097.exe
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38771.exe
        6⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54214.exe
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48339.exe
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64800.exe
      4⤵
      PID:6840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13898.exe
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28522.exe
      4⤵
      PID:14916
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40679.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
      4⤵
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
        5⤵
        
        PID:6812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17365.exe
        6⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2542.exe
        6⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60234.exe
        6⤵
        
        PID:16224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46665.exe
        6⤵
        
        PID:17784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-952.exe
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46212.exe
      4⤵
      PID:7312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62813.exe
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14375.exe
        5⤵
        
        PID:18072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
        5⤵
        
        PID:1504
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56368.exe
        5⤵
        
        PID:2636
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63917.exe
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
    3⤵
    PID:5324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
      4⤵
      PID:800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51053.exe
        5⤵
        
        PID:17480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      4⤵
      PID:10180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28636.exe
      4⤵
      PID:14384
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53944.exe
    3⤵
    PID:7852
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47375.exe
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57903.exe
      4⤵
      PID:6552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
    3⤵
    PID:10780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
    3⤵
    PID:15256
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 15256 -s 464
      4⤵
      Program crash
      PID:17516
- C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2904
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14852.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36809.exe
      4⤵
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26031.exe
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9388.exe
        6⤵
        
        PID:9776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19709.exe
        5⤵
        
        PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46507.exe
        5⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29373.exe
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27098.exe
        5⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30712.exe
        5⤵
        
        PID:2020
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41359.exe
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51194.exe
      4⤵
      PID:14452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17519.exe
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8770.exe
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
        5⤵
        
        PID:9036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14105.exe
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19750.exe
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
        5⤵
        
        PID:16172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27300.exe
      4⤵
      PID:12712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
      4⤵
      PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
      4⤵
      PID:5796
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
    3⤵
    PID:6256
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
      4⤵
      PID:8864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58298.exe
      4⤵
      PID:13116
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
    3⤵
    PID:9340
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37151.exe
      4⤵
      PID:14572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
    3⤵
    PID:13508
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
    3⤵
    PID:18028
- C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-36449.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3248
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe
    3⤵
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53057.exe
      4⤵
      PID:7144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
        5⤵
        
        PID:8076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15231.exe
        5⤵
        
        PID:16300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18712.exe
        5⤵
        
        PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
      4⤵
      PID:4544
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
      4⤵
      PID:7044
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34343.exe
    3⤵
    PID:8164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
    3⤵
    PID:11504
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7282.exe
    3⤵
    PID:16972
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43183.exe
  2⤵
  PID:5332
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
    3⤵
    PID:6888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
      4⤵
      PID:9892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
      4⤵
      PID:14372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54117.exe
      4⤵
      PID:6808
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14411.exe
    3⤵
    PID:10008
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe
    3⤵
    PID:13704
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56342.exe
    3⤵
    PID:16784
- C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-32062.exe
  2⤵
  PID:7196
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-64759.exe
    3⤵
    PID:13124
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36201.exe
    3⤵
    PID:15608
- C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-34781.exe
  2⤵
  PID:11108
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
  2⤵
  PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 3376 -ip 3376
1⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 1884 -ip 1884
1⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 60 -ip 60
1⤵
PID:116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8156 -ip 8156
1⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7868 -ip 7868
1⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7836 -ip 7836
1⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 7320 -ip 7320
1⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 552 -p 8164 -ip 8164
1⤵
PID:15120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8164 -ip 8164
1⤵
PID:15448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 8156 -ip 8156
1⤵
PID:17948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6736 -ip 6736
1⤵
PID:18404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 612 -p 17464 -ip 17464
1⤵
PID:16332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 7836 -ip 7836
1⤵
PID:17556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe

Filesize
184KB

MD5
23f3cb43cf845a9c249129d310a53401

SHA1
a2cb0f3862fd10a8ae969b0d5637f5d57f55d676

SHA256
7bcbdc201958f35c621b743b7a006906146d8c564d37a39169407bf04cbd4091

SHA512
972424f5b5bd1d40cbf8b658e8b1ace2b12a54dc72b82358c3f901131491b44fafbe0ee638e689051c471cef3e059b292125390c4c51e5cce41525a6119c60be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11219.exe

Filesize
184KB

MD5
9a172f75ad0492094b630bfbb21eff10

SHA1
184f3addd1c67d8bc5c22cfb0692c7899fbfb6a5

SHA256
d629208a37790c4327a5bea70a373f8900bcda186888195017dec3ae117e32b2

SHA512
c9fa786b1eabf6afc60400da7beffec5a727c31af159d232145dce3d719752eced8abe2c31fd3d445cdab73675fad073c89bf0caa3bbf2ac336479cbe5ee596c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1156.exe

Filesize
184KB

MD5
52d7152032b91d5d026396cb27a2c40f

SHA1
5966f2cc52c3c6daf7a97f8c8775d4643582f494

SHA256
9e24df374579901f5c15c4a3dee1d64052e81b1cda71285a355f1aa80e6b9927

SHA512
f3fcf4f996ce6554b0ab796e4bc2494629582a4d7fe69384cbd90709575964607682028c3d3ebc67e23e2f9bac21564769f46338fd1103be6a487fb51c42394a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12947.exe

Filesize
184KB

MD5
81858522d209ae75fd66d62c765a16a5

SHA1
4c5abadd5eb9747607476f7a26c48d078d42b65e

SHA256
bce2ff577a0cb8836342071f23fdbe6e15c31c79a57f3302614f81630fd331f6

SHA512
1fbeccb50e25ffacb634606ac4d902894c9aec23435d9042d97a3e0b10fc1cf8235ece59612b186b1ea0f30b1090103bed0a36da84b70f9b52fc576b6c4b06d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13508.exe

Filesize
184KB

MD5
66b84048e4d2d0d6f20a2ead296f2ece

SHA1
ee664ef4d72bd528b125fcd5ffcaf46c4a872c72

SHA256
4435091f32a639b1174cc8e0992dcca43425107a1d7add37cde08bd8a1844248

SHA512
bdfe16e3da63c52646f4dd96572627bd9335ae76a0996c24572287c25f22d27ea4442dd66b07baec1c17c3ff511199298e21effa7248f1c268c80c6d2a3621ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13984.exe

Filesize
184KB

MD5
ad6b4674375cbd92da471184c1730ab7

SHA1
abb13f2587811f56573a6654d9c81782ac014c27

SHA256
e8a308e41263e683dca7582802200133a471c5710cc903d253d72767c39bc8d0

SHA512
4b2cbe70b8d32bfee6c56260db6aa7b48f67221c1d7def961658d81fed955249b477e3bc1ffc09a43d939a84814b46ce26f0b3843a3f3ede04a5b2f1f6aaa3a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14648.exe

Filesize
184KB

MD5
0962ee757ec2bcb4413c513887eb4042

SHA1
4f6b4d7b5be500b8f092754df19651e64938de80

SHA256
5b3d2924adfd7158ce02c04b6bc069580f590321e60a1452b450ac46a3ddf778

SHA512
54500a69ed2a0b5a172a069594d89223becb442e770573bf04a59aa7d17e8d6989a4704ab9845224f26c3141112f7b7475aca3c306766e6519a369adce21604a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-14826.exe

Filesize
184KB

MD5
e8f8a8f975c3057d48e01337f2ccb02d

SHA1
3a876b73c0af8e2571433ba98c0eee77276e5ef9

SHA256
27d7c1aa6323a7ebb97c1d14fd58b29430464867d8270791809613de106bd6f1

SHA512
41d49e1ddbda1c078846baa6e474a6e2b51a4f993b058dc5dd5865477c6022b451070b05ee516fe8411005d4fa07bd917b26bdfcc0d35189753e5150b784b89e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16695.exe

Filesize
184KB

MD5
2c5095f193472739552315e729d93fcc

SHA1
58edc3806ebbb9b28a2adf4e77d0f8a49963afeb

SHA256
61522368abd1990e9aa89b0631bdaf8b9d4f5a4be9a216fa1e7dd827442c08f5

SHA512
a74de38ef2fa06602bfcc06440f2e5884eb7a048b1c73aeb602daf7c55b1d3d01641bad5448d79b168cb840dfa62e308d66efdf6cee430a014cf671a458a2863

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe

Filesize
184KB

MD5
18dc1b7315ae95542a0ba6f4026d3a95

SHA1
3a636c670071579d2f604e83ef98f8f14b9baabe

SHA256
32440f0a3635c5bb44786ad77d5bbaa95df5130da28638645faebb9914da3240

SHA512
b0e66ab1d61e44de58e39f40c5e7e809b1783179f7034cda403b89aecf642cf28f205f85bafa7138a4ce5a10947b850a3a07df7eb70e038db47135d52288c645

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18167.exe

Filesize
184KB

MD5
35c7d05a0dd499846c932ee882119154

SHA1
9db13cfac75973ac6ddd8749a559f9d73bf4d9f0

SHA256
9e061d6bafa4acefc903c15d214e66bca18b184fe08404b04a19d762df26dc8f

SHA512
29b66a45ee9bc47ce995220376eb1f2219d9d389f3cc681098776f249bac48d0b5a586e4228fd73d47f691ad95d444c802e733fe92498024ec270444c4c9de23

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22039.exe

Filesize
184KB

MD5
1422acfdcd28c70873e5c4211e822250

SHA1
5742b8597a9f8b1f690642ff23f83a01d86fe1e6

SHA256
81dd8dbfdc3bbb4c180372d379fccaeabac7978bb082bcea3089ae15ed9ae19f

SHA512
fc14ee6cea0d3945ead61f81858e89e77f7627cde68f3d44f7e133718f9d6efc18c12037005ce27f111c4ed1e3f9f39c44c758e8ed9a1f79eb0c221d0202b7ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe

Filesize
184KB

MD5
6c12c0128d54034a5a5b6441142067fa

SHA1
581a78cc9f8014d8e6bfde40b2784fc8111f4583

SHA256
442162020493e499f10cd1db013103a63f4ee2b45a773eeb8337ac04418d973e

SHA512
1285579c1616fde2a4a4385d9a14b7f2d3060b63cd2884f1dda553cc4b19cbe9c97cde9e6148999fb87e8d6b5e576d11c560dc2469ec4006a119eb4bae57143a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe

Filesize
184KB

MD5
1eb61e6c5e155aa4438b4e66442f391e

SHA1
5cb196e2fafa283ab00caf8e861975efc1a75aa7

SHA256
68040c45690aeaa5ce70ba9b543b698c9f77de223932121bceadf4591ebfcf08

SHA512
fc67fa86e090010409570665f55982135842c680ac40920ddb7889d99145fa9a2ce1167c58464c334deb2420fc9c614c114f5981490c3a410de2a9340e7d1798

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe

Filesize
184KB

MD5
5e602eb92ed11190c4ed0444ec433c14

SHA1
b6274f37ee6577da2d5c61ac013a70fca9c07769

SHA256
ce463a124a771dc14f08605c611676932bff132a06cb67654b7a965d531673d2

SHA512
a3f12fdbf7b8336b5790784252f6dd0b9369ba085809059b1e339182a21c69e2cdde79e1950a7f9080dbc9f2917e597d32328ab51866e06ba33a4281b998094a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe

Filesize
184KB

MD5
4e4de770fda6a3dd9be66204bbea1e60

SHA1
bd202ccecb4c6652cf4d0a614dda43509f10c707

SHA256
40d2be77c5febba3291b47026a0105f9e50224bca98506e6edbcfdea99ffd7cb

SHA512
b751b016821c41bd6622418346bfbd2bd7cbcf029fe486ff9c2621cc8a1443f656a03ca2e69eec970f5414689210119ff639b2cbbb9e39b9f45ada8154a75619

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31421.exe

Filesize
184KB

MD5
2c9a6235398846b1c016df568a904df3

SHA1
1ecf80975f5b2198a572885fb39a8c7e4fe4f537

SHA256
a493297090357e7ac5ad2835d2fcf136724a1601db599c13aa51d26669d5bea6

SHA512
7d5c479192b29670dc2f110b6d5ffc9745bffe6f9a4d7a39cfa025eb268b26e1ca493284d295c0fe96a5ca9165d6609ea79eef0cf5cb6d823c8a2dafddba451a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32548.exe

Filesize
184KB

MD5
879c09d4bfe17811e4644b8a1a5da2a7

SHA1
35534b3b4d4cc51b2f804fddac63aa05eac3ce58

SHA256
d26664fa25691899a327818616f3532529bffa6efabe348350d9e760e052941e

SHA512
5717f531cebd95e3f1d67498c4872164d90ae64cd466049da31d1a7d2d7d2922af32e775085d8f36e8a2a30f3651799071b8100aec6218230eccece4ba98806a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32813.exe

Filesize
184KB

MD5
4e4eddcccb3a24b53f0f352717ad452a

SHA1
e7d5c6ffafdd04f2913ab864847d4c2ccbd36bf7

SHA256
e1633bcf866f8b231c1b0614c0680562d29e12b4235b78c1891d2cd6c1c0d7a6

SHA512
c1375378f714791071baefe87ba5e8ece1912b95c08a46e1758fe04866f50e6d346171aa01b2bc71697d63686530c749de4c32de9299e3b8286295814b053e0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe

Filesize
184KB

MD5
e74995828528a3e8e7241a96c37f8777

SHA1
669e8f53b73ffecdcb0b3095482d61dfc2a7bd08

SHA256
7ba95e84770c61c9379212b42bc39658f7f1c87cece716adcc8190971d079783

SHA512
c125361e74cc97814e8670983d7728485fe64f91b8c4b8d93572ea1fb7d1aa174bb276c96dc1af64d343629cc4ee01531db290fa1bd664075b9244ebc254610d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35817.exe

Filesize
184KB

MD5
269ceb66d40de6d4c58c7345c2671801

SHA1
a305752c4a60b58c8abaf7af3678d80d11178b7f

SHA256
40b04e0ca913c37e39964be288bea56883ea36ce8ff03858b473b3988bbf4c44

SHA512
561be63262c88c02ddeba46ee723659556e4b3f455bd6ee73f90ab4ca64e8da189aea0938077fb9882ae21aa8ab1031e23be31c34d48bec836b30a864a891983

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe

Filesize
184KB

MD5
79139e3188d6fac6dd8ea50a9f3630a0

SHA1
d1cbdc2835e605ef44a901b5b14b710fde4171fc

SHA256
1bd428b9d6a1eb22a51a91a73b608f97ce2370d0097b4151a68327f78e9c5688

SHA512
04b521a0d4e1b00064060263d0054449ccbe2a445a06e51719786cbf307e8fcc1746748450b687061e2bde763fa737183721ac427593c1d8047112b0bc5d940b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe

Filesize
184KB

MD5
6d480dcdd32a233176f5a417f92e2471

SHA1
4a17abbcbec87810115db297dffd7e53a672dfcb

SHA256
6fd27999865abfe4c2ab1c52e9b09468823b77f781d16c8c8e01765cc45b2224

SHA512
85329da0f13d14b6563ee9654bf8d01c26603b39a50366b5c09d838b074f22098a57973dd62ec9dd69d4572e3bd676aeeca95792bd1b772cc79723f50068a7d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42170.exe

Filesize
184KB

MD5
ff7c0dce114a4d3be0c4197e09f97fc7

SHA1
3999b1f6c9a48718124802310997bcea5ab43de8

SHA256
e9c370cb5dbcbc1df6d631fe2afc1945f02218341b131be9ad6a34026f49dde1

SHA512
206d97ec492e0af25d354bbc0ba5bda7d7708aa0d3ea029c2b4d6a2cdac6af1d31fff3273a008c46cb04e3cb9f6dd60a0bc8344746928ce1841d55ef6fc27672

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45309.exe

Filesize
184KB

MD5
3c0db32e99166cf68cb06dd5553f7109

SHA1
2b1951543d4aab906fe437dbdce329ef7fb3acf7

SHA256
a39152d3655e9826242b6be750cd0678009ceb6248cb404bf9b66e370c10476e

SHA512
c573a85f7c1c8cf4c985cc11dba3cbb303525112a2cb31e4cbab6abcec07017342e8dcef1c34cb10db4ae2bf5fee78db04c834b2ff893f2ca7676b41576bf2c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49241.exe

Filesize
184KB

MD5
be177acf54b903304b3757ee83d0a37f

SHA1
72d0179c684c44fe174ea420201407245922d7b0

SHA256
0b9449d9c526cb3f9e87e9f06d4c55cb0e3d3ffbe34a1370caea9728d9000eeb

SHA512
e0cc8f4149b55cd26cd50e9510ba38cf50b3b4fe8b106f1659de527ed88bcb7d2a24f2d757b19e1eb28ee02867eda2594fd9cdbd6722f4f09edb1a030b28e54c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51287.exe

Filesize
184KB

MD5
854bb52d240161f88488b8eedc427fde

SHA1
76c1267a5b89178a04ecfe064e02281af7b538f5

SHA256
40cad66015abe8e406e1a424453cff73cfdbabde7f04909cd4087f27e464a9ca

SHA512
8e615a9a88278fafdc8c67f3050927cab23187524c269b4373e44d8cfa9ddc3b361431bef8bfa4cba2615d93a9bc2019f4f7ee215295935544536acd8b6f1aec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51946.exe

Filesize
184KB

MD5
e5270826296ab7d464bebec5d70440d1

SHA1
1441ed6df12cb8bdca5f82a46d092c3a013b9dbd

SHA256
a30034dc506d0e6f66ba8401d2b7765f82c65cd4714de0a939aeb107215c642c

SHA512
191156977411ef93317cb1377e1596113b8ffe01b53e2c706956648314e40d1fd4408e4ec416572eb6a179e8d25bcc7352998bd49ca05de2a0cc0489ca5940d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54349.exe

Filesize
184KB

MD5
568f1c16c96b61b5e0e67ff3d887f9c3

SHA1
abb349afc29d25e447dcf39b3c698d315d8e276a

SHA256
5409bff2a448f332b4ce75e7483c652b6c45095f93113b042a5d3f96573428fd

SHA512
0d841242382663103b629d3a84594196cde5afbea1cf8583ceafe5262256ec2b6585e782027a6a286fc7a55cdebd58dea373157c13c9e09492f4837f14dc61dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54925.exe

Filesize
184KB

MD5
fce96e279918c84df59569117d88de17

SHA1
80e2db17fd3ebe86ad01a42813886327dd481467

SHA256
fea457380eb60514a444051d9ddbd76350d5a8bc08e61f54ae1500fef94bde7a

SHA512
35da06aa8773967d3454db4929030fedb7e74463aa82f0b4d8322e14ccc62dc56317246573df9269817824a1b399dff7f80eacb2736df9f4308ed43b616dc116

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe

Filesize
184KB

MD5
5c8892d7f404ceb2cd45d0718aaeaa93

SHA1
c5d22f63c0a05abb6ac313d540b32f88a3fec3e2

SHA256
c16b1b3243f65bc51f8504ded4d8f5e5644c90285a3c98971eb96fcfcab7a706

SHA512
ed66cc00ff02fa0efe8fb6020f8fe3df3c7128f48248b55a53ed187642c6f65113556823e5c304f0d24f6ca8fa295491acd28cf902c5bd0cff4a0923b717e36b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57727.exe

Filesize
184KB

MD5
e2874db939fad28e9d2d3ef5ab7e5d63

SHA1
a3db8bc6cfd0af38a48a65df8d588b9d93ceb9a2

SHA256
b705c6b87c02975729abed18a21b2b4640bdb960c30613f8c8e3087cbac3764d

SHA512
ce24a34d84ad68ba9a98931192105fb8f451866654b5566097afb78e8e442cd39b25ce33f2cf36806340c00ed9cff0abe1d5ec854312abebea8cf936a865bfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59009.exe

Filesize
184KB

MD5
d1e14842324620818e893e5726c56efd

SHA1
193d9c05ed5ca8ee517255086fa646326cd525e1

SHA256
cfe4232b7dc8d390095bc6e7e09d93be5afea2df7290eebc22d2585cac13e648

SHA512
9565f62d1c569ff48ec7c94b2b1ae7ced2185dcf77b81d460f558bcc3657d7f76cccacedb25486083b23e7f883c68b9730c727d93882208c6345ea9c887cda0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59180.exe

Filesize
184KB

MD5
6435210fccc9c4a08cf278e0b657476e

SHA1
14e663e46c5f6aca13cce45688dea7fed19b7184

SHA256
cac12e7760ca85c137c5f6323370e9fa1093287026b8a2a85fd49422f3b739e8

SHA512
48ac37043ee99b9376bead01c9744faafef4b751cff2e4a65ca04087b3fe5074eb841aa25d5ee03350a57267afe380a927ac0dc10f1ccc101eef748a71db204d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61162.exe

Filesize
184KB

MD5
4236ebdba824ddda5ed5ba4d80240f20

SHA1
a36d1d5b34806407b482596aea5da64b9ea4a495

SHA256
25644aa2f111ae5fd8fc5e8d84cf082ed392889f64bea48a1775e0c8780dccb7

SHA512
f06e84701a1878601407c0b89d21eb38ab1008d04749375d2b85567f0997772309ebca9979784345e29e14045ad1dfd1ddd483d2d9373ee497cbdcac7182f2e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62797.exe

Filesize
184KB

MD5
d9fbf48245897f227496aa704cf3188c

SHA1
daf3ed0df07622aaecf00f30639aed2aa20c581d

SHA256
da96229bedfb168b7bbe2892a9b6841897b561e0568128fe849e607a03163470

SHA512
560a62427a0548135e172b51e930fea6fa1513f323206e68bf156abc4d1295579998e2973d6c8078ce1706847c598e8cf62b28e436de49e5278c6cb49ee22c5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63352.exe

Filesize
184KB

MD5
0221a11501e8734019e0b4a9b6d742a3

SHA1
b4f3d4b27785d0e98231e62ae5e691a96cb46a97

SHA256
b1244ec0c39f48cab362c5f7e9e65dc223f125ad69646c001ba6b759ce715c91

SHA512
c9bb37c8c9cb72cee6cdc8343bb3098a7aae02749ac84f0f5c8a2508a47b251201d5d41eb4636cf255a9f97ad788a588427d2965f4417de18bef8de0e6e5b527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64416.exe

Filesize
184KB

MD5
bcfe5b990a7a84c9cf4aa56c36b348e2

SHA1
ffa8dd1161dcaf76ee576ddcd6c474ededc492b1

SHA256
96ec2fccb207d13bc280667b0e6bc7bd011d4ea569befe14710e238f89e0a8d7

SHA512
643c559ea403e83f37a142edc02e96abe0ddb42f88e3df1911aca2bf317d832b49bc9f12ef9a8e4efa62f74dd22cb29f4927bf8f413814342b5088a6563fbb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8308.exe

Filesize
184KB

MD5
33214f49e54079b8ba94bc06d23fd211

SHA1
e145dd7e189726f4c0eea01ff42cf058129e419e

SHA256
7315c5dac20345f16fb021fa307e2695c8d72d11b04a4a621527d403f3f28c8d

SHA512
554b8b9222b6090de826ca4d42d68a22cc2a4385f206e5b90eaaa60eaaa40b6aac71c8e3ff5c9d4752eeb768fa80fde5ebfb535d2b8cc6b3c0a3d7af60a9a1cf

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads