54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661

Analysis

max time kernel
149s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe
Size

184KB
MD5

d65358d3211f418d7998356082a226a9
SHA1

dc02e0fec740a7b9b200429ac6d2651d2aea5e8a
SHA256

54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661
SHA512

d96d6b235fb4873e5eb94c8113aa4a8750ebf6a67b478eccc6cbac22a1416abdc42e33d0ee3a4f7a83d02cad6e4009b3911921b2bf19f40383b649b0a50d1f31
SSDEEP

3072:fTPOA2odv0rsd40zWiWn8sNzxlvnqnxiu4:fTQo2Y40e88zxlPqnxiu

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
872	Unicorn-63765.exe
2216	Unicorn-1326.exe
2004	Unicorn-20355.exe
3572	Unicorn-21507.exe
5064	Unicorn-25037.exe
5100	Unicorn-6462.exe
3796	Unicorn-44471.exe
3372	Unicorn-42425.exe
2080	Unicorn-51269.exe
1016	Unicorn-49878.exe
2560	Unicorn-42836.exe
2144	Unicorn-16459.exe
4404	Unicorn-36049.exe
2104	Unicorn-20267.exe
4952	Unicorn-50439.exe
2948	Unicorn-54258.exe
4656	Unicorn-39941.exe
884	Unicorn-11907.exe
4668	Unicorn-2992.exe
540	Unicorn-7076.exe
368	Unicorn-19420.exe
3188	Unicorn-29635.exe
4580	Unicorn-43263.exe
3184	Unicorn-32327.exe
1704	Unicorn-43423.exe
2128	Unicorn-15197.exe
3680	Unicorn-49453.exe
1596	Unicorn-30878.exe
1676	Unicorn-30024.exe
1900	Unicorn-10366.exe
1992	Unicorn-29395.exe
2028	Unicorn-56059.exe
4788	Unicorn-19665.exe
624	Unicorn-8804.exe
1592	Unicorn-8804.exe
2624	Unicorn-46308.exe
4196	Unicorn-60043.exe
3280	Unicorn-55867.exe
4208	Unicorn-47434.exe
5004	Unicorn-8612.exe
2784	Unicorn-55767.exe
2176	Unicorn-10750.exe
1796	Unicorn-60506.exe
552	Unicorn-21633.exe
3556	Unicorn-56443.exe
452	Unicorn-30977.exe
640	Unicorn-24325.exe
996	Unicorn-62857.exe
4240	Unicorn-47076.exe
4008	Unicorn-25909.exe
2320	Unicorn-63412.exe
2480	Unicorn-1212.exe
3660	Unicorn-3350.exe
3812	Unicorn-36115.exe
4644	Unicorn-1596.exe
2600	Unicorn-58316.exe
1556	Unicorn-42821.exe
2976	Unicorn-39913.exe
1452	Unicorn-5872.exe
4660	Unicorn-8565.exe
4772	Unicorn-2343.exe
4612	Unicorn-48751.exe
1312	Unicorn-43205.exe
2604	Unicorn-42629.exe

Program crash 12 IoCs

pid	pid_target	Process	procid_target
5132	4208	WerFault.exe	135
5320	5168	WerFault.exe	185
7072	6092	WerFault.exe	250
9872	7028	WerFault.exe	321
11016	8828	WerFault.exe	412
11288	9128	WerFault.exe	417
12996	8176	WerFault.exe	363
12292	8176	WerFault.exe	363
232	8848	WerFault.exe	414
13444	8848	WerFault.exe	414
14704	12068	WerFault.exe	639
4928	2792	WerFault.exe	723

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe
872	Unicorn-63765.exe
2004	Unicorn-20355.exe
3572	Unicorn-21507.exe
5064	Unicorn-25037.exe
5100	Unicorn-6462.exe
3796	Unicorn-44471.exe
3372	Unicorn-42425.exe
1016	Unicorn-49878.exe
2144	Unicorn-16459.exe
2560	Unicorn-42836.exe
2080	Unicorn-51269.exe
4404	Unicorn-36049.exe
2104	Unicorn-20267.exe
4952	Unicorn-50439.exe
4656	Unicorn-39941.exe
884	Unicorn-11907.exe
4668	Unicorn-2992.exe
368	Unicorn-19420.exe
3184	Unicorn-32327.exe
540	Unicorn-7076.exe
3188	Unicorn-29635.exe
4580	Unicorn-43263.exe
1704	Unicorn-43423.exe
2128	Unicorn-15197.exe
3680	Unicorn-49453.exe
1596	Unicorn-30878.exe
1676	Unicorn-30024.exe
1900	Unicorn-10366.exe
1992	Unicorn-29395.exe
2028	Unicorn-56059.exe
4788	Unicorn-19665.exe
624	Unicorn-8804.exe
1592	Unicorn-8804.exe
5004	Unicorn-8612.exe
2176	Unicorn-10750.exe
1796	Unicorn-60506.exe
2624	Unicorn-46308.exe
4196	Unicorn-60043.exe
3280	Unicorn-55867.exe
4208	Unicorn-47434.exe
3556	Unicorn-56443.exe
552	Unicorn-21633.exe
2784	Unicorn-55767.exe
4008	Unicorn-25909.exe
2320	Unicorn-63412.exe
996	Unicorn-62857.exe
640	Unicorn-24325.exe
452	Unicorn-30977.exe
4644	Unicorn-1596.exe
2600	Unicorn-58316.exe
4240	Unicorn-47076.exe
1556	Unicorn-42821.exe
2976	Unicorn-39913.exe
4772	Unicorn-2343.exe
4612	Unicorn-48751.exe
1312	Unicorn-43205.exe
3660	Unicorn-3350.exe
3812	Unicorn-36115.exe
1452	Unicorn-5872.exe
4660	Unicorn-8565.exe
2216	Unicorn-65471.exe
1924	Unicorn-32707.exe
404	Unicorn-31315.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 872	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	94
PID 3840 wrote to memory of 872	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	94
PID 3840 wrote to memory of 872	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	94
PID 872 wrote to memory of 2216	872	Unicorn-63765.exe	96
PID 872 wrote to memory of 2216	872	Unicorn-63765.exe	96
PID 872 wrote to memory of 2216	872	Unicorn-63765.exe	96
PID 3840 wrote to memory of 2004	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	97
PID 3840 wrote to memory of 2004	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	97
PID 3840 wrote to memory of 2004	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	97
PID 872 wrote to memory of 3572	872	Unicorn-63765.exe	100
PID 872 wrote to memory of 3572	872	Unicorn-63765.exe	100
PID 872 wrote to memory of 3572	872	Unicorn-63765.exe	100
PID 2004 wrote to memory of 5064	2004	Unicorn-20355.exe	101
PID 2004 wrote to memory of 5064	2004	Unicorn-20355.exe	101
PID 2004 wrote to memory of 5064	2004	Unicorn-20355.exe	101
PID 3840 wrote to memory of 5100	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	102
PID 3840 wrote to memory of 5100	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	102
PID 3840 wrote to memory of 5100	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	102
PID 3572 wrote to memory of 3796	3572	Unicorn-21507.exe	103
PID 3572 wrote to memory of 3796	3572	Unicorn-21507.exe	103
PID 3572 wrote to memory of 3796	3572	Unicorn-21507.exe	103
PID 872 wrote to memory of 3372	872	Unicorn-63765.exe	104
PID 872 wrote to memory of 3372	872	Unicorn-63765.exe	104
PID 872 wrote to memory of 3372	872	Unicorn-63765.exe	104
PID 5100 wrote to memory of 2080	5100	Unicorn-6462.exe	105
PID 5100 wrote to memory of 2080	5100	Unicorn-6462.exe	105
PID 5100 wrote to memory of 2080	5100	Unicorn-6462.exe	105
PID 2004 wrote to memory of 1016	2004	Unicorn-20355.exe	106
PID 2004 wrote to memory of 1016	2004	Unicorn-20355.exe	106
PID 2004 wrote to memory of 1016	2004	Unicorn-20355.exe	106
PID 3840 wrote to memory of 2560	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	107
PID 3840 wrote to memory of 2560	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	107
PID 3840 wrote to memory of 2560	3840	54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe	107
PID 5064 wrote to memory of 2144	5064	Unicorn-25037.exe	108
PID 5064 wrote to memory of 2144	5064	Unicorn-25037.exe	108
PID 5064 wrote to memory of 2144	5064	Unicorn-25037.exe	108
PID 3796 wrote to memory of 4404	3796	Unicorn-44471.exe	109
PID 3796 wrote to memory of 4404	3796	Unicorn-44471.exe	109
PID 3796 wrote to memory of 4404	3796	Unicorn-44471.exe	109
PID 3572 wrote to memory of 2104	3572	Unicorn-21507.exe	110
PID 3572 wrote to memory of 2104	3572	Unicorn-21507.exe	110
PID 3572 wrote to memory of 2104	3572	Unicorn-21507.exe	110
PID 3372 wrote to memory of 4952	3372	Unicorn-42425.exe	111
PID 3372 wrote to memory of 4952	3372	Unicorn-42425.exe	111
PID 3372 wrote to memory of 4952	3372	Unicorn-42425.exe	111
PID 872 wrote to memory of 2948	872	Unicorn-63765.exe	112
PID 872 wrote to memory of 2948	872	Unicorn-63765.exe	112
PID 872 wrote to memory of 2948	872	Unicorn-63765.exe	112
PID 2144 wrote to memory of 4656	2144	Unicorn-16459.exe	113
PID 2144 wrote to memory of 4656	2144	Unicorn-16459.exe	113
PID 2144 wrote to memory of 4656	2144	Unicorn-16459.exe	113
PID 5064 wrote to memory of 884	5064	Unicorn-25037.exe	114
PID 5064 wrote to memory of 884	5064	Unicorn-25037.exe	114
PID 5064 wrote to memory of 884	5064	Unicorn-25037.exe	114
PID 1016 wrote to memory of 4668	1016	Unicorn-49878.exe	115
PID 1016 wrote to memory of 4668	1016	Unicorn-49878.exe	115
PID 1016 wrote to memory of 4668	1016	Unicorn-49878.exe	115
PID 2560 wrote to memory of 540	2560	Unicorn-42836.exe	116
PID 2560 wrote to memory of 540	2560	Unicorn-42836.exe	116
PID 2560 wrote to memory of 540	2560	Unicorn-42836.exe	116
PID 2004 wrote to memory of 368	2004	Unicorn-20355.exe	117
PID 2004 wrote to memory of 368	2004	Unicorn-20355.exe	117
PID 2004 wrote to memory of 368	2004	Unicorn-20355.exe	117
PID 2080 wrote to memory of 3188	2080	Unicorn-51269.exe	118

C:\Users\Admin\AppData\Local\Temp\54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe
"C:\Users\Admin\AppData\Local\Temp\54645caefb5005e279785dbc71852be6a721a62a57081e4a27407980a2a3a661.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:872
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe
    3⤵
    - Executes dropped EXE
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3572
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62857.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
        8⤵
        
        PID:5280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45307.exe
        9⤵
        
        PID:8220
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40869.exe
        9⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
        9⤵
        
        PID:10328
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        8⤵
        
        PID:7556
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41021.exe
        9⤵
        
        PID:12708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14198.exe
        9⤵
        
        PID:6188
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        8⤵
        
        PID:10144
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        8⤵
        
        PID:13648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11801.exe
        8⤵
        
        PID:16928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
        7⤵
        
        PID:5312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28395.exe
        8⤵
        
        PID:8900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44875.exe
        8⤵
        
        PID:11720
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
        7⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65525.exe
        8⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
        7⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26577.exe
        8⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
        7⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47076.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
        7⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
        8⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54627.exe
        9⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
        9⤵
        
        PID:11836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35205.exe
        9⤵
        
        PID:8084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
        8⤵
        
        PID:9380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
        8⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14500.exe
        9⤵
        
        PID:13920
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        8⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
        7⤵
        
        PID:7324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
        8⤵
        
        PID:14740
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35259.exe
        7⤵
        
        PID:10032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
        7⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6250.exe
        7⤵
        
        PID:15824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
        6⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11212.exe
        7⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        8⤵
        
        PID:14804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
        7⤵
        
        PID:8820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47879.exe
        8⤵
        
        PID:13860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        7⤵
        
        PID:11712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24838.exe
        7⤵
        
        PID:16168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
        6⤵
        
        PID:6736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42967.exe
        7⤵
        
        PID:12336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
        8⤵
        
        PID:14132
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
        8⤵
        
        PID:14992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19435.exe
        7⤵
        
        PID:15644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36760.exe
        6⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6235.exe
        6⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
        6⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54855.exe
        7⤵
        
        PID:5848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43449.exe
        8⤵
        
        PID:7592
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5727.exe
        8⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2384.exe
        8⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45950.exe
        7⤵
        
        PID:7612
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47065.exe
        7⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        7⤵
        
        PID:6484
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8347.exe
        6⤵
        
        PID:5868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54165.exe
        7⤵
        
        PID:6456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46065.exe
        8⤵
        
        PID:13164
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        8⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        7⤵
        
        PID:9768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
        7⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
        7⤵
        
        PID:15044
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2508.exe
        6⤵
        
        PID:7576
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60138.exe
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36115.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3812
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23143.exe
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20445.exe
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28089.exe
        8⤵
        
        PID:11060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48739.exe
        8⤵
        
        PID:15508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        7⤵
        
        PID:11404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        7⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        6⤵
        
        PID:8244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39635.exe
        7⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48229.exe
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13301.exe
        8⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55643.exe
        7⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38897.exe
        6⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31960.exe
        6⤵
        
        PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
        5⤵
        
        PID:6092
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 464
        6⤵
        Program crash
        
        PID:7072
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52329.exe
        5⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36261.exe
        6⤵
        
        PID:6412
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61658.exe
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41643.exe
        7⤵
        
        PID:5332
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
        8⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
        7⤵
        
        PID:7536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
        8⤵
        
        PID:11056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
        8⤵
        
        PID:13396
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19462.exe
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
        7⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
        7⤵
        
        PID:15952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17627.exe
        7⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        7⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53823.exe
        8⤵
        
        PID:12324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13597.exe
        8⤵
        
        PID:16056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64282.exe
        7⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22186.exe
        6⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
        6⤵
        
        PID:5292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
        7⤵
        
        PID:8148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
        8⤵
        
        PID:8300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49666.exe
        8⤵
        
        PID:9376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        8⤵
        
        PID:11660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24368.exe
        8⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
        8⤵
        
        PID:7820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49351.exe
        8⤵
        
        PID:17100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13407.exe
        7⤵
        
        PID:8324
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        7⤵
        
        PID:11744
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        7⤵
        
        PID:16720
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61264.exe
        6⤵
        
        PID:7904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
        7⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        6⤵
        
        PID:12236
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
        6⤵
        
        PID:10084
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
        6⤵
        
        PID:7960
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52738.exe
        6⤵
        
        PID:11680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43987.exe
        7⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60633.exe
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56465.exe
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40181.exe
        5⤵
        
        PID:7056
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1596
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1212.exe
        5⤵
        Executes dropped EXE
        
        PID:2480
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36743.exe
        5⤵
        
        PID:5472
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
        7⤵
        
        PID:12340
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:9296
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
        6⤵
        
        PID:14104
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44143.exe
        5⤵
        
        PID:6876
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52105.exe
        6⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32447.exe
        6⤵
        
        PID:11536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        6⤵
        
        PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        5⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
        5⤵
        
        PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58316.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40657.exe
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29791.exe
        6⤵
        
        PID:8016
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49355.exe
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        7⤵
        
        PID:16092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5997.exe
        6⤵
        
        PID:1404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
        6⤵
        
        PID:14112
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23123.exe
        6⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8501.exe
        5⤵
        
        PID:15784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5084.exe
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
        5⤵
        
        PID:6784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9562.exe
        6⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
        7⤵
        
        PID:15048
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        6⤵
        
        PID:11352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18972.exe
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5352.exe
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
        5⤵
        
        PID:3520
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        5⤵
        
        PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7703.exe
      4⤵
      PID:7100
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
      4⤵
      PID:9808
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57192.exe
      4⤵
      PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
      4⤵
      PID:13736
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2028
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30377.exe
        6⤵
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61269.exe
        7⤵
        
        PID:6072
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10444.exe
        8⤵
        
        PID:6340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23631.exe
        9⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        10⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54300.exe
        10⤵
        
        PID:11304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
        9⤵
        
        PID:7936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
        9⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        9⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
        8⤵
        
        PID:8032
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7720.exe
        9⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13156.exe
        10⤵
        
        PID:13844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39087.exe
        10⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
        10⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37909.exe
        9⤵
        
        PID:15776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        8⤵
        
        PID:11292
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        8⤵
        
        PID:15384
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62722.exe
        7⤵
        
        PID:6464
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        7⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44119.exe
        8⤵
        
        PID:12432
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
        8⤵
        
        PID:10672
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        7⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9115.exe
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35499.exe
        7⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57583.exe
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
        9⤵
        
        PID:17148
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        7⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40293.exe
        7⤵
        
        PID:8176
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
        6⤵
        
        PID:7880
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15915.exe
        7⤵
        
        PID:2792
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 464
        8⤵
        Program crash
        
        PID:4928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        7⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
        6⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2343.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46879.exe
        6⤵
        
        PID:5712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
        7⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
        7⤵
        
        PID:15112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        6⤵
        
        PID:11384
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51835.exe
        6⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36131.exe
        6⤵
        
        PID:9204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29815.exe
        7⤵
        
        PID:14908
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
        8⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55949.exe
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14427.exe
        6⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53443.exe
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12675.exe
        5⤵
        
        PID:6984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20808.exe
        5⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4430.exe
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        6⤵
        
        PID:16008
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14403.exe
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19292.exe
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19665.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1596.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4644
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
        7⤵
        
        PID:6052
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27819.exe
        8⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28425.exe
        8⤵
        
        PID:11512
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40318.exe
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34019.exe
        7⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        7⤵
        
        PID:11776
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5415.exe
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18395.exe
        7⤵
        
        PID:6748
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23043.exe
        8⤵
        
        PID:17000
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        7⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63095.exe
        7⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4096.exe
        6⤵
        
        PID:6820
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
        7⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27332.exe
        7⤵
        
        PID:15836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38052.exe
        6⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40949.exe
        6⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3618.exe
        7⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51736.exe
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
        6⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51964.exe
        6⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
        6⤵
        
        PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22353.exe
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37279.exe
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
        7⤵
        
        PID:12296
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:9416
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
        6⤵
        
        PID:4716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46235.exe
        6⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43785.exe
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32391.exe
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
        7⤵
        
        PID:10344
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
        6⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        6⤵
        
        PID:16036
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        5⤵
        
        PID:8592
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
        5⤵
        
        PID:15324
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-48751.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35717.exe
        6⤵
        
        PID:6668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
        7⤵
        
        PID:11648
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
        8⤵
        
        PID:14924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38268.exe
        7⤵
        
        PID:6496
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
        6⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28756.exe
        6⤵
        
        PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17579.exe
        5⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4902.exe
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
        6⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
        5⤵
        
        PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        5⤵
        
        PID:13416
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
      4⤵
      PID:5808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
        5⤵
        
        PID:6752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
        6⤵
        
        PID:10188
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41043.exe
        6⤵
        
        PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
        5⤵
        
        PID:9180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58435.exe
        5⤵
        
        PID:12464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30380.exe
        5⤵
        
        PID:13900
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
      4⤵
      PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
      4⤵
      PID:9800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38447.exe
        5⤵
        
        PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-54027.exe
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5888.exe
      4⤵
      PID:15316
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
    3⤵
    - Executes dropped EXE
    PID:2948
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1676
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42821.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21607.exe
        5⤵
        
        PID:5600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
        6⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31161.exe
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20421.exe
        7⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:628
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28644.exe
        6⤵
        
        PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        5⤵
        
        PID:6676
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        5⤵
        
        PID:9272
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43340.exe
        5⤵
        
        PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1678.exe
        5⤵
        
        PID:4284
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5825.exe
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
        5⤵
        
        PID:8432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12930.exe
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29445.exe
        6⤵
        
        PID:13820
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63174.exe
        5⤵
        
        PID:2284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        5⤵
        
        PID:7500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-40957.exe
      4⤵
      PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
      4⤵
      PID:11320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38347.exe
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-39913.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37943.exe
      4⤵
      PID:5544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
        5⤵
        
        PID:15712
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28783.exe
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27783.exe
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7567.exe
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      4⤵
      PID:12252
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38652.exe
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53528.exe
    3⤵
    PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
      4⤵
      PID:14880
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4089.exe
    3⤵
    PID:11268
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-16211.exe
    3⤵
    PID:15760
- C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4656
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
        8⤵
        
        PID:5996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe
        9⤵
        
        PID:6200
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14222.exe
        10⤵
        
        PID:7760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-14803.exe
        10⤵
        
        PID:11848
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20342.exe
        10⤵
        
        PID:15620
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
        9⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64719.exe
        9⤵
        
        PID:11500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43914.exe
        9⤵
        
        PID:15240
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
        8⤵
        
        PID:6524
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17757.exe
        9⤵
        
        PID:11876
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45694.exe
        9⤵
        
        PID:10904
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33530.exe
        8⤵
        
        PID:9344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
        9⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27544.exe
        8⤵
        
        PID:3192
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
        8⤵
        
        PID:15204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
        7⤵
        
        PID:4868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23849.exe
        8⤵
        
        PID:6916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
        9⤵
        
        PID:12668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        8⤵
        
        PID:9312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34288.exe
        8⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20432.exe
        7⤵
        
        PID:6704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43480.exe
        7⤵
        
        PID:8884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61361.exe
        8⤵
        
        PID:16976
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48043.exe
        7⤵
        
        PID:13088
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5667.exe
        7⤵
        
        PID:15612
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8565.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
        7⤵
        
        PID:5288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1778.exe
        8⤵
        
        PID:8156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        8⤵
        
        PID:11344
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
        8⤵
        
        PID:15476
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
        7⤵
        
        PID:8416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25183.exe
        8⤵
        
        PID:10704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38329.exe
        8⤵
        
        PID:14768
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31086.exe
        7⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63732.exe
        7⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
        6⤵
        
        PID:5704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
        7⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12352.exe
        8⤵
        
        PID:16952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51036.exe
        7⤵
        
        PID:9688
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23022.exe
        7⤵
        
        PID:12416
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58247.exe
        8⤵
        
        PID:14724
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-717.exe
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47808.exe
        6⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61151.exe
        6⤵
        
        PID:11052
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40093.exe
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1992
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
        6⤵
        Executes dropped EXE
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-13568.exe
        7⤵
        
        PID:4312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
        7⤵
        
        PID:6388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
        8⤵
        
        PID:8320
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18907.exe
        9⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        8⤵
        
        PID:11860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
        8⤵
        
        PID:6616
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3572.exe
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61387.exe
        8⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23460.exe
        7⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31548.exe
        7⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3625.exe
        6⤵
        
        PID:5992
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12748.exe
        7⤵
        
        PID:7112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
        8⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
        9⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
        9⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        9⤵
        
        PID:15932
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        8⤵
        
        PID:4064
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
        8⤵
        
        PID:14712
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6609.exe
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59111.exe
        8⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21957.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21957.exe
        8⤵
        
        PID:15728
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59265.exe
        7⤵
        
        PID:11704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7375.exe
        7⤵
        
        PID:8212
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26244.exe
        6⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        6⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27513.exe
        7⤵
        
        PID:10940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
        7⤵
        
        PID:13400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26148.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26148.exe
        6⤵
        
        PID:836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54676.exe
        6⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28330.exe
        5⤵
        
        PID:1224
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49401.exe
        6⤵
        
        PID:5760
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6270.exe
        7⤵
        
        PID:9020
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43749.exe
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58055.exe
        7⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
        6⤵
        
        PID:4152
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42321.exe
        7⤵
        
        PID:13388
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24120.exe
        7⤵
        
        PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53220.exe
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7678.exe
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe
        7⤵
        
        PID:8368
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41631.exe
        8⤵
        
        PID:15588
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25903.exe
        7⤵
        
        PID:11820
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7953.exe
        6⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46771.exe
        5⤵
        
        PID:7544
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34937.exe
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-114.exe
        5⤵
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:624
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43205.exe
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-392.exe
        7⤵
        
        PID:5260
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41419.exe
        7⤵
        
        PID:7868
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52043.exe
        8⤵
        
        PID:6376
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        8⤵
        
        PID:15968
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
        7⤵
        
        PID:11412
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37895.exe
        6⤵
        
        PID:5400
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
        7⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
        7⤵
        
        PID:11376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20344.exe
        6⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
        6⤵
        
        PID:11652
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45898.exe
        5⤵
        
        PID:3976
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62551.exe
        6⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
        6⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
        7⤵
        
        PID:17036
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9654.exe
        6⤵
        
        PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62209.exe
        6⤵
        
        PID:12684
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58446.exe
        5⤵
        
        PID:9256
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59719.exe
        5⤵
        
        PID:2584
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
        5⤵
        
        PID:15444
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60043.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
        5⤵
        
        PID:1060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60413.exe
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46649.exe
        7⤵
        
        PID:13436
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
        7⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
        6⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
        6⤵
        
        PID:2112
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
        5⤵
        
        PID:6824
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63348.exe
        6⤵
        
        PID:7060
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
        6⤵
        
        PID:11392
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        5⤵
        
        PID:9720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9322.exe
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        5⤵
        
        PID:15892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
      4⤵
      PID:1240
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19765.exe
        6⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
        7⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12108.exe
        8⤵
        
        PID:15336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36531.exe
        7⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34348.exe
        7⤵
        
        PID:7940
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:9304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
        6⤵
        
        PID:8832
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41070.exe
        6⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46641.exe
        6⤵
        
        PID:60
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        5⤵
        
        PID:9220
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
        5⤵
        
        PID:13640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
        5⤵
        
        PID:16120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46693.exe
      4⤵
      PID:5612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41659.exe
        5⤵
        
        PID:2288
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25553.exe
        5⤵
        
        PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50402.exe
      4⤵
      PID:8004
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26871.exe
      4⤵
      PID:2932
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17346.exe
      4⤵
      PID:15516
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-2992.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-2992.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28815.exe
        6⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25629.exe
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28307.exe
        8⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
        9⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46594.exe
        8⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        8⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        7⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55917.exe
        8⤵
        
        PID:14836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
        8⤵
        
        PID:6500
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39639.exe
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20153.exe
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24145.exe
        7⤵
        
        PID:8108
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
        8⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
        9⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47910.exe
        9⤵
        
        PID:10604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17105.exe
        8⤵
        
        PID:15468
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        7⤵
        
        PID:11336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28829.exe
        8⤵
        
        PID:8536
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26756.exe
        7⤵
        
        PID:15524
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5762.exe
        6⤵
        
        PID:8176
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 488
        7⤵
        Program crash
        
        PID:12996
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 488
        7⤵
        Program crash
        
        PID:12292
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24044.exe
        6⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
        5⤵
        
        PID:3284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
        5⤵
        
        PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39396.exe
        5⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59941.exe
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49189.exe
        7⤵
        
        PID:13268
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10203.exe
        7⤵
        
        PID:13456
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
        7⤵
        
        PID:4692
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
        7⤵
        
        PID:6896
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41741.exe
        6⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1391.exe
        5⤵
        
        PID:15500
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-46308.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2624
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
        5⤵
        
        PID:1948
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29713.exe
        6⤵
        
        PID:5736
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
        7⤵
        
        PID:4488
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53478.exe
        7⤵
        
        PID:15548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22343.exe
        6⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31252.exe
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54604.exe
        6⤵
        
        PID:15916
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
        6⤵
        
        PID:6208
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60657.exe
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7943.exe
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41173.exe
        7⤵
        
        PID:8964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57833.exe
        6⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        6⤵
        
        PID:15852
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5824.exe
        5⤵
        
        PID:6872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        5⤵
        
        PID:9536
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24065.exe
        6⤵
        
        PID:14172
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10485.exe
        5⤵
        
        PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64881.exe
        6⤵
        
        PID:6864
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37679.exe
        7⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        7⤵
        
        PID:15960
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
        6⤵
        
        PID:15604
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
        5⤵
        
        PID:5320
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
        6⤵
        
        PID:16132
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56708.exe
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22202.exe
        5⤵
        
        PID:15692
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25208.exe
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46319.exe
        5⤵
        
        PID:7860
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
        6⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51081.exe
        7⤵
        
        PID:6372
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1721.exe
        6⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10387.exe
        5⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        5⤵
        
        PID:5164
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
        5⤵
        
        PID:15940
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1400.exe
      4⤵
      PID:8104
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26141.exe
      4⤵
      PID:6092
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30517.exe
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:368
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55867.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6448.exe
        5⤵
        
        PID:740
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32759.exe
        6⤵
        
        PID:7304
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        6⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27843.exe
        7⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35686.exe
        6⤵
        
        PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34491.exe
        5⤵
        
        PID:7028
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 720
        6⤵
        Program crash
        
        PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30790.exe
        5⤵
        
        PID:9908
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19971.exe
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53994.exe
        5⤵
        
        PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        5⤵
        
        PID:8180
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24107.exe
      4⤵
      PID:5144
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49723.exe
        5⤵
        
        PID:6540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9287.exe
        6⤵
        
        PID:12660
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        5⤵
        
        PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18039.exe
        5⤵
        
        PID:15452
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-614.exe
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60683.exe
        5⤵
        
        PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35309.exe
        5⤵
        
        PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-30268.exe
      4⤵
      PID:8840
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58815.exe
        5⤵
        
        PID:11044
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
        5⤵
        
        PID:13720
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
      4⤵
      PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
        5⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57701.exe
        5⤵
        
        PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9015.exe
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
      4⤵
      PID:2328
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-22732.exe
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-47434.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:4208
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 720
      4⤵
      Program crash
      PID:5132
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35042.exe
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-5784.exe
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4300.exe
        5⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15405.exe
        5⤵
        
        PID:1076
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
        5⤵
        
        PID:9048
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41777.exe
      4⤵
      PID:9184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-25570.exe
      4⤵
      PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
      4⤵
      PID:15308
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
    3⤵
    PID:5936
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
      4⤵
      PID:11204
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-60302.exe
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
    3⤵
    PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38917.exe
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-15838.exe
    3⤵
    PID:11728
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-30293.exe
    3⤵
    PID:15420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:5100
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:3188
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56443.exe
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3556
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
        6⤵
        
        PID:4172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48737.exe
        7⤵
        
        PID:4508
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
        8⤵
        
        PID:8872
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        7⤵
        
        PID:9392
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23406.exe
        7⤵
        
        PID:6440
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17195.exe
        6⤵
        
        PID:6312
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44475.exe
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
        6⤵
        
        PID:9368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6931.exe
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38373.exe
        6⤵
        
        PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40443.exe
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44627.exe
        6⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
        6⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50235.exe
        7⤵
        
        PID:15016
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
        6⤵
        
        PID:1388
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-30520.exe
        5⤵
        
        PID:7404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
        5⤵
        
        PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
        5⤵
        
        PID:668
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24325.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34051.exe
        5⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25707.exe
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
        8⤵
        
        PID:10680
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4767.exe
        8⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62143.exe
        8⤵
        
        PID:16112
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        7⤵
        
        PID:11360
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64909.exe
        7⤵
        
        PID:15180
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56002.exe
        6⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17272.exe
        6⤵
        
        PID:11668
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
        6⤵
        
        PID:15460
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48519.exe
        6⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
        6⤵
        
        PID:9584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65175.exe
        7⤵
        
        PID:12996
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26208.exe
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48227.exe
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
        6⤵
        
        PID:14824
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17221.exe
        5⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31789.exe
        6⤵
        
        PID:10868
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
        6⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16802.exe
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4795.exe
        5⤵
        
        PID:3916
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34539.exe
        5⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
        6⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        6⤵
        
        PID:11784
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        5⤵
        
        PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50267.exe
        5⤵
        
        PID:3088
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40214.exe
        5⤵
        
        PID:8096
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-28052.exe
      4⤵
      PID:1724
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49303.exe
        5⤵
        
        PID:10436
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
        5⤵
        
        PID:6692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31416.exe
        5⤵
        
        PID:15924
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
      4⤵
      PID:8952
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-51928.exe
      4⤵
      PID:13304
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:3184
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59349.exe
        5⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
        6⤵
        
        PID:3888
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
        7⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
        7⤵
        
        PID:11400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
        6⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
        6⤵
        
        PID:4680
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10255.exe
        6⤵
        
        PID:16208
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19551.exe
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52863.exe
        7⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
        6⤵
        
        PID:15636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4750.exe
        5⤵
        
        PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25468.exe
        5⤵
        
        PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:404
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52027.exe
        6⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        7⤵
        
        PID:3700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
        7⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55374.exe
        6⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44045.exe
        6⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36706.exe
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39343.exe
        5⤵
        
        PID:7432
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59721.exe
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
        5⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19099.exe
        6⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11922.exe
        5⤵
        
        PID:7316
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4376.exe
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32619.exe
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57455.exe
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
        7⤵
        
        PID:10060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54081.exe
        7⤵
        
        PID:13380
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
        6⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32639.exe
        7⤵
        
        PID:12068
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 12068 -s 464
        8⤵
        Program crash
        
        PID:14704
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8004.exe
        7⤵
        
        PID:5836
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63566.exe
        7⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
        7⤵
        
        PID:17064
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7621.exe
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45085.exe
        6⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12081.exe
        6⤵
        
        PID:15844
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10947.exe
        5⤵
        
        PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
        5⤵
        
        PID:2704
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-34814.exe
        5⤵
        
        PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18660.exe
        5⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-27009.exe
        5⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16656.exe
        5⤵
        
        PID:10296
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
      4⤵
      PID:792
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28971.exe
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60714.exe
        5⤵
        
        PID:11828
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-49781.exe
      4⤵
      PID:652
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-27419.exe
      4⤵
      PID:15296
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-55767.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-62577.exe
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65151.exe
        6⤵
        
        PID:9128
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 488
        7⤵
        Program crash
        
        PID:11288
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
        6⤵
        
        PID:4776
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-1510.exe
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-65322.exe
        5⤵
        
        PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50329.exe
        5⤵
        
        PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-26183.exe
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7614.exe
        5⤵
        
        PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
      4⤵
      PID:8788
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56947.exe
        5⤵
        
        PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-42075.exe
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-1801.exe
      4⤵
      PID:8224
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
    3⤵
    PID:3120
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
      4⤵
      PID:8828
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 448
        5⤵
        Program crash
        
        PID:11016
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-7541.exe
      4⤵
      PID:9920
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
      4⤵
      PID:6448
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
      4⤵
      PID:15976
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
    3⤵
    PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-16605.exe
      4⤵
      PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35003.exe
      4⤵
      PID:15532
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8588.exe
    3⤵
    PID:11152
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-53910.exe
    3⤵
    PID:15484
- C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:540
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-10750.exe
      4⤵
      Executes dropped EXE
      Suspicious use of SetWindowsHookEx
      PID:2176
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32707.exe
        5⤵
        Suspicious use of SetWindowsHookEx
        
        PID:1924
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-35333.exe
        7⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19795.exe
        7⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5726.exe
        7⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63298.exe
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
        7⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
        8⤵
        
        PID:11172
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7507.exe
        8⤵
        
        PID:5656
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51745.exe
        8⤵
        
        PID:15668
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16284.exe
        7⤵
        
        PID:15284
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-58445.exe
        6⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43558.exe
        6⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-4647.exe
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
        6⤵
        
        PID:6472
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7294.exe
        7⤵
        
        PID:7128
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45743.exe
        8⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
        8⤵
        
        PID:15700
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-50330.exe
        7⤵
        
        PID:8204
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
        8⤵
        
        PID:15676
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-43697.exe
        7⤵
        
        PID:13816
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56430.exe
        7⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-61093.exe
        7⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49458.exe
        6⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
        6⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-39521.exe
        7⤵
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
        7⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-54841.exe
        6⤵
        
        PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-26654.exe
        5⤵
        
        PID:6548
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
        6⤵
        
        PID:8596
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-7362.exe
        7⤵
        
        PID:12584
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        7⤵
        
        PID:15884
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36593.exe
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17951.exe
        6⤵
        
        PID:10612
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60994.exe
        5⤵
        
        PID:8812
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-36838.exe
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
        5⤵
        
        PID:3148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-47652.exe
      4⤵
      PID:4148
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-64075.exe
      4⤵
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-28011.exe
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33170.exe
        6⤵
        
        PID:15564
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-41393.exe
        5⤵
        
        PID:8848
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 420
        6⤵
        Program crash
        
        PID:232
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 420
        6⤵
        Program crash
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-19602.exe
        5⤵
        
        PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
        5⤵
        
        PID:17024
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-35400.exe
      4⤵
      PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-59661.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-59661.exe
        5⤵
        
        PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-48408.exe
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-33129.exe
      4⤵
      PID:14928
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-60506.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-43589.exe
      4⤵
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
        5⤵
        
        PID:5984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-40163.exe
        5⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-23315.exe
        6⤵
        
        PID:12692
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45504.exe
        5⤵
        
        PID:11808
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56629.exe
        5⤵
        
        PID:2480
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11253.exe
      4⤵
      PID:5236
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-45691.exe
        6⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-16885.exe
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-8005.exe
        7⤵
        
        PID:11300
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44377.exe
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-60137.exe
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-56277.exe
        7⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-25607.exe
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-18117.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-18117.exe
        6⤵
        
        PID:3204
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-5213.exe
        5⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-44695.exe
        6⤵
        
        PID:2488
      - C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-17681.exe
        6⤵
        
        PID:15984
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-51376.exe
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-52616.exe
        5⤵
        
        PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-55155.exe
      4⤵
      PID:7892
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-4279.exe
      4⤵
      PID:11280
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-23068.exe
    3⤵
    PID:2504
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-37497.exe
      4⤵
      PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-49119.exe
        5⤵
        
        PID:13864
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-44098.exe
      4⤵
      PID:2160
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-65179.exe
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-4097.exe
    3⤵
    PID:7632
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9806.exe
      4⤵
      PID:11164
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
      4⤵
      PID:11276
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-5370.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-5370.exe
    3⤵
    PID:6256
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
    3⤵
    PID:5956
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-29147.exe
    3⤵
    PID:16020
- C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:552
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-994.exe
      4⤵
      PID:5168
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 212
        5⤵
        Program crash
        
        PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-57626.exe
      4⤵
      PID:5880
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
      4⤵
      PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
        5⤵
        
        PID:8168
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-24114.exe
      4⤵
      PID:12712
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
    3⤵
    PID:5324
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-63769.exe
    3⤵
    PID:7644
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-65156.exe
    3⤵
    PID:10536
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-18442.exe
    3⤵
    PID:13656
- C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:452
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
    3⤵
    PID:5272
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-19739.exe
      4⤵
      PID:6168
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-12442.exe
        5⤵
        
        PID:8296
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        
        C:\Users\Admin\AppData\Local\Temp\Unicorn-9050.exe
        5⤵
        
        PID:15868
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-38845.exe
      4⤵
      PID:9280
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-50843.exe
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
      C:\Users\Admin\AppData\Local\Temp\Unicorn-9103.exe
      4⤵
      PID:14980
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-35835.exe
    3⤵
    PID:7564
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
    3⤵
    PID:10204
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
    3⤵
    PID:5240
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-14297.exe
    3⤵
    PID:10812
- C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-47633.exe
  2⤵
  PID:5356
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-49993.exe
    3⤵
    PID:8500
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-34393.exe
    3⤵
    PID:12368
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
    3⤵
    PID:14960
- C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
  2⤵
  PID:6436
- - C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
    C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
    3⤵
    PID:14796
- C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-29117.exe
  2⤵
  PID:8524
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
  2⤵
  PID:10400
- C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
  2⤵
  PID:5012
- C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-565.exe
  2⤵
  PID:13420
- C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-37040.exe
  2⤵
  PID:9868
- C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
  C:\Users\Admin\AppData\Local\Temp\Unicorn-38151.exe
  2⤵
  PID:17072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4208 -ip 4208
1⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 5168 -ip 5168
1⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 6092 -ip 6092
1⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 7028 -ip 7028
1⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 8828 -ip 8828
1⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 9128 -ip 9128
1⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 8176 -ip 8176
1⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 8848 -ip 8848
1⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 384 -p 12068 -ip 12068
1⤵
PID:14152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10366.exe

Filesize
184KB

MD5
57c42f23099982a293826cf1113f8569

SHA1
bacabd26d7ae5c8fbc754bb13836ab92fbfed1a2

SHA256
a8bdaa4442c804fe33687bf8900281184d278f2a8264cfa19d47bc3dac3d3806

SHA512
9ff919b4391ff04f340ea12b1345f28cebb9cddd038907a0fcb1617dda9dccc119a99466adaee0d642866970dab723d6869ea32ac3adfaeeba57b6b67eb27edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe

Filesize
184KB

MD5
d6f46879c645e006c77adda1e4b5ee49

SHA1
cc832a8ad4ca915a905c77c14df2895d7ad0c1ed

SHA256
b4bfafa52e69a31a4ebbc82975d694665e2b0fdf8ad935711975929f74655ec0

SHA512
71a08fda6d3cad9ffda350b5aaf0ab3e8ea496bce4b92d54c9e68390856d4835ea8fdc9413ea242a059fa7fde5be6d4ee773ff79a6874922cbd921e6014056cf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1326.exe

Filesize
184KB

MD5
fc2137253b8e7325ed047cd79e3476d2

SHA1
a283a4707315f8955ee3f077229591f2c9d09904

SHA256
ff1998cee5184ade587c8f7639b1b844af46fdd4ff43f6c8dcc592ed31539f8d

SHA512
c155e113fe3052ed65524658db7498ffab021b3f8e02a0ad4d4b7ea9cfc2f6fb3144294b5fed159363b689265f45a7b0d6c89577f658adc382d39a58fa28dcd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15197.exe

Filesize
184KB

MD5
6d5e01056e534c89314c17dae906126c

SHA1
6acd33b7bc34fd46dec3d8826564a728a6649b70

SHA256
3f27365cfa1c5b05ebd903f0257d6a84b3017e5dd5db0da7cd6ca5a81cee76c5

SHA512
5b92328341ec3316da011f3bd3a191d7adab98ea784b300f404eee33cd03c063c54b5a9dbfee959e60fc766b907301c2597bdf0423293e08192941c2cfa84e41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe

Filesize
184KB

MD5
53bbbbd5a21f46cd3ce39cc8b93f3f48

SHA1
7309d9fc17d721abb0ed6795b552acc19818dca6

SHA256
d70f9f36c0eb1eab7ff14e99923c622391fc6eddbda043e5a600bc793a6d9870

SHA512
fde9d6aa35f15775c348321d2c13823a2e6bcbf17361176cd79b4d197549c3ae873d27ef939a4bcc67928bb59c8fe699fb38122d82aa30148659639692db31be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe

Filesize
184KB

MD5
a54a681c1e8940403d6650f31b316e60

SHA1
2340d289c041ead3f6a77ae1ab642ec2c2f6034f

SHA256
68c2eec46e80645bcf8e32f7306b6c1e68053f732f21498ea84ad5db2c0e1252

SHA512
833bb9f395b760e5303a572d9021c21dcfc846474d28ff51885e0475b9111d6fbd01cfaf0224699bf1db24fd14674ae11fbbf773943fef17967c3d2db1f5e1bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19420.exe

Filesize
184KB

MD5
4859b18e3f62261e3f3ffafd8402f682

SHA1
cbd1970809f99c7a1b06786cb1a7c3c22407640f

SHA256
2439fa8ed2671b8104fded04496228751c159cb1a89a73863e6c8d506e0301fc

SHA512
c5e87839688f44654b829c51dbb7b1e8b0f2ed33e158991e605059bfdc26fb779a7edb77664f83080db95f6ca877b557950b8cff6eb57d4144b3264a7bc3a817

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe

Filesize
184KB

MD5
f1032a598c3e629301a255dff5350295

SHA1
19f4bc4cf6fc715bd5fecbdc4e8912c2c28c1926

SHA256
b0529745f132a827b759c175739ed84b785d22370ac462bea568901f3b07d24d

SHA512
77ed237c28b75d062a3d7479753b7fae33f0e42ab9017db72796081f07453ccd1e18de5159b5d8fb8267ed9012b60cdbf6306db2dfe762004234322ca89311c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20267.exe

Filesize
184KB

MD5
50cebc1736e29ddf4c79a7a7280d8663

SHA1
6d872d3718c755c357159e7522c324e8c11737b8

SHA256
4b1fe3b6389601b2587f6dcd03a9aa8347cb959614e39853c91ac9c0716ca198

SHA512
78c8fde6005554e1145ce214c6e46e9acd248e60336ba2971bb7a08ce7c0c9be549835c12687f025110e1ac318f5ba0a651161e9a7027ce2237e101cc6a8e5c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20355.exe

Filesize
184KB

MD5
87850baa56f647d061f189bf34f8893f

SHA1
f0cff8fbc3cf34da176e8e7bb89a67fd9a975473

SHA256
bb59551614853c05bc8c2345ad72cfd433285fd93e3142c5721bcbae4ff2335c

SHA512
0cf355a3f7be601681d618eef2844f595c215e45b565680fdc0284fc232c179789a552f00d0df2d85b4d0b5fd019873fba91ba0dbd7f4065c94fd8ce77537b17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21507.exe

Filesize
184KB

MD5
089b5bb00130a9772b4a3aebaa5187fe

SHA1
a8b6989b988110c794236d3bb13ef04fc4249934

SHA256
81b4e0b2a51b05c6d7572bba89837e6b1f64a0186a433e63b91bb7f39cce75bc

SHA512
a8a01dd198168c9a1cef47df8437927a7f28cd496db78afa1efdd4facb084d338d711968dd50c736c9af49742a7efa21efba4f906875442a90b648c346e5bfe8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25037.exe

Filesize
184KB

MD5
6d78a730aa52f40b42aa6578e72049d2

SHA1
7e9bebc6d03ca7d2c0a1e12951a20902f6b218e4

SHA256
4ba1646e1f4c656bcec16b104d28d2e59b86dd0cdbf6efa8f05538eee97504df

SHA512
ae43615458c8a9e4e61571b4667b3d74212247b4581e5082c889c6b3d1bc8f010fdddf56af47abfe738cbc3b28477fb8cdbff97baca412e0a6af4241bf504194

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe

Filesize
184KB

MD5
9b9fe6fff46a91232f802615ca920596

SHA1
b76b03d462758fe3b7947ce1635369bbb5ac4535

SHA256
d13b65bef42d8c59146d38df62e8748d87c2d44bfad66bf40b9c6b52b8faf62e

SHA512
9bdcefac43f75ea1f1c3079c948bbddaf09e2ed08fb0216a0941b97948796e63ba6900cfa7bc2a55adab47cb11493cd552ecc2f0873dbc80b674fd97b9675133

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29635.exe

Filesize
184KB

MD5
b4ec49a9bc8f756872a24c284881419e

SHA1
1e9a2641474815ffca5a789426df36b4c73c4753

SHA256
fdd89d50bdde6c0df5f3407a388e62de78f182477d2b0928849355eddfdeb558

SHA512
fe4bc122bae31c105874ef05891592c23c40b99986c0366571be912aad7365fa0616f55143a7a630e90626bbea25f1c9680686c9fe672ddf57ae27187782791f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2992.exe

Filesize
184KB

MD5
f1547416e968e2288e6094f510901c85

SHA1
2265dabcad1eac57d52dc5efa1a6aeed25551fc5

SHA256
f4f134e48639bf3cf0562fc06a92edb3c40973e472ac631be4785460646ee1f0

SHA512
42210f8d48a7141b899cb8e95cfefd6c4706da1fc3a1fdc19523d5320496b6e134eacf25a052e52a7df81a2e69f27d730b8a3b190c9ce2c6024b62c4046bf9c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30024.exe

Filesize
184KB

MD5
0f67923ac28b651da305f97ff9904d01

SHA1
c29bf6cc82a7b4714d951bfd4bda18ca080c289a

SHA256
343e5081579c53ae5ad4c5767a75ccb72251e2fb95f7a36b23c07e5fcbf788c3

SHA512
bf111baf8ad9e50444829c7b9bbdb5d29f8fba55f25e5c6bf424c4a4a2c183ab7ac20f5ba56b479f263908765b5898109be7bc60326d555bfbfed09be2711132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30878.exe

Filesize
184KB

MD5
685d7b58e0237dc94e3b7b94272010b8

SHA1
db0f2acc875984e7e4dfa65e69a783a5ea52662a

SHA256
cff416557bcb82abce0fcace6b448787d374e1b890f541f7aa13df5bbe9c8a91

SHA512
3f870f8d27aa5ebf7dc5e7c5c0f93c3e1a8e162de88b6e5d7fad343c21a32ee5db24119999d8df11c7819bad7b668345a4b9299a74a277ce23880cf2b5938760

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32327.exe

Filesize
184KB

MD5
c9ff34222609f28fba67d1160132e7d5

SHA1
19eec33a574cc9c1191a71bb0847fe766d6cf1d0

SHA256
917934c06f8dad878a7bb28805b9fad384fbc3579adba93539e9ed56e6d332b1

SHA512
acea7c0b8dac7a0077b11634d7e2bd5a266412dcb608625a8e3abfeab159c7448eb84eb68bc0cc54c0a7adc76286b0d269e120fa2418d6e9d59c3c6c7e0d8f93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32427.exe

Filesize
184KB

MD5
9777d75e27420e8ac5e3e328ced13660

SHA1
b154fa893707f699dc21353987fad4fca97747b3

SHA256
161d1e382b7a298d3bd3d6ab522ca91444d4fb657ec4f90997947485b991f166

SHA512
412d4dd30acdfdaff571d68dae320eae1950bc30d8e486ec0d3605a97a596bc69850ddde86fdacd4ec60939397b4c28b3d462c640621bb9b15af58f2d4b92fff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36049.exe

Filesize
184KB

MD5
d3615e6d1e346856da8396a6c3aa0c8c

SHA1
ad17a48bfa46acd566894a1353b49f6316a195af

SHA256
59559084e1d386297a07368becd079e07d3c5333437e4b76092e9e3d75a587a6

SHA512
f2495d7864de548853a8e13dff8ddaab08b0d0e32e54ac9ddd80c6a4b440fdd3cdef8fee07ccb60d1b64f73c1d96d1d3a0a0a0adc7e045415e419085393b87fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39941.exe

Filesize
184KB

MD5
dbb7a6723f441a3ee54f2660f65b773d

SHA1
52fdaa9925ae367cbc7abe66c72ae882fbb4ff5f

SHA256
afd196f47252ad38ec607f1483fe3a65356e4517ce7d8f0433e6704a17efa5ab

SHA512
54a6545c00356e791815fded04c8326580ee8f7704f0de9d0a97c49415c0b202841b5b831921ad3f13601499fffd78c53aaf5c166f54e9dede6385ed7c6a5690

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe

Filesize
184KB

MD5
4a3943e48ce3b3fb28b20ffe8f14103d

SHA1
b063d3633cdff80aaf12ff8f793078129bd922c6

SHA256
6ccd65e3354780d8cb539659cefe3acffb084365aa4199ace14786e377aecfcf

SHA512
2f0c65bc8dd8bfdae95b605ea200cb54fb10afaaa04b35b3b727722654000de71e14bbd9a84ed0e2164cd492494b955352269b212f35dd17d2f48cd967740329

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42836.exe

Filesize
184KB

MD5
d4011eedeb78f2eddf857917862c15ac

SHA1
1327362fbaf6c8d020653d5e3f1070dbf91308a3

SHA256
d55f8ba11a3c11bcad1cd748cf5151b45cc69a3cd94f876523947be77efaa18c

SHA512
61cd42c8367cd1d125b58e9c0e8257ce0e9b42f40579c0f7e6748366ee82db9a3977d9f6f4b0d62d15397472d8db90cd11717c4a72151fe10c82759f2daf030c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe

Filesize
184KB

MD5
0560ceb653efa52f7bceda5051c9832b

SHA1
1bab2e91d2e544b8b5ba083930cda344bd5e0403

SHA256
4ff276ea11a733c84a8b356a93806da3f2ac75941e29d635700103b0218439b0

SHA512
637b5c0fe9e7a66e2e778c07f207d0895f05c01f2f59959799b129fcab82e00a8d7f03a94c70ac9251aab0878e18271160da4bdb241f920045f841d042e8cb50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43423.exe

Filesize
184KB

MD5
751fe383660d2c7587754591c3bc0d55

SHA1
9c3425970e5307d6820add31f8d3ae0d282166de

SHA256
7c565682aa3db9d996926f97a13087cc15d4fdbfb8194e548e79019f192902ba

SHA512
c2838ac75ae92b8660297cdb82b093fb344916627aeceb3ed8595f1edada736e2b15fa47bbfba507addc3bd6af3f873c43263827df8a26ef5eb2962d60f3b913

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe

Filesize
184KB

MD5
35c159b4fefe15ace319666a6663325b

SHA1
849ca50f0c049099f18294beff1d591ddb8d695d

SHA256
bba6f856c10446a6d1cb731e5596c980325b2a327747b9ef9aa715f66ad0548f

SHA512
28927dfac5df5fa91c1d15c14274005c95875af57901f5683de4fd1eebff6be872b144aa878aa8c94de62bbe8f4254d12a6a73a7b5a275530c9b52b40935eaf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49453.exe

Filesize
184KB

MD5
6c868341165521cfbe5d203b26668026

SHA1
a08a889e4a905baeba9b0c45b595b434479f5d4a

SHA256
baf566d32a3ce0d524deb5ac4366b4e5d8712d3c94afa2218c51a81b22a3a8b5

SHA512
ea216ba3fd937e78c0b7be9557964c65651e783144980c76e8f12c207520827e9e964261f150e1caaa4d5ba72d5a374414d352fbcb20403d8a2965ec48457b6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49878.exe

Filesize
184KB

MD5
648b891e9e300c6a94e9b5f494dd75fc

SHA1
dd476a11799611a0480780c1aa0da5d313b737a4

SHA256
54a4f9279cf4a0eb0774f0c85d7b6353075183a6f1cb38c3e2f48a236cdb5bbe

SHA512
0fd569279c483acb49f59233626ceedb3e8ac00f3b65ec6786b056cf757c6d94ec5ae4af710f36f5c7a3e71b4c715902c3782fde2087070b04c4d56b36ffcc77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50439.exe

Filesize
184KB

MD5
71b71f49e0e1a22207aae90183b332fa

SHA1
2adce5329fda9bd6191cbc38e04ee9909c77b526

SHA256
3e5b9f3deb85036e8ac8029005caaa8f7380c160d0625de4a443202b53b1a918

SHA512
921aa5b12e40fe2ad83d7440dca12c85be8fe865866d77244414767d4dcfe3f579d7b93fa982d94b15d985252648cf2c0a7ab7ef8d8e122aa66c2ffa0c983eb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51269.exe

Filesize
184KB

MD5
a876112f23a6424dbd2edd3c4ac0c0ec

SHA1
cd0d776b0c53af57c81b2488c4530adf9cada23c

SHA256
bef119a54ee34c0e8d013593efde20a2abf4cabed0c61d42d246e0e28a020097

SHA512
7073f57433dc084c5f8ff5bd501619dce1de018ba5fe9332867a42209f99723a8a561521d80d19fb9cd0e039771c7a555b0d76c5cae9d6d2d6d1ef8ea8bec8ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe

Filesize
184KB

MD5
c06205496acce8343f745faaf798303f

SHA1
1842c30f6d45b269b5b6d07d29889c9fc745b8ad

SHA256
bb9de1b591670fe5355d51d10ff4960e1d49e63897a595891a6eb2705a1b96ba

SHA512
76effb4dc008303b71aab83707ee8324d3fa65d0e14685d5057aaa8f4ce86a25b5a5f434ed45187e1b21b137f578b60e14b35bab2225603e7b910075c8fcc751

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56059.exe

Filesize
184KB

MD5
51d8e733a76fa0d15e473277ed972009

SHA1
6db90fee0ad89baf76c6340d783c6fed0b57920c

SHA256
3a88f02e1f064a936722cb916ddb1f99173a1d7ca89767999efaf4d6248d342e

SHA512
a21ebafb91f42e2a3f219dcb41ef2fd511d1bfaf4a3bbac098cfc30dc08d9d5b6dd3d4ffc8c6eb36f3c721d15e98ccab38e7e5348b29bc70b773d748ddb61bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe

Filesize
184KB

MD5
ad9c9ad92c91a8a7903f4bbdd74923e5

SHA1
e997702d1b88500af50f5e3efa27d1b607932432

SHA256
d4e5996dfc160171cc50083eee08ab31e88249f16a87ec3a3b4132f8a69f1675

SHA512
1cd8ee879be585351bd0f19e0794114ddc42a1b24967df01f02367124ab52f4bf51a8ad0bba0f4268ac0422beafa51cda1513543a8f597df719a02534401a654

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe

Filesize
184KB

MD5
9877d9c8d17f3693cd421986c8418ad2

SHA1
b1019352804b386c3d5995e878a05650284ed2e6

SHA256
9ea5f24c807812b2a09aa1aa62d7cbb45690a53d3272755554f31469b1b4411b

SHA512
c92aa4ae94606095104222a8bee022e442c2c84219dc43bbe2d9096b3be1d5dbc79c21242c9275da5811098df711590da4e54be484572880d43c0519b56b4f94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63765.exe

Filesize
184KB

MD5
7e73b6fabd6a57089a00a25dced68a02

SHA1
e8376e27eadc8aa68442a24753799d8f2bb454c4

SHA256
3899a19cf3f051d851d66f74a4bb5f98d74f0d17d7731581876fc943073664fd

SHA512
bccf518b6756a753b10ca719378861034a7ab1392416977068e828504d3d14af08a65fd8d621d4fbf9dee0154c039f4cf741c555c104b98e40f9a026ffe7a504

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe

Filesize
184KB

MD5
d90f8670250797d818981c7be998e894

SHA1
796736e3302b5fadb6ecc47565b96777e52c92ea

SHA256
8bae0f464f94a196ff3194c612656ea0ab3a5ce6f43d5c90a6f9e02c03723031

SHA512
086387a44daa7546685959846d77e267af8f2f1b97a89e8cbe6bf5d6e8edf40e9dd24718d8ef0a4eddbb887f5353b9f668269f97029f18f525ce27d943512d90

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe

Filesize
184KB

MD5
52ac6be6c4d956f306437e5b32e376b7

SHA1
d1ead1951b4891b69575871592ae75f13b5819b8

SHA256
8eab2e18151822c27a6bb2e5c27fe7b80683be8aebee0eaf7fd3fcbc07f08636

SHA512
79b41733c836370fd35bcdab175a94b2d1f654cefc6f6bafd804c720dfe9dc3d3e36e8d1643c8e418e0a9859cefe431b8bdad77e31ce3f0304ae030ebcd7dfb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7206.exe

Filesize
184KB

MD5
9b562e2629595b7e7b4fc6da6e7500b5

SHA1
62c0c7d1fea50b77f73be8aa3dc03c327b6c3cf2

SHA256
5db4a376992505f779e2d0ebb3192ad6ed428992b67f5c3fe0701ac38fb77cc8

SHA512
d7894b3bbcfc5b2143e256ee385a4c90fd8d9daba748c4dad0eb4dc4b76b5d830d461cbc34343bad775c12afabbcc9b6845fe031cfde8e40bd10986d6912fc9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8804.exe

Filesize
184KB

MD5
8bafb7d3688bcfee5fd24eb1eb15652d

SHA1
1b21e57cc7f77c6c1b0aba0891b6b35ee7ff5db7

SHA256
16923c792c3a2a14805cba136955172bad175fc09375c1658d73a1d67c0839ca

SHA512
25a107640ef023a7fd0d8d6116a7224853ad0cd1065463608898e6e3951735f8e5f8aa90af2045b07ff3fed84658e222b81ab697580aab9e019296c596b40f60

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads