4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 21:17

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-19T21:18:58Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_17-dirty.qcow2\"}"

Report Analysis Logs

General

Target

4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
Size

468KB
MD5

7906cfcd52d207015066e08f60f6e360
SHA1

21e41e0fa96ccfa5bfb8c4da63797c8139465959
SHA256

4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a
SHA512

6629f2314e296a781a95db431fd484b1d03b5bc3e5219392078d1152e028b0997f69d9f1ac9b0d571133b5edb71f7c1a9d3c3eb38bc79a65cdc90376c39a2e2b
SSDEEP

3072:1bACogIdI05UtbYhkzcjQf8/EChCPIpEnmHexVhiOaLLDTVuTNlR:1b1ow8Ut2k4jQff0mkOaPnVuT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 27 IoCs

pid	Process
2552	Unicorn-26052.exe
1436	Unicorn-63960.exe
640	Unicorn-20166.exe
1996	Unicorn-4199.exe
1324	Unicorn-15060.exe
4456	Unicorn-16543.exe
1572	Unicorn-41148.exe
1380	Unicorn-3213.exe
5100	Unicorn-11936.exe
4232	Unicorn-34516.exe
3364	Unicorn-3881.exe
1240	Unicorn-22264.exe
3048	Unicorn-28029.exe
1924	Unicorn-28294.exe
2004	Unicorn-8428.exe
4972	Unicorn-41122.exe
4008	Unicorn-62289.exe
1748	Unicorn-20702.exe
4588	Unicorn-60264.exe
4464	Unicorn-41506.exe
1176	Unicorn-36030.exe
4528	Unicorn-25170.exe
836	Unicorn-50997.exe
1220	Unicorn-13493.exe
3956	Unicorn-31511.exe
872	Unicorn-27692.exe
2776	Unicorn-39944.exe

Program crash 4 IoCs

pid	pid_target	Process	procid_target
8144	6328	WerFault.exe	231
7848	5656	WerFault.exe	205
15224	9072	WerFault.exe	367
6084	13992	WerFault.exe	713

Suspicious use of SetWindowsHookEx 24 IoCs

pid	Process
1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
2552	Unicorn-26052.exe
1436	Unicorn-63960.exe
640	Unicorn-20166.exe
1996	Unicorn-4199.exe
1324	Unicorn-15060.exe
1572	Unicorn-41148.exe
4456	Unicorn-16543.exe
1380	Unicorn-3213.exe
5100	Unicorn-11936.exe
4232	Unicorn-34516.exe
3364	Unicorn-3881.exe
1240	Unicorn-22264.exe
2004	Unicorn-8428.exe
1924	Unicorn-28294.exe
3048	Unicorn-28029.exe
4972	Unicorn-41122.exe
4008	Unicorn-62289.exe
1748	Unicorn-20702.exe
4588	Unicorn-60264.exe
4464	Unicorn-41506.exe
1176	Unicorn-36030.exe
836	Unicorn-50997.exe
4528	Unicorn-25170.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 2552	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	88
PID 1592 wrote to memory of 2552	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	88
PID 1592 wrote to memory of 2552	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	88
PID 2552 wrote to memory of 1436	2552	Unicorn-26052.exe	90
PID 2552 wrote to memory of 1436	2552	Unicorn-26052.exe	90
PID 2552 wrote to memory of 1436	2552	Unicorn-26052.exe	90
PID 1592 wrote to memory of 640	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	91
PID 1592 wrote to memory of 640	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	91
PID 1592 wrote to memory of 640	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	91
PID 1436 wrote to memory of 1996	1436	Unicorn-63960.exe	92
PID 1436 wrote to memory of 1996	1436	Unicorn-63960.exe	92
PID 1436 wrote to memory of 1996	1436	Unicorn-63960.exe	92
PID 2552 wrote to memory of 1324	2552	Unicorn-26052.exe	93
PID 2552 wrote to memory of 1324	2552	Unicorn-26052.exe	93
PID 2552 wrote to memory of 1324	2552	Unicorn-26052.exe	93
PID 640 wrote to memory of 1572	640	Unicorn-20166.exe	94
PID 640 wrote to memory of 1572	640	Unicorn-20166.exe	94
PID 640 wrote to memory of 1572	640	Unicorn-20166.exe	94
PID 1592 wrote to memory of 4456	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	95
PID 1592 wrote to memory of 4456	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	95
PID 1592 wrote to memory of 4456	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	95
PID 1996 wrote to memory of 1380	1996	Unicorn-4199.exe	100
PID 1996 wrote to memory of 1380	1996	Unicorn-4199.exe	100
PID 1996 wrote to memory of 1380	1996	Unicorn-4199.exe	100
PID 1436 wrote to memory of 5100	1436	Unicorn-63960.exe	101
PID 1436 wrote to memory of 5100	1436	Unicorn-63960.exe	101
PID 1436 wrote to memory of 5100	1436	Unicorn-63960.exe	101
PID 1324 wrote to memory of 4232	1324	Unicorn-15060.exe	102
PID 1324 wrote to memory of 4232	1324	Unicorn-15060.exe	102
PID 1324 wrote to memory of 4232	1324	Unicorn-15060.exe	102
PID 2552 wrote to memory of 3364	2552	Unicorn-26052.exe	103
PID 2552 wrote to memory of 3364	2552	Unicorn-26052.exe	103
PID 2552 wrote to memory of 3364	2552	Unicorn-26052.exe	103
PID 1572 wrote to memory of 1240	1572	Unicorn-41148.exe	104
PID 1572 wrote to memory of 1240	1572	Unicorn-41148.exe	104
PID 1572 wrote to memory of 1240	1572	Unicorn-41148.exe	104
PID 1592 wrote to memory of 3048	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	105
PID 1592 wrote to memory of 3048	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	105
PID 1592 wrote to memory of 3048	1592	4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe	105
PID 4456 wrote to memory of 1924	4456	Unicorn-16543.exe	106
PID 4456 wrote to memory of 1924	4456	Unicorn-16543.exe	106
PID 4456 wrote to memory of 1924	4456	Unicorn-16543.exe	106
PID 640 wrote to memory of 2004	640	Unicorn-20166.exe	107
PID 640 wrote to memory of 2004	640	Unicorn-20166.exe	107
PID 640 wrote to memory of 2004	640	Unicorn-20166.exe	107
PID 1380 wrote to memory of 4972	1380	Unicorn-3213.exe	110
PID 1380 wrote to memory of 4972	1380	Unicorn-3213.exe	110
PID 1380 wrote to memory of 4972	1380	Unicorn-3213.exe	110
PID 1996 wrote to memory of 4008	1996	Unicorn-4199.exe	111
PID 1996 wrote to memory of 4008	1996	Unicorn-4199.exe	111
PID 1996 wrote to memory of 4008	1996	Unicorn-4199.exe	111
PID 5100 wrote to memory of 1748	5100	Unicorn-11936.exe	112
PID 5100 wrote to memory of 1748	5100	Unicorn-11936.exe	112
PID 5100 wrote to memory of 1748	5100	Unicorn-11936.exe	112
PID 1436 wrote to memory of 4588	1436	Unicorn-63960.exe	113
PID 1436 wrote to memory of 4588	1436	Unicorn-63960.exe	113
PID 1436 wrote to memory of 4588	1436	Unicorn-63960.exe	113
PID 4232 wrote to memory of 4464	4232	Unicorn-34516.exe	114
PID 4232 wrote to memory of 4464	4232	Unicorn-34516.exe	114
PID 4232 wrote to memory of 4464	4232	Unicorn-34516.exe	114
PID 1324 wrote to memory of 1176	1324	Unicorn-15060.exe	115
PID 1324 wrote to memory of 1176	1324	Unicorn-15060.exe	115
PID 1324 wrote to memory of 1176	1324	Unicorn-15060.exe	115
PID 1240 wrote to memory of 4528	1240	Unicorn-22264.exe	116

C:\Users\Admin\AppData\Local\Temp\4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe
"C:\Users\Admin\AppData\Local\Temp\4ba35f30de2e9ed455065cf95bd96bf65e654bb4e974f10ce1f32ac03887b40a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2552
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
        7⤵
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17936.exe
        8⤵
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16120.exe
        9⤵
        
        PID:5900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61602.exe
        10⤵
        
        PID:8992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        11⤵
        
        PID:15636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13610.exe
        10⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48202.exe
        10⤵
        
        PID:16200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20356.exe
        9⤵
        
        PID:7860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        10⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
        9⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
        8⤵
        
        PID:6328
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 492
        9⤵
        Program crash
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
        8⤵
        
        PID:8500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        9⤵
        
        PID:15220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42557.exe
        8⤵
        
        PID:11072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26351.exe
        8⤵
        
        PID:15748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
        7⤵
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55927.exe
        8⤵
        
        PID:7024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
        9⤵
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
        9⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        8⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62168.exe
        9⤵
        
        PID:13284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
        8⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59356.exe
        7⤵
        
        PID:7044
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19936.exe
        8⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62698.exe
        7⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49627.exe
        6⤵
        
        PID:224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60914.exe
        7⤵
        
        PID:4408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36732.exe
        8⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
        9⤵
        
        PID:7968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27036.exe
        10⤵
        
        PID:10920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
        10⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        9⤵
        
        PID:11684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        9⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        8⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-393.exe
        9⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        9⤵
        
        PID:12832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        8⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
        7⤵
        
        PID:6620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        8⤵
        
        PID:9080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25028.exe
        9⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34222.exe
        8⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16323.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16323.exe
        8⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6437.exe
        7⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
        8⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20357.exe
        6⤵
        
        PID:5476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
        7⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        8⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48909.exe
        8⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54155.exe
        7⤵
        
        PID:9016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
        8⤵
        
        PID:14344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41710.exe
        7⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37017.exe
        6⤵
        
        PID:6400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51540.exe
        7⤵
        
        PID:11088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        7⤵
        
        PID:16748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        6⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34488.exe
        7⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5901.exe
        6⤵
        
        PID:1228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        7⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        9⤵
        
        PID:8168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31390.exe
        10⤵
        
        PID:16092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        9⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9551.exe
        9⤵
        
        PID:14308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29292.exe
        8⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        9⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
        8⤵
        
        PID:11864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64757.exe
        8⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        7⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        7⤵
        
        PID:8800
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
        8⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7737.exe
        7⤵
        
        PID:12744
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41894.exe
        6⤵
        
        PID:5336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21748.exe
        7⤵
        
        PID:8284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
        7⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
        7⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
        6⤵
        
        PID:7744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        7⤵
        
        PID:13548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27731.exe
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
        6⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53056.exe
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
        6⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22290.exe
        8⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        9⤵
        
        PID:13128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
        9⤵
        
        PID:3520
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        8⤵
        
        PID:10512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53927.exe
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
        7⤵
        
        PID:716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65498.exe
        7⤵
        
        PID:10208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33586.exe
        6⤵
        
        PID:6196
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        7⤵
        
        PID:7644
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63029.exe
        7⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42452.exe
        6⤵
        
        PID:8324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29319.exe
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31011.exe
        6⤵
        
        PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26223.exe
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        6⤵
        
        PID:6296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        7⤵
        
        PID:9168
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
        7⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22363.exe
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56556.exe
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:10332
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59765.exe
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48554.exe
        5⤵
        
        PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55102.exe
        6⤵
        
        PID:4984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50416.exe
        7⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8527.exe
        8⤵
        
        PID:5436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        9⤵
        
        PID:7512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        10⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
        9⤵
        
        PID:10376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
        9⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57497.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        9⤵
        
        PID:13532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43316.exe
        8⤵
        
        PID:13888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49321.exe
        7⤵
        
        PID:6676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
        8⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41338.exe
        9⤵
        
        PID:15232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe
        8⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15591.exe
        7⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        7⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
        7⤵
        
        PID:15468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
        6⤵
        
        PID:6532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21888.exe
        7⤵
        
        PID:9756
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
        6⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49746.exe
        6⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49435.exe
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
        6⤵
        
        PID:5212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7878.exe
        7⤵
        
        PID:6740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        8⤵
        
        PID:11364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        7⤵
        
        PID:10828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17607.exe
        7⤵
        
        PID:15976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        6⤵
        
        PID:6528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
        7⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5643.exe
        6⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        6⤵
        
        PID:12664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15251.exe
        6⤵
        
        PID:4584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38640.exe
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47614.exe
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18048.exe
        7⤵
        
        PID:3052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6169.exe
        8⤵
        
        PID:12688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
        7⤵
        
        PID:12072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30137.exe
        7⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22878.exe
        6⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
        7⤵
        
        PID:684
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31429.exe
        6⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48037.exe
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56669.exe
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
        6⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17835.exe
        5⤵
        
        PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22374.exe
        5⤵
        
        PID:10204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34490.exe
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19882.exe
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
        7⤵
        
        PID:5916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54830.exe
        9⤵
        
        PID:12440
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-590.exe
        8⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2317.exe
        8⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28995.exe
        7⤵
        
        PID:3244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36102.exe
        8⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31047.exe
        7⤵
        
        PID:12532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        7⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34326.exe
        7⤵
        
        PID:14048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
        6⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34825.exe
        6⤵
        
        PID:11120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33264.exe
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49428.exe
        7⤵
        
        PID:11676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        6⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        6⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34658.exe
        6⤵
        
        PID:5468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-242.exe
        5⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
        6⤵
        
        PID:15072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
        5⤵
        
        PID:12552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
      4⤵
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27858.exe
        5⤵
        
        PID:5188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65486.exe
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
        7⤵
        
        PID:9668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6122.exe
        7⤵
        
        PID:2592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
        6⤵
        
        PID:6332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        7⤵
        
        PID:15708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        6⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50857.exe
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
        6⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29187.exe
        5⤵
        
        PID:9300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        6⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        5⤵
        
        PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50230.exe
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7686.exe
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4477.exe
        6⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25261.exe
        5⤵
        
        PID:10680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51292.exe
        5⤵
        
        PID:14140
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38458.exe
      4⤵
      PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43830.exe
      4⤵
      PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28345.exe
      4⤵
      PID:14208
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47510.exe
        6⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36602.exe
        7⤵
        
        PID:5308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        8⤵
        
        PID:6160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55982.exe
        9⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
        10⤵
        
        PID:11532
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
        10⤵
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32878.exe
        9⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29151.exe
        9⤵
        
        PID:15996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
        8⤵
        
        PID:8364
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
        9⤵
        
        PID:4100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
        8⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42906.exe
        7⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        7⤵
        
        PID:8888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56714.exe
        8⤵
        
        PID:3188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
        7⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
        7⤵
        
        PID:13592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48911.exe
        6⤵
        
        PID:5356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45868.exe
        7⤵
        
        PID:7472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        8⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        7⤵
        
        PID:10744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
        7⤵
        
        PID:14096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17285.exe
        6⤵
        
        PID:8272
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
        6⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15200.exe
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42824.exe
        6⤵
        
        PID:5232
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61812.exe
        7⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
        8⤵
        
        PID:7404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
        8⤵
        
        PID:10596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50009.exe
        8⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        7⤵
        
        PID:7480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56920.exe
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
        7⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43098.exe
        6⤵
        
        PID:6760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        7⤵
        
        PID:10588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40356.exe
        7⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
        6⤵
        
        PID:12916
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
        6⤵
        
        PID:16432
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65282.exe
        5⤵
        
        PID:5376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44443.exe
        6⤵
        
        PID:7124
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27062.exe
        7⤵
        
        PID:11692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21595.exe
        6⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
        6⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59926.exe
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18706.exe
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16465.exe
        5⤵
        
        PID:9460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1954.exe
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
        5⤵
        
        PID:4988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9959.exe
        6⤵
        
        PID:5344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        7⤵
        
        PID:6992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13688.exe
        8⤵
        
        PID:13992
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 13992 -s 416
        9⤵
        Program crash
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
        7⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29649.exe
        7⤵
        
        PID:11904
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
        6⤵
        
        PID:6572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38281.exe
        6⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61540.exe
        7⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32404.exe
        6⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        6⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9229.exe
        6⤵
        
        PID:12996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
        5⤵
        
        PID:6924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
        5⤵
        
        PID:9624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31509.exe
        5⤵
        
        PID:13108
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
      4⤵
      PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
        6⤵
        
        PID:6152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60642.exe
        7⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        8⤵
        
        PID:13484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
        7⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54679.exe
        6⤵
        
        PID:9232
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3461.exe
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24816.exe
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        5⤵
        
        PID:8812
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58895.exe
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        5⤵
        
        PID:7608
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20456.exe
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10346.exe
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-460.exe
        5⤵
        
        PID:9888
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63738.exe
      4⤵
      PID:6896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
        5⤵
        
        PID:10532
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38824.exe
      4⤵
      PID:9712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe
      4⤵
      Executes dropped EXE
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9191.exe
        5⤵
        
        PID:4964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33250.exe
        6⤵
        
        PID:5960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34542.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34542.exe
        7⤵
        
        PID:7408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        8⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20496.exe
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41072.exe
        7⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        6⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1559.exe
        6⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37638.exe
        7⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46126.exe
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14152.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        6⤵
        
        PID:7548
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        7⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
        6⤵
        
        PID:10640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10765.exe
        5⤵
        
        PID:7924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57508.exe
        6⤵
        
        PID:13564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36397.exe
        5⤵
        
        PID:6556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13767.exe
        5⤵
        
        PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48641.exe
      4⤵
      PID:3680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16722.exe
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        6⤵
        
        PID:6596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6999.exe
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55655.exe
        7⤵
        
        PID:16440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6261.exe
        6⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
        5⤵
        
        PID:7560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59132.exe
        6⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
        5⤵
        
        PID:10316
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
        5⤵
        
        PID:12692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46746.exe
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34000.exe
        5⤵
        
        PID:8032
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
        5⤵
        
        PID:11596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43350.exe
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
      4⤵
      PID:6640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43118.exe
        5⤵
        
        PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
      4⤵
      PID:11620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
      4⤵
      PID:1600
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe
    3⤵
    - Executes dropped EXE
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
      4⤵
      PID:352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56576.exe
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12567.exe
        6⤵
        
        PID:8856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30112.exe
        6⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18026.exe
        5⤵
        
        PID:6648
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
        5⤵
        
        PID:12508
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
      4⤵
      PID:1708
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10037.exe
        5⤵
        
        PID:7428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        5⤵
        
        PID:10300
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
      4⤵
      PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
      4⤵
      PID:10404
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
    3⤵
    PID:3220
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
      4⤵
      PID:6284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
        5⤵
        
        PID:7816
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4415.exe
        6⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
        5⤵
        
        PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
      4⤵
      PID:9072
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 632
        5⤵
        Program crash
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
      4⤵
      PID:12628
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64036.exe
      4⤵
      PID:10548
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-38978.exe
    3⤵
    PID:8624
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54452.exe
    3⤵
    PID:16508
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:640
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45756.exe
        6⤵
        
        PID:376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18128.exe
        7⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
        8⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        9⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13122.exe
        8⤵
        
        PID:9132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2815.exe
        8⤵
        
        PID:12412
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23638.exe
        7⤵
        
        PID:6516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        8⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17747.exe
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24808.exe
        7⤵
        
        PID:16060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6430.exe
        6⤵
        
        PID:5556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4835.exe
        8⤵
        
        PID:7724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        8⤵
        
        PID:12092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16848.exe
        7⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14133.exe
        7⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54067.exe
        7⤵
        
        PID:16368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58972.exe
        6⤵
        
        PID:6692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
        7⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2417.exe
        8⤵
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
        7⤵
        
        PID:10768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21456.exe
        6⤵
        
        PID:9120
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14591.exe
        7⤵
        
        PID:11816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
        7⤵
        
        PID:17072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27836.exe
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30920.exe
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
        7⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25617.exe
        7⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-279.exe
        8⤵
        
        PID:15572
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20050.exe
        7⤵
        
        PID:16284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62917.exe
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        7⤵
        
        PID:13540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58160.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2972.exe
        6⤵
        
        PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        6⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36574.exe
        7⤵
        
        PID:11320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11332.exe
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
        6⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
        7⤵
        
        PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46145.exe
        5⤵
        
        PID:6512
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37176.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16402.exe
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55360.exe
        5⤵
        
        PID:9640
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53782.exe
        6⤵
        
        PID:14740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:836
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47702.exe
        5⤵
        
        PID:2384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
        6⤵
        
        PID:5632
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13763.exe
        7⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6091.exe
        8⤵
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
        8⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
        7⤵
        
        PID:6460
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51981.exe
        7⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60587.exe
        6⤵
        
        PID:6356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50284.exe
        7⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15084.exe
        7⤵
        
        PID:14088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
        6⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
        6⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
        6⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7985.exe
        6⤵
        
        PID:10236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-818.exe
        5⤵
        
        PID:9700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26849.exe
        5⤵
        
        PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
      4⤵
      PID:3632
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16530.exe
        5⤵
        
        PID:5740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        7⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16796.exe
        6⤵
        
        PID:7716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32109.exe
        6⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14292.exe
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
        6⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
        5⤵
        
        PID:9660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
        5⤵
        
        PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
        6⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59852.exe
        5⤵
        
        PID:10756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59957.exe
        5⤵
        
        PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58276.exe
        5⤵
        
        PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
      4⤵
      PID:9292
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
      4⤵
      PID:12320
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
      4⤵
      Executes dropped EXE
      PID:2776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8615.exe
        5⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63353.exe
        6⤵
        
        PID:5656
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 632
        7⤵
        Program crash
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
        6⤵
        
        PID:7868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
        6⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-556.exe
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9653.exe
        6⤵
        
        PID:6544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        7⤵
        
        PID:13736
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
        6⤵
        
        PID:9684
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29422.exe
        7⤵
        
        PID:4340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53813.exe
        6⤵
        
        PID:17096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44364.exe
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31545.exe
        5⤵
        
        PID:9328
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38910.exe
        5⤵
        
        PID:12272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64253.exe
        5⤵
        
        PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
      4⤵
      PID:3144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14391.exe
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2313.exe
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1545.exe
        7⤵
        
        PID:13068
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
        6⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2443.exe
        7⤵
        
        PID:12400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62644.exe
        6⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24598.exe
        5⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
        5⤵
        
        PID:9732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13003.exe
        5⤵
        
        PID:7532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17052.exe
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50741.exe
        6⤵
        
        PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29947.exe
        5⤵
        
        PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-3550.exe
      4⤵
      PID:7352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36910.exe
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26759.exe
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
      4⤵
      PID:9568
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
      4⤵
      PID:15456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe
    3⤵
    PID:2076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-39726.exe
      4⤵
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10089.exe
        5⤵
        
        PID:5896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        6⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
        6⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
        5⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19574.exe
        6⤵
        
        PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
      4⤵
      PID:6876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53730.exe
        5⤵
        
        PID:9372
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29343.exe
        5⤵
        
        PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38535.exe
      4⤵
      PID:9988
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49346.exe
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19616.exe
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
      4⤵
      PID:3196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41566.exe
        5⤵
        
        PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52505.exe
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24081.exe
        5⤵
        
        PID:14160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4212.exe
      4⤵
      PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34361.exe
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
      4⤵
      PID:16000
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48004.exe
    3⤵
    PID:6612
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25832.exe
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40736.exe
        5⤵
        
        PID:16324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-32110.exe
      4⤵
      PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20407.exe
      4⤵
      PID:16024
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61793.exe
    3⤵
    PID:7756
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65122.exe
    3⤵
    PID:10652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
    3⤵
    PID:17320
- C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4456
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
      4⤵
      PID:4976
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
        5⤵
        
        PID:4888
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5185.exe
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62614.exe
        8⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57330.exe
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39537.exe
        7⤵
        
        PID:13876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
        7⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15032.exe
        7⤵
        
        PID:2988
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
        6⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4230.exe
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42172.exe
        6⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34091.exe
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        6⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40227.exe
        5⤵
        
        PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9746.exe
      4⤵
      PID:1664
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        5⤵
        
        PID:1900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47814.exe
        6⤵
        
        PID:7444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39226.exe
        7⤵
        
        PID:13760
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18410.exe
        6⤵
        
        PID:11860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        6⤵
        
        PID:16768
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18794.exe
        5⤵
        
        PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2967.exe
        5⤵
        
        PID:10780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46858.exe
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
      4⤵
      PID:1252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62769.exe
      4⤵
      PID:14224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7053.exe
      4⤵
      PID:4580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
        5⤵
        
        PID:4228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53016.exe
        6⤵
        
        PID:7448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44327.exe
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61990.exe
        6⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
        6⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54207.exe
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        6⤵
        
        PID:14024
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47600.exe
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56994.exe
        5⤵
        
        PID:11560
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2353.exe
      4⤵
      PID:8788
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
      4⤵
      PID:16460
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
    3⤵
    PID:1752
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5045.exe
      4⤵
      PID:2736
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23660.exe
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        6⤵
        
        PID:14116
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
        5⤵
        
        PID:9512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45847.exe
      4⤵
      PID:7676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
        5⤵
        
        PID:11268
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35453.exe
      4⤵
      PID:14012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30053.exe
    3⤵
    PID:5844
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-6781.exe
      4⤵
      PID:7940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
      4⤵
      PID:10712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
      4⤵
      PID:16300
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35375.exe
    3⤵
    PID:7876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
    3⤵
    PID:11612
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
    3⤵
    PID:16352
- C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3048
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
    3⤵
    - Executes dropped EXE
    PID:872
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11329.exe
      4⤵
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33616.exe
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12645.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
        7⤵
        
        PID:17028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
        6⤵
        
        PID:10448
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63301.exe
        5⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32285.exe
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21492.exe
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-15714.exe
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37508.exe
        5⤵
        
        PID:7988
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55882.exe
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
        5⤵
        
        PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-56625.exe
      4⤵
      PID:9524
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
    3⤵
    PID:1116
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47640.exe
      4⤵
      PID:6000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
        5⤵
        
        PID:832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
        6⤵
        
        PID:13516
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46116.exe
        5⤵
        
        PID:13780
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14676.exe
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
        5⤵
        
        PID:16388
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34231.exe
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46937.exe
      4⤵
      PID:14076
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29449.exe
    3⤵
    PID:5536
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-23886.exe
      4⤵
      PID:7660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
        5⤵
        
        PID:3600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5660.exe
      4⤵
      PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1741.exe
      4⤵
      PID:14360
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
    3⤵
    PID:8036
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
    3⤵
    PID:9696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32042.exe
    3⤵
    PID:13684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
    3⤵
    PID:6124
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
  2⤵
  PID:696
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-56446.exe
    3⤵
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
      4⤵
      PID:5640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
        5⤵
        
        PID:8956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30704.exe
        6⤵
        
        PID:17064
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30827.exe
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7336.exe
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35474.exe
        5⤵
        
        PID:15716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30531.exe
      4⤵
      PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18924.exe
      4⤵
      PID:14280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
    3⤵
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
      4⤵
      PID:9360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
      4⤵
      PID:14260
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
    3⤵
    PID:3876
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
    3⤵
    PID:10356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
    3⤵
    PID:16068
- C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-4146.exe
  2⤵
  PID:3824
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
    3⤵
    PID:1684
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25256.exe
      4⤵
      PID:7420
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-45899.exe
      4⤵
      PID:5780
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4370.exe
    3⤵
    PID:7488
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-18100.exe
      4⤵
      PID:11284
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
    3⤵
    PID:10308
- C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-15695.exe
  2⤵
  PID:5980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
    3⤵
    PID:8936
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3278.exe
    3⤵
    PID:12572
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
    3⤵
    PID:17404
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
  2⤵
  PID:9004
- C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
  2⤵
  PID:11636
- C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
  2⤵
  PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 6328 -ip 6328
1⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 456 -p 5656 -ip 5656
1⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 9072 -ip 9072
1⤵
PID:13992

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11936.exe

Filesize
468KB

MD5
ea62d118671a84543627c9c7239edca8

SHA1
9cefb2cd89a97c08bb4faf905db8849231355850

SHA256
aed77ee5a7e5204ede8f74e44b072d4bec2169cc73ed35027190c0b89104d814

SHA512
e1a775b310af940721cb717b52c038b0b9ab806b424edba1d49a014111ca707596e4fd338ebcf2cc189d285a720b0c5be289cf81e6ab4627c4b59e827a38e2ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13493.exe

Filesize
468KB

MD5
8fbc60662166966d67dffd8bd6fccf1b

SHA1
647c9d90f9eb70034d4c2dba1ac90f60907ed3dd

SHA256
c1c9e3e68ff34f0b8c4ce3d2196de81607215a5ac2f0058818567d20e72f9e5d

SHA512
43c000095b76125ca0a6acaaa8526f122d46eea6d17e0d55640f87d6a927c54a10b0f7600b884a2d1939878a59cbbd70d40c81397dac9be05c0872dce047367d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15060.exe

Filesize
468KB

MD5
995217baacff00c40d9dab6d9863bd27

SHA1
478c926dc68a3b24095c472e84547d3a08f526f8

SHA256
e74e3c3618bea90cdc801c4d7a9121ee0e869f5dffcbe4341d562b9bafa0c7f5

SHA512
c7e6b3e023652a77795d9b28356b37b6590a6623143011d4eb383a36b553b5a445bb59547f982f4503aecf4a375546cbe7c1ac5cd13638623cd2eeb8618c292b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe

Filesize
468KB

MD5
b29fc483a518b304e01678a583aaf7bb

SHA1
7b6f0c23f224c5723a0f23cd366e547f1739139e

SHA256
58d390b91cadda8ae9031ca8ff90f9c718909e929b48bcde389c61709697de97

SHA512
de1ff99db98ab0e2274b9272fb6feee08b45fc46fdafe91c1fa27272aa13cbf1bf8863b58f27c6a56ffd788ce4b9e539dd3287e69d92565584caa0b7e8865c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16543.exe

Filesize
468KB

MD5
d5b038bae2642564e94c63538b6d8bd5

SHA1
7e0273466986650534cae5395af01405e03d9689

SHA256
8dc6d122fc58fdf000222a0fa5f895c0b80cae516f59bd6a6a1279623bc9a9cf

SHA512
3f15103ad82cd3ba56b03005aca67717226ae2c4622fed19034e884b1277e0f3b24b73f900db9bf24dfe691b397790aeb1de41bc855982fc62461f8a95245291

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20166.exe

Filesize
468KB

MD5
e7a1ce3d66fb90da79982ac85d072d47

SHA1
27c195a8021e21e9740ebef6059fad0ec0f56c03

SHA256
7b1c0f8e582bc087b0b47ce8d312fcf12364aefe88cc44daeb43e359ee873037

SHA512
bebd1cf9894dbafc0ed71a15b63c65c76a85cbd839a15d8d399ebdcd94f8fcff236c0d404d851e4ddfafdbe07609cb75e6b0dc43596958dad97553fc8276db40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20702.exe

Filesize
468KB

MD5
0d5860d78d359e8db8bafba1afb7a553

SHA1
90bc6033173a92cc65a6eecb95c6d59d22e1d64b

SHA256
28ba2eb62429a47dbb73fd136f3645c52437fe7d378c4c36fe6f2fd8af1b3329

SHA512
331474c65a93221b84a3c64821ddabf6cd442d08430df75e72646604663df51e7beafd52947f7b470f71d7007b4ff3fa8a20006a463355c043722d031bb3519d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe

Filesize
468KB

MD5
75d94a7e039b944fb979f4c52eb1bb56

SHA1
05ccec81259a806684f61eecdaa9130f8363ab48

SHA256
3e05d04b1c7dffb5e1548879263a6df4e5685b7f17ffea9f2a3155677d503ba8

SHA512
df3e3ce4324be7fbd55c745d25a128944d73c1d2cf2a534c0dacd66ea97ceef084bc0d35e3f4442174a4b0c40f16d290599690a70986b0cf040e1e5c87735d13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25170.exe

Filesize
468KB

MD5
63b554d1d1be62879006ae24c85e1a80

SHA1
336b4b6b8f7bdca851f90e1aee9b7d409e7ca026

SHA256
5f40c6aedd964a2eeade6c1929e7669ad3532ae630f9033214f1edd048a42072

SHA512
0f020abf59f536a8465198421ff67fc942e43ac2e9b9fb091e74fcf43e4609a81b47ac0005e938ffc6df72f5b38961b49f84e4200cef32b38bba9a66f6fc18d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26028.exe

Filesize
468KB

MD5
c557dcc4c2f6b68cd1a15dc55724c029

SHA1
0367516314ed9ff0919415c0679b583809b7cac0

SHA256
1b40a3bc1ed34808dc6d95268f2cef06307e35651b797417d628cf0088637508

SHA512
3696bc1edff7e61b1fbc1a09e73b692d4fd18942eb229dd9abd0a5f8da77c3b13cef435891062aa1eafb1de9de39211684c66e3cce07450ef9e2b95f63168046

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe

Filesize
468KB

MD5
b4954f3acc667279db4613e0b2ebcfa7

SHA1
94bef161548143fa0fa7ed7c5c6b4adfc01eab42

SHA256
506082ac4d42a81f3d84ecde5000e7a914acb53bf8f184a77f4ea99fbe06bdd0

SHA512
3f3d710ceef0125d32d04212cb774d77861bbaf6bc7f1ad84adbbdec8939d08fc6ef60b76b8b46231300706a8b62a63af7fcae0afed5cb28d531341e8d7cc6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe

Filesize
468KB

MD5
fd401f2bd9abcdd6e97d42ba0e9046c4

SHA1
50645a50b4b695765d1de36b8cd8bf8610ef63af

SHA256
8f5d71a2087214d5867e4a4308113111e9d91e395e45294ddf26febcd1069e05

SHA512
0e8e0c81e24c414af157a5ea847533a1773371449deb79ae13d58d75389f6d9b35d080e000fb19e56944a1afbd44770062ba6aa68312f56f2757c105427ad540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe

Filesize
468KB

MD5
8d21dcd9dcd147f76cb3acfbc83b2c9c

SHA1
aaec1c527e573f683e6f94da603aff986002cee3

SHA256
90defd44d12072ad3145459d418fdffc12dc624540fdf5fdc17db8e030165c1d

SHA512
eb09cbe404cb05cfb976f881d7ef8d38086301be466adcf7476510d1de2c742c1f0ba8788323ba3a7f47e33fe1eb9e5c9884307cdf982c40cbcc8ff7c7ecde36

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28029.exe

Filesize
468KB

MD5
83e1e110f406c82a65e9dde276ed91a2

SHA1
17d0aba39c711621cb27ab7563fb187476a13762

SHA256
b9c4489cbaf2202f897db15ff0309d6ac4ec3170ebadb43b1c34433d31564715

SHA512
e7beeb6556013a613b3e60c3fc4dab10a2cdb17206ac07dba70b715927bb82317ba81e0d85b74b3d95b9e3c4d1611924618b2245a78bb935d1de554af42148c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe

Filesize
468KB

MD5
77caf37efb93172dd619bb3c08e0f9d8

SHA1
85b5c36f0cbe940548194187b626611c08f1c33d

SHA256
3a85754fc18a382a95cb1d05ff904b238881b88ffb33319855901d2e5f08fdd3

SHA512
05b106d6c640f95cde05bff1732ed78e2a9ebf78ca95668bd3001f959db245ce3d593626c051c996d5ef896e04bea49d5213d8f410c0617d7659e6fe847a8921

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31511.exe

Filesize
468KB

MD5
9874f1cf01ffd18984bceef05ee05f2d

SHA1
7eacdb8d7a38f03a763392a31863603f9c9795c6

SHA256
ea478ff5e411bad9ec4b6bda24b1ff87e491e6931351de495b1172a3ce0d4fb4

SHA512
5aa5f09d843c78e2ff1cff1b1dc245629f43b05fea7ec32327730423bc033ce215d2564c4005f82c53d35eba5e77765ec9cf9280844e0224c5a8ba41a0d4d64b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3213.exe

Filesize
468KB

MD5
3353fbfd92c8b68d87bb3890cb844bc0

SHA1
040d0fc69a671fe63a51d3160f60987230d2c238

SHA256
9d6cf6039d1b44dec76e334268dc6ca98a5b539ea51c6516cb8a567d77aab8da

SHA512
549dfe79c6b9892c8a15435644bba522b0aec4e914ac13af8570dd618337658e04a016c17e29c3084c27270ec553c303f7780f6ab2c9a4bda7b69bfb539f1e26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34516.exe

Filesize
468KB

MD5
8f86fade5de0447c34088da456bfe5e1

SHA1
09d63a5a70993dc09998681af5cbc7dcd975f4fd

SHA256
817878c612b748bf3d776d843f30a74ea8a221c28e59a7d013f2c854e07aaf3b

SHA512
36596e665eb1250236ce6d452507056febd26ff253de044fbbcc5c34840d810667c941edc8e153891c60ddcabb80071a69feadd96ee71710e8aff603d2be2bfc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36030.exe

Filesize
468KB

MD5
8633034ba9bcd01c6f034f56532157ea

SHA1
11f3efba2c2fe138d24dc28d2718f362bd918deb

SHA256
001895370bb107f67bb1cb36d79f42a6e916c26f28c241cbaec010fa786f6876

SHA512
3517c1adbe2bd9829133f38bb1b9d416c2f201628a65d3c1b34c25fdc7dc837d7a2fe0cea77ed50922a7d23a6645199ab1c2e100c67a0a94b7445a1ce1e62e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3742.exe

Filesize
468KB

MD5
cfeb3741bfbf1c3a442fcc54539cd63f

SHA1
e682666fa3a53f44219a5c17347a8ff6c7b4148e

SHA256
410708684f2f02f91858ddb9f970ff30d7eecd88178d4b1427355f774cc58455

SHA512
46732a2296d96601794811ca8c55b8600c964dcf9390148f7b896edac303fb8f6129b2afa2ad1672f3d51b99ecb931a8b8cd3ff11aeb419866e0878bb4cac1b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3881.exe

Filesize
468KB

MD5
65fe0659f5a65fb982db80ad497b1a64

SHA1
b1219229b9c68f643a7944ed2dc5a18485da47f9

SHA256
d21d89f93984c05d096b7da4ccef8ca60d17887fa8d8e91502cc2038f01dcd4a

SHA512
ccae01572963aef2580edd6430624fab721f448d62354242cda55e8ec2c54d892052de6586a7c90769bb95f691fbe3593326b4516d8fa669ba04d609c565fe3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe

Filesize
468KB

MD5
beada43b50493ca16fd1268befd6de50

SHA1
675cc8df8a06a0f05d00d005d644867fac4f05dc

SHA256
9c3b6664794c9c466ef1cf28de5f29bded24aa7e719dac4d74b1c82ca1fabac6

SHA512
3bbcae3dc3f0f0a97d395e41fcdc5e8e9be247c7c1a4909a0923d6c192177664ae2d3d4440f23abd2bc84dbaf3f7fdc1767ba0b869a92b515b670b0987093d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe

Filesize
468KB

MD5
857671b3fe14328324e5b75968b85b67

SHA1
8fbe712d4f39670f0057ac994e01e7dcf9847196

SHA256
638d07254376d37de1974040782ea7272408cee99202fc99f494ef5f9b322c20

SHA512
b371dce3c290e7df9aa240c970f6ab0985fa25de1b8f4dcf2776b1ab859e269df6993cfba70886da3023e3295da21379abf3fb4221b04ad619d3c76dc40a675c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41148.exe

Filesize
468KB

MD5
45f2fcc70b3da595e8de662dbf9a29cf

SHA1
5504ab7e43938eafe26dba946b7f02f6d9e401f9

SHA256
d0e841e2da6cc7177b64bc5b13c40444499a64c5bb47203af5554e492971b615

SHA512
6e8747f2959bc9702e134d32907d225163c513fcf499ce1e03826bcf58048a7ed0f0b71623073e01029ae2b4c21308185df1a60d7a63c33baf738077487a3cc6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe

Filesize
468KB

MD5
13a6a0a6cf5cd298086f88d9498ead19

SHA1
81a0b6530a6cf84a9c3c86d94cd70d0a39098948

SHA256
e4bb9d003a2abc544004c30a77a6863f197eba7a30bb6894c930683798a4b11a

SHA512
93f4cd4885ea33b9fa44363a908e3bc9d4ec01a081bf6f8407869a6bab5860cab5b5173ae948e5c1aca33f58382f66d5f0b4c0b19cda6e2e706a0b8603dd1674

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4199.exe

Filesize
468KB

MD5
dc99d82c31ab86536ddb7da62cd9bd49

SHA1
5e61b08664e2f72999969a602c5b1f4419a5bf9f

SHA256
d08c1bb6c2339af0af176db02c752fb33b3e2c65a459df84595c313cf025e4b3

SHA512
7bc8c7792cd79d482678a019712b2a6ddb1a0e21a3804b80888ce35cc05c7fb335ba0bb911bf6c028f36ffd2834780c20369b72b5de0719b81b08d67c49f2195

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47845.exe

Filesize
468KB

MD5
df042f957c0db4d6b0a73475f113f566

SHA1
33b21a9f0fbf5cd04cd68207f73aa90599946746

SHA256
7f1a806fb747baed9ecb54dd23983f3076aa021f3fb57969b0cc9d7b4ef2f73c

SHA512
1e778fcd5a6b1735389bce3b9d5b76f55b870a0a66f0ccb527b1058b32e4d3576f4533533be6500c6069c332debc673491edc7f4cb1c7a87ed0a859a980ff2fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50997.exe

Filesize
468KB

MD5
24e337b89e6723f6d7723d6b0e05aae9

SHA1
0177ba803a2c315eb1a30e60a557c289fbe5b272

SHA256
00df9c03711323a6242995e52664828e60ae06e3d93d4cdb63e79f449bc4c92b

SHA512
6525faf49c03f9e2146b50ea7109960cb30943693fb512c7fb5cf59da3e06c256b73fd42461bccff36c8dda2bdd7645a200eea1f12b3c1c9b5dd500c3448b0f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe

Filesize
468KB

MD5
c0a1d5143b389e98ae088a3d21b48b02

SHA1
115e028be0f2c977469dd79002d09ae0b932662d

SHA256
e2e316c1eeee36c58abb53df9ab502bf5f011c46df649ae5d73669621f3363dd

SHA512
c306a0ff546b7318469a7bede9b839e95545c6a3e8012f0132d8e6653f6f4a5213e30bd0dd4ade966576297721133d1c5bed19c62b0e96da06fa6349a4c23e90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62289.exe

Filesize
468KB

MD5
4fcb5b42a4984569242487412b3092a4

SHA1
da1b24bff8a76b3f80bd79277aa02019bf46997e

SHA256
0ed7dcbf5faf69563bc17be7da4b9afac897fb517081c8a855b67fbce5697294

SHA512
6946c3bea465d1082f898f7d66ecbd85326a8d4e723498c881bf34ae5014c5548b380e5bcd3ac0be022ca2618b6b858b86a1f48d087d6927f62fdb2321770871

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63960.exe

Filesize
468KB

MD5
01b4da204777bace6406bd52280f0474

SHA1
dddd239d32a57cdb580812cdf1d6a47d903b5d3b

SHA256
ec788538da918f906f5f49f755e2f426cc22c53c5aab2a7a5c9410c3664f3e57

SHA512
7253bd13390a33505908c02e9f4a04d6170d1b96bfafbbc873baa5da0218ecf256ed3f7d18d0dbe1b5aa01643187057ca536a2128309da1cc7d115e5ce537aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe

Filesize
468KB

MD5
2e862d715bd34c78ab01a7b0d0eb10ba

SHA1
2eddea220646e749755f6b39eae8ce72ba18e296

SHA256
84eb0bed0f6bc76eeb3a99ec7f19ab570bf38fc8935f69834b0bfd83fcc03b86

SHA512
15646d3bd17381a1285f9b3bc121d3d1b93a0a7b4bc4668d3ffeeaa60b976ac1e0370e4703ac918dfea1293b2ba28911691eb771dfd404ad895168dbecb26f8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8428.exe

Filesize
468KB

MD5
d7d56b5254fb025d5dd38b14c2256a0d

SHA1
30558e816b64b58780478617af5cad4cba7466af

SHA256
427806e20ec118ed9cd497bdc3ae6415f22b68d073516a48a295fd4efa84ba88

SHA512
c696c2db8379fbd3d3c0e9279fd44a193d19d7d117d277aa12f71cc18eb10642c1786af37587d63221a8c53bb0feba16857e35835b0198f86a0c61a7815a4aef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9309.exe

Filesize
468KB

MD5
caf385f347243e53424b95531c1e7674

SHA1
cfccd6b32a69180e1ed37472e1c473362a0ac11b

SHA256
b925bc95a9c91d96c6d7eb5c6e63ac5dce4978d4d6177238bd00796f98854856

SHA512
4c54e88ad1213d4110ebdc2eb7e36e58f87e1219d199063c96a4ef1c58da24c0f413ff80e6792089981f54078c820f9ba6363332590597be4ae653b93a81ddf3

Download Submit